Thanks for the reply.
I am currently resetting the below flag by resetting using
SSL_CTX_clear_options(). Still the handshake fails.
SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
Any inputs ?
On Wed, Jun 4, 2014 at 6:57 PM, Salz, Rich wrote:
> Ø Can you please elaborate?
>
> Ø
>
>
>
> One si
Hello,
I am currently porting it (again): V102 on WCE5/WM6.
For your information, you can check my previous V100a port on WCE5/WM6
here :
http://delaage.pierre.free.fr.
I use the free EVC4 and SDK 420.
and check this thread about my port of a V102 snap in 2012 :
https://www.mail-archive.com/op
Hi there,
I am looking into building OpenSSL for CE8.0 (Compact 2013).
Has anyone done this before and succeeded? I also wonder if it is still
necessary to build wceompat and how to get that to build for my CE8.0 SDK.
These are the errors I get when trying to build wcecompat. Has anyone a
clue w
Hi there,
I am working on a TLS server at present, but am having problems with
handshaking on occasion.
The setup:
* My TLS server sets up a TLS context, and three BIOs; an SSL bio, and
a BIO pair (application and socket).
* A remote party attempts to start a TLS handshake wi
Hello,
SSL renegotiation is error prone in PostgreSQL version 9.3 and below.
You can either upgrade your PostgreSQL server or as a work around ,if
network security is not your major concern SSL renegotiation parameter can
be switched off to avoid connection lost errors due to SSL renegotiation.
It supports both, yet lots of complicated work to create a full event system.
Well, okay :)
As opposed to have the SNI callback block on a mutex while some other thread
wakes up and does whatever work is needed.
/r$
--
Principal Security Engineer
Akamai Technologies, Cambridge, MA
I
On Wed, Jun 04, 2014 at 04:29:19PM +0200, Dr. Stephen Henson wrote:
> In the server case the callback is called when the server certificate is
> required. It has a feature where the callback can return -1 and this then sets
> a special state SSL_ERROR_WANT_X509_LOOKUP and you can retry in the same
On Wed, Jun 04, 2014, DEXTER wrote:
> > Well, that's not how it works. Normally when OpenSSL returns with
> >> something like WANT_READ or WANT_WRITE, it is possible to later
> >> determine whether the preconditions for moving forward are satisfied.
> >>
> >> In this case you're asking OpenSSL t
On Wed, Jun 04, 2014 at 10:03:34AM -0400, Salz, Rich wrote:
> > You could try the OpenSSL RT. I would suspect that such a feature would be
> > relatively low on the priority list.
>
> Especially because OpenSSL's programming model is to use threads, not events.
It supports both, in fact given t
> You could try the OpenSSL RT. I would suspect that such a feature would be
> relatively low on the priority list.
Especially because OpenSSL's programming model is to use threads, not events.
/r$
--
Principal Security Engineer
Akamai Technologies, Cambridge, MA
IM: rs...@jabber.me;
On Wed, Jun 04, 2014 at 12:04:14PM +0200, DEXTER wrote:
> >> In this case you're asking OpenSSL to just wait for nothing in
> >> particular. That feature does not exist.
> >
> > That's the problem. I'm asking kindly the devs of openssl to make this
> > feature exist.
>
> Now that Openssl has two
Ø Can you please elaborate?
Ø
One side of your connection, and it could be either the client or the server,
is doing the old-style (OpenSSL calls it LEGACY) renegotiation and the other
side is rejecting it. One use for renegotiation is to get a client cert, for
example. For information about
Hi All,
I am trying to cross compile OpenSSL FIPS module for linux-mips architecture
(there is no direct support for the same).
On building my test application using fipsld,
$CC fips_mode.c -o fips_mode.exe -L ../openssl-1.0.1e -ldl -lcrypto
where CC = ../fips/bin/fipsld
I get the error : E
Hi All,
I am trying to cross compile OpenSSL FIPS module for linux-mips architecture
(there is no direct support for the same).
On building my test application using fipsld,
$CC fips_mode.c -o fips_mode.exe -L ../openssl-1.0.1e -ldl -lcrypto
where CC = ../fips/bin/fipsld
I get the error :
> Well, that's not how it works. Normally when OpenSSL returns with
>> something like WANT_READ or WANT_WRITE, it is possible to later
>> determine whether the preconditions for moving forward are satisfied.
>>
>> In this case you're asking OpenSSL to just wait for nothing in
>> particular. That
Op 4 jun. 2014, om 10:41 heeft Dirk-Willem van Gulik het
volgende geschreven:
> What is the right syntax in IdentityFIle to specify a specific PKCS#11
> provider or, even better, a
> specific slot or key ?
>
> I am failing to trigger below code :) i.e. getting key populated right.
>
Actual
Folks,
What is the right syntax in IdentityFIle to specify a specific PKCS#11 provider
or, even better, a
specific slot or key ?
I am failing to trigger below code :) i.e. getting key populated right.
Thanks,
Dw.
/* Prefer PKCS11 keys that are explicitly listed */
TAILQ_FO
17 matches
Mail list logo
