I need to guard some code depending on whether TLS 1.1 (and 1.2) is available.
According to the CHANGELOG:
Changes between 1.0.0h and 1.0.1 [14 Mar 2012]
...
* Initial TLS v1.2 support.
...
* Initial TLSv1.1 support.
Does the above notice mean I should check
Ok, look in the SignerInfo structure of the secondary signature.
There is a separate field (digestEncryptionAlgorithm) indicating
the OID of the signature algorithm. Look at this and see if it is
different from the value in the outer signature, and look up the
value online to see what it means.
On Mon, Sep 22, 2014 at 01:53:56PM +, Viktor Dukhovni wrote:
> > What does happen if both sides of the connection don't use the same group ?
>
> In TLS, the server designates the group, and the client must use
> that.
In particular any DH parameters specified on the client side are ignored,
On Mon, Sep 22, 2014 at 02:30:00PM +0200, Francis GASCHET wrote:
> Hello,
>
> When we create DH parameters we have to specify the group (2 or 5).
"g=2" is not "the group", it is a generator of a large cyclic group
modulo some large prime "p". "The group" consists of the pair (p,
g), or sometime
hello,
if it happens, the two peers will not derive the same key, what will make
further encrypted messages undecipherable by peer
but the correct protocol includes parameters exchange (generator and modulus),
and those are also included in the EVP_PKEY objects
In particular, you must transmit
Hello,
When we create DH parameters we have to specify the group (2 or 5).
What does happen if both sides of the connection don't use the same group ?
Best regards,
--
Francis
__
OpenSSL Project
Well, I am bit confused here.
I am decrypting the signature using RSA_public_decrypt function passing it a
public key with RSA_PKCS1_PADDING option.
For primary signature, I get back a 35 byte value which is inclusive of the
digestAlgorithm. It is in the v1.5 format that you mention about.
Fo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dear Users,
I have released version 5.04 of stunnel.
The ChangeLog entry:
Version 5.04, 2014.09.21, urgency: LOW:
* New features
- Support for local mode ("exec" option) on Win32.
- Support for UTF-8 config file and log file.
- Win32 UTF-16 bui
