On 10/20/2014 10:10 PM, Nou Dadoun wrote:
Well I think I'm completely confused about this option now; "always when you fall
back" seems to suggest that falling back is an application level operation (as
opposed to openssl-implemented behaviour), is it? i.e. is the onus on the client
applicat
On 20/10/14 23:59, Nou Dadoun wrote:
> This should be a short question (for a change), am I correct in assuming that
> the earliest version of openssl which provided support for TLSv1.1 and
> TLSv1.2 is openssl 1.0.1?
>
> i.e. there's no support for those in 0.9.8 (soon to be deprecated) or 1
This should be a short question (for a change), am I correct in assuming that
the earliest version of openssl which provided support for TLSv1.1 and TLSv1.2
is openssl 1.0.1?
i.e. there's no support for those in 0.9.8 (soon to be deprecated) or 1.0.0?
One of our products uses 0.9.8 for the FIP
It certainly does, thanks to you and Rich for the clarification ... N
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Matt Caswell
Sent: October-20-14 1:40 PM
To: openssl-users@openssl.org
Subject: Re: SSL_MODE_SEND_FALLBACK_S
On Mon, Oct 20, 2014 at 09:22:15PM +0200, Graham Leggett wrote:
> Can anyone confirm the order in which certs are returned by
> SSL_get_peer_cert_chain()?
Last time I read the code, I concluded that SSL_get_peer_cert_chain
returns the certificate chain exactly as sent by the remote server
in its
On 20/10/14 21:10, Nou Dadoun wrote:
> Well I think I'm completely confused about this option now; "always when you
> fall back" seems to suggest that falling back is an application level
> operation (as opposed to openssl-implemented behaviour), is it? i.e. is the
> onus on the client appli
> Well I think I'm completely confused about this option now; "always when
> you fall back" seems to suggest that falling back is an application level
> operation (as opposed to openssl-implemented behaviour), is it? i.e. is the
> onus on the client application to retry with a lower version if i
Well I think I'm completely confused about this option now; "always when you
fall back" seems to suggest that falling back is an application level operation
(as opposed to openssl-implemented behaviour), is it? i.e. is the onus on the
client application to retry with a lower version if it want
Hi all,
Can anyone confirm the order in which certs are returned by
SSL_get_peer_cert_chain()?
Regards,
Graham
—
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
When I said "always" I meant "always when you fall back"
I was being too terse and not clear enough.
Hope this helps.
--
Principal Security Engineer, Akamai Technologies
IM: rs...@jabber.me Twitter: RichSalz
> -Original Message-
> From: owner-openssl-us...@openssl.org [mailto:owner-o
This is the first time I've seen this point of view expressed but it does make
evident sense - after all, the whole idea of falling back is to find a mutually
acceptable version. However it conflicts with some of the previous advice I've
seen on the list which recommended that SSL_MODE_SEND_FAL
Hi,
My file already has the contents:
foreach (values %lib_nam)
{
$lib_obj=$lib_obj{$_};
local($slib)=$shlib;
if (($_ eq "SSL") && $no_ssl2 && $no_ssl3)
{
$rules.="\$(O
Hi,
it worked. Thank you a lot.
Thanks - Pradeep Reddy.
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Arthur Ramsey
Sent: Monday, October 20, 2014 7:11 PM
To: openssl-users@openssl.org
Subject: Re: Openssl 1.0.1j
I had the same issue and was given
I had the same issue and was given the following patch.
diff --git a/util/mk1mf.pl b/util/mk1mf.pl
index f0c2df0..4d2bbb2 100755
--- a/util/mk1mf.pl
+++ b/util/mk1mf.pl
@@ -671,11 +671,11 @@ foreach (values %lib_nam)
$lib_obj=$lib_obj{$_};
local($slib)=$shlib;
- if (($_ e
What is the best way to check if a raw socket connection is SSL or not?
Or better to say... is there an OpenSSL API that can check if that connection
is a supported SSL protocol or not?
Thanks a lot.
--
Marco Bambini
http://www.sqlabs.com
http://twitter.com/sqlabs
http://instagram.com/sqlabs
_
On Mon, Oct 20, 2014, Rares Dumitrache wrote:
> Hello,
>
> I have a signing certificate with which I sign a message with
> openssl command line. I do NOT use -nocerts option, so the signing
> certificate should be embedded in the CMS message. I verify that it
> exists by retrieving it with comman
Hi,
I have seen following strange behavior with openssl sources:
1. First time I compiled openssl sources 1.0.1j, downloaded from openssl
site, without any build options, like not shutting down ssl2, ssl3, It compiled
successfully. On this compiled sources, I added build options, no-ssl2
On 10/20/2014 12:50 PM, Aditya Kumar wrote:
1. Will this updated client set with TLS_FALLBACK will be able to work
with un-updated Server(server using older version of OpenSSL where this
FALLBACK mode is not set)?
No, the behavior of existing OpenSSL applications will not change.
OpenSSL will
Hello,
I have a signing certificate with which I sign a message with openssl
command line. I do NOT use -nocerts option, so the signing certificate
should be embedded in the CMS message. I verify that it exists by
retrieving it with command:
openssl cms -verify -in infile.ini -certsout cert_to
Hi All,
I have a question regarding SSL_MODE_SEND_FALLBACK_SCSV introduced in
OpenSSL 0.9.8zc as part of a preventive measure for SSL 3.0 POODLE
vulnerability.
I have client and server applications using OpenSSL for SSL/TLS
communication. My question is that what will happen if I update my clien
Hello,
I have a signing certificate with which I sign a message with openssl
command line. I do NOT use -nocerts option, so the signing certificate
should be embedded in the CMS message. I verify that it exists by
retrieving it with command:
openssl cms -verify -in infile.ini -certsout cert_to
Your EC point is on the brainpoolP256r1 curve. This curve isn't
supported by OpenSSL (yet).
--
Erwann ABALEA
Le 20/10/2014 10:16, Harakiri a écrit :
Im getting the following error
using openssl x509 -inform DER -in cms_cert.der -text
140026491385512:error:100D7010:elliptic curve routines:ECK
Im getting the following error using openssl x509 -inform DER -in cms_cert.der
-text
140026491385512:error:100D7010:elliptic curve routines:ECKEY_PUB_DECODE:EC
lib:ec_ameth.c:206:
140026491385512:error:0B07707D:x509 certificate routines:X509_PUBKEY_get:public
key decode error:x_pubkey.c:164: I
23 matches
Mail list logo
