Hi.
I’m working on an application that requires datagrams of ASN.1 PDU’s to be
exchanged.
The application data needs to be first encrypted, then signed. I will not be
using streams, but rather memory BIO’s.
I could use the CMS_encrypt() into one BIO, then reset that and pass it as
input to C
SSL_OP_* are bitmasks.
SSL_CTX_set_options(conn->ssl_ctx, SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3);
-Kyle H
On 11/14/2014 12:37 AM, Vaghasiya, Nimesh wrote:
>
> Hi,
>
> Thanks for the info.
>
>
>
> (a typo in previous mail).
>
> Could you please confirm whether following will ensure my SSLv23
> method
try run
curl -k https://www.poweradmin.com/
If you use curl with openssl 1.0.0a or 1.0.0b, you'll get
curl: (35) error:1411809D:SSL routines:SSL_CHECK_SERVERHELLO_TLSEXT:tls
invalid ecpointformat list
Just to add some more information - When I do my nmake -f ms\ntdll.mak
command, I do end up with some out32dll.dbg and out32.dbg directories in my
source folders, and if I browse to the out32.dbg folder and do "openssl
engine" I do get some output:
$ ../out32.dbg/openssl.exe engine
(rdrand) Intel
On Fri, Nov 14, 2014, Fredrik Jansson wrote:
> Hi Steve, thanks for helping out!
>
> The server cert is P-256 and the CA is P-384, please see below. Is that ok?
>
That is but this isn't:
>
> Signature Algorithm: ecdsa-with-SHA1
>
The signing digest needs to match the curve. So if you s
On Fri, Nov 14, 2014 at 06:35:51AM +, Viktor Dukhovni wrote:
> On Fri, Nov 14, 2014 at 06:26:24AM +, Vaghasiya, Nimesh wrote:
>
> [ It is rude to ask user questions on the dev list (moved to Bcc). ]
>
> > We are in process of disabling SSLv3 and SSLv2 protocols from all of our
> > FreeBS
Microsoft just published a patch on their SChannel component (KB 2992611 )
https://technet.microsoft.com/library/security/MS14-066
But with this fix, Web server IIS 7.5/8.0 on Windows server 2008R2 or
Windows server 2012 did not accept download from curl + OpenSSL 1.0.0a /
1.0.0b !
If you com
Hi Steve, thanks for helping out!
The server cert is P-256 and the CA is P-384, please see below. Is that ok?
Fredrik
openssl x509 -noout -text -in server-secp256r1-cert.pem
Certificate:
Data:
Version: 1 (0x0)
Serial Number: 3 (0x3)
Signature Algorithm: ecdsa-with-SH
Hello,
I am noticing that when I install the OpenSSL bundle from
http://slproweb.com/products/Win32OpenSSL.html
The lib folder gets a lot of .lib files in it that are corresponding to the
engines such as capi.lib
How can I compile OpenSSL to generate those same lib files? Is it simply a
matter o
Hi Phillip,
I am currently looking at updating the openssl wiki with a list of books
and resources. I have only just begun collecting information on this, but I
would love to know of anything you find or are using.
Thanks,
Casey
On Fri Nov 14 2014 at 3:10:12 PM Salz, Rich wrote:
> Ivan Ristic'
Hi,
The release notes for OpenSSL 1.0.2 [beta] says that it supports APLN:
https://www.openssl.org/news/openssl-notes.html
http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=6f017a8f9db3a79f3a3406cf8d493ccd346db691
But the CHANGES file for 1.0.2-beta3 doesn't mention it. However this version
Ivan Ristic's https://www.feistyduck.com/books/bulletproof-ssl-and-tls/ is
really really good. But it's more about configuration and the command-line then
the API.
Ivan's the force behind the Qualys SSL test site.
__
OpenSSL Pr
Hi.
I’ve been using the O’Reilly “Network security with OpenSSL” book, but it’s
showing its age. It was published in 2002 and covered version 0.9.7.
Since then a lot of RFCs have been published, weaknesses reported and fixed,
new functionality added… It’s time to give up my beloved book for so
> I was wondering which release(s) the patches for bug 3470, 3483, and 3489
> are scheduled for?
As nobody from the openssl dev team has commented on this (other than a
question from drH), the only conclusion right now is: no current plan.
Sorry.
Hi,
I was wondering which release(s) the patches for bug 3470, 3483, and 3489 are
scheduled for?
http://rt.openssl.org/Ticket/Display.html?id=3470
http://rt.openssl.org/Ticket/Display.html?id=3483
http://rt.openssl.org/Ticket/Display.html?id=3489
Internally, we have an arcane policy that prohib
On Fri, Nov 14, 2014, Fredrik Jansson wrote:
> Hi!
>
> Thanks!
>
> I am using 1.0.2b3 on both server and client, and I have the call to
> SSL_CTX_set_ecdh_auto, but still no luck.
>
> The exact code is as follows:
>
> 358 void initialize(TLSSettings const& settings) {
> 359 ctx_ =
Hi!
Thanks!
I am using 1.0.2b3 on both server and client, and I have the call to
SSL_CTX_set_ecdh_auto, but still no luck.
The exact code is as follows:
358 void initialize(TLSSettings const& settings) {
359 ctx_ = SSL_CTX_new(TLSv1_2_server_method());
360 if (!ctx_) {
361
On Fri, Nov 14, 2014, Fredrik Jansson wrote:
> Hi!
>
> I am trying to force my TLS 1.2 connection into Suite B mode, but at
> handshake I get an error "no shared cipher".
>
> The server code is basically:
>
> SSL_CTX_new(TLSv1_2_server_method());
> //ECDSA cert is added to the ctx
> SSL_CTX_use
Hi!
I am trying to force my TLS 1.2 connection into Suite B mode, but at
handshake I get an error "no shared cipher".
The server code is basically:
SSL_CTX_new(TLSv1_2_server_method());
//ECDSA cert is added to the ctx
SSL_CTX_use_certificate(ctx_, serverCert.cert.get())
SSL_CTX_use_PrivateKey(c
Hi,
i am using EVP_SealInit() for enveloping. Is it possible to create me encrypted
session keys with the EVP interface *after* encrypting the main data? Or do i
have to use to low level RSA interface?
Greetings,
Johannes
__
O
Hello Michael,
Thank you very much for your help.
I will rebuild OpenSSL for static linking and use it in my program.
Kind regards,
Patrice.
Michael Wojcik a écrit :
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
us...@openssl.org] On Behalf Of Patrice Guérin
Sent: Wednesday, 12 N
Folks
I noticed that in certain cases - SSL_accept call gets hung forever and I had
to restart my process to fix the issue.
I also observe that the SSL_accept creates some latency, is that possible and
if any one of you faced these problems before ? If so , can you please suggest
what could be d
Hi,
Thanks for the info.
(a typo in previous mail).
Could you please confirm whether following will ensure my SSLv23 methods will
no more accept SSLv3 and SSLv2 connections ?
conn->ssl_ctx = SSL_CTX_new(SSLv23_server_method());
SSL_CTX_set_options(conn->ssl_ctx, SSL_
23 matches
Mail list logo
