On 5/7/2015 8:40 PM, Viktor Dukhovni wrote:
> On Thu, May 07, 2015 at 08:00:17PM -0400, Nathaniel McCallum wrote:
>
>> There have been some conversations behind Red Hat doors about
>> improving the state of Kerberos/TLS in both standards and
>> implementations. Could we maybe have a broader conver
On Thu, May 07, 2015 at 08:00:17PM -0400, Nathaniel McCallum wrote:
> There have been some conversations behind Red Hat doors about
> improving the state of Kerberos/TLS in both standards and
> implementations. Could we maybe have a broader conversation about how
> to fix this situation?
To be bl
On Tue, 2015-05-05 at 09:21 +0100, Matt Caswell wrote:
> I am considering removing Kerberos support from OpenSSL 1.1.0. There
> are
> a number of problems with the functionality as it stands, and it
> seems
> to me to be a very rarely used feature. I'm interested in hearing any
> opinions on this
Not sure.
Are you using blocking or non-blocking IO?
Have you tried SSL_MODE_AUTO_RETRY?
Do you notice a different return value from SSL_read() after a zero byte
read compared to other errors?
On 05/06/2015 07:12 PM, Bryan Call wrote:
> Do you know if there is a way from preventing a call to
Do you know if there is a way from preventing a call to SSL_get_error() after
getting a 0 byte read from SSL_read()? This is the main issue I am facing with
the OpenSSL error locking right now.
-Bryan
> On May 1, 2015, at 6:49 AM, Salz, Rich wrote:
>
>> Lock #1 is CRYPTO_LOCK_ERR, which I
On Thu, May 07, 2015 at 10:28:49AM +0200, Piotr ?obacz wrote:
> According to the documentation of ECDSA uses RNG so it would be
> difficult to find out private key from signature but i want just to test
> my data to check if signature is being generated properly and I have'nt
> found any possible
Hi Piotr,
As you have found out, choosing the per message random number in ECDSA
signature is crucial for the security of private key.
Leaving this responsibility on users is dangerous. This is the reason you
won't find any crypto API to feed the random number for ECDSA signature.
If you want to
Hi All,
What is the reason that the DRBG random generation function- fips_drbg_bytes
does not consider prediction resistance as input?
Inside fips_drbg_bytes
rv = FIPS_drbg_generate(dctx, out, rcnt, 0, adin, adinlen); //prediction
resistance disabled
And as a result the entropy generation ca
Hello,
We have an OpenSSL application in which the client calls SSL_connect() to
connect to the server.
We upgraded the OpenSSL used inour application from 1.0.1l to 1.0.2a
recently.
When OpenSSL 1.0.1l was used, the ciphersuite the client got was
ECDHE_RSA_WITH_AES_256_CBC_SHA. When OpenSSL 1.
As in the subject is it possible to generate signature with given random
number? According to the documentation of ECDSA uses RNG so it would be
difficult to find out private key from signature but i want just to test
my data to check if signature is being generated properly and i have'nt
found any
On Thu, May 07, 2015 at 08:49:21AM +0300, Yoav Nir wrote:
> > I think there was also discussion on this list at some point suggesting
> > changing that "MAY" for omitting the root CA cert to a "SHOULD" or a
> > "MUST". (I think the argument for the latter was to reduce wasted bandwidth)
Sorry, th
11 matches
Mail list logo
