Re: [openssl-users] The default cipher of executable 'openssl'

On Thu, Jun 11, 2015 at 11:19:17PM -0700, Aaron wrote: > Right, I am talking about s_server subcommand. You mentioned that there is > no change in this area. However I can easily show something is change using > s_server subcommand. I am using original OpenSSL code to build my 'openssl', > to this

Re: [openssl-users] The default cipher of executable 'openssl'

Hi Dave, Thanks for your comments. I am not really familiar with OpenSSL, so some parts of my descriptions may not be not very clear. Right, I am talking about s_server subcommand. You mentioned that there is no change in this area. However I can easily show something is change using s_server su

[openssl-users] X509_V_ERR_INVALID_PURPOSE when validating TLS client with "any purpose" EKU (2.5.29.37.0)

Dear OpenSSL Users, When attempting to validate a TLS client whose cert has a number of EKU purposes including "any" (2.5.29.37.0), but not "Client Authentication" (1.3.6.1.5.5.7.3.2), I am seeing validation fail with X509_V_ERR_INVALID_PURPOSE. Looking at

Re: [openssl-users] cannot configure openssl-1.0.1n on Windows with msys --target already defined - (offending arg: mingw) -- the issue does not occur in openssl-1.0.1l and openssl-1.0.1m.

The problem goes away if I comment out the "die" statement on line 942 from the "Configure" file: else { *#die "target already defined - $target (offending arg: $_)\n" if ($target ne "");* $target=$_; } Is the above safe and the correct

[openssl-users] cannot configure openssl-1.0.1n on Windows with msys --target already defined - (offending arg: mingw) -- the issue does not occur in openssl-1.0.1l and openssl-1.0.1m.

Hi All, I was able to compile openssl 1.0.1l and openssl 1.0.1m perfectly via msys in Windows 8 -- but something isn't working right with openssl 1.0.1n *Exact steps using msys causing the error:* tar xvzf openssl-1.0.1n.tar.gz cd openssl-1.0.1n export PATH=/c/mingw/bin:$PATH $ ./Configure --

[openssl-users] OpenSSL Security Advisory

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenSSL Security Advisory [11 Jun 2015] === DHE man-in-the-middle protection (Logjam) A vulnerability in the TLS protocol allows a man-in-the-mid

[openssl-users] OpenSSL version 1.0.2b released

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenSSL version 1.0.2b released === OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 1.0.2b of our open source

[openssl-users] OpenSSL version 1.0.1n released

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenSSL version 1.0.1n released === OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 1.0.1n of our open source

[openssl-users] OpenSSL version 1.0.0s released

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenSSL version 1.0.0s released === OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 1.0.0s of our open source

[openssl-users] OpenSSL version 0.9.8zg released

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenSSL version 0.9.8zg released === OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 0.9.8zg of our open sourc

Re: [openssl-users] Not getting "RSA" keyword for a key in fips mode

On Thu, Jun 11, 2015, Gayathri Manoj wrote: > Hi All, > > > I am trying to create a pem format key for my existing key by using the > below command. > > openssl rsa -in my_rsa_key -outform PEM -out my_res_newkey_pem > > The new key format is -BEGIN PRIVATE KEY-. > But I am expecting

Re: [openssl-users] Is there openssl API to verify certificate content is DER or PEM format ?

On Thu, Jun 11, 2015 at 06:01:26AM +0530, Nayna Jain wrote: > I have similar concern for private key. > If I have a pem file with private key in that, how do I check if that is > RSA/DSA ? In almost all cases don't check. Just load and use the key as a generic EVP_PKEY. -- Viktor.

Re: [openssl-users] The behavior change of command line utility -- 'openssl'

> I wonder if this is an expected behavior change or it is a bug. As Dave Thompson said, you haven't yet shown that there is a "bug" or change. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Not getting "RSA" keyword for a key in fips mode

Hi All, I am trying to create a pem format key for my existing key by using the below command. openssl rsa -in my_rsa_key -outform PEM -out my_res_newkey_pem The new key format is -BEGIN PRIVATE KEY-. But I am expecting -BEGIN RSA PRIVATE KEY- In nonFIPS mode i am getting ---

Re: [openssl-users] The default cipher of executable 'openssl'

> From: openssl-users On Behalf Of Aaron > Sent: Wednesday, June 10, 2015 03:47 > We are using executable 'apps/openssl' in our test cases. We upgraded from > OpenSSL 1.0.1l to OpenSSL 1.0.2a recently. Since then one of our test cases > started to fail. After checking, I noticed that the default c

Re: [openssl-users] [openssl-dev] Is there openssl API to verify certificate content is DER or PEM format ?

> From: openssl-dev On Behalf Of Nayna Jain > Sent: Wednesday, June 10, 2015 20:31 > If I have a pem file with private key in that, how do I check if that is RSA/DSA ? If it uses a "legacy" format, the BEGIN line specifies the algorithm -BEGIN RSA PRIVATE KEY- -BEGIN DSA PRIVATE KEY--