On 13/11/2015 03:56, pratyush parimal wrote:
Hi,
I'm writing a client-server program that uses TLS for communication.
I'm wondering if there's any way to programmatically find out which
TLS protocol versions are supported by the OpenSSL library installed
on my system.
I'm currently aware of
Hi,
I'm writing a client-server program that uses TLS for communication.
I'm wondering if there's any way to programmatically find out which TLS
protocol versions are supported by the OpenSSL library installed on my
system.
I'm currently aware of three ways which "sort of" provide this informatio
Hi everybody,
I'm new with OpenSSL and I have some questions.
The thing is that several RSA key pairs (each one for a
different user) will be stored in a shared secured location. As the key
pairs will be stored in the same place, we are looking for a way to e
Entropy collection is outside the FIPS boundary. If you don't want to
modify the code, you can pass in -DDEVRANDOM using CFLAGS and set it to
whatever value you desire. For instance, maybe you have a hardware
device mapped to /dev/entropy that provides sufficient random data to
seed the DRBG.
xxiao,
Are you sure you can't modify that? My understanding of FIPS mode is that
you cannot modify the FIPS code canister, which entropy sources are not a
part of.
Cheers,
Ethan
On Thu, Nov 12, 2015 at 8:08 AM, xxiao8 wrote:
> in e_os.h I saw
> ==
> #ifndef DEVRANDOM
>
> /* set this to a
in e_os.h I saw
==
#ifndef DEVRANDOM
/* set this to a comma-separated list of 'random' device files to try out.
* My default, we will try to read at least one of these files */
#define DEVRANDOM "/dev/urandom","/dev/random","/dev/srandom"
# endif
==
this basically sets /dev/urandom as
