Hello
How can anyone test if the server is susceptible to DROWN CVE?
Possibly one of the methods is to check at https://drownattack.com/#check
Apart from this, will be below command also be useful to verify for the
impact? -
$ openssl s_client -connect : -ssl2
Regards
Sandeep
--
openssl-
On Thu, Mar 03, 2016 at 02:00:31PM -0500, Jeffrey Walton wrote:
> > Note that "no-comp" is a consequence of "zlib" and "zlib-dynamic"
> > not being enabled. You have to choose to turn compression on IIRC
> > by enabling one of these.
>
> no-comp disables compression independent of zlib. OPENSSL_
>> > By and large what should be off by default eventually or already
>> > is, but there can be some delay for backwards compatibility.
>> ...
>> > With these you're covered for no-ssl2 no-comp and no weak ciphers.
>>
>> We are using 1.0.2f, no-ssl2 and no-comp do not appear to be defaults in
>> th
On Thu, Mar 03, 2016 at 08:13:36AM -0500, Wall, Stephen wrote:
> > From: openssl-users [mailto:openssl-users-boun...@openssl.org] On
> > Behalf Of Viktor Dukhovni
> >
> > By and large what should be off by default eventually or already
> > is, but there can be some delay for backwards compatibili
I've written big chunks of a CA in both openssl and java (BouncyCastle). It
has definite benefits since it can be tightly integrated into an existing
infrastructure but does require a fairly deep understanding of both
concepts and implementation details. The actual key management is not that
hard t
Hello,
I'm running server and client and they communicate using DTLS over UDP and
cipher suite in use is AES-GCM-SHA384.
What i want to do here is to decrypt the packets which are sent by the client
but i keep failing to do so.
To do this i obviously need the clients write key, nonce, the actual
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On
> Behalf Of Viktor Dukhovni
>
> By and large what should be off by default eventually or already
> is, but there can be some delay for backwards compatibility.
...
> With these you're covered for no-ssl2 no-comp and no weak cipher
