Re: [openssl-users] Diffie-Hellman Questions

> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf > Of Norm Green > Sent: Tuesday, May 24, 2016 13:40 > > I've tried both: > > SSL_CTX_set_cipher_list("AECDH") > > and: > > SSL_CTX_set_cipher_list("AECDH-AES256-SHA") > > on both the client and server side, both of whic

Re: [openssl-users] (SPAM) I: Question on ccm mode in openssl

Bonjour, CCM mode is already implemented in OpenSSL. Cordialement, Erwann Abalea Le 24 mai 2016 à 17:43, Christian Adja mailto:christian_a...@yahoo.it>> a écrit : Il Martedì 24 Maggio 2016 17:21, Christian Adja mailto:christian_a...@yahoo.it>> ha scritto: Good morning, i'm a master studen

Re: [openssl-users] Diffie-Hellman Questions

> Any suggestions on how to proceed? Sorry, no. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Diffie-Hellman Questions

I've tried both: SSL_CTX_set_cipher_list("AECDH") and: SSL_CTX_set_cipher_list("AECDH-AES256-SHA") on both the client and server side, both of which result in the dreaded "no shared cipher" error: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher:s3_srvr.c:1417: The foll

[openssl-users] Certificate Transparency: OCSP response

I want to test all 3 types of CT. I know how to implement two: TLS extension & X.509 extension. But how to implement OCSP response? I can add response file, but how to change OID? -- View this message in context: http://openssl.6102.n7.nabble.com/Certificate-Transparency-OCSP-response-tp66295.h

Re: [openssl-users] Diffie-Hellman Questions

> >./openssl ciphers -v 'ALL:aNULL' |grep ECDH |grep "Au=None" > AECDH-AES256-SHASSLv3 Kx=ECDH Au=None Enc=AES(256) Mac=SHA1 > AECDH-AES128-SHASSLv3 Kx=ECDH Au=None Enc=AES(128) Mac=SHA1 > AECDH-RC4-SHA SSLv3 Kx=ECDH Au=None Enc=RC4(128) Mac=SHA1 > AECDH-D

Re: [openssl-users] Diffie-Hellman Questions

Thanks Rich. More newbie questions. Looking at the available ciphers I see this: >./openssl ciphers -v 'ALL:aNULL' |grep ECDH |grep "Au=None" AECDH-AES256-SHASSLv3 Kx=ECDH Au=None Enc=AES(256) Mac=SHA1 AECDH-AES128-SHASSLv3 Kx=ECDH Au=None Enc=AES(128) Mac=SHA1 AECDH-R

Re: [openssl-users] Diffie-Hellman Questions

> 1) The wiki says don't use ADH, presumably because ADH provides > encryption but not authentication and is exposed to man in the middle > attacks. Is that the only reason? Use ECDH, it's less expensive computationally. > 2) Are the same encryption keys used every time with ADH? Yes. That's

[openssl-users] Diffie-Hellman Questions

I need some clarifications on the DH implementation in OpenSSL. Currently I'm using version 1.0.2h 1) The wiki says don't use ADH, presumably because ADH provides encryption but not authentication and is exposed to man in the middle attacks. Is that the only reason? 2) Are the same encryptio

[openssl-users] I: Question on ccm mode in openssl

Il Martedì 24 Maggio 2016 17:21, Christian Adja ha scritto: Good morning, i'm a master student at telecom paristech, i France, i'm working on openssl to add ieee and etsi certs for client. I saw that the ccm mode is not implemented in current openssl 1.0.2g version. So i would know i

Re: [openssl-users] make test failed on HPUX parisc

On Tue, May 24, 2016 at 06:05:34PM +0900, Alexandre Klein wrote: > > I'm using "hpux-parisc2-cc". I modified Configure to use +DAportable: > "hpux-parisc2-cc","cc:+DAportable +O3 ... > "hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 ... For meaningful help, post an unedited "diff" between the original

Re: [openssl-users] Is a certificate supposed to certify a device ...

Hi Kim kim. you would get more appropriate advise for OpenVPN from: https://forums.openvpn.net/ Also see the OpenVPN HOWTO located there .. The manual page can also be very helpful: https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage The openvpn users mailing list is also a great source

Re: [openssl-users] Looking for the Changelog in openssl-fips-2.0.12

On 05/24/2016 07:56 AM, Philip Bellino wrote: > Hello, > > I am looking for the Changelog that explains the changes between > openssl-fips-2.0.9 and 2.0.12. > > > > The README.FIPS that comes with 2.0.12 points here: > https://www.openssl.org/docs/fips but I cannot find the changes. > > >

[openssl-users] Looking for the Changelog in openssl-fips-2.0.12

Hello, I am looking for the Changelog that explains the changes between openssl-fips-2.0.9 and 2.0.12. The README.FIPS that comes with 2.0.12 points here: https://www.openssl.org/docs/fips but I cannot find the changes. Any help would be most appreciated. Thanks, Phil [E-Banner]

Re: [openssl-users] Is a certificate supposed to certify a device ...

A certificate certifies whatever it says it certifies, nothing else. More precisely, an X.509 certificate of the kind used with OpenSSL, OpenVPN etc. certifies that: The secret private key that corresponds to the public key listed in the certificate is known only to something or someone fo

[openssl-users] make test failed on HPUX parisc

Hi, I would like to build openssl 1.0.2h on my HPUX but it failed when running the tests (v3nametest). My machine: HPUX PARISC B11.11 B9007AAB.11.11.20 HP C/aC++ Developer's Bundle I'm using "hpux-parisc2-cc". I modified Configure to use +DAportable: "hpux-parisc2-cc","cc:+DApor

[openssl-users] Is a certificate supposed to certify a device ...

Hello, I am a non English native and just a newbie, the opposite of an IT expert, and am totally stuck on this. If any of you can kindly give any advice on my stupid or basic questions I would indeed greatly, greatly appreciate your help: Some while ago, for the first time in my life I (insta