> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
> Of Matt Caswell
> Sent: Wednesday, May 25, 2016 08:52
>
> On 25/05/16 15:35, Michael Wojcik wrote:
> >> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On
> >> Behalf Of Matt Caswell Sent: Wednesday, May 25
> NO, Rich is making a mistake, ADH is ephemeral of necessity, since without
> long-term keys in certificates it is impossible to use long-term keys whose
> disclosure might later compromise confidentiality.
Except that your code can always use the same keypair if it screws up the
callback. And
Yes, it's only required on the server.
Norm Green
On 5/25/16 14:10, Jeremy Farrell wrote:
Interesting; is this a server-side requirement? I ask because with
1.0.2g my client using "AECDH+AES:ADH+AES" makes a TLS 1.2 connection
with AECDH-AES256-SHA without calling this function or similar.
R
Interesting; is this a server-side requirement? I ask because with
1.0.2g my client using "AECDH+AES:ADH+AES" makes a TLS 1.2 connection
with AECDH-AES256-SHA without calling this function or similar.
Regards,
jjf
On 25/05/2016 21:31, Norm Green wrote:
Yes! That was the
On Tue, May 24, 2016 at 05:45:56PM +, Salz, Rich wrote:
> > >./openssl ciphers -v 'ALL:aNULL' |grep ECDH |grep "Au=None"
> > AECDH-AES256-SHASSLv3 Kx=ECDH Au=None Enc=AES(256) Mac=SHA1
> > AECDH-AES128-SHASSLv3 Kx=ECDH Au=None Enc=AES(128) Mac=SHA1
> > AECDH-RC4-SHA
On Tue, May 24, 2016 at 05:08:38PM +, Salz, Rich wrote:
> > 2) Are the same encryption keys used every time with ADH?
>
> Yes. That's the other BIG reason :) You really want ephemeral, and
> therefore ECDH
NO, Rich is making a mistake, ADH is ephemeral of necessity, since
without long-ter
Yes! That was the problem. In order to use cipher "AECDH",
SSL_CTX_set_ecdh_auto(ctx, 1) must be called first.
Thanks Michael!!
Norm
On 5/24/16 15:52, Michael Wojcik wrote:
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
Of Norm Green
Sent: Tuesday, May 24, 2016 13
Please, send mesaage!
--
View this message in context:
http://openssl.6102.n7.nabble.com/Certificate-Transparency-OCSP-response-tp66295p66328.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/list
This is probably not very useful, but just as another data point: 32-bit
OpenSSL 1.0.2g passes "make test" on HP-UX 11.31 for ia64 (Itanium). I have no
idea whether the difference is in the OpenSSL version, the HP-UX version, the
CPU type, or some configuration option.
Unfortunately we no longe
On 25/05/16 15:35, Michael Wojcik wrote:
>> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On
>> Behalf Of Matt Caswell Sent: Wednesday, May 25, 2016 08:05 To:
>> openssl-users@openssl.org Subject: Re: [openssl-users]
>> openssl-1.1.0 - Linker error on Windows
>>
>>
>> On 25/05/
-Original Message-
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
Michael Wojcik
Sent: 25 May 2016 15:35
To: openssl-users@openssl.org
Subject: Re: [openssl-users] openssl-1.1.0 - Linker error on Windows
> From: openssl-users [mailto:openssl-users-boun...@op
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
> Of Matt Caswell
> Sent: Wednesday, May 25, 2016 08:05
> To: openssl-users@openssl.org
> Subject: Re: [openssl-users] openssl-1.1.0 - Linker error on Windows
>
>
> On 25/05/16 14:59, Michael Wojcik wrote:
> >
> >> From: o
[Ugh, HTML email, which Outlook is still incapable of processing correctly.]
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
> Andrew Hartley
> Sent: Wednesday, May 25, 2016 05:20
> I’ve built the openssl-1.1.0 library with no-shared config option on Windows.
> I’
On 25/05/16 14:59, Michael Wojcik wrote:
> [Ugh, HTML email, which Outlook is still incapable of processing
> correctly.]
>
>> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On
>> Behalf Of Andrew Hartley Sent: Wednesday, May 25, 2016 05:20
>
>> I’ve built the openssl-1.1.0 libr
I've built the openssl-1.1.0 library with no-shared config option on Windows.
I've linked the library to my application and fixed the few issues with
EVP_MD_CTX deprication. When I build my application I get the following link
errors:
1>libcrypto.lib(e_capi.obj) : error LNK2019: unresolved ex
I have now worked out what to do. I did a clean with:
? nmake clean
and then successfully build the library with the no-shared config option.
Andrew
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
Andrew Hartley
Sent: 25 May 2016 11:21
To: openssl-users@openssl.o
I have previously used openssl-1.0.2 and was using it with static linkage into
my program on Windows. I built it statically using the nt.mak file. I have
now downloaded the source for openssl-1.1.0 and wish to build it statically.
If I use the defaults, all builds fine with nmake and then ins
Thanks Viktor for your reply.
I forgot to mention that I can compile 1.0.2h 64-bit version on the same
machine. The only problem is when building the 32-bit version of OpenSSL.
Here is full line:
"hpux-parisc2-cc","cc:+DAportable +O3 +Optrs_strongly_typed -Ae +ESlit
-DB_ENDIAN -DMD32_XARRAY -D_RE
18 matches
Mail list logo
