On 05/08/2016 04:51, Viktor Dukhovni wrote:
On Fri, Aug 05, 2016 at 04:33:25AM +0200, Jakob Bohm wrote:
I haven't read that proposal, but if the HTTPS server has to use the
same host name as the SMTPS server, then the SMTPS server could just
use the certificate directly.
There is at best a ver
On Fri, Aug 05, 2016 at 04:33:25AM +0200, Jakob Bohm wrote:
> I haven't read that proposal, but if the HTTPS server has to use the
> same host name as the SMTPS server, then the SMTPS server could just
> use the certificate directly.
There is at best a very tenuous analogy between TLS for HTTP an
On 05/08/2016 01:48, Viktor Dukhovni wrote:
On Thu, Aug 04, 2016 at 04:30:39PM -0700, Carl Byington wrote:
Have you seen the mta-sts proposal:
Of course.
But mta-sts starts with an unauthenticated dns TXT record.
Yes, this is but one of its compromises.
If that proposal is worth anything,
On Thu, Aug 04, 2016 at 04:30:39PM -0700, Carl Byington wrote:
> Have you seen the mta-sts proposal:
Of course.
> But mta-sts starts with an unauthenticated dns TXT record.
Yes, this is but one of its compromises.
> If that proposal is worth anything, it indicates there is some use for a
> mec
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Thu, 2016-08-04 at 22:33 +, Viktor Dukhovni wrote:
> Such configurations will be rather rare, and offer minimal incremental
> MITM protection. The code and documentation to support this use-case
> and explain it to users are not worth the tr
On Thu, Aug 04, 2016 at 03:05:00PM -0700, Carl Byington wrote:
> > OpenSSL version 1.1.0 pre release 6 (beta)
>
> Seems to work in my openssl/sendmail/dane test environment.
Thanks for the confirmation.
> http://www.five-ten-sg.com/mapper/blog/dane
Note, I still firmly hold that the "o DANE=
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
> OpenSSL version 1.1.0 pre release 6 (beta)
Seems to work in my openssl/sendmail/dane test environment.
http://www.five-ten-sg.com/mapper/blog/dane
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.14 (GNU/Linux)
iEYEAREKAAYFAleju/sACgkQL6j7
Hi all,
Another thing: couldn't SSL_OP_CIPHER_SERVER_PREFERENCE be renamed (or
aliased) to SSL_OP_SERVER_PREFERENCE in OpenSSL 1.1.0 because it applies
to more objects than only cipher suites?
--
Julien
Message transféré
Sujet : Wording in OpenSSL documentation for SSL_CT
I am trying to build the OpenSSL 1.0.2h ARM optimized assembler
routines for Apple iOS (the default build config doesn't do that
yet).
However the Apple version of the LLVM 7.3.0 ARM assembler seems
to reject some of the notation used by the current source code
(.type, .size and address subtracti
On 04/08/2016 17:53, Thomas Francis, Jr. wrote:
...
I really should point out three things, though:
1) FIPS 140 compliance (from any software package) is always less secure than
non-FIPS 140 compliant packages. By its nature, the validation process places
software several months to years out
> On Aug 4, 2016, at 11:00 AM, o haya wrote:
>
> Hi,
>
> I've been tasked to look into FIPS 140-2 "compliance" for our systems,
> overall, and I know that there's a "FIPS 140-2 module" for OpenSSL, that
> needs to be built from source and then integrated into OpenSSL by building
> OpenSSL wi
On 08/04/2016 11:00 AM, o haya wrote:
> Hi,
>
> I've been tasked to look into FIPS 140-2 "compliance" for our
> systems, overall, and I know that there's a "FIPS 140-2 module" for
> OpenSSL, that needs to be built from source and then integrated into
> OpenSSL by building OpenSSL with the FIPS mod
Hi,
I've been tasked to look into FIPS 140-2 "compliance" for our systems, overall,
and I know that there's a "FIPS 140-2 module" for OpenSSL, that needs to be
built from source and then integrated into OpenSSL by building OpenSSL with the
FIPS module.
The User guide goes into how to integrate
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL version 1.1.0 pre release 6 (beta)
===
OpenSSL - The Open Source toolkit for SSL/TLS
https://www.openssl.org/
OpenSSL 1.1.0 is currently in beta. OpenSSL 1.1.0 pre release 6 has now
b
14 matches
Mail list logo
