I seem unable to figure how to configure RSA-OAEP parameters (hash and MGF
functions) for “opensl pkeyutl” command.
The man page seems to say that only thing I can do is tell openssl CLI that I
want OAEP padding, and nothing more.
File “apps/pkeyutl.c” was of no help. Where can I find al
➢ But the patch was put in git almost 10 months before 1.0.2 initial
release.
We weren’t using git back then. So maybe it’s a bad/confusing import. Maybe
matt can explain.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
On 14/09/2017 23:06, Salz, Rich via openssl-users wrote:
➢ However for some unknown reason, this was not included in 1.0.2
which thus still rejects all such certificate chains.
Because it was seen to be a feature, not a bug-fix?
But the patch was put in git almost 10 months befo
➢ However for some unknown reason, this was not included in 1.0.2
which thus still rejects all such certificate chains.
Because it was seen to be a feature, not a bug-fix?
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Way back in May 2014, there was a patch by Matt Casswell to not
incorrectly reject all certificate chains with IP address name
constraints and actual IP address names
(dd36fce023a64d90058b8fefbd95dadaca98f9ca).
However for some unknown reason, this was not included in 1.0.2
which thus still rejec
Hi Neetish,
I would recommend considering the following in your research:
- The impact of Nagle. See https://github.com/openssl/openssl/issues/4237
- The impact of the KeyShare calculation on TLS 1.3 session resumption
(assuming most deployments will use psk_dhe_ke)
- The impact of post-handshak
Hi,
I worked on TLS 1.3 performance bench-marking. After my tests, I found that
TLS 1.3 based resumption is not giving us the connection latency benefits
when tested in a LAN environment. It is slower than TLS 1.2. When tested on
WAN, definitely, TLS 1.3 fares better than TLS 1.2.
I want your sugg
On 2017-09-12, 19:33 GMT, Dr. Stephen Henson wrote:
> Yes *_seq_unpack() is no longer in 1.1. What happens is that
> code above it generates a function d2i_SEQ_CERT() which does
> the same as ASN1_seq_unpack() for a certificate.
>
> So something like this should work:
>
> const unsigned char *tmp
We did some system upgrades and they were down during the update time.
As I’ve said before, please wait for at least a second day before writing about
the snapshots.
On 9/14/17, 8:09 AM, "The Doctor" wrote:
They are missing in action!
--
openssl-users mailing list
To unsubscribe: https
They are missing in action!
--
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising!
https://www.empire.kred/ROOTNK?t=94a1f39b Look at Psalms 14 and 53 on Atheism
Talk Sense to a fool and h
10 matches
Mail list logo
