What kind of stateful packet inspection are the NATs doing?
Can you run packet captures on each network that's being translated?
-Kyle H
On Thu, Nov 2, 2017 at 4:23 PM, Paul Greene wrote:
> Yes. I've made captures on both - the production client that I manage and
> the test client I have at hom
Yes. I've made captures on both - the production client that I manage and
the test client I have at home.
On the production client, the conversation lasts only 8 packets - the
initial 3 way handshake, my client sends a PUSH packet, gets an ACK from
the upstream, and then the upstream sends a FIN pa
Hi Rich,
I am using OpenSSL 1.0.2h. And I am trying to strip off unused hardware
support. I tried using the options mentioned for 1.0.1e which I have
explained in the previous mail.
They dont seems to work for 1.0.2h. Hence I wanted to know what would be
the best way to remove the unsupported hard
. Those versions are no longer
receiving security updates.
References
==
URL for this Security Advisory:
https://www.openssl.org/news/secadv/20171102.txt
Note: the online version of the advisory may be updated with additional details
over time.
For details of OpenSSL severity
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL version 1.1.0g released
===
OpenSSL - The Open Source toolkit for SSL/TLS
https://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 1.1.0g of our open sour
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL version 1.0.2m released
===
OpenSSL - The Open Source toolkit for SSL/TLS
https://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 1.0.2m of our open sour
Have you thought of putting a packet-capture on, say, the client side and then
viewing it?
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
> remove unwanted engine files to go away from compilation. OpenSSL 1.01x
1.0.1 or 1.1.0 release? I’m guessing 1.0.1, since many of those engines are
removed from 1.1.0
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Hello All,
I've got two servers that need to communicate with each other using SSL.
The applications that are supposed to talk to each other are custom in
house applications.
When I try to connect to the upstream server, you can see the initial
connection established - "Connecting to "addres
On 31-10-17 17:47, Matt Caswell wrote:
>
>
> On 31/10/17 16:42, Wouter Verhelst wrote:
>> On 31-10-17 17:26, Matt Caswell wrote:
>>> I agree its not a great name for it. Unfortunately we are stuck with it
>>> for compatibility reasons. If we renamed it we would break any code that
>>> is currentl
Hi Matt,
Thanks for the reply. We dont want to turn off the engine fully. We have
TPM chip, that is part of OpenSSL. I just want to turn off default
available hardware using
no-hw-4758-cca no-hw-aep no-hw-atalla no-hw-chil
no-hw-cswift no-hw-ibmca no-hw-ncipher no-hw-nuron no-hw-
padlock no-hw-su
Dear friends,
I am looking for optimizing the SSL_write() and SSL_read()
operation on an embedded platform.
Below is the setup currently I have
1. Hardware OpenSSL engine library for the platform is present for
carrying out any HW AES encryption and AES decryption functio
Dear friends,
I am looking for optimizing the SSL_write() and SSL_read()
operation on an embedded platform.
Below is the setup currently I have
1. Hardware OpenSSL engine library for the platform is present for
carrying out any HW AES encryption and AES decryption functio
On 02/11/17 10:32, Christian Heimes wrote:
> However this trick will not work with TLS 1.3. The new TLS 1.3 cipher
> suites no longer specify authentication algorithm or key
> agreement/exchange. TLS 1.3 RFC specifies a signature_algorithms
> extension [5]. I could not find any API call in OpenSS
Hi,
I'm one of the maintainers of Python's ssl module. A couple of days ago
Hanno Böck opened an issue [1] against ssl.get_server_certificate()
function [2][3]. It's a helper function to retrieve the end-entity
certificate from a remote TLS/SSL server over an unverified connection.
The implementa
On 02/11/17 07:07, Jayalakshmi bhat wrote:
> Hi Matt,
>
> Thanks a lot for the response. Sorry for the delayed reply. I was out of
> office for a while. This helped me. However I am not seeing option to
> remove unwanted engine files to go away from compilation. OpenSSL 1.01x
> method
> (no-hw
Hi Matt,
Thanks a lot for the response. Sorry for the delayed reply. I was out of
office for a while. This helped me. However I am not seeing option to
remove unwanted engine files to go away from compilation. OpenSSL 1.01x
method (no-hw no-hw-4758-cca no-hw-aep no-hw-atalla no-hw-chil no-hw-cswi
17 matches
Mail list logo
