Re: [openssl-users] Building OpenSSL from sources

Dear Richard, On Thu, Feb 15, 2018 at 11:48 AM, Richard Levitte wrote: > In message gmail.com> on Thu, 15 Feb 2018 11:00:00 +0300, Dmitry Belyavsky < > beld...@gmail.com> said: > > beldmit> Hello, > beldmit> > beldmit> I get problems building and installing OpenSSL 1.1.0g from > source. I use D

Re: [openssl-users] Version compactibility

* Which version on 1.0.2x is the same as 1.1.0g(bug fixing branch)? None. 1.1.0 is substantially different (most structures are now opaque). -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Compiling on AIX

It’s been like this for about three weeks now.  I’ve not had a chance to look into addressing the issue.   Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia   From: Jerry L [mailto:artlem...@gmail.com] Sent: Friday, 16 F

[openssl-users] Version compactibility

Hi All, Which version on 1.0.2x is the same as 1.1.0g(bug fixing branch)? Thanks, Grace -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Issue with select after SSL_get_wfd

Hi All, I want to know the status of the SSL_WRITE for DTLS on UDP on a non-blocking socket. Only if the other end does the recvfrom I want to continue with subsequent SSL_WRITE. Below is what I have tried. //Making the socket blocking - if I dont do below then select call hangs if (wfd = SSL_g

Re: [openssl-users] Compiling on AIX

Thank you, that was an omission on our part. Fixed here: https://github.com/openssl/openssl/pull/5386 Cheers, Richard In message on Thu, 15 Feb 2018 12:53:52 -0500, Jerry L said: artlemuel> I failed to point out that I was test compiling the 1.1.1 version. I apologize for that omission

Re: [openssl-users] Explicit IV in TLS 1.1+

Hi Matt, I had an error in my PRF that is new for TLS 1.2. Now it works. Thanks for pointing me in the right directionand THANK YOU all for devoting time to this important project. Best regards Curt > On 15 Feb 2018, at 12:12 , Matt Caswell wrote: > > > > On 15/02/18 03:52, Curt Johanss

Re: [openssl-users] TLS 1.3 PSK test server setup

On Thursday, 15 February 2018 16:47:33 CET Matt Caswell wrote: > On 15/02/18 15:33, Viktor Dukhovni wrote: > >> On Feb 15, 2018, at 9:57 AM, Matt Caswell wrote: > >> > >> As pointed out by Hubert in #5378 this is in accordance with the > >> > >> recommendations in the spec: > >> "Implementor's

Re: [openssl-users] Compiling on AIX

I was aware of that which is the reason that I indicated we would not be looking at it until that certification was complete. On Thu, Feb 15, 2018 at 1:00 PM, Salz, Rich via openssl-users < openssl-users@openssl.org> wrote: > FYI, FIPS does not work for 1.1.x. > > > > -- > openssl-users mailing l

Re: [openssl-users] Compiling on AIX

FYI, FIPS does not work for 1.1.x. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Compiling on AIX

I failed to point out that I was test compiling the 1.1.1 version. I apologize for that omission. Jerry L On Thu, Feb 15, 2018 at 12:37 PM, Jerry L wrote: > I received an error when compiling on AIX 7.1 using both cc and gcc. The > 'ar' command fails with a message that / is not a valid flag

[openssl-users] Compiling on AIX

I received an error when compiling on AIX 7.1 using both cc and gcc. The 'ar' command fails with a message that / is not a valid flag when it tries to create the new archive file. I changed the ARFLAGS variable to ARFLAGS= -q -X32 in the make file and the archive was created and the object files

Re: [openssl-users] TLS 1.3 PSK test server setup

On 15/02/18 16:38, Viktor Dukhovni wrote: > > >> On Feb 15, 2018, at 10:47 AM, Matt Caswell wrote: >> >> TLSv1.3 PSKs are very different to TLSv1.2 PSKs. In TLSv1.3 they are >> effectively the same thing as a session (they are indistinguishable on >> the wire) - and are handled internally by t

Re: [openssl-users] TLS 1.3 PSK test server setup

> On Feb 15, 2018, at 10:47 AM, Matt Caswell wrote: > > TLSv1.3 PSKs are very different to TLSv1.2 PSKs. In TLSv1.3 they are > effectively the same thing as a session (they are indistinguishable on > the wire) - and are handled internally by the same logic. As with any > session the server may

Re: [openssl-users] TLS 1.3 PSK test server setup

On 15/02/18 15:33, Viktor Dukhovni wrote: > > >> On Feb 15, 2018, at 9:57 AM, Matt Caswell wrote: >> >> As pointed out by Hubert in #5378 this is in accordance with the >> recommendations in the spec: >> >> "Implementor's note: the most straightforward way to implement the >> PSK/cipher su

Re: [openssl-users] error (openssl-1.1.0g)

You are probably having errors because you have old build results still in your tree. It might be easiest to wipe things out and start over. You can run the whole build and test without being root. I do it multiple times a day. And then, if needed run the ‘make install’ step as root. From:

Re: [openssl-users] TLS 1.3 PSK test server setup

On 14/02/18 23:33, Viktor Dukhovni wrote: > > >> On Feb 14, 2018, at 6:14 PM, Matt Caswell wrote: >> >> For a PSK to be used in needs to be the correct length for the selected >> ciphersuite. The ciphersuite is selected *first*. Next the available >> PSKs are checked to see if they are usable

Re: [openssl-users] error (openssl-1.1.0g)

Hi, Matt, Thank you so much for your comments!! Yes, I took option 2. I changed owner for binary directory and run with normal user account. Also, I did "sudo make install" . It worked finally!!! Cheers! 2018-02-15 20:21 GMT+09:00 Matt Caswell : > > > On 15/02/18 08:52, Sakuma, Koshiro wrote

Re: [openssl-users] error (openssl-1.1.0g)

On 15/02/18 08:52, Sakuma, Koshiro wrote: > Hi, Rich, > > Here is the result.  However, I tried to do the "config" with normal > user and I got an error like you don't have permission.   > You have any ideas??   > > #   Failed test 'Testing that we aren't running as a privileged user, > such as

Re: [openssl-users] Explicit IV in TLS 1.1+

On 15/02/18 03:52, Curt Johansson wrote: > Hi Matt, thanks for your prompt answer. The testclient is using > openssl-1.0.2m and my previous assumption that the IV was derived > from the key_block as in TLS 1.0 was wrong. It seems that when > initialising the cipher with the IV is ignored when the

Re: [openssl-users] error (openssl-1.1.0g)

Hi, Uri, BTW, I finished the installation without any errors (make install) even if I got an error for make test phase. Also, I can use openssl command and produce .pem keys. I am not sure if this is the correct way... Regards, 2018-02-15 7:25 GMT+09:00 Blumenthal, Uri - 0553 - MITLL : > Thank

Re: [openssl-users] DTLS over UDP

Hi Michael, Please find the response inline. Regards, Nivedita On Wed, Feb 14, 2018 at 10:55 PM, Michael Richardson wrote: > > Nivedita wrote: > > Hi Michael, > > > Thanks for the reply. > > > I have mentioned the answers below. > > >okay. I saw only one comment. Maybe you could

Re: [openssl-users] error (openssl-1.1.0g)

Hi, Please let me know how I can compile the source with normal user account instead of root? The error I got was like "You don't have permission" after executing "config". Regards, 2018-02-15 17:52 GMT+09:00 Sakuma, Koshiro : > Hi, Rich, > > Here is the result. However, I tried to do the "co

Re: [openssl-users] Openssl 1.1 / TLS 1.3

On 14/02/18 17:28, Richard Moore wrote: > > > On 14 February 2018 at 16:34, Matt Caswell > wrote: > > > > On 14/02/18 16:27, Richard Moore wrote: > > If I run the following: > > > >  openssl-1.1.1pre1 ciphers -tls1_3 -v > > The man page says thi

Re: [openssl-users] error (openssl-1.1.0g)

Hi, Rich, Here is the result. However, I tried to do the "config" with normal user and I got an error like you don't have permission. You have any ideas?? # Failed test 'Testing that we aren't running as a privileged user, such as root' # at ../test/recipes/40-test_rehash.t line 49. ok 5 # s

Re: [openssl-users] Building OpenSSL from sources

In message on Thu, 15 Feb 2018 11:00:00 +0300, Dmitry Belyavsky said: beldmit> Hello, beldmit> beldmit> I get problems building and installing OpenSSL 1.1.0g from source. I use Debian Wheezy beldmit> (oldstable). beldmit> beldmit> After running ./config; make; make test; sudo make install be

Re: [openssl-users] Building OpenSSL from sources

Hi Dmitry, On 15-02-18 09:00, Dmitry Belyavsky wrote: > Hello, > > I get problems building and installing OpenSSL 1.1.0g from source. I > use Debian Wheezy (oldstable). > > After running ./config; make; make test; sudo make install  > > I call  /usr/local/bin/openssl  > > I get an error  > > /usr/

[openssl-users] Building OpenSSL from sources

Hello, I get problems building and installing OpenSSL 1.1.0g from source. I use Debian Wheezy (oldstable). After running ./config; make; make test; sudo make install I call /usr/local/bin/openssl I get an error /usr/local/bin/openssl: error while loading shared libraries: libssl.so.1.1: cann