>Interoperability issues with middle-boxes or existing software written for
> TLS 1.2.
Facebook, Google, and Mozilla did lots of testing with TLS 1.3 and middleboxes.
If something was missed, the whole Internet will have problems. Existing
software is the question we are trying to answer
On 30/04/18 05:41 PM, Matt Caswell wrote:
On 30/04/18 21:55, Dennis Clarke wrote:
On 30/04/18 03:48 PM, Salz, Rich via openssl-users wrote:
I think that makes a very strong argument that TLS 1.3 should be
enabled by default if it all possible.
Question would be "why would it not be?"
On 30/04/18 21:47, Johanna Amann wrote:
> Hi,
>
> I wanted to check if it is still possible to extract the ResponderID from
> a OCSP BasicResponse.
>
> In OpenSSL 1.0 we used this code to do this:
>
> resp_id is of type OCSP_RESPID*:
>
> if (resp_id->type == V_OCSP_RESPID_NAME)
> X509_N
On 30/04/18 21:55, Dennis Clarke wrote:
> On 30/04/18 03:48 PM, Salz, Rich via openssl-users wrote:
>> I think that makes a very strong argument that TLS 1.3 should be
>> enabled by default if it all possible.
>
>
> Question would be "why would it not be?"
TLSv1.3 behaves differently to TLSv
Hi,
I wanted to check if it is still possible to extract the ResponderID from
a OCSP BasicResponse.
In OpenSSL 1.0 we used this code to do this:
resp_id is of type OCSP_RESPID*:
if (resp_id->type == V_OCSP_RESPID_NAME)
X509_NAME_print_ex(bio, resp_id->value.byName, 0, XN_FLAG_ONELINE);
> On Apr 30, 2018, at 4:55 PM, Dennis Clarke wrote:
>
> Question would be "why would it not be?"
Interoperability issues with middle-boxes or existing software written for TLS
1.2.
--
Viktor.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/op
On 30/04/18 03:48 PM, Salz, Rich via openssl-users wrote:
I think that makes a very strong argument that TLS 1.3 should be enabled by
default if it all possible.
Question would be "why would it not be?"
dc
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listin
>The issue is most likely that no one "in the wild" has done any testing
of significance.
I thought the Akamai numbers were significant.
I can certainly see tls1.2 exchange but there is nothing for tls1.3 and
so I am working on getting a site up pronto ( in the wild ) to test
On 30/04/18 03:01 PM, Salz, Rich via openssl-users wrote:
Sorry, typo. We've had hundreds of millions of connections, with megabytes of data
exchanged."
The issue is most likely that no one "in the wild" has done any testing
of significance.
I can certainly see tls1.2 exchange but there i
Sorry, typo. We've had hundreds of millions of connections, with megabytes of
data exchanged."
On 4/30/18, 11:52 AM, "Salz, Rich" wrote:
Akamai has had millions of connections with megabytes of data exchanged.
This is with partial deployment on our network, and requiring customers to opt
Akamai has had millions of connections with megabytes of data exchanged. This
is with partial deployment on our network, and requiring customers to opt in to
enable beta-testing. We have found no issues. We don't do 0RTT. We are using
our own server.
I was surprised by how many connections an
Yes, by default only 3 are anbled, but there are also 2 other
supported included in ALL.
I must have done something wrong here as I see these 3 only :
n0$ LD_LIBRARY_PATH=`pwd`/openssl-1.1.1-pre5_SunOS5.10_sparc64vii+.001 \
> openssl-1.1.1-pre5_SunOS5.10_sparc64vii+.001/apps/openssl \
> ciph
Gesendet von Mail für Windows 10
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
On Sun, Apr 29, 2018 at 10:05:39PM -0400, Dennis Clarke wrote:
> On 29/04/18 06:43 AM, Kurt Roeckx wrote:
> > The upcomming OpenSSL 1.1.1 release will have TLS 1.3 support. TLS
> > 1.3 brings a lot of changes that might cause incompatibility. For
> > an overview see https://wiki.openssl.org/index.p
That's odd. I've been waiting for a post that I sent on Friday to appear.
Nothing so far.
The list seems to be far more active now than on Friday.
On Sun, Apr 29, 2018 at 5:44 PM, Salz, Rich via openssl-users <
openssl-users@openssl.org> wrote:
>
>- I have posted my question into the forum.
15 matches
Mail list logo
