Re: [openssl-users] Proper syntax for -header host switch

2018-05-24 Thread Jordan Brown
On 5/24/2018 11:44 AM, Ben Wilson wrote: > -header "Host" "ocsp.example.com" > -header 'Host' 'ocsp.example.com' > -header Host ocsp.example.com I don't know anything about the option, but I do know shell syntax.  Those three variants are identical when presented to the shell. Quotes are only ne

Re: [openssl-users] Proper syntax for -header host switch

2018-05-24 Thread Salz, Rich via openssl-users
>In 1.1.0 and later it is documented: And in 1.0.2 it was documented in January, 2017. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Proper syntax for -header host switch

2018-05-24 Thread Viktor Dukhovni
> On May 24, 2018, at 3:21 PM, Salz, Rich via openssl-users > wrote: > > In 1.1.0 and later, the flag takes a single parameter in name=value. Yes > that’s strange, but it means that in the common case you don’t need to do any > quoting: > -header Host=ocsp.example.com In 1.

Re: [openssl-users] Proper syntax for -header host switch

2018-05-24 Thread Salz, Rich via openssl-users
In 1.1.0 and later, the flag takes a single parameter in name=value. Yes that’s strange, but it means that in the common case you don’t need to do any quoting: -header Host=ocsp.example.com In 1.0.2 it takes two parameters -header Host ocsp.example.com -- opens

[openssl-users] Proper syntax for -header host switch

2018-05-24 Thread Ben Wilson
All, Does anyone know what the proper syntax is for the undocumented -header host switch? I'm getting some different responses/behaviors when I try these: -header "Host" "ocsp.example.com" -header 'Host' 'ocsp.example.com' -header Host ocsp.example.com Thanks, Ben smime.p7s

Re: [openssl-users] PEM_write_bio_RSAPrivateKey assure Randomness of PK

2018-05-24 Thread redpath
I thought the new openSSL did the pool hence why I started this post as I wanted to assure that use of the function is correct for key generation effect; then next step to figure out some entropy. thanks a whole bunch -- Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html -- ope

Re: [openssl-users] Call for testing TLS 1.3

2018-05-24 Thread Matt Caswell
On 24/05/18 10:58, John Jiang wrote: > Should I see PSK identity here? Or, it is the TLS session ticket. It's the session ticket. > A HelloRetryRequest will occur if the key share provided by the client > is not acceptable to the server. By default the client will send an > X25519

Re: [openssl-users] Call for testing TLS 1.3

2018-05-24 Thread John Jiang
Hi Matt, Thanks for your reply! 2018-05-23 20:33 GMT+08:00 Matt Caswell : > > To test resumption first create a full handshake TLSv1.3 connection and > save the session: > > $ openssl s_server -cert cert.pem -key key.pem > $ openssl s_client -sess_out session.pem > > Close the s_client instance b