Re: [openssl-users] Call for testing TLS 1.3

2018-06-19 6:21 GMT+08:00 Matt Caswell : > > > On 18/06/18 21:23, Hubert Kario wrote: > > On Friday, 8 June 2018 10:26:07 CEST Matt Caswell wrote: > >> On 08/06/18 02:48, John Jiang wrote: > >>> Is it possible to check Key/IV update feature via these tools? > >>> Thanks! > >> > >> Yes. See the "CO

Re: [openssl-users] rsa_pss_pss_*/rsa_pss_rsae_* and TLS_RSA_*/TLS_ECDHE_RSA_*

2018-06-19 23:11 GMT+08:00 Jakob Bohm : > On 19/06/2018 15:40, John Jiang wrote: > >> Using OpenSSL 1.1.1-pre7 >> >> Please consider the following cases and handshaking results: >> 1. rsa_pss_pss_256 certificate + TLS_RSA_WITH_AES_256_GCM_SHA384 cipher >> suite >> Handshaking failed with no suitab

Re: [openssl-users] Regarding to disable some signature algorithm in client hello message

I tried to modify " tls12_sigalgs" list under t1_lib.c in OpenSSL 1.0.2x version to restrict a bunch of signature algorithms from being proposed during Client hello message. That did work. Thanks. Srivalli On 6/19/18, 5:36 AM, "openssl-users on behalf of murugesh pitchaiah" wrote: Hi,

Re: [openssl-users] help : tls1.3 : tls1.2 test case failing after integration of openssl-1.1.1-pre7

On 19/06/18 16:18, Chakrapani Reddy wrote: > Hello  , > > Started using openssl-1.1.1-pre7 (pre-release 7) in my lab. Compiled the > code in Linux successfully. When I run the tls1.2 test case observed > that it's failing with openssl-1.1.1-pre7 but the same test case is > passing with the opens

[openssl-users] help : tls1.3 : tls1.2 test case failing after integration of openssl-1.1.1-pre7

Hello , Started using openssl-1.1.1-pre7 (pre-release 7) in my lab. Compiled the code in Linux successfully. When I run the tls1.2 test case observed that it's failing with openssl-1.1.1-pre7 but the same test case is passing with the openssl-1.1.0g. Sample code : SSL_CTX *ctx = SSL_CTX_new(

Re: [openssl-users] rsa_pss_pss_*/rsa_pss_rsae_* and TLS_RSA_*/TLS_ECDHE_RSA_*

On 19/06/2018 15:40, John Jiang wrote: Using OpenSSL 1.1.1-pre7 Please consider the following cases and handshaking results: 1. rsa_pss_pss_256 certificate + TLS_RSA_WITH_AES_256_GCM_SHA384 cipher suite Handshaking failed with no suitable cipher 2. rsa_pss_pss_256 certificate + TLS_ECDHE_RSA_

[openssl-users] rsa_pss_pss_*/rsa_pss_rsae_* and TLS_RSA_*/TLS_ECDHE_RSA_*

Using OpenSSL 1.1.1-pre7 Please consider the following cases and handshaking results: 1. rsa_pss_pss_256 certificate + TLS_RSA_WITH_AES_256_GCM_SHA384 cipher suite Handshaking failed with no suitable cipher 2. rsa_pss_pss_256 certificate + TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 cipher suite Handsh

Re: [openssl-users] Regarding to disable some signature algorithm in client hello message

On 19/06/18 07:16, Devang Kubavat wrote: > Hi, > >   > > I want to disable the SHA1 hash algorithm in Extension: signature > algorithm client hello message. > >   > > I have used > >   /* the signature algorithms list */ > >   constcharsignAlgo[] = "RSA+SHA256"; > >   (void)SS

Re: [openssl-users] Regarding to disable some signature algorithm in client hello message

Hi, SSL_CTX_set1_client_sigalgs_list - is the correct method for this purpose. Just try for checking return value of this function. On failure it returns 0. Also try SSL_CTX_set1_client_sigalgs_list (ctx, "RSA+SHA256"); Thanks, Murugesh P. On 6/19/18, Devang Kubavat wrote: > Hi, > > I want to