On 01/08/2018 15:42, Viktor Dukhovni wrote:
On Aug 1, 2018, at 9:31 AM, Michael Wojcik
wrote:
CMS with an AEAD mode (such as AES128-GCM) ought to avoid the
integrity-protection issue for the encrypted content, but not for the other
parts of the message, I assume. (I'm no CMS expert so I ma
This pair of articles is quite old, so some of the API details have changed,
but it has an overall description of how to use OpenSSL:
https://www.linuxjournal.com/article/4822
https://www.linuxjournal.com/article/5487
The link to the example code is broken, but you can find it here:
http
[...] The other party MUST respond with a close_notify alert of its own and
close down the connection immediately, *discarding any pending writes*.
I've read this before, but I've also checked the sources of SSL_write and
they seem contradictory:
SSL_write does not return with error when SSL_RECE
> On Aug 1, 2018, at 2:27 AM, Alex H wrote:
>
> Is it possible to receive data after calling SSL_shutdown? Reading the specs
> and docs leaves this rather blurry.
TLS *does not* support half-closed connections (RFC5246):
close_notify
This message notifies the recipient that the sen
I would appreciate an answer to this question, it's holding me back and
should be a simple yes/no.
And yes, "client_notify" is a typo and should be "close_notify".
Thanks
Den ons 1 aug. 2018 kl 08:27 skrev Alex H :
> Hi,
>
> I have trouble understanding the details of TLS shutdown. I get the ba
hi guys, i'm with a newbie question
i have this piece of code, but i'm not finding something similar with c++,
could anyone help? thanks:
import socket
import ssl
import sys
if len(sys.argv) == 3:
HOST = sys.argv[1] # IP
PORT = int(sys.argv[2]) # Port
else:
print "USAGE: $python c
Actually, it all works just fine. Viktor's point about adding terminating "\n"
to the input text helped.
-BEGIN PRIVATE KEY-
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDGlXflMDDD8kOP
TP5y06tSXe1g8G3uJAoGHT8NewYANIONuJEZveXnfL8+bJRIu8FDzeCc4SWsCISK
WMmX/VY+IzZxLvUlOzRaKmO3Su7A9ABSc/
> On Aug 1, 2018, at 12:47 PM, timmy pony wrote:
>
> On Wed, Aug 1, 2018 at 4:28 PM Viktor Dukhovni
> wrote:
> On Wed, Aug 01, 2018 at 09:24:38AM +0100, timmy pony wrote:
>
> > I have tried this
> >
> > openssl dgst -sha256 -sign my_private.key -out /tmp/sign.sha256
> > codeTosign.txt
>
>
Hi Vicktor - I put a '\n' at end of java snippet
Both are now equal
Thank you for your help.
On Wed, Aug 1, 2018 at 5:47 PM timmy pony wrote:
> Hi Vicktor, Speed read the previous mail.
>
>
>
> On Wed, Aug 1, 2018 at 4:28 PM Viktor Dukhovni
> wrote:
>
>> On Wed, Aug 01, 2018 at 09:24:38AM +0
Hi Vicktor, Speed read the previous mail.
On Wed, Aug 1, 2018 at 4:28 PM Viktor Dukhovni
wrote:
> On Wed, Aug 01, 2018 at 09:24:38AM +0100, timmy pony wrote:
>
> > I have tried this
> >
> > openssl dgst -sha256 -sign my_private.key -out /tmp/sign.sha256
> codeTosign.txt
>
> This produces raw
> On Aug 1, 2018, at 12:14 PM, timmy pony wrote:
>
> Thanks Viktor,
> for assistance .
> The embedded private key "skeleton" is only for visualisation purposes; No it
> will not.
>
>
> the openssl command returns binary.
> so i can do .But they are still coming out different.
>
> ope
Thanks Viktor,
for assistance .
The embedded private key "skeleton" is only for visualisation purposes; No
it will not.
the openssl command returns binary.
so i can do .But they are still coming out different.
openssl base64 -in /tmp/sign.sha256 -out
On Wed, Aug 1, 2018 at 4:28 PM Viktor D
On Wed, Aug 01, 2018 at 09:24:38AM +0100, timmy pony wrote:
> I have tried this
>
> openssl dgst -sha256 -sign my_private.key -out /tmp/sign.sha256 codeTosign.txt
This produces raw binary output, no base64 encoding. What is the
content of the file "codeToSign.txt"? Post the output of:
od -
> On Jul 31, 2018, at 5:08 PM, Henderson, Karl wrote:
>
> When I type:
>
> openssl ciphers -tls1_3 -stdname -V
>
> I see this as one of the results:
>
> 0x13,0x02 - TLS_AES_256_GCM_SHA384 - TLS_AES_256_GCM_SHA384
> TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD
This is
Hello,
Does the OpenSSL engine interface allow EC key generation to be offloaded
to the engine? We are able to find bindings for ECDSA and ECDH, but for not
for generating the key.
Thank you.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
> On Jul 31, 2018, at 4:59 AM, Matt Caswell wrote:
>
> To be clear I can only think of one leak that we have at process exit
> (well technically its two instances of the same thing). And that leak is
> not the result of a *mistake*. It is a deliberate design decision to
> workaround around a p
> On Aug 1, 2018, at 9:31 AM, Michael Wojcik
> wrote:
>
> CMS with an AEAD mode (such as AES128-GCM) ought to avoid the
> integrity-protection issue for the encrypted content, but not for the other
> parts of the message, I assume. (I'm no CMS expert so I may be missing
> something there.)
> On Aug 1, 2018, at 4:42 AM, Matt Caswell wrote:
>
> Please can you submit this problem as a github issue:
>
> https://github.com/openssl/openssl/issues
We certainly need to raise the buffer size, for example on MacOS/X
and FreeBSD errno 47 has a (coincidentally) 47-byte long error message:
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
> Of Viktor Dukhovni
> Sent: Wednesday, August 01, 2018 06:56
>
> On Tue, Jul 31, 2018 at 06:14:18PM +0200, Jakob Bohm wrote:
>
> > Actually, the CMS format itself is clearly designed for streamed decoding.
>
> It is not, be
On Tue, Jul 31, 2018 at 06:14:18PM +0200, Jakob Bohm wrote:
> > CMS works fine for small messages, and could even be used to construct
> > the integrity-protected chunks in a higher-level protocol. CMS is
> > not appropriate for multi-gigabyte or terabyte, ... datasets.
>
> Actually, the CMS form
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
> Of Christian Böhme
> Sent: Tuesday, July 31, 2018 10:16
>
> On 30.07.2018 20:12, Michael Wojcik wrote:
>
> > FWIW, SUS Issue 5 defines RLIMIT_AS as applying to both malloc and mmap,
> > but RLIMIT_DATA as
> > applying onl
Hello,
Wanted to try to capture the TLS1.3 message flow using openssl-1.1.1-pre7
and used the below command to run the server.
[root@vm bin]# pwd
/opt/build/openssl-1.1.1-pre7/bin
*[root@vm bin]# ./openssl s_server -cert server.crt -key server1.key*
But it is throwing the below error :
Using de
Hello Jan,
Decide on what your public exponent(e) should be, and either use
RSA_X931_derive_ex() if you are using an older openssl which supports
this function or follow rsa_builtin_keygen() from crypto/rsa/rsa_gen.c
on how to derive private exponent(d) and modulus(n).
By the way, technically, yo
Please can you submit this problem as a github issue:
https://github.com/openssl/openssl/issues
Thanks
Matt
On 01/08/18 09:14, 市來敏 / ICHIKI,BIN wrote:
> Hello, everyone. My name is Bin Ichiki.
>
> I'm trying to install openssl-1.1.1-pre8 on Red Hat Enterprise Linux
> 6.1(RHEL6.1).
>
> But wh
Hi,
Could some openssl expert please advise ?
Trying to get the equivalent Openssl command-line version of the following
java snippet.
I have tried this openssl dgst -sha256 -sign my_private.key -out
/tmp/sign.sha256 codeTosign.txt
But the the results do not match ?
```
From: "tim.fortinbra
Hi,
Trying to get the Openssl command line version of the following snippet.
I have tried this openssl dgst -sha256 -sign my_private.key -out
/tmp/sign.sha256 codeTosign.txt
But the the results do not match ?
```
From: "tim.fortinbras"
To: openssl-users@openssl.org
Cc:
Bcc:
Date: Tue, 31 Jul
Hello, everyone. My name is Bin Ichiki.
I'm trying to install openssl-1.1.1-pre8 on Red Hat Enterprise Linux
6.1(RHEL6.1).
But when I ran “make test”, test failed as following log:
Test Summary Report
---
../test/recipes/04-test_err.t(Wstat: 256 Tests: 1 Fail
27 matches
Mail list logo
