Dear all,
While migrating from openssl 1.0.2n to openssl 1.1.1b, application which uses
openssl was compiling against openssl 1.1.1b.
Compilation is fine but its linking to both libcrypto.so.1.0.0[from /usr/lib/]
and libcrypto.so.1.1.
Its linking correctly to libssl.1.1.
Is this correct? If so,
>Then just set it to 1.0 and be done with it.
>That hardly helps on systems that don't have floating point at all.
No it doesn't. Such systems aren't supported by OpenSSL. There are many
places were floating point is used/supported.
Removing the second arg to RAND_add is the least
"Salz, Rich via openssl-users" skrev: (21 maj 2019
17:27:44 CEST)
>>If it's a sarcasm, I'm missing the point.
>
>I was't being sarcastic, I was trying to show that the team, recently,
>still liked the use of floating point.
>
>>There are use cases when one wants to mix/add extra rand
Double makes sense. Entropy is often estimated as a real value.
E.g. we have the aforementioned coin flipper feeding data serially.
Adding each bit sequentially means 0.125 bytes of entropy per call.
Not the best example
Pauli
--
Oracle
Dr Paul Dale | Cryptographer | Network Security & Enc
The OpenSSL project team would like to announce the forthcoming release
of OpenSSL versions 1.1.1c, 1.1.0k and 1.0.2s.
These releases will be made available on 28th May 2019 between approximately
1200-1600 UTC.
OpenSSL 1.1.0k and 1.0.2s contain security hardening bug fixes only but do not
address
On 5/21/19 3:27 PM, Salz, Rich via openssl-users wrote:
If it's a sarcasm, I'm missing the point.
I was't being sarcastic, I was trying to show that the team, recently, still liked the use of floating point.
There are use cases when one wants to mix/add extra randomness from, e.g.,
On 5/21/19, 10:45 AM, "openssl-users on behalf of Salz, Rich via openssl-users"
wrote:
When I overhauled the RAND mechanism, I tried to deprecate this use of
floating point,
in favor of just a number from 0 to 100 but was voted down.
If it's a sarcasm, I'm missing the point.
>If it's a sarcasm, I'm missing the point.
I was't being sarcastic, I was trying to show that the team, recently, still
liked the use of floating point.
>There are use cases when one wants to mix/add extra randomness from, e.g.,
> an external source (that, for whatever reasons, is tru
> From: Chethan Kumar [mailto:chethan.ku...@toshiba-tsip.com]
> Sent: Tuesday, May 21, 2019 03:53
>
> I researched more and found that tlsext_hostname member variable in SSL
> structure can be used to to get host name.
That's the SNI hostname, which is set by the client to the hostname (or
possib
When I overhauled the RAND mechanism, I tried to deprecate this use of floating
point, in favor of just a number from 0 to 100 but was voted down.
It *is* stupid. Luckily, on a modern system with system-provided randomness to
seed the RNG, you never need this call.
On 5/21/2019 10:15 AM, Laszlo Ersek wrote:
[snip]
Can someone please explain what is gained by using a floating point type
here?
Is it really a relevant use case that entropy is fed from an external
source to OpenSSL such that truncating the amount to a whole number of
bits would cause signific
(resending, with my subscription to completed)
Hi OpenSSL Developers,
(cross-posting and ,)
OpenSSL commit [1] changed the representation of the "entropy amount" --
later renamed to "randomess" in [2] -- from "int" to "double". I've read
the commit message:
commit 853f757ecea74a271a7c5cdee3f3
On 5/21/2019 4:53 AM, Chethan Kumar wrote:
Thanks for the information.
I researched more and found that tlsext_hostname member variable in SSL
structure can be used to to get host name.
If applications set this using SSL_set_tlsext_host_name(), is it correct to
print hostname/IP in tlsext_hos
Thanks for the information.
I researched more and found that tlsext_hostname member variable in SSL
structure can be used to to get host name.
If applications set this using SSL_set_tlsext_host_name(), is it correct to
print hostname/IP in tlsext_hostname.
Can I use this one to set hostname/Ip
Ok, thanks.
On Tue, May 21, 2019 at 2:15 PM Matt Caswell wrote:
>
>
> On 21/05/2019 09:44, shiva kumar wrote:
> > is Kerberos v5 is completely removed or depreciated from OpenSSL 1.1.0
> onwards ?
>
> It was completely removed.
>
> Matt
>
>
--
*With Best Regards*
*Shivakumar S*
*Mysore, Kar
On 21/05/2019 09:44, shiva kumar wrote:
> is Kerberos v5 is completely removed or depreciated from OpenSSL 1.1.0
> onwards ?
It was completely removed.
Matt
is Kerberos v5 is completely removed or depreciated from OpenSSL 1.1.0
onwards ?
On Tue, May 21, 2019 at 2:04 PM Matt Caswell wrote:
>
>
> On 21/05/2019 09:28, shiva kumar wrote:
> > Hi,
> > when running openssl 1.1.1b config file with no-krb5 option
> > I got as,
> >
> > * Unsupported op
On 21/05/2019 09:28, shiva kumar wrote:
> Hi,
> when running openssl 1.1.1b config file with no-krb5 option
> I got as,
>
> * Unsupported options: no-krb5
>
> can I know why I'am getting this error?
> when i remove the no-krb5 option it works.
> This option was working on openssl 1.0.2r
Hi,
when running openssl 1.1.1b config file with no-krb5 option
I got as,
* Unsupported options: no-krb5
can I know why I'am getting this error?
when i remove the no-krb5 option it works.
This option was working on openssl 1.0.2r, but why this option is not
working here ? can I know ?
Thanks
19 matches
Mail list logo
