RE: RSA public and private key encrypt with fips issue

Hi guys, I then build the same source code on my Linux box (CentOS 7.1 3.10.0-299.el7.x86_64) it work fine. The environment is windows 10 with VS 2017, the sample app is configured for 32-bit. Can anyone help? Thanks very much. Sent from Mail f

Re: Is X25519/X448 supported for TLSv1.2?

On Thu, Jun 13, 2019 at 10:49:14AM +0800, John Jiang wrote: > I got the point: the server certificate is ECDSA with curve secp256r1. > It works with RSA certificate and curves > sepc256r1/sepc384r1/sepc521r1/x25519/x448. See https://github.com/openssl/openssl/issues/4175#issuecomment-322915924 W

Re: Is X25519/X448 supported for TLSv1.2?

I got the point: the server certificate is ECDSA with curve secp256r1. It works with RSA certificate and curves sepc256r1/sepc384r1/sepc521r1/x25519/x448. On Thu, Jun 13, 2019 at 3:00 AM Viktor Dukhovni wrote: > On Wed, Jun 12, 2019 at 05:31:30PM +0800, John Jiang wrote: > > > > > Tried below co

Re: Is X25519/X448 supported for TLSv1.2?

On Wed, Jun 12, 2019 at 05:31:30PM +0800, John Jiang wrote: > > > Tried below commands, > > > openssl s_server -trace -state -cert server.cer -key server.key -accept > > > port > > > openssl s_client -trace -state -CAfile ca.cer -tls1_2 -groups X25519 > > > -connect localhost:port > > > > With s

RSA public and private key encrypt with fips issue

Hi guys, I have download openssl 1.0.2s and fips 2.0.16 and build successfully on windows and then I try to write a simple app encrypted with public key and decrypt with private key. But It failed decrypted with private key when fips mode is turned on, decrypt will be success if fips is turned

Re: New to the list and one question ;-)

On 12/06/2019 10:27, Patrick Regnouf via openssl-users wrote: > As requested here are two captures attached: one successfully handshakes with > the server (chrome)  and one fails the handshake (firefox). > I would be very grateful if anyone could shed some light on this. > > the openssl version

Re: Is X25519/X448 supported for TLSv1.2?

On Wed, Jun 12, 2019 at 4:34 PM Viktor Dukhovni wrote: > On Wed, Jun 12, 2019 at 03:45:12PM +0800, John Jiang wrote: > > > Using OpenSSL 1.1.1. > > Just want to confirm that if OpenSSL supports curves X25519 and X448 for > > TLSv1.2. > > Yes, it does. > > > Tried below commands, > > openssl s_ser

Re: New to the list and one question ;-)

As requested here are two captures attached: one successfully handshakes with the server (chrome)  and one fails the handshake (firefox). I would be very grateful if anyone could shed some light on this. the openssl version which is linked to my server/relay program is 1.0.2s Thanks /Patrick

Re: Is X25519/X448 supported for TLSv1.2?

On Wed, Jun 12, 2019 at 03:45:12PM +0800, John Jiang wrote: > Using OpenSSL 1.1.1. > Just want to confirm that if OpenSSL supports curves X25519 and X448 for > TLSv1.2. Yes, it does. > Tried below commands, > openssl s_server -trace -state -cert server.cer -key server.key -accept port > openssl

Is X25519/X448 supported for TLSv1.2?

Hi, Using OpenSSL 1.1.1. Just want to confirm that if OpenSSL supports curves X25519 and X448 for TLSv1.2. Tried below commands, openssl s_server -trace -state -cert server.cer -key server.key -accept port openssl s_client -trace -state -CAfile ca.cer -tls1_2 -groups X25519 -connect localhost:port