On Fri, Jun 14, 2019 at 09:05:32AM +0800, John Jiang wrote:
> > See https://github.com/openssl/openssl/issues/4175#issuecomment-322915924
> >
> > When using ECDSA with TLSv1.2, the group list MUST include the group
> > used in the certificate. Otherwise, you get no shared cipher as
> > you report
On Thu, Jun 13, 2019 at 12:28 PM Viktor Dukhovni
wrote:
> On Thu, Jun 13, 2019 at 10:49:14AM +0800, John Jiang wrote:
>
> > I got the point: the server certificate is ECDSA with curve secp256r1.
> > It works with RSA certificate and curves
> > sepc256r1/sepc384r1/sepc521r1/x25519/x448.
>
> See ht
Hi all,
I am currently reviewing the shutdown behaviour in both httpd’s mod_ssl and
apr’s apr-crypto-openssl modules.
Am I right in understanding that from openssl v1.1.0 and upwards, all the
following calls are no longer necessary, will be called automatically atexit by
the openssl library, a
Thanks Matt, adding a call to SSL_CTX_set_ecdh_auto() on the server side
actually did the trick. Problem solved!!!
/Patrick
Contrary to what you said in your original post the chrome session is NOT
selecting 0xc02f. Instead it is selecting 0x002f which is
TLS_RSA_WITH_AES_128_CBC_SHA (aka AES
[OpenSSL 1.1.1b FIPS on Fedora 29]
What can a return code <= 0 from EVP_DigestSign(),
with ERR_peek_error() return of 0,
be caused by?
ERR_error_string() decodes the 0 as ":lib(0):func(0):reason(0)"
(assuming the ERR_peek_error(), ERR_get_error() sequence is not
lying to me) which is n
