Hi All,
We are using Openssl version 1.0.2h. When we call SSL_do_handshake,
sometimes we notice that handshake fails with error SSL_ERROR_SSL.
As per the documentation for this error, it is non recoverable and fatal
error. Documentation also mentions to check the error queue for further
details.
Nicola-
Thanks for your response. It does help, but at the same time it also raises
questions and maybe conflicts with what I thought I was doing correct earlier
in this thread. I'm talking mostly about where I landed in this post:
https://www.mail-archive.com/openssl-users@openssl.org/msg87538
The ec parameters are public anyway, so there is no real need to store such
files somewhere with restricted reading access.
On the other hand, I want to reiterate that if you are using (and this is
highly recommended) one of the named curves (e.g. NIST P-256) you don't
really need at all to genera
This comment does spark another question though. Do I need to protect the
ecparam file I created for us in generating the private key? I know the private
key should reside in /etc/ssl/private/ as that directory has no read access.
Right now I have the ecparam generated file in /etc/ssl/dsaparams
CMS_Decrypt doesn't need to feed this information explicitly and it will
part of CMS envelope of the encrypted data.
https://tools.ietf.org/html/rfc3560#page-4
Thanks,
Thulasi.
On Tue, 18 Feb 2020 at 17:16, Thulasi Goriparthi <
thulasi.goripar...@gmail.com> wrote:
> Sorry for this. I see that y
Sorry for this. I see that you already knew about it.
On Tue, 18 Feb, 2020, 17:08 Thulasi Goriparthi, <
thulasi.goripar...@gmail.com> wrote:
> https://www.openssl.org/docs/man1.1.0/man3/EVP_PKEY_CTX_ctrl_str.html
>
> Thanks,
> Thulasi.
>
> On Tue, 18 Feb, 2020, 16:43 RudyAC, wrote:
>
>> Hello Th
https://www.openssl.org/docs/man1.1.0/man3/EVP_PKEY_CTX_ctrl_str.html
Thanks,
Thulasi.
On Tue, 18 Feb, 2020, 16:43 RudyAC, wrote:
> Hello Thulasi,
>
> thank you for your quick response.
>
> the encryption takes not place in the HSM because we only store the private
> keys inside the HSM. For en
Hello Thulasi,
thank you for your quick response.
the encryption takes not place in the HSM because we only store the private
keys inside the HSM. For encryption we use the openssl CMS_encrypt()
function. In case of OAEP I use the parameters:
EVP_PKEY_CTX_set_rsa_oaep_md(wrap_ctx
Do you mean RSA OAEP decryption done by HSM fails?
Possible tests:
1. Try RSA OAEP encryption/decryption with HSM. - basic test.
2. Encrypt with HSM and decrypt using openssl crypto library. - To make
sure RSA OAEP encryption of the HSM works fine.
3. If test 2 fails, check if all the parameters (
