Re: Wrong signature type error trying to connect to gibs.earthdata.nasa.gov on Ubuntu 20.04

2020-08-13 Thread Tomas Mraz
It is not a bug in OpenSSL and it is not a misconfiguration or non-compliance on the server side either. Basically to enhance security the default seclevel on Debian and Ubuntu was raised to 2 which doesn't allow SHA1 signatures which are weak. The server apparently doesn't support them which in

Wrong signature type error trying to connect to gibs.earthdata.nasa.gov on Ubuntu 20.04

2020-08-13 Thread Andrea Giudiceandrea via openssl-users
Hi all, on Ubuntu 20.04 LTS 64 bit, with OpenSSL version 1.1.1f, it is not possible to connect to a popular GIS OGC server at gibs.earthdata.nasa.gov:443 using OpenSSL or cUrl or Wget default parameters. The OpenSSL 1.1.1f package available for Ubuntu 20.04 is build with the "-DOPENSSL_TLS_SECURITY

matching openssl's enc ciphers to php's openssl functions' ciphers: where's "chacha20-poly1305"?

2020-08-13 Thread PGNet Dev
I'm deploying a php app that makes use of php's openssl functions https://www.php.net/manual/en/ref.openssl.php atm, I've php -v PHP 7.4.8 (cli) (built: Jul 9 2020 08:57:23) ( NTS ) openssl version OpenSSL 1.1.1g FIPS 21 Apr 2020 The php

Help with Error: data too large for modulus

2020-08-13 Thread Gautam Bhat
Hi, I am trying to do a walkthrough of verifying a certificate signing. 1) I have pulled the signature as follows: openssl asn1parse -in cert.pem -out cert.sig -noout -strparse 638 The offset of 638 is because asn1parse of the cert.pem file produces: 625:d=2 hl=2 l= 9 prim: OBJECT

Re: NULL ciphers

2020-08-13 Thread Detlef Vollmann
On 2020-08-13 20:20, Benjamin Kaduk wrote: On Thu, Aug 13, 2020 at 08:19:10PM +0200, Detlef Vollmann wrote: Hello, with the following commands: openssl s_server -accept 18010 -cert srv.crt -key test.key \ -CAfile testca.crt -debug -cipher 'NULL-SHA256' -dtls1_2 openssl s_client -connect local

Re: NULL ciphers

2020-08-13 Thread Benjamin Kaduk via openssl-users
On Thu, Aug 13, 2020 at 08:19:10PM +0200, Detlef Vollmann wrote: > Hello, > > with the following commands: > > openssl s_server -accept 18010 -cert srv.crt -key test.key \ > -CAfile testca.crt -debug -cipher 'NULL-SHA256' -dtls1_2 > > openssl s_client -connect localhost:18010 -cert clnt.crt \ >

NULL ciphers

2020-08-13 Thread Detlef Vollmann
Hello, with the following commands: openssl s_server -accept 18010 -cert srv.crt -key test.key \ -CAfile testca.crt -debug -cipher 'NULL-SHA256' -dtls1_2 openssl s_client -connect localhost:18010 -cert clnt.crt \ -key test.key -CAfile testca.crt -debug \ -cipher 'COMPLEMENTOFALL:eNULL' -dtls1

'OPENSSLDIR' undeclared in openssl 1.1.1g

2020-08-13 Thread prudvi raj
Hi, I couldn't find where this macro is #defined , previously in 1.0.2 it was defined in opensslconf.h . So , i am getting this error during compilation : openssl/crypto/x509/x509_def.c:17:12: error: 'OPENSSLDIR' undeclared (first use in this function) . This error is resolved if OPENSSLDIR is