On Tue, 16 Feb 2021 at 6:02 AM, Kaushal Shriyan
wrote:
> Hi,
>
> I am running CentOS Linux release 7.9.2009 (Core).
>
> #rpm -qa | grep openssl
> openssl-devel-1.0.2k-21.el7_9.x86_64
> openssl-libs-1.0.2k-21.el7_9.x86_64
> openssl-1.0.2k-21.el7_9.x86_64
> openssl-perl-1.0.2k-21.el7_9.x86_64
>
> c
On 16/02/2021 19:40, Nagarjun J wrote:
> How to verify if the application is using fips provider from
> openssl-3.0.0 ( similar to fips_mode() api in openssl-fips-2.0.16)
Using the FIPS provider in Openssl 3.0 works quite differently to the
old FIPS module. There isn't a one-to-one corresponde
On Tue, Feb 16, 2021 at 8:56 PM Viktor Dukhovni
wrote:
> > On Feb 16, 2021, at 1:34 PM, Hubert Kario wrote:
> >
> > the whole problem is that if you trust the date in the timestamp as the
> date the timestamp was created, attacker can compromise the TSA key years
> after
> > it was last used and
> On Feb 16, 2021, at 1:34 PM, Hubert Kario wrote:
>
> the whole problem is that if you trust the date in the timestamp as the date
> the timestamp was created, attacker can compromise the TSA key years after
> it was last used and then create timestamps that look like they have been
> created w
Hi,
How to verify if the application is using fips provider from openssl-3.0.0
( similar to fips_mode() api in openssl-fips-2.0.16) and does fips
provider do run time check and through error if application using non fips
ciphers.
Regards,
Nagarjun
Dear All,
Is there a way to check if a EVP_PKEY is a public or private key ?
In the case of use of EVP_Sign or EVP_DigestSign functions, an
application leads to crash with SIGSEGV
if an incorrect key is given when finalizing process.
Thanks in advance for your answers.
Kind regards,
Patrice.
On Tue, Feb 16, 2021 at 4:34 PM Hubert Kario wrote:
> On Tuesday, 16 February 2021 15:54:24 CET, Matthias Buehlmann wrote:
> > Hello Hubert (sorry, replied to your e-mail address directly before
> instead
> > of the mailing list),
> >
> > thank you for your reply, but I don't think you're correct
==
URL for this Security Advisory:
https://www.openssl.org/news/secadv/20210216.txt
Note: the online version of the advisory may be updated with additional details
over time.
For details of OpenSSL severity classifications please see:
https://www.openssl.org/policies/secpolicy.html
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL version 1.1.1j released
===
OpenSSL - The Open Source toolkit for SSL/TLS
https://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 1.1.1j of our open sour
On Tuesday, 16 February 2021 15:54:24 CET, Matthias Buehlmann wrote:
Hello Hubert (sorry, replied to your e-mail address directly before instead
of the mailing list),
thank you for your reply, but I don't think you're correct that timestamp
tokens expire together with the signing certificate! Ti
Hello Hubert (sorry, replied to your e-mail address directly before instead
of the mailing list),
thank you for your reply, but I don't think you're correct that timestamp
tokens expire together with the signing certificate! Timestamp tokens CAN
stay valid beyond the validity of the signing certif
On Tuesday, 16 February 2021 03:35:32 CET, Matthias Buehlmann wrote:
If openssl ts -verify is used, what exactly is verified?
For example, while the [-crl_check] [-crl_check_all] and
[-extended_crl] verify options are supported, there is no way to pass
CRLs to the call. So, is anything checked f
12 matches
Mail list logo
