Re: [openssl-users] ECDHE Negotiation for Client but not Server

2015-11-13 Thread Benn Bollay
Sorted; needed to call SSL_CTX_set_tmp_ecdh with my private EC_KEY. Can someone express an opinion if using my private key is acceptable there, or if I should generate a new one from a named curve each time I create a context? Cheers, --B On Fri, Nov 13, 2015 at 11:21 AM, Benn Bollay wrote

[openssl-users] ECDHE Negotiation for Client but not Server

2015-11-13 Thread Benn Bollay
Hi folks - Tested against OpenSSL 1.0.1f and 1.0.1p (but with modifications). I've got some code that creates an SSL_CTX (http://pastebin.com/XveDvvch) that works fine for negotiating ECDHE-* ciphers as a client when talking to an s_server, but fails as a server both when accepting connections fr

Trying to generate RSA PSS signatures consistently

2014-01-06 Thread Benn Bollay
Hi folks - I've been struggling mightily with attempting to generate signatures for arbitrary payload in a correct and consistent fashion. I've managed to generate (some kind of) signature in C, and in Python (the two languages I have to exchange between), both are validated by the openssl dgst c