Is there a simple way of excluding unwanted ciphers or cipher suites
during a build?
I would like to remove ARIA in particular, but may want to remove
additional ones in order to use a smaller footprint.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl
openssl-1.1.1-stable-SNAP-20181018.
On Tue, Oct 23, 2018 at 3:31 AM Chris Clark wrote:
>
> Next I tried an older stable snapshot
> openssl-1.1.1-stable-SNAP-20181018 which configured without issue, but
> I got a different compile result:
>
> cl /Zi /Fdossl_static.pdb /Gs0
rror C2065: 'INT32_MAX' : undeclared identifier
crypto\rand\drbg_ctr.c(422) : error C2065: 'INT32_MAX' : undeclared identifier
crypto\rand\drbg_ctr.c(423) : error C2065: 'INT32_MAX' : undeclared identifier
crypto\rand\drbg_ctr.c(424) : error C2065: 'INT32_
; >
> > You found a bug in crypto\sm2\sm2_sign.c, thank you. Are you willing
> > to write up a Github issue for it?
> >
> > In message
> > on
> > Tue, 23 Oct 2018 01:22:34 -0700, Chris Clark said:
> >
> > > Thank you Richard. Adding the &q
\amd64\cl.EXE"' : return code '0x2'
Stop.
NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual
Studio 9.0\VC\BIN\amd64\nmake.exe"' : return code '0x2'
Stop.
On Tue, Oct 23, 2018 at 12:19 AM Richard Levitte wrote:
>
> I suspect
> > HTH,
> > Matthias
> >
> >
> > > -Ursprüngliche Nachricht-
> > > Von: openssl-users Im Auftrag von
> > > Chris Clark
> > > Gesendet: Dienstag, 23. Oktober 2018 08:51
> > > An: openssl-users@openssl.org
> > > Betreff: [op
I am attempting to upgrade a project using OpenSSL 1.0.0h to version
1.1.1 under Visual Studio 2008-SP1, but when I try to compile version
1.1.1 for VC-WIN64A I get the following compile error:
cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo
/O2 /I "." /I "crypto\include" /I
My application links to OpenSSL 1.1.0 dynamically, and I would like to
be able to determine if the CPU supports the AES-NI instruction set.
Is there an OpenSSL API that can do this?
-Chris
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
On Thu, Jan 19, 2017 at 10:36 AM, Matt Caswell wrote:
> Try this:
>
> openssl ciphers -v "ALL:@SECLEVEL=0"
Okay that worked! Thanks to everyone that responded. I saw Rich Salz
mentioned using ALL, but I didn't realize it was a parameter.
-Chris
--
openssl-users mailing list
To unsubscribe: htt
On Wed, Jan 18, 2017 at 7:01 PM, Viktor Dukhovni
wrote:
> Sadly this does not shed much light on the build options.
Here is more info, and now I added the "enable-ssl3" and
"enable-ssl3-method" options:
c:\openssl-1.1.0c64>perl Configure VC-WIN64A enable-weak-ssl-ciphers
enable-deprecated enabl
On Wed, Jan 18, 2017 at 3:37 PM, Viktor Dukhovni
wrote:
>> I am trying to compile OpenSSL 1.1.0c for Visual Studio with the
> >depreciated RC4 cipher enabled.
>> I tried the following configure line:
>> perl Configure VC-WIN64A enable-weak-ssl-ciphers enable-deprecated enable-rc4
>>
> > Once I c
I am trying to compile OpenSSL 1.1.0c for Visual Studio with the
depreciated RC4 cipher enabled.
I tried the following configure line:
perl Configure VC-WIN64A enable-weak-ssl-ciphers enable-deprecated enable-rc4
Once I compile, and I run "openssl cipher -v" it does not show any RC4 ciphers.
Is
Hi Rich,
I'm curious why the new download page lists version 1.01p before version 1.02d?
Is it suggesting that users download the 1.01 branch instead of the later one?
-Chris
On Fri, Aug 14, 2015 at 1:26 PM, Salz, Rich wrote:
>
>
> From: Salz, Rich [mailto:rs...@akamai.com]
> Sent: Friday, Augu
I just updated my Win64 server app from OpenSSL 1.0.0k to 1.01e, and I
noticed that although it was configured to use the
SSLv23_Server_method(), it no longer accepts SSLv3 connections from
clients as it did using 1.0.0k. It does accept TLSv1 connections this
way however.
If I change it to use SSL
Can anyone confirm if OpenSSL 1.0.0a is compatible with Visual Studio 2010?
-Chris
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Au
On Thu, Apr 1, 2010 at 3:11 AM, Jason Haar wrote:
> Hi there
>
> We have a CentOS-4.8 server that was upgraded to
> httpd-2.0.52-41.ent.7.centos4 this week -
You need to upgrade Apache to httpd-2.2.15 (released March 6, 2010)
Your version is years old.
-Chris
> One specific advancement is the AES-specific instruction set in the 2010
> Intel Core™ processor family; an excerpt:
> Intel® AES instructions are a new set of instructions available beginning
> with the all new 2010 Intel® Core™ processor family based on the 32nm Intel®
> microarchitecture coden
What he means, is that the openssl.org web site was down most of
yesterday.. But I see it is working again today.
-Chris
On Tue, Mar 9, 2010 at 2:34 AM, tensy joseph wrote:
> What you mean by Downage on 8th March 2010?Can you please elaborate?
>
>
>
> On Mon, Mar 8, 2010 at 8:16 PM, The Doctor
Hi Alan,
If you re-read below you will see it says this:
If...advertisement of the product... that lists a line item of a
feature that your software has which is dependent on use of OpenSSL,
you must follow the...
So if your advertisement does not list any encryption or other
features provided b
On 6/16/08, bagavathy raj <[EMAIL PROTECTED]> wrote:
> Hi,
> Is there any binary distribution where I can find SSL dlls without
> patented algorithms like IDEA,MCD2,RC4,RC5 etc. I tried compiling
> without them. I could exclude other algos but not RC4. Some linking
> issues. So i need to know if th
I tried this here, and it accepted the Organization Name that you provided
"long Name problems making Certificate Request" without any errors.
As you can see, this name is only 45 characters long, and the maxsize
is 64 characters.
-Chris
On 6/9/08, Florian Lindner <[EMAIL PROTECTED]> wrote:
> H
On 5/15/08, PoWah Wong <[EMAIL PROTECTED]> wrote:
> Use TLS_RSA_WITH_AES_256_CBC_SHA (AES256-SHA) to replace
> SSL_RSA_WITH_RC4_128_MD5 (RC4-MD5)
> and TLS_DH_anon_WITH_AES_256_CBC_SHA (ADH-AES256-SHA) to replace
> SSL_DH_anon_WITH_RC4_128_MD5 (ADH-RC4-MD5), right?
I'm not clear on what
On 5/15/08, PoWah Wong <[EMAIL PROTECTED]> wrote:
> Is there some cipher suites more secure than SSL_RSA_WITH_RC4_128_MD5
> (RC4-MD5) so that they should replace RC4-MD5?
The AES 256-bit cipher suites are not only more secure then RC4, they
are also much faster. :)
-Chris
___
On 10/30/07, Dave Bound wrote:
> >> Not everyone can use the default build of OpenSSL.
> Can you point me at some docs which will allow me to ascertain whether I
> fall into the 'not everyone' category?
One thing to consider is if you want to include the patented ciphers
in your build, such as RC
I downloaded NASM (nasm-0.99.04-win32.zip) from Soundforge,
and gave it a try, and when I run "ms\do_nasm" it is all sucessful
but now I get a different error when running "nmake -f ms\ntdll.mak":
Microsoft (R) Program Maintenance Utility Version 6.00.9782.0
Copyright (C) Microsoft Corp 1988-199
> Did someone forget to add the equate for XMMWORD?
> Can anyone tell me how XMMWORD should be defined?
It appears that I need more then just the newer version of MASM,
and while reading the MASM32 forums they reference this page:
http://www.intel.com/cd/ids/developer/asmo-na/eng/167741.htm?page=6
> I am following the instructions in INSTALL.W32, which works fine for
> the previous 0.9.8f build, but when I get to the point of running
> "nmake -f ms\ntdll.mak" I get the following errors in 0.9.8f:
oops.. I ment to say that the previous version 0.9.8E works fine, and
now that I look closer I
I am trying to compile version 0.9.8f for Windows, using VC++ 6.0,
ActivePerl, and MASM 6.15.8803.
I am following the instructions in INSTALL.W32, which works fine for
the previous 0.9.8f build, but when I get to the point of running
"nmake -f ms\ntdll.mak" I get the following errors in 0.9.8f:
B
It's not a bug that AES182 is classified as "HIGH", although it is a
missing feature that there is no class that encompasses only the
256-bit ciphers. That's why there now is "@STRENGTH", which does
not add any ciphers and just sorts the one enabled so far.
I assume "AES182" is a typo for AES12
> The problem is I can't find a way of selecting the order in which I
> want the cipher negotiated. For example if all ciphers are enabled in
> the configuration, I would perfer if AES is selected during
> negoitation.
What real problem is this intended to solve?
Because AES is faster then othe
I have written a client program in which I allow the user to configure
which cipher groups they want to allow as well as a cipher strength of
low, medium, or high.
The problem is I can't find a way of selecting the order in which I
want the cipher negotiated. For example if all ciphers are enable
I'm having trouble compiling the current snapshot of OpenSSL under VC++.
Configure and domasm are both successful, but when I run nmake I get
the following result:
> nmake -f ms\ntdll.mak
Microsoft (R) Program Maintenance Utility Version 6.00.9782.0
Copyright (C) Microsoft Corp 1988-1998. All
> Try the next 0.9.8 snapshot.
Thanks Dr. Steve!
-Chris
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager
> What I tried was to remove all the AES 128 options from ssl/s3_lib.c.
> That seemed to do the trick. I do not know if it has any bad side
> effects though.
>
> Of course, this will only work if you don't need AES 128 at all.
In my case I have a configuration program which allows users to select
Hi Roy,
> In 0.9.8a, it looks like AES 128 will be accepted by the server even if it
> is supposed to accept only AES 256.
I reported this same bug on February 17th, and Dr. Steven Henson has
confirmed it is a bug so hopefully it will be fixed.
If you find any work around please let me know.
-C
Hi Michal,
> OpenSSL 0.9.8a does not allow to properly select AES key length.
> It selects both 128-bit and 256-bit AES no matter which one was specified:
I reported this same bug in February 17th, and Dr. Steven Henson has
confirmed it is a bug so hopefully it will be fixed soon. If you find
an
> > > CString Shif = "AES128-SHA";
> >
> > When I just use this string, it automaticly adds "AES256-SHA" as well.
> > This appears to be a bug in OpenSSL 0.98a. Could anyone confirm this?
> >
>
> Yes I can confirm that. The "ciphers" command does the same.
Thanks Steve. Do you know if this has bee
On 2/16/06, Kyle Hamilton wrote:
> Yeah. Any cipher that is not explicitly added is denied. So, try just doing:
>
> CString Shif = "AES128-SHA";
When I just use this string, it automaticly adds "AES256-SHA" as well.
This appears to be a bug in OpenSSL 0.98a. Could anyone confirm this?
-Chris
__
I tried adding ":" as suggested, but this still did not work. :(
Does anyone have other suggestions?
-Chris
> > I'm trying to allow my program to be configurable for either AES 128
> > bit, or AES 256 bit. The problem is that when I select only the
> > AES128-SHA cipher, the AES256-SHA cipher get
;res!=NULL;i++)
{
res = SSL_get_cipher_list(lSSL, i);
if (res)
{
m_List.AddString((char*)res);
ccnt++;
}
}
-Chris Clark
__
OpenSSL Project http://www.openssl.org
It appears that the SSL_METHOD functions don't allow a server to
accept connections using either SSL or TLS, so it has to be either one
or the other.
Does anyone have a work around to allow both SSL and TLS connections
to be accepted?
-Chris
. After giving this some thought I can see it would be best to do
it this way so the users have a choice of 128 or 256 bit AES, and at the same
time adhering to the documented definition of what MEDIUM means.
-Chris Clark
ng users detailed options on which ciphers to use, or to
stick with the simplistic nature of the MEDIUM and HIGH settings along
with the 4 groups.
-Chris Clark
__
OpenSSL Project http://www.openssl.o
to let the
users choose between 128 bit and 256 bit key lengths when they are
using AES...
Looks like I will have to implement these user options the hard way then :(
-Chris Clark
__
OpenSSL Project htt
t) encryption.
This method works great for everything except AES, which incorrectly
groups all the 128 bit ciphers as being HIGH instead of MEDIUM.
Is it a known bug, or are the docs outdated?
-Chris Clark
___
that 128
bit AES is faster then 256 bit AES, and will use less CPU overhead on
slower machines. Is this not true?
Is there an easy way I can limit openssl to only use 128 bit ciphers
for example?
-Chris Clark
__
Ope
rs such as:
AES128-SHA
DHE-RSA-AES128-SHA
DHE-DSS-AES128-SHA
But when I select a "high" set of cipher suites it does include the above,
in addition to the 256 bit ciphers.
It seems that this is only a problem with the AES ciphers.
-Chris Clark
47 matches
Mail list logo
