A bit off-topic but is it also a good idea to follow these guidelines in
non-browser use cases, for example for a client certificate which is used
to autenticate on a TLS connection which will be used for another protocol
such as MQTT? In this case the SubjectCN looks like a "natural" place to
put
> Of course people have been harvesting entropy, or trying to, from network
> sources for decades. There's a famous paragraph regarding it in RFC 4086,
> which is an expanded version of a similar statement from RFC 1750 (1994):
>
> Other external events, such as network packet arrival times and
As it happens I am the proud owner of a made-in-UK Mathmos Lava Lamp and a
couple of their Space Projectors : however I don't use them as a RNG.
I am thinking more about the fact that there are a lot of devices which
* have no hardware TRNG on board
* do have one or more connections to wired or
I've also encountered this quite often, and I have a feeling that on
today's connected devices there may be a lot of entropy "in the air"
(quite literally) which is not being captured. Does any one know of
research in this area?
> Hi Scott
>
> I donât know your OS or environment, have you tried
ector?
Note that we are not only talking about servers here, rather we currently
have only one internet-facing server (HTTPS) and a growing number of
XXX-over-TLS clients, so if anything these are a greater source of
concern.
Any pointers are very welcome!
Chris Gray
--
openssl-users mailing li
You should be able to do this using stunnel: see for example
https://www.elastic.co/guide/en/cloud/current/tunneling-ssl.html
where your telnet commands would be the "client which supports only http".
But you can also learn a lot by playing with curl ...
> I know that this is a TLS related quest
we
and our customers use (which includes OpenSSL).
Thanks for any indications
Chris Gray
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
> On Wed, Mar 2, 2016 at 12:27 PM, Neptune wrote:
> [...]
> You can perform initialization in a static C++ ctor, but it can be
> tricky because the C++ committee has never addressed the problem of
> initialization order across translation units. Also see What's the
> "static initialization order f
>> What is the security risk?
>
> Management ? :)
There could be a perceived problem that the world now knows that "company
X has problems with OpenSSL", and a competitor could even try to make
mischievous use of this "information" - it happened to me once (with
another technology).
Death of dev
As the maintainer of an "alternative" JavaVM I can confirm that we
absolutely had to support library unloading because one customer was using
it heavily - and that was quite a few years ago. Early Sun VMs didn't
support library unloading, but then those VMs also did not garbage-collect
obsolete cla
ww.w3.org/Protocols/rfc2616/rfc2616-sec4.html#sec4.4
Regards
Chris Gray
> On 11 January 2014 19:46, M. V. wrote:
>> Hi everybody,
>> I'm writing an application that creates multiple non-blocking SSL
connections to an https server, in each one I send a request and read
the
>
> Issue is fixed.
So long as it's OK to generate the same "random" bytes at each power-on.
This is quite a common problem with embedded devices: even after boot it
can be hard to find entropy with which to seed the PRNG. The "usual"
sources which are used in a PC environment (keystrokes, etherne
ck. In your case you're using
POST, so no conversion is done by the sender but for some reason the server is
still unconverting. So you need to either do URL-encoding on the client or
by-pass the decoding on the server, whichever is easier.
Good luck,
Chris
Chris Gray /k/ Embedded
-
> What this article says is this: if you *received* data from TCP
> connection it will be "without duplication or losing data". It doesn't
> say: if you *send* data it will be received correctly by other host.
> It's impossible to garantee.
>
> --
> Andrey Koltsov
With TCP you basically don't k
Hi all,
Anyone have experience of using ACs, or know where practical examples can be
found? I've been reading RFC 3281, but it would be nice to look at some
real-world code ...
Thanks,
--
Chris Gray/k/ Embedded Java Solutions BE0503765045
Embedded & Mobile Java, OSG
l burden, and not the way I would want to go.
If there were a non-standard set of bindings already exisitng with some kind
of user base then that might be acceptable, but creating a new one would be a
Bad Thing.
Thanks,
Chris
--
Chris Gray/k/ Embedde
? The web page
mentions a serious problem with SHA-1 which "will be fixed in the next
version" ...
BTW what is GSS-API (RFC 2853), which also turned up in my searches? I know it
stands for Generic Security Service, but where does it fit into the puzzle?
TIA,
Chris
--
Chris Gray
f RSAGenerateKeyPair could have
a different PRNG).
Any ideas, documentation pointers, etc.?
Best wishes
--
Chris Gray /k/ Embedded Java Solutions
Embedded & Mobile Java, OSGihttp://www.kiffer.be/k/
[EMAIL PROTECTED]
18 matches
Mail list logo
