On 5/30/24 11:15, Michael Wojcik via openssl-users wrote:
From: openssl-users On Behalf Of Dennis
Clarke via openssl-users
Sent: Thursday, 30 May, 2024 07:29
OKay, thank you. I guess today is a good day to test on a few oddball
system architectures. I suspect there are very very few people out
release commits.
OKay, thank you. I guess today is a good day to test on a few oddball
system architectures. I suspect there are very very few people out there
running actual HPE Itanium hardware or big-endian IBM POWER and that
often raises a few bugs that slip under the radar.
--
--
Dennis Clarke
t;tag" ( whatever
you want to call it ) in git ?
--
--
Dennis Clarke
RISC-V/SPARC/PPC/ARM/CISC
UNIX and Linux spoken
On 5/16/24 08:28, Neil Horman wrote:
Glad its working a bit better for you. If you are inclined, please feel
free to open a PR with your changes for review.
Well, the changes are *really* trivial. Necessary and trivial.
--
Dennis Clarke
RISC-V/SPARC/PPC/ARM/CISC
UNIX and Linux spoken
9 Apr 2024)
hubble $
Which seems to work like a charm and I do have a few patches.
What I would like to do is climb in and see what can be done to create a
pure ISO 9899:1990 clean code path. May be reduced in features but would
still work pretty much everywhere. Maybe.
Sure do wish I had my old
e linked later into a shared lib as well as object to be tossed into
a static lib AR type foo.a result. Just a guess.
None of the above seem involved with the stuff in the test directory and
clearly not a test/cert_comp_test-bin-cert_comp_test.o object file.
So ... what is going on here ?
--
Dennis Clarke
RISC-V/SPARC/PPC/ARM/CISC
UNIX and Linux spoken
last?
--
--
Dennis Clarke
RISC-V/SPARC/PPC/ARM/CISC
UNIX and Linux spoken
ore should be avoided.
Perhaps I need to define OPENSSL_DEV_NO_ATOMICS ?
Dennis Clarke
RISC-V/SPARC/PPC/ARM/CISC
UNIX and Linux spoken
SL 3.x the
more I am inclined to think C99 is good enough. Everywhere. Also I doubt
that the age of the thing matters much. The portability does.
Now I await with a flame proof suit for someone to yell "rewrite it
all in rust!" Not bloodly likely.
--
Dennis Clarke
RISC-V/SPARC/PPC/
/openssl/openssl/issues/8048
So the code is *mostly* C90 but not really. Got it.
Certainly worth looking at.
--
Dennis Clarke
RISC-V/SPARC/PPC/ARM/CISC
UNIX and Linux spoken
GreyBeard and suspenders optional
| ^~
gmake[1]: *** [Makefile:3989: apps/lib/libapps-lib-app_libctx.o] Error 1
gmake[1]: Leaving directory '/opt/bw/build/openssl-3.0.7_debian_ppc64.002'
make: *** [Makefile:2958: build_sw] Error 2
etc etc ...
I can just as neatly go to C11 or some such but I thought the w
severity issue
fixed in these releases is MODERATE:
https://www.openssl.org/policies/secpolicy.html#moderate
I am guessing there is a bunch of new test certs in there?
--
Dennis Clarke
RISC-V/SPARC/PPC/ARM/CISC
UNIX and Linux spoken
GreyBeard and suspenders optional
On 6/10/22 03:48, Matt Caswell wrote:
On 09/06/2022 21:13, Dennis Clarke via openssl-users wrote:
On 6/9/22 15:33, Dmitry Belyavsky wrote:
It happens because of certificates expiration. Try applying the patch
from
https://github.com/openssl/openssl/pull/18444
Oh cool. Thank you. Sadly I
On 6/9/22 16:13, Dennis Clarke via openssl-users wrote:
On 6/9/22 15:33, Dmitry Belyavsky wrote:
It happens because of certificates expiration. Try applying the patch
from
https://github.com/openssl/openssl/pull/18444
Oh cool. Thank you. Sadly I do not see a patch file there.
Do you mean
/MA0GCSqGSIb3DQEBCwUAA4GBAD0aYh9OkFYfXV7kBfhrtD0PJG2U47OV/1qq
+uFpqB0S1WO06eJT0pzYf1ebUcxjBkajbJZm/FHT85VthZ1lFHsky87aFD8XlJCo
2IOhKOkvvWKPUdFLoO/ZVXqEVKkcsS1eXK1glFvb07eJZya3JVG0KdMhV2YoDg6c
Doud4XrO
-END CERTIFICATE-
--
Dennis Clarke
RISC-V/SPARC/PPC/ARM/CISC
UNIX and Linux spoken
GreyBeard and
On 6/9/22 13:48, Dennis Clarke via openssl-users wrote:
On 6/9/22 13:24, Dennis Clarke via openssl-users wrote:
* baffled *
Merely a self-reply here : out of the box and with nothing in the
10-main.conf the software compiles. I see no standards spec and there
are other things I would
On 6/9/22 13:24, Dennis Clarke via openssl-users wrote:
* baffled *
Merely a self-reply here : out of the box and with nothing in the
10-main.conf the software compiles. I see no standards spec and there
are other things I would like to see but for now the out of the box
stuff sseems to
build file
template may have processed these variables further, please have a look
at the
build file for more exact data:
Makefile
build file:
Makefile
build file templates:
Configurations/common0.tmpl
Configurations/unix-Makefile.tmpl
However the above is just whatever I have after a pile of guess and miss
and guess again and then miss again trials. It has almost become a game
with myself and a few friends watching this blow up over and over. At
the last guess I called out "what are the chances this works?" and the
reply from folks is "less than 10%". So far that has been correct.
So then ... what pray tell is the magic incantation whilst I face east
and bow to some silicon statue ?
--
Dennis Clarke
RISC-V/SPARC/PPC/ARM/CISC
UNIX and Linux spoken
GreyBeard and suspenders optional
status: 1
What can I dig into here to get more information and perhaps we solve
these two little tests fails?
--
Dennis Clarke
RISC-V/SPARC/PPC/ARM/CISC
UNIX and Linux spoken
GreyBeard and suspenders optional
h a slight adjustment to the Makefile I do not get
that annoying lib/64 directory.
--
Dennis Clarke
RISC-V/SPARC/PPC/ARM/CISC
UNIX and Linux spoken
GreyBeard and suspenders optional
On 8/12/21 10:11, Matt Caswell wrote:
>
>
> On 12/08/2021 01:35, Dennis Clarke via openssl-users wrote:
>> On 8/5/21 00:55, Dr Paul Dale wrote:
>>> Dennis,
>>>
>>> Thanks for the information. Solaris and z/OS are not tested by the
>>> pro
with your fixes at
> some stage -- post 3.0 since it's almost certainly too late now.
>
I thought we were still in "beta" testing mode here?
--
Dennis Clarke
RISC-V/SPARC/PPC/ARM/CISC
UNIX and Linux spoken
GreyBeard and suspenders optional
v team has access to such
machines and operating systems. Saying that they are very strict is an
understatement. However code that compiles on them and passes tests is
generally very highly portable and will run anywhere. Embedded devices
and tight memory constraints are a separate problem.
--
D
tests had stalled. That may be likely due to the fact that
I went with a no-asm build and debug options with no optimizations.
I will likely want to be able to single step into this later.
If anyone has thoughts on the test failures please let me know.
--
Dennis Clarke
RISC-V/SPARC/PPC/ARM/CISC
UNIX and Linux spoken
GreyBeard and suspenders optional
situation with 1.1.1k and all the previous flavours. Just a few
tweaks needed. ALL of the perl scripts are mildly annoying but that is
also easy to fix with some sed/grep/awk foo.
I have the testsuite running now.
--
Dennis Clarke
RISC-V/SPARC/PPC/ARM/CISC
UNIX and Linux spoken
GreyBeard and suspenders optional
ot; requires explicit package name at
../../util/wrap.pl line 20.
syntax error at ../../util/wrap.pl line 56, near "perlport#exit
# https://perldoc.perl.org/perlvms#$?
if"
../../util/wrap.pl has too many errors.
../../util/wrap.pl ../../apps/openssl verify -auth_level 1 -trusted
../../test/certs/root-cert.pem -untrusted
../../test/certs/ca-pss-cert.pem ../../test/certs/ee-pss-cert.pem => 255
not ok 139 - CA PSS signature
#
--
Seems like a perl issue to me and I do have a valid perl 5.32.0 here.
Any insights would be appreciated.
--
Dennis Clarke
RISC-V/SPARC/PPC/ARM/CISC
UNIX and Linux spoken
GreyBeard and suspenders optional
/opt/bw/lib
LDLIBS =
PERL= /opt/bw/bin/perl
RANLIB = ranlib
RC = windres
RCFLAGS =
NOTE: These variables only represent the configuration view. The build file
template may have processed these variables further, please h
> No, but show us your ./Configure line.
> I regularly build into other directories.
>
> For instance:
> ./Configure --prefix=/sandel/3rd/openssl-dtls-api linux-x86_64
>
Thank you for the reply. I did go looking into the resultant Makefile
and there I did see that the "--prefix=/opt/foo" is
only once for each function it appears in
make[1]: *** [Makefile:5104: crypto/threads_pthread.o] Error 1
make[1]: Leaving directory
'/opt/bw/build/openssl-1.1.1h_debian_sid_5.8.0-2-amd64.004'
make: *** [Makefile:174: all] Error 2
Command exited with non-zero status 2
Why should the inclu
I have been trying to build a debug version with no-asm into a /opt/foo
directory but I always see :
-DOPENSSLDIR="\"/usr/local/ssl\""
and
-DENGINESDIR="\"/usr/local/lib/engines-1.1\""
during the compile.
Are these hard coded in somewhere ?
nfo -pv
The physical processor has 2 virtual processors (2 3)
SPARC64-VII+ (portid 1024 impl 0x7 ver 0xa1 clock 2860 MHz)
alpha$
alpha$ cc -V
cc: Studio 12.6 Sun C 5.15 SunOS_sparc 2017/05/30
alpha$
alpha$
--
Dennis Clarke
RISC-V/SPARC/PPC/ARM/CISC
UNIX and Linux spoken
GreyBeard and suspenders optional
://www.openssl.org/source/snapshot/ ?
Dennis Clarke
u=any Enc=AESGCM(128) Mac=AEAD
jupiter #
However I seem to recall six of them really.
--
Dennis Clarke
RISC-V/SPARC/PPC/ARM/CISC
UNIX and Linux spoken
GreyBeard and suspenders optional
tally trivial to just build it from
the sources and install into /usr/local. Why do you ( and others ) feel
you *need* a package from some mystery person ?
--
Dennis Clarke
RISC-V/SPARC/PPC/ARM/CISC
UNIX and Linux spoken
GreyBeard and suspenders optional
e not
bothered with those since 1.0.2 or so.
--
Dennis Clarke
RISC-V/SPARC/PPC/ARM/CISC
UNIX and Linux spoken
GreyBeard and suspenders optional
BUG
-I/usr/local/include -D_POSIX_PTHREAD_SEMANTICS -D_LARGEFILE64_SOURCE
-D_TS_ERRNO
signverifysign/s verify/s
rsa 512 bits 0.000732s 0.42s 1366.8 23827.5
rsa 1024 bits 0.003752s 0.000105s266.5 9546.6
rsa 2048 bits 0.023179s 0.000334s 43.1 2991.4
rsa 3072
beta $ gzip -dc ../src/openssl-1.1.1c.tar.gz | tar -xf -
tar: pax_global_header: typeflag 'g' not recognized, converting to
regular file
beta $
Must be a gnu tar thing?
Hi Dennis,
it's not a bug, it's a feature. ;-)
No seriously: it's the `git archive` command which is used to export the
I don't thing I have seen this before :
beta $ gzip -dc ../src/openssl-1.1.1c.tar.gz | tar -xf -
tar: pax_global_header: typeflag 'g' not recognized, converting to
regular file
beta $
Must be a gnu tar thing?
--
Dennis Clarke
RISC-V/SPARC/PPC/ARM/CISC
UNIX and Linux spoke
really the *only* real rng that we know of.
Or that I know of. http://www.fourmilab.ch/hotbits/hardware.html
--
Dennis Clarke
RISC-V/SPARC/PPC/ARM/CISC
UNIX and Linux spoken
GreyBeard and suspenders optional
ps: see "futility of foresight"
mness from, e.g.,
an external source (that, for whatever reasons, is trusted more than what's
provided by the system).
Then just set it to 1.0 and be done with it.
External 300 baud serial attached coin flipper also works well.
--
Dennis Clarke
RISC-V/SPARC/PPC/ARM/CISC
U
http server ).
I don't think anyone on the openssl-users list can predict the future.
I can. However only a few microseconds. Thankfully speech and human
communications are so slow on a macroscopic scale that it is measurably
impossible to catch me in an error.
--
Dennis Clarke
RISC-V/
On 5/16/19 10:55 AM, John Unsworth wrote:
This is sparc 10, building no-shared, oracle studio 12.4. Building shared works
fine. The change was introduced in 1.1.1b.
OKay, Solaris 10 and for some reason you are using Studio 12.4?
Fair enough. I will take a glance.
--
Dennis Clarke
RISC-V
familiar to me. I know that I have hit this sort of
thing before and did not need to hack source files. Fairly certain of
it but memory being what it is who knows. Is this on sparc? With the
Oracle Studio compilers?
--
Dennis Clarke
RISC-V/SPARC/PPC/ARM/CISC
UNIX and Linux spoken
GreyBeard and
On 5/10/19 11:23 AM, John Unsworth wrote:
This seems to be caused by the ongoing saga documented
I have this working flawlessly on S10 ... what is the issue :
jupiter # /usr/local/bin/openssl version
OpenSSL 1.1.1b 26 Feb 2019
dc
impl 0x7 ver 0xa1 clock 2860 MHz)
jupiter # /usr/local/bin/openssl version
OpenSSL 1.1.1b 26 Feb 2019
jupiter #
The sources compile clean with Oracle Studio and test perfect.
--
Dennis Clarke
RISC-V/SPARC/PPC/ARM/CISC
UNIX and Linux spoken
GreyBeard and suspenders optional
The ones with truncated (8-byte) authentication tag are not intended for
general use and don't make it into the default list.
There must be a Configuration option in 10-main.conf to enable them also?
Dennis
On 4/10/19 7:37 AM, Richard Moore wrote:
Hi All,
I haven't found a way to list the supported openssl ciphers from the
command line (i.e. get the list of potential values for -ciphersuites).
I understand that currently there are only 5 options however this could
change over time, so I wanted t
On 4/8/19 11:48 AM, Giovanni Fontana wrote:
> Hello everybody,
>
> my name is Giovanni Fontana. I made a new symmetric crypto algorithm
> (let’s call it *algo1*) and a new asymmetric crypto algorithm (let’s
> call it *algo2*).
>
> I use algo2 for key exchange and with that I can create a session
On 4/4/19 3:32 AM, ramakrushna mishra wrote:
> Hi,
>
> Could anyone please help me get the following information.
>
> -- How to verify that the openssl is using the assembly code ( when asm
> is enabled) instead of the c code for the algorithms ?
> -- I m observing a small degradation (2 % for
t; version" seeing the mentioned error. i.e
> "ld.so.1: openssl: fatal: relocation error: file openssl: symbol
> OPENSSL_sk_new_null: referenced symbol not found
Did you modify Configurations/10-main.conf ?
--
Dennis Clarke
RISC-V/SPARC/PPC/ARM/CISC
UNIX and Linux spoken
GreyBeard and suspenders optional
es :
https://mta.openssl.org/pipermail/openssl-users/2018-February/thread.html
--
Dennis Clarke
RISC-V/SPARC/PPC/ARM/CISC
UNIX and Linux spoken
GreyBeard and suspenders optional
On 3/19/19 4:38 AM, ramakrushna mishra wrote:
> Hi All,
>
> Thanks for all your response.
> I have tried to set LD_LIBRARY_PATH to the lib path of newly installed
> openssl and still "./openssl version" fails with the same reason.
>
right out of the ld man page we see the option -R passed to the
On 3/15/19 1:19 PM, Jakob Bohm via openssl-users wrote:
> On 15/03/2019 14:33, Dennis Clarke wrote:
>> On 3/15/19 5:38 AM, Matthias St. Pierre wrote:
>>> My guess is that your binary is loading the system's shared libraries.
>>> To find out whether this is th
On 3/15/19 5:38 AM, Matthias St. Pierre wrote:
> My guess is that your binary is loading the system's shared libraries.
> To find out whether this is the case, try
>
> ldd bin/openssl
>
> If my assumption is correct, you might have to set the LD_LIBRARY_PATH
> explicitely.
Actually LD_LIBRAR
On 1/22/19 2:58 PM, Kurt Roeckx wrote:
On Fri, Jan 18, 2019 at 06:40:05PM -0500, Dennis Clarke wrote:
On 1/18/19 1:53 AM, Dennis Clarke wrote:
Going in circles trying to compile 1.1.1a with strict C99 and no
optimizations and with a ready to debug and single step resultant
library.
Ignore
On 1/18/19 1:53 AM, Dennis Clarke wrote:
Going in circles trying to compile 1.1.1a with strict C99 and no
optimizations and with a ready to debug and single step resultant
library.
Ignore all this. Thou shalt not C99 here.
Dennis
--
openssl-users mailing list
To unsubscribe: https
Going in circles trying to compile 1.1.1a with strict C99 and no
optimizations and with a ready to debug and single step resultant
library. Ran headlong into crypto/bio/b_addr.c where we see :
176 /*-
177 * addr_strings - helper function to get host and service names
178 * @ap: t
On 1/18/19 3:32 AM, Dennis Clarke wrote:
This is based on the sickly things that happen on Solaris as documented
by various people at :
fixed .. done
https://github.com/openssl/openssl/pull/7721/commits/23dcef5ad68efe6f6882328de5948ae682fb
https://github.com/openssl/openssl/issues
This is based on the sickly things that happen on Solaris as documented
by various people at :
https://github.com/openssl/openssl/issues/6912
One must do :
/*
* Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You
On 1/18/19 1:05 AM, Dennis Clarke wrote:
So it seems to no longer matter if I try strict C99 or just cc with or
without strict CFLAGS. I always arrive at the same place :
Ignore this .. fixed .. done .. closed ... not even a correct issue.
Thou shalt not pass C99 here. Thus sayeth the Salz
So it seems to no longer matter if I try strict C99 or just cc with or
without strict CFLAGS. I always arrive at the same place :
${LDCMD:-/opt/developerstudio12.6/bin/cc} -m64 -xarch=sparc -g -Xa
-errfmt=error -erroff=%none -errshort=full -xstrconst -xildoff
-xmemalign=8s -xnolibmil -xcode=p
On 1/17/19 8:25 PM, Michael Wojcik wrote:
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
Dennis Clarke
Sent: Thursday, January 17, 2019 18:23
"crypto/objects/o_names.c", line 114: error: undefined symbol: strcasecmp
"crypto/objects/o_names.c"
Fairly sure I did not run into all these issues with 1.1.1 on the exact
same systems but regardless here we are. I *know* that I tested every
one of the 'pre' testing versions and have 1.1.1 running fine just about
everywhere. So here goes the long story with ye strict C99 compiler :
$ env |
On 1/2/19 5:14 AM, Jakob Bohm via openssl-users wrote:
On 02/01/2019 10:41, Matt Caswell wrote:
On 27/12/2018 08:37, Dmitry Belyavsky wrote:
Hello,
Am I right supposing that local variables tmp1, tmp2, iv1, and iv2
are unused in
this function?
Looks that way. They should be removed.
By
On 12/27/18 11:48 AM, Salz, Rich via openssl-users wrote:
They are there, but the sidenav needs to be updated.
Generally I find everything I need in the source tarball and after the
install is done everything anyone could want is installed on the system.
As for 'sidenav' that sounds like someo
On 10/11/2018 06:51 PM, The Doctor wrote:
Looks like
apache
There is still considerable discussion in the httpd mailists on the
topic. Don't be so certain.
Dennis
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Pretty sure this could be cleaned up :
https://www.openssl.org/docs/manpages.html
Then again the tar balls create all the manpages locally but the install
process wants some perl pod2html thing laying about and some systems
don't have that.
Dennis
--
openssl-users mailing list
To unsubsc
On 09/13/2018 02:13 PM, Jakob Bohm wrote:
On 13/09/2018 09:57, Klaus Keppler wrote:
Hi,
thank you for all your responses.
I've just tested with Firefox Nightly 64.0a1, and both s_server and our
own app (using OpenSSL 1.1.1-release) are working fine.
The Firefox website is quite confusing:
Fi
On 09/12/2018 04:46 PM, Juan Isoza wrote:
As I understand and check:
https://www.tls13.net accept connexion from final openssl-1.1.1
(RFC8446) but not from openssl-1.1.1 pre8 (draft 28)
At this point the protocol is published and the OpenSSL 1.1.1 release is
done. You should not be lookin
On 09/12/2018 12:06 PM, Angus Robertson - Magenta Systems Ltd wrote:
IIUC, only Firefox nightly as of approximately today will support
the final RFC 8446 version;
Firefox 63.0b5 works OK with OpenSSL 1.1.1, think it came Tuesday.
Even Firefox/60.0 works.
https://download.mozilla.org/?produ
On 09/12/2018 09:50 AM, Klaus Keppler wrote:
Hi,
when I create a TLS-1.3-only "web" server with s_server (from OpenSSL
1.1.1-release), Firefox/Chrome can't access it.
Be sure to use Firefox nightly version 64.0a1 and upwards. Anything less
and you may be getting draft 28 support and NOT actual
On 09/12/2018 10:44 AM, Viktor Dukhovni wrote:
On Sep 12, 2018, at 10:41 AM, Viktor Dukhovni
wrote:
IIUC, only Firefox nightly as of approximately today will support the final
RFC 8446 version; I haven't looked into Chrome yet.
From the Firefox TLS 1.3 blog entry:
https://blog.mozilla.
On 09/11/2018 02:35 PM, Viktor Dukhovni wrote:
On Tue, Sep 11, 2018 at 02:28:12PM -0400, Dennis Clarke wrote:
It sounds like a downstream ELF header nightmare.
Actually, it works just fine. You link with the variant library,
and it happily coexists with any dependencies you may have that in
It sounds like a downstream ELF header nightmare.
Actually, it works just fine. You link with the variant library,
and it happily coexists with any dependencies you may have that in
turn depend on the system TLS library. The variant SONAME and
symbol versions provide all the requisite iso
On 09/11/2018 01:09 PM, Viktor Dukhovni wrote:
On Sep 11, 2018, at 10:59 AM, Juan Isoza wrote:
What is the better way, for anyone running, by example, Apache or nginx on a
popular Linux districution (Ubuntu, Debian, Suse) and want support TLS 1.3 ?
Waiting package update to have openssl 1.
On 09/11/2018 01:30 PM, The Doctor wrote:
On Tue, Sep 11, 2018 at 12:48:53PM -0400, Dennis Clarke wrote:
On 09/11/2018 12:23 PM, Viktor Dukhovni wrote:
On Sep 11, 2018, at 11:33 AM, The Doctor wrote:
Looks likes I found a first bug
Let's just slow down here a sec.
LEt'
On 09/11/2018 12:23 PM, Viktor Dukhovni wrote:
On Sep 11, 2018, at 11:33 AM, The Doctor wrote:
Looks likes I found a first bug
This did not happen on my machine, the build succeeded, and all tests
passed:
$ uname -srp
FreeBSD 11.1-RELEASE-p10 amd64
You have 11.1 there whereas
On 08/23/2018 10:12 PM, Salz, Rich via openssl-users wrote:
I find it interesting that openssl 1.1.1-pre7 can not connect to a
server which has openssl 1.1.1-pre9 in place. Nor can Firefox nightly.
This is to be expected. Pre-9 implements the official RFC version of TLS 1.3,
while th
On 08/23/2018 10:12 PM, Salz, Rich via openssl-users wrote:
I find it interesting that openssl 1.1.1-pre7 can not connect to a
server which has openssl 1.1.1-pre9 in place. Nor can Firefox nightly.
This is to be expected. Pre-9 implements the official RFC version of TLS 1.3,
while th
I find it interesting that openssl 1.1.1-pre7 can not connect to a
server which has openssl 1.1.1-pre9 in place. Nor can Firefox nightly.
$ /usr/local/bin/openssl version
OpenSSL 1.1.1-pre7 (beta) 29 May 2018
$ /usr/local/bin/openssl s_client -connect 68.179.116.201:443 -tls1_3
CONNECTED(000
Seems google.com supports TLS 1.3 as well as very very few others.
There is also https://beta.tls13.net/ running apache-trunk where
that site is based on OpenSSL 1.1.1-pre8 and supports TLS 1.3 and a
fallback to TLS 1.2 however I think browsers will *not* perform tls
version fallback from TLS 1.
On 08/14/2018 04:06 AM, Wouter Verhelst wrote:
It does (and that's the whole point of it)
On 13-08-18 05:31, Short, Todd via openssl-users wrote:
That site can’t be reached… (at least by me, unless it requires TLSv1.3…)
--
-Todd Short
// tsh...@akamai.com
// "One if by land, two if by sea
On 08/10/2018 08:27 PM, Short, Todd via openssl-users wrote:
RFC 8446 (TLS 1.3) was just published about ~30 minutes ago.
Wonderful !
Todd are you okay[1] with your name being here :
https://www.tls13.net/
Given that your name is in the maillist I figured .. sure, most like
On 06/20/2018 08:46 PM, Salz, Rich via openssl-users wrote:
Thanks, it does not happen with mozzilla implementation
(tls13.crypto.mozilla.org), is this openssl specific or part of the
specification?
The specification allows a server to send one or more tickets, at its discretio
Minor issue with link here on Solaris 10 sparc :
.
.
.
ld: warning: relocation warning: R_SPARC_COPY: file ./libcrypto.so:
symbol PBE2PARAM_it: relocation bound to a symbol with STV_PROTECTED
visibility
ld: warning: relocation warning: R_SPARC_COPY: file ./libcrypto.so:
symbol PBKDF2PARAM_it:
On Solaris 10 sparc with Oracle Studio 12.6 this is perhaps merely an
annoyance.
If I entirely leave Configurations/10-main.conf untouched and go with
the cflags suggested then I get warnings on every compile :
.
.
.
cc -I. -Icrypto/include -Iinclude -KPIC -xarch=v9 -xstrconst -Xa -xO5
-xdep
On 30/04/18 05:41 PM, Matt Caswell wrote:
On 30/04/18 21:55, Dennis Clarke wrote:
On 30/04/18 03:48 PM, Salz, Rich via openssl-users wrote:
I think that makes a very strong argument that TLS 1.3 should be
enabled by default if it all possible.
Question would be "why would it n
On 30/04/18 03:48 PM, Salz, Rich via openssl-users wrote:
I think that makes a very strong argument that TLS 1.3 should be enabled by
default if it all possible.
Question would be "why would it not be?"
dc
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listin
On 30/04/18 03:01 PM, Salz, Rich via openssl-users wrote:
Sorry, typo. We've had hundreds of millions of connections, with megabytes of data
exchanged."
The issue is most likely that no one "in the wild" has done any testing
of significance.
I can certainly see tls1.2 exchange but there i
Yes, by default only 3 are anbled, but there are also 2 other
supported included in ALL.
I must have done something wrong here as I see these 3 only :
n0$ LD_LIBRARY_PATH=`pwd`/openssl-1.1.1-pre5_SunOS5.10_sparc64vii+.001 \
> openssl-1.1.1-pre5_SunOS5.10_sparc64vii+.001/apps/openssl \
> ciph
On 29/04/18 06:43 AM, Kurt Roeckx wrote:
The upcomming OpenSSL 1.1.1 release will have TLS 1.3 support. TLS
1.3 brings a lot of changes that might cause incompatibility. For
an overview see https://wiki.openssl.org/index.php/TLS1.3
Looking at https://wiki.openssl.org/index.php/TLS1.3#Ciphersuit
On 17/04/18 06:36 PM, Rob Marshall wrote:
Hi,
The OS is SLES 10 SP3 and there are currently close to 80 binaries
that appear to use libssl.so.0.9.8. They are from a bunch of different
packages, so I would imagine that updating to anything more recent
than 0.9.8 would be a major hassle and possib
On 17/04/18 05:34 PM, Rob Marshall wrote:
Hi,
I have an application that runs on an old OS ...
I hate to be "that guy" and ask the dumb question but what OS is this
and are you able to re-compile and re-link the application?
Dennis
--
openssl-users mailing list
To unsubscribe: https://mta.o
ditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Written by Roland McGrath and Ulrich Drepper.
nix ppc64$
nix ppc64$ uname -r
4.15.12-genunix
nix ppc64$
While sparc is still a bit of a mess I am chaseing down the corner
issues.
Dennis Clarke
-
on some reasonable
architecture?
Dennis Clarke
number cruncher math geek
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
On 20/03/18 08:03 PM, Viktor Dukhovni wrote:
On Mar 20, 2018, at 5:55 PM, Dennis Clarke wrote:
signverifysign/s verify/s
rsa 4096 bits 0.082541s 0.001186s 12.1843.0
That seems remarkably slow, is that expected with this CPU?
I find it interesting that
On 20/03/18 08:03 PM, Viktor Dukhovni wrote:
On Mar 20, 2018, at 5:55 PM, Dennis Clarke wrote:
signverifysign/s verify/s
rsa 4096 bits 0.082541s 0.001186s 12.1843.0
That seems remarkably slow, is that expected with this CPU?
My laptop (PowerBook pro) is a
On 20/03/18 10:09 AM, OpenSSL wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL version 1.1.1 pre release 3 (beta)
===
OpenSSL - The Open Source toolkit for SSL/TLS
https://www.openssl.org/
OpenSSL 1.1.1 is currently in
I'll jump on that. Managed to get past the perl requirements and am now
using Oracle Studio 12.6 on Solaris 10 sparc ( for some recent sparc
incantation ) wherein I usually see :
cc: Warning: -xarch=v9 is deprecated, use -m64 -xarch=sparc instead
So the conf files need a small tweak.
I'l
On 24/02/18 02:18 PM, Erik Forsberg wrote:
-- Original Message --
As for -lm, which symbol was undefined?
Undefined first referenced
symbol in file
fabs test/ct_test.o
??? One can only wonder where does i
1 - 100 of 139 matches
Mail list logo
