Re: [openssl-users] Using a TPM to sign CSRs

Hi Kaarhik, Please refer https://github.com/ThomasHabets/openssl-tpm-engine. It is OpenSSL TPM Engine. It will help to offload all crypto operation to TPM. Regards, Devang. On Tue, Jul 24, 2018 at 4:48 PM, Kaarthik Sivakumar wrote: > Hello > > I need to create a key pair using a TPM (proprieta

Re: [openssl-users] Unexpected behaviors in TLS handshake

SHA256withRSAencryption. Best Regards, Devang Sent from my iPhone > On 20-Jun-2018, at 2:25 PM, Matt Caswell wrote: > > > >> On 20/06/18 09:44, Devang Kubavat wrote: >> Hi all, >> >> I set the signature algorithm using in client, >> >

[openssl-users] Unexpected behaviors in TLS handshake

Hi all, I set the signature algorithm using in client, /* signature algorithm list */ (void)SSL_CTX_set1_client_sigalgs_list(ctx, "RSA+SHA512"); Expected behavior: client only accepts server certificate which has signature algorithm SHA512withRSAencryption during TLS handshake. But, here even I

[openssl-users] Regarding to disable some signature algorithm in client hello message

Hi, I want to disable the SHA1 hash algorithm in Extension: signature algorithm client hello message. [cid:image003.jpg@01D407C3.1A227530] I have used /* the signature algorithms list */ const char signAlgo[] = "RSA+SHA256"; (void)SSL_CTX_set1_client_sigalgs_list(ctx, signAlgo

Re: [openssl-users] disable session id reuse

Hi Darshan, In Addition, Make sure that you should disable the session ticket based session resumption using SSL_OP_NO_TICKET. By default SSL_OP_NO_TICKET is not disabled. Thanks Devang Sent from my iPhone > On 03-May-2018, at 2:12 PM, Mody, Darshan (Darshan) > wrote: > > Hi, > > While

[openssl-users] SSL Handshake with TPM using TPM Engine

Hi All, *SSL handshake with TPM using TPM Engine: *I am generating the RSA keys in TPM and private key will never come out from TPM I want to do SSL handshake with this scenario. Can you please point out me in SSL handshake which functions are using the RSA private key? So that, I can register

[openssl-users] OpenSSL Engine for TPM

Hi All, 1. Is there any built-in OpenSSL Engine to access the TPM ? 2. Is there any other OpenSSL Engine to access the TPM ? If Yes, How can we configure in OpenSSL libraries to use that engine ? Please guide me. Thanks. Best Regards, Devang -- openssl-users mailing list To unsubscribe:

[openssl-users] Resume the session with new session keys

Hi, There are two method to resume the session, 1.) Session ID, 2.) Session Ticket Out of these two methods, which method is useful to resume session with new session keys ? Is there any way to resume the session with new session keys ? Can anyone please help me ? Currently I am using the Tick

[openssl-users] How to disable the DTLS stuff in openssl 1.0.2k

Hi, I am trying to configure the OpenSSL 1.0.2k for windows. Can anyone help me How to disable the DTLS? Best Regards, Devang -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] SSL_CTX_set_timeout does not work properly

Hi, I am using Ticket based Session Resumption in my application. I need to control 'timeout of the session'. So as per the document I can set the timeout of the session using SSL_CTX_set_timeout(SSL_CTX *ctx, long t); I used SSL_CTX_set_timeout(ctx, 500); I am able to resume the session up to

[openssl-users] Different size of openssl libraries

Hi, I am trying to build openssl 1.0.2j. for windows. Everytime I different size of libraries. Is it depends on path ? Best Regards Devang -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users