Yes I used the PQ openssl based on liboqs
Since you were not specific on what the use case, and I was not certain
why you wanted a Kyber Public/Private key pair when other algorithms
are better suited to PQ authentication, I supplied the TLS example.
Regards
Mark Hack
On Mon, 2022-10-03 at 21:08
In this case you need to look at certificate / signature generation
separately from the key exchange. In classical terms, I can have anRSA
key with a RSA-SHA256 signature and use DHE elliptic curves to exchange
a secret without knowing the elliptic curve public private key pair.
For example to use
plementary, and a
developer shifts between these modes of thought often while working.
I agree that a Migration Guide will, after a brief discussion of the
high-level differences between old and new, consist mostly of "if you
did task T that way before, now you should do it something like t
I may have a mixed Java environment. I will recheck on a clean VM when
I get a few minutes.
Regards
Mark Hack
On Thu, 2022-05-19 at 16:46 +0200, Djordje Gavrilovic wrote:
> Hm, not working here.
>
> openjdk version "1.8.0_312"
>
> OpenJDK R
0, Djordje Gavrilovic wrote:
> Thank you both for your answers! So much! Both of them very
> helpful. We are stuck with openjdk8 right now...but it is good
> to
> know that later versions will work as expected.
>
> Thank you guys
>
>
>
completed: 1 entries successfully imported, 0 entries failed
or cancelled
Warning:<1> uses the SHA1withRSA signature algorithm which is
considered a security risk. This algorithm will be disabled in a future
update.
Mark Hack
On Thu, 2022-05-19 at 12:13 +0200, Erwann Abalea via openssl-users
:
openssl s_client -connect data.reversinglabs.com:443 -tls1_2
-servername data.reversinglabs.com
Check your server setup and ensure that a default virtual host has been
defined.
Mark Hack
On Tue, 2022-05-17 at 15:55 -0400, Geek Geek wrote:
> I run into the following issue when I use openssl 1.0
NIST-800-131a deprecated SHA1 signatures in January of 2013 along with
RSA1024 bit keys. You should be issuing certificates with at least
RSA2048 with SHA2 signatures, and preferably at least RSA3072 with SHA-
384 signatures and if you are re-issuing CA certs more bits is better.
Nothing was said
Use keytool -list -v to ensure that the original store actually
contains a private key
If there is no entry of Entry type: PrivateKeyEntry then the store has
no private key
Mark Hack
On Tue, 2022-02-15 at 18:30 +0100, mary mary wrote:Hello community,
> A beginner here.
>
> I woul
You are welcome. Determining why TLS handshakes fail is a challenge
since it does require knowledge of what cipher suites and algorithms
are required by the server and are missing in the client.
On Tue, 2022-01-04 at 23:08 +, Ma Zhenhua wrote:
> Hi Mark,
>
>
>
>
>
>
The server error is correct - the signature_algorithms_cert extension
does not offer rsa_pkcs1_sha256 (0x0401) which is the server
certificate signing algorithm.
If the client is written in Java, check java.security for
"jdk.certpath.disabledAlgorithms" and check the constraints.
On Fri, 2021-
Look at https://testssl.sh/
That is an openssl wrapper which enumerates ciphers and protocols ( and
a whole lot more)
Hexcode Cipher Suite Name
(OpenSSL) KeyExch. Encryption Bits Cipher Suite Name
(IANA/RFC)-
OpenSSL is looking to hire two full-time positions: Developer, and
Manager. Details of the roles can be found here:
https://www.openssl.org/blog/blog/2021/11/24/hiring-manager-and-developer/
To apply please send your cover letter and resume to j...@openssl.org
by 9th December 2021
Regards,
The O
"openssl ciphers" will show you the correct names which in this case is
DHE-RSA-AES128-GCM-SHA256
On Wed, 2021-11-17 at 16:25 +0800, M K Saravanan wrote:
> Hi,
>
> Do I need to do any config to enable DHE based ciphers in openssl for
> command line usage?
>
> $ openssl s_client -cipher 'DHE_RSA_
Added to all the weaknesses in SSLv3, the only supported cipher suites
are either vulnerable or deprecated and not advisable.
SSL_RSA_WITH_NULL_MD5 NULL-MD5
SSL_RSA_WITH_NULL_SHA NULL-SHA
SSL_RSA_EXPORT_WITH_RC4_40_MD5 EXP-RC4-MD5
SSL_RSA_WITH_RC4_
The docs are not the easiest to follow so here is what I did to order
curves from strongest to weakest.The file is /etc/pki/tls/openssl.conf
and should be close to your settings. Set the curves to what you want
as I did in the Curve line
openssl_conf = default_modules
[ default_modules ]
ssl_c
est:
> https://github.com/openssl/openssl/issues/14570
>
> Unfortunately it was not implemented in time for beta1 so this is now
> Post 3.0 item.
>
> I would recommend explicitly setting security level 0 via a cipher
> string when executing the test.
I second the motion
This is a Java error and not an openSSL error. This will be thrown if
the application did not specify a valid X509 Trust Manager for the
SSLContext.
On Fri, 2021-04-30 at 15:48 +0530, K V Rao via openssl-users wrote:
No X509TrustManager implementation available
You will need to be a lot more specific - this works fine
openssl s_client -connect localhost:443 | openssl x509 -noout -text
Can't use SSL_get_servername
depth=0 C = US, ST = TX, L = Somewhere, O = MarkHack, OU = Test, CN =
fakeserver.com
verify error:num=18:self signed certificate
verify return:
RFC6066
Note that when a list of URLs for X.509 certificates is used, the
ordering of URLs is the same as that used in the TLS Certificate
message (see [RFC5246], Section 7.4.2), but opposite to the order in
which certificates are encoded in PkiPath. In either case, the
self-signed ro
I have successfully been able to offload specific ECC functionality via my own
engine. For example, I have been able to offload sign, verify and compute_key
methods. My latest task is now to offload, specifically, ECC point
multiplication. I am having a hard go at this. Really looking for guid
Thanks for you reply Ben!
Sorry for being unclear, the goal would be to just not send the SCSV value
in the ClientHello.
-Mark
Am Di., 21. Apr. 2020 um 22:06 Uhr schrieb Benjamin Kaduk :
> On Tue, Apr 21, 2020 at 09:57:02PM +0200, Mark Windshield wrote:
> > Hello,
> >
> >
Hello,
I was wondering what I'd have to change in the openssl code/config before
compiling to have renegation disabled by default, so it won't send the
Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff) when using curl.
Thanks!
I believe that Firefox does still support P-521 but Chrome does not.
Also be aware that if you set server side cipher selection and use
default curves, that OpenSSL orders the curves weakest to strongest (
even with @STRENGTH) so you will end up forcing P-256.
On Tue, 2019-10-15 at 17:24 +0200,
This was on 1.0.2 and I just checked 1.1.1, and for libssl I still only
see the call for libcrypto. I can recompile and confirm later in the
day to be 100% certain.
On Wed, 2019-09-25 at 16:26 +0100, Matt Caswell wrote:
>
> On 25/09/2019 15:26, Mark Hack wrote:
> > ssl_algs.c is
.
Patching ssl_algs.c corrects this and the performance improvement is
immediatly noticable. This is the patch applied and tested on PPC.
int SSL_library_init(void)
{
OPENSSL_cpuid_init_setup(); /* Identify the HW platform */
...
Regards
Mark Hack
nm says there are no symbols in libssl or libcrypto.
It also says that libcurl has no symbols. Does that imply that all libcurl's
symbols are already resolved?
Mark Richter | Senior Staff Engineer
SolarFlare Communications, Inc. | www.Solarflare.com
9444 Waples Street, #170, San Dieg
I thought I'd start a new thread for this as it may have been buried in my
other thread.
We have a RHEL 7 app that links to (at least) libcurl that uses OpenSSL 1.0.2,
but our app needs 1.1.1.
I'm not at all sure how to set up our Makefile to handle this.
Thanks.
Mark Richte
I forgot to mention that this round was on CentOS 7, and the tests fail with or
without the variant changes.
Mark Richter | Senior Staff Engineer
SolarFlare Communications, Inc. | www.Solarflare.com
9444 Waples Street, #170, San Diego, CA 92121
Mobile: +1 949-632-8403
On Behalf Of Mark
Richter
Sent: Friday, July 19, 2019 11:04 AM
To: openssl-users@openssl.org
Subject: RE: Error building app on RHEL 7 with openssl 1.1.1
I've been poking around in the Configurations/* and all the README* files, and
on the web, and it is not at all clear to me how/whe
t has been for me.
Many, many thanks in advance. I deeply appreciate all your assistance.
Mark
-Original Message-
From: openssl-users On Behalf Of Viktor
Dukhovni
Sent: Thursday, July 18, 2019 10:19 PM
To: openssl-users@openssl.org
Subject: Re: Error building app on RHEL 7 with openssl
erence
to symbol 'dlclose@@GLIBC_2.2.5'
/usr/lib64/libdl.so.2: error adding symbols: DSO missing from command line
collect2: error: ld returned 1 exit status
make: *** [build/bin/cntlr] Error 1
What am I missing?
Mark Richter | Senior Staff Engineer
SolarFlare Communications, Inc. | www
> -Original Message-
> From: openssl-users On Behalf Of Viktor
> Dukhovni
> Sent: Wednesday, July 17, 2019 12:42 PM
> To: openssl-users@openssl.org
> Subject: Re: Errors building 1.1.1 on RHEL 7
>:
> 4. Build and install OpenSSL 1.1.1c with "--prefix=/opt/openssl/1.1"
> or similar
osts.) Are there any gotchas to doing
this? E.g., our app also uses the curl library, which I believe uses the
default openssl on the host.
Thanks.
Mark
The information contained in this message is confidential and is intended for
the addressee(s) only. If you have received this message in e
I'm still really new at this - a few questions:
-Original Message-
From: openssl-users On Behalf Of Viktor
Dukhovni
Sent: Wednesday, July 17, 2019 12:42 PM
To: openssl-users@openssl.org
Subject: Re: Errors building 1.1.1 on RHEL 7
On a system with OpenSSL 1.0.2 or OpenSSL 1.1.0 in /usr/
It works better with 1.1.1c.
Thank you.
-Original Message-
From: Matt Caswell
Sent: Wednesday, July 17, 2019 1:16 AM
To: Mark Richter ; openssl-users@openssl.org
Subject: Re: Errors building 1.1.1 on RHEL 7
On 16/07/2019 23:27, Mark Richter wrote:
> Result: PASS
Well that'
/bin/ld: warning: libcrypto.so.10, needed by /usr/lib64/libssh2.so.1, may
conflict with libcrypto.so.1.1
I tried googling this and get lots of suggestion for similar errors with
libcurl, but not this one.
What am I missing?
-Original Message-
From: Jan Just Keijser
Sent: Wednesday,
istic License or the
GNU General Public License, which may be found in the Perl 5 source kit.
Complete documentation for Perl, including FAQ lists, should be found on
this system using "man perl" or "perldoc perl". If you have access to the
Internet, point your browser at http://ww
13
Parse errors: Bad plan. You planned 209 tests but ran 0.
Files=152, Tests=850, 30 wallclock secs ( 0.38 usr 0.10 sys + 31.02 cusr 4.55
csys = 36.05 CPU)
Result: FAIL
make[1]: *** [_tests] Error 1
make[1]: Leaving directory `/home/mrichter/bin/openssl-1.1.1'
make: *** [tests] Error 2
?
came from the NIST algorithm test tool when the OpenSSL team tested all of
the algorithm implementations.
The CAVP also posts sample test vectors if you are looking for that sort of
thing:
https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/random-number-generators#DRBG
Mark
ide to adapting the sources to these changes.
Where can I find one?
Thanks.
Mark Richter | Senior Staff Engineer
SolarFlare Communications, Inc. | www.Solarflare.com<http://www.solarflare.com/>
9444 Waples Street, #170, San Diego, CA 92121
Mobile: +1 949-632-8403
[Description: Descripti
Thanks, from someone else who builds no-shared and will need this mod.
From: openssl-users On Behalf Of John
Unsworth
Sent: Thursday, May 16, 2019 5:47 AM
To: openssl-users@openssl.org
Subject: RE: OpenSSL 1.1.1b tests fail on Solaris - solution and possible fix
In the absence of any steer from
tination systems' library locations,
RUNPATH is desirable.
For an ISV, LD_LIBRARY_PATH is a necessary evil for application-delivered
libraries.
> Building on Solaris is a real pain.
Compared with what? This is how all Unices/*nix's work.
Best,
Mark Ludwig
Module for 3.0.
--
Mark J. Minnoch
Co-Founder, CISSP
KeyPair Consulting
+1 (805) 550-3231 <(805)%20550-3231> mobile
https://KeyPair.us <https://keypair.us/>
https://www.linkedin.com/in/minnoch
*We expertly guide technology companies in achieving their FIPS 140 goals*
*Blog post:
+1 on the point: firm expiration date without firm replacement date ... really?!
We have to hope that the firm expiration date will actually move if the
replacement isn't ready before then ... and that doesn't begin to account for
the calendar time to get the new one certified
Th
Just about 20 years ago we released the first OpenSSL, but that wasn't the
original name for the project.
Read more in the blog post at
https://www.openssl.org/blog/blog/2018/12/20/20years/
Regards, Mark J Cox
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/ma
Hello ,
I use openssl 1.1.1 and cannot find function :
lh_X509_NAME_free, lh_X509_NAME_insert, lh_X509_NAME_retrieve referenced in
function _SSL_load_client_CA_file in file ssl_cert.c
Please help me to solve this problem
Mark
--
openssl-users mailing list
To unsubscribe: https
RUN ./config --prefix=${FIPSDIR}
RUN make
RUN make install
ADD ssl/openssl-${SSLVER}.tar.gz /tmp
WORKDIR /tmp/openssl-${SSLVER}
RUN ./Configure \
--prefix=${OPENSSLDIR} \
--openssldir=${OPENSSLDIR} \
${SSL_CONFIG} linux-x86_64
RUN make
RUN make test
RUN make in
nds on another question: do
you regularly review the package manager's default cipher list, and
have reason to trust it?
--
Mark H. Wood
Lead Technology Analyst
University Library
Indiana University - Purdue University Indianapolis
755 W. Michigan Street
Indianapolis, IN 46202
317-274-0749
d best way is to get the OpenSSL FIPS Object Module CD directly
from OpenSSL (as described in the OpenSSL FOM Security Policy and User
Guide).
Mark J. Minnoch
Co-Founder, CISSP, CISA
KeyPair Consulting
+1 (805) 550-3231 <(805)%20550-3231> mobile
https://KeyPair.us <https://keypair.us/>
If you are looking for a copy of the OpenSSL FIPS Object Module (versions
2.0 to 2.0.16) delivered to you on CD, then please send an email to
c...@keypair.us with your shipping address.
We will send you a copy of the original OpenSSL FOM CD.
For details, see: https://keypair.us/2018/05/cd/
Mark
ls. Our service is described here:
https://keypair.us/private-labels/
Mark J. Minnoch
Co-Founder, CISSP, CISA
KeyPair Consulting
+1 (805) 550-3231 <(805)%20550-3231> mobile
https://KeyPair.us <https://keypair.us/>
https://www.linkedin.com/in/minnoch
*We expertly guide technology companies in
Hello Walter,
I did not found file ca.pem (root certificate) for testing.
Thanks
Mark
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
Walter H.
Sent: Wednesday, May 30, 2018 11:17 AM
To: openssl-users@openssl.org
Subject: Re: [openssl-users] Test SSL connection
On
ter I get error :
Verify return code: 21 (unable to verify the first certificate)
What is wrong?
Thanks for any help
Mark
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
s a -X
option that specifies how many bits.
For example, your example might work as:
ar -X 64 r LIBNAME.a ../test2.sh
(At least, I assume you're building 64-bit binaries based on seeing "coff64"
above.)
(I also assume you omitted the library name in e-mail.)
HTH,
Mark
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
ed at previously allowed key sizes for
legacy purposes). The services provided by the OpenSSL FOM that do not meet
current SP 800-131A requirements are now listed as non-approved services in
Table 4c of the OpenSSL FOM Security Policy.
Mark J. Minnoch
Co-Founder, CISSP, CISA
KeyPair Consulting
+1 (
Historical List.
Mark J. Minnoch
Co-Founder, CISSP, CISA
KeyPair Consulting Inc.
+1 (805) 550-3231 mobile
https://KeyPair.us <https://keypair.us/>
https://www.linkedin.com/in/minnoch
<https://www.linkedin.com/in/minnoch>
We expertly guide technology companies in achieving thei
wording without changing what we do
or who we tell
Mark
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
FIPS testing of the
OpenSSL FOM on specific operating systems. We also perform Private Label
validations to rebrand the OpenSSL FOM for our clients.
Mark J. Minnoch
Co-Founder, CISSP, CISA
KeyPair Consulting
+1 (805) 550-3231 mobile
https://KeyPair.us
https://www.linkedin.com/in/minnoch
*We expertly
> From: Michael Wojcik, Wednesday, November 08, 2017 7:03 AM
> To: openssl-users@openssl.org
> Subject: Re: [openssl-users] Help compiling on HPUX
>
> > From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
> Of Dan Freed
> > Sent: Tuesday, November 07, 2017 19:14
> > To: openss
; And unless some or all of the browsers also apply these requirements to
> private CAs, you’re not forced to follow them all.
How does one mechanically distinguish public vs. private CAs?
--
Mark H. Wood
Lead Technology Analyst
University Library
Indiana University - Purdue University Ind
I haven't started working with OpenSSL 1.1.n, but in OpenSSL
1.0.2, all 64-bit builds produce identically-named binaries
such as libeay32.lib and libeay32.dll in the "out32"
directory.
Hope this helps,
Mark
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
a file
named CHANGES contains *all* of the changes, while a file named
RELEASE_NOTES includes selected changes of particular significance.
It's confusing to call a release-notes file CHANGES.
Appending a note that, for a full change log, [DO THIS], would probably
be well received.
--
Mark
o idea we had modified it to change the return type from long to int.
(*Shrug*)
Thanks,
Mark
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
o it would fit on Windows. (Blind/stupid
global replacement.)
(Does OpenSSL support any platform in which type int is 16 bits?)
Thanks,
Mark
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
ues of the SSL functions (macros) deriving from SSL_ctrl(). Why was
this done?
(I don't see mention of this in the CHANGES file.)
Thanks,
Mark Ludwig
Siemens Product Lifecycle Management Software Inc.
Communications and Government Affairs
Product Lifecycle Management
Lifecycle Coll
> From: Wall, Stephen, Monday, November 28, 2016 6:52 AM
>
> > From: openssl-users [mailto:openssl-users-boun...@openssl.org] On
> > Behalf Of Ludwig, Mark
> >
> > A customer claims to have configured the web (app) server to only allow
> > TLS 1.2
> > (by
ce on the "best" tool for "watching" the TLS
version negotiation when the connection is being established.
The client environment is Solaris 10. I'm obtaining the necessary privileges
to use the snoop command. Does anyone have any do's or don'ts for using
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Forthcoming OpenSSL releases
The OpenSSL project team would like to announce the forthcoming release of
OpenSSL versions 1.0.2g, 1.0.1s.
These releases will be made available on 1st March 2016 between approximately
1300
Thanks, Rich.
That fixed things. Obviously not familiar w/ memmove() or the memcpy() issue
w/ overlapping data area.
Thanks again.
-Original Message-
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
Salz, Rich
Sent: Tuesday, February 09, 2016 2:44 PM
To: ope
I have a program that for some time now under SUSE Linux Enterprise Server has
worked fine. Recently, it was moved over to an OpenSUSE 13.2 system and a
problem was encountered. The program interfaces to a 3rd party and data is
received into our program where the data block consists of some h
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Forthcoming OpenSSL releases
The OpenSSL project team would like to announce the forthcoming release of
OpenSSL versions 1.0.2f, 1.0.1r.
These releases will be made available on 28th January between approx. 1pm and
5pm
With regard to the idea that one can simply make older algorithms
Somebody Else's Problem: is it *known* that another viable,
well-maintained product sees this as one of its roles? That would be
more reassuring, I think, than just hoping that some unknown group
will step into the gap.
--
We have moved to just using Salt 0 for now but would like to get some help
with the Salt Len 62 issues. Does anyone have any special instructions for
this?
--
View this message in context:
http://openssl.6102.n7.nabble.com/FIPS-OpenSSL-Test-Harness-and-RSA-PSS-tp60789p60798.html
Sent from the O
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Forthcoming OpenSSL releases
The OpenSSL project team would like to announce the forthcoming release
of OpenSSL versions 1.0.2d and 1.0.1p.
These releases will be made available on 9th July. They will fix a
single securi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Forthcoming OpenSSL releases
The OpenSSL project team would like to announce the forthcoming release
of OpenSSL versions 1.0.2d and 1.0.1p.
These releases will be made available on 9th July. They will fix a
single securi
Ok, the API call was not correct RSA_generate_key_ex was not working same. I
have resolved all the issues now.
--
View this message in context:
http://openssl.6102.n7.nabble.com/Generating-FIPS-Compliant-libcrypto-so-tp58890p58904.html
Sent from the OpenSSL - User mailing list archive at Nabble
Ok, I will answer my own question here. The problem was that I did not have
the LD_LIBRARY_PATH set correctly for openssl.
--
View this message in context:
http://openssl.6102.n7.nabble.com/Generating-FIPS-Compliant-libcrypto-so-tp58890p58899.html
Sent from the OpenSSL - User mailing list arch
Ok, I searched and there are a lot of topics around building the fip
compliant version of openssl. My problem is with the generation of the
libcrypto.so.
Environment
Debian 8
openssl fips 2.0.9
openssl 1.0.1o
I follow the security guide and build a valid fipscanister.o file. I test it
and it work
Ok, I finally figure out my issues. I was setting the environment variables
when I should not have been. The "make depend" set will setup all the fips
dependencies you need. So I was shooting myself in the foot so to speak.
Using the commands listed in the Security Policy for OpenSSL worked fine
on
MAY BE REPOSTING TRYING TO MOVE FROM NABBLE TO OFFICIAL OPENSSL POSTINGI was
wondering if someone has seen this issue before. I am guessing the problem is
on my side because can replicate it on Debian 8 and Ubuntu 14.4. I am using
OpenSSL 1.0.2c and the crypto module from OpenSSL ecp 2.0.9 env
\applause all around!
--
Mark H. Wood, Lead System Programmer mw...@iupui.edu
Machines should not be friendly. Machines should be obedient.
signature.asc
Description: Digital signature
tention to the CAs you trust, and evict any that seem to
have declined to a degree that worries you.
5. Goto 3.
--
Mark H. Wood, Lead System Programmer mw...@iupui.edu
Machines should not be friendly. Machines should be obedient.
signature.asc
Description: Digital signature
Or 'mount -o umask=077' I think.
--
Mark H. Wood, Lead System Programmer mw...@iupui.edu
Machines should not be friendly. Machines should be obedient.
signature.asc
Description: Digital signature
This is because the thumb drive is a vfat device, which has a very limited
permissions model. The permissions of every file, as reported by the
device driver, are always 0644, and there is no escape. When I try to add
the identity from the key file, ssh-add says:
gt; To: openssl-users@openssl.org
> Subject: RE: Error 18: self signed certificate
>
> > From: owner-openssl-users On Behalf Of Mark Currie
> > Sent: Monday, November 18, 2013 03:24
>
> > I also managed to get self-signed certs to work like this but does
> > anyone
Hi
I also managed to get self-signed certs to work like this but does anyone
know how to use self-signed certs in a RAM-only environment i.e. no disk
available?
> -Original Message-
> From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
> us...@openssl.org] On Behalf Of Manoj
> Se
I take that back, there was a modification... we recently switched cipher
preferences due to security concerns... might this have an impact on the issue??
SSL_CTX_set_options( ssl_ctx_server, SSL_OP_CIPHER_SERVER_PREFERENCE );
Mark.
- Original Message -
From: Mark Pietras
To
the connection is ongoing and this randomly shows up when
there's a burst in traffic on the connection (sometimes minutes or hours into
the connection).
Anyone have any additional insight before I dig deeper? Thanks! Mark.
___
I meant this question to be WRT EVP support i.e. will EVP ever support
EVP_camellia_256_ctr() and EVP_camellia_256_gcm()?
Markc
> -Original Message-
> From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
> us...@openssl.org] On Behalf Of Mark Currie
> Sent: 21 Jul
Hi,
I know there is probably not much demand for it, but are there any plans to
add CCM and GCM modes for Camellia?
Markc
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
I'm running a tool via a python library that uses ssl and would like
to use a different cipher other than the one being negotiated. Is it
possible to do this via an env variable or some config change on my
workstation, perhaps a config file?
I continue to leave it out, I would hope
that someone would show his respect for my skills with a good sharp
poke: Mark, I know you can do better than this!
Reporting documentation problems is different from reporting software
problems. In the latter case we send a report because we unders
the hostname
> you connected to. If the next time you connect the certificate has
> changed, a system supporting certificate pinning will warn you.
I believe this is what the Certificate Patrol plugin for Firefox is
doing, if you want to see it in action.
--
Mark H. Wood, Lead System Programm
rivate CA
> support and we should have a friendly script or cookbook for this available
> somewhere. Fixing this will relieve you guys of answering all these
> inquiries via email.
TinyCA has, so far, sufficed for my modest needs.
http://tinyca.sm-zone.net/
--
Mark H. Wood, Lead Syst
functionality?
Mark H. Davis
630.627.3027
lib:a_verify.c:173:
cheers
Mark
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager
I have a pkcs7 message that contains a chain of certificates. The
root certificate is the Apple CA. I am using ruby to verify the
message and I have something that I think works, but I am wondering if
there is a much easier method of doing what I am doing
My specific question is in regards t
Initialization code means code that runs before any other SSL code, not once
you've already got an error.
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Akanksha Shukla
Sent: 31 October 2011 20:27
To: openssl-users@openssl.
It was one of my family members
birthday written backwards followed by the word TeaPot with some
combination of upper
and lower case
Password of the year! :)
On 19 Oct, 2011, at 10:16 PM, Jakob Bohm wrote:
> It was one of my family members
> birthday written backwards followed by the word TeaPo
1 - 100 of 487 matches
Mail list logo
