I have seen similar issue on linux when /dev/random failed to generate seed
when application tries to create many SSL connections in parallel.
On Fri, Jan 5, 2018 at 4:37 PM, murugesh pitchaiah <
murugesh.pitcha...@gmail.com> wrote:
> Hi All,
>
> Need your inputs on below issue:
>
> When I try
u can either upgrade your PostgreSQL server or as a work around ,if
> network security is not your major concern SSL renegotiation parameter can
> be switched off to avoid connection lost errors due to SSL renegotiation.
>
>
>
>
> On Tue, Jun 3, 2014 at 5:16 PM, Mithun Kumar
&g
Thanks for the reply.
I am currently resetting the below flag by resetting using
SSL_CTX_clear_options(). Still the handshake fails.
SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
Any inputs ?
On Wed, Jun 4, 2014 at 6:57 PM, Salz, Rich wrote:
> Ø Can you please elaborate?
>
> Ø
>
>
>
> One si
Hi Rich,
Can you please elaborate?
-Thanks
On Tue, Jun 3, 2014 at 6:47 PM, Salz, Rich wrote:
> Ø 2014-06-03 07:12:05 EDT LOG: SSL error: unsafe legacy renegotiation
> disabled
>
>
>
> Somebody has an outdated implementation that doesn’t do secure
> renegotiation. Google search.
>
>
>
>
Hi,
Currently i working on a scenario where client uses openssl for connecting
to PostgreSQL server.
There is a flag in Server which invokes SSL renegotiation after certain
amount of data is transferred.
Connection terminates as part of SSL_read() with Errno = 10054 ( (An
existing connection was
if something
> else
>
> can you reproduce it with s_client? What exactly is the error?
>
>
>
>
>
> *From:* owner-openssl-us...@openssl.org [mailto:
> owner-openssl-us...@openssl.org] *On Behalf Of *Mithun Kumar
> *Sent:* Friday, March 14, 2014 11:53
> *To:* opens
, 2014 at 8:02 PM, Viktor Dukhovni wrote:
> On Fri, Mar 14, 2014 at 06:18:49PM +0530, Mithun Kumar wrote:
>
> > What is the difference between these two formats
>
> The first contains a 1024 bit RSA-SHA1 public key, the second a
> 2048-bit key.
>
> > Below is the
What is the difference between these two formats
Below is the ASN output using certuil tool.
*Cert1:-*
0618:30 0d ; SEQUENCE (d Bytes)
061a:| 06 09 ; OBJECT_ID (9 Bytes)
061c:| | 2a 86 48 86 f7 0d 01 01 05
| | ; 1.2.840.113549.1.1.5 sha1RSA
0625:| 05 00 ; N
I think below error is caused by corrupt data received by the client. Is my
observation correct. Any idea how figure out where things are going wrong.
error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
erro
I am looking for a tool which can dump out ASN.1 data. I think this will
throw some light. Any inputs.
On Wed, Jan 22, 2014 at 2:27 PM, Mithun Kumar wrote:
> I think below error is caused by corrupt data received by the client. Is
> my observation correct. Any idea how figure out where
Hello Frank,
Sorry for the delayed reply. You mean to say S/MIME Capabilities
understands this extension but they is no logic to handling the ASN1
sequence?
-mithun
On Wed, Aug 7, 2013 at 1:57 PM, Frank Migge wrote:
> Dear Mithun,
>
> I came across this thread by researching the same questio
typo error
Hello Frank,
Sorry for the delayed reply. You mean to say Openssl understands S/MIME
Capabilities extension but they is no logic to handling the ASN1 sequence?
On Tue, Oct 29, 2013 at 3:20 PM, Mithun Kumar wrote:
> Hello Frank,
>
> Sorry for the delayed reply. You mean
i am getting the following error from openssl. Any inputs where things are
going wrong?
error:140A4044:SSL routines:SSL_clear:internal error
-Thanks in advance.
Hello Dave,
Does openssl support "S/MIME Capabilities" certificate extension? I think
openssl is unable to parse this extension.
-mithun
On Sat, May 18, 2013 at 1:10 AM, Dave Thompson wrote:
> >From: owner-openssl-us...@openssl.org On Behalf Of Mithun Kumar
> >Sent: Frid
Is anyone aware why below error is thrown by openssl?
33620164:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong
tag:tasn_dec.c:1294:
33620164:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1
error:tasn_dec.c:380:Type=X509_EXTENSION
33620164:error:0D08303A:asn1 encoding
Adding more info...Looks like the handshake is doesnt stop as soon as the
error is added by Openssl. Any inputs in what scenarios such errors are
thrown.?
On Thu, May 16, 2013 at 11:39 PM, Mithun Kumar wrote:
> Hello All
>
> Any pointers why below error is thrown by openssl?
>
>
Hello All
Any pointers why below error is thrown by openssl?
error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad
certificate:s3_pkt.c:1193:SSL alert number 42
-mithun
FYI.. i am working on AIX - 64 bit platform.
On Mon, Mar 25, 2013 at 9:50 PM, Mithun Kumar wrote:
> Hello All,
>
> I am getting below error when trying to create a connection
>
> "Seeding the PRNG failed, most likely because the system does not have
> /dev/random.&quo
Hello All,
I am getting below error when trying to create a connection
"Seeding the PRNG failed, most likely because the system does not have
/dev/random."
Any inputs why this error pops up?
have a look at this thread
https://groups.google.com/forum/?fromgroups=#!topic/mailing.openssl.users/-t7KRH-8phs
Since this is not related to dev i have removed openssl-dev from list.
On Thu, Oct 4, 2012 at 10:14 PM, Indtiny s wrote:
> Hi,
>
> I need a TLS security based server which can h
? Have you encountered any time before such errors
in forum?
-mithun
On Tue, Sep 18, 2012 at 12:15 AM, Dave Thompson wrote:
> >From: owner-openssl-us...@openssl.org On Behalf Of Mithun Kumar
> >Sent: Friday, 14 September, 2012 20:53
>
> >On the issue i am working currently
reat help.
-mithun
On Wed, Sep 12, 2012 at 8:25 AM, Dave Thompson wrote:
> >From: owner-openssl-us...@openssl.org On Behalf Of Mithun Kumar
> >Sent: Tuesday, 11 September, 2012 02:10
>
> >On Tue, Sep 11, 2012 at 8:08 AM, Dave Thompson
> wrote:
>
> > I did
Thanks Dave, Please find my reply inline.
On Tue, Sep 11, 2012 at 8:08 AM, Dave Thompson wrote:
> >From: owner-openssl-us...@openssl.org On Behalf Of Mithun Kumar
> >Sent: Monday, 10 September, 2012 08:17
>
> >On Mon, Sep 10, 2012 at 1:52 PM, Dave Thompson
> wrote:
Hello Dave,
Please find my reply inline
On Mon, Sep 10, 2012 at 1:52 PM, Dave Thompson wrote:
> >From: owner-openssl-us...@openssl.org On Behalf Of Mithun Kumar
> >Sent: Monday, 10 September, 2012 01:56
>
> Answering -users only, this isn't a -dev question.
>
>
Hello All,
I have a challenge befor me where i have to debug a SSL handshake failure.
Client has OpenSSL libraries and Server is Microsoft SQL Server. I cant
sniff the packets using WireShark nor can i enable server logs. All i can
do i enable client logging. Any suggestions how to enable OpenSSL
ers. You need to call the API after the handshake failure to dump out
> the errors which have been buffered internally.
>
> ** **
>
> Regards,
>
> jjf
>
> ** **
>
> *From:* Mithun Kumar [mailto:mithunsi...@gmail.com]
> *Sent
Hello All,
When i give file pointer as input to API(ERR_print_errors_fp()) nothing is
getting written to the FILE during a SSL handshake failure. Any inputs why
things are failing.
-mithun
ssl-us...@openssl.org On Behalf Of Mithun Kumar
> >Sent: Thursday, 30 August, 2012 02:04
>
> >Also when i use s_client tool it just hangs with following output.
> >Any input on how to get full handshake dump?
>
> >... openssl s_client -connect ... -state -debug -ms
Its in
cryptlib.h
#ifdef OPENSSL_USE_APPLINK
#define BIO_FLAGS_UPLINK 0x8000
#include "ms/uplink.h"
#endif
On Thu, Aug 30, 2012 at 6:00 PM, Mithun Kumar wrote:
> i am extremely sorry. its BIO_FLAGS_UPLINK flag.
>
>
>
>
> On Thu, Aug 30, 2012 at 5:24 PM, Saur
i am extremely sorry. its BIO_FLAGS_UPLINK flag.
On Thu, Aug 30, 2012 at 5:24 PM, Saurabh Pandya
wrote:
> How do you identified that the dame flag is causing problem
>
> On Aug 30, 2012 4:49 PM, "Mithun Kumar" wrote:
> >
> > Thanks for the quick reply.
>
or_string(ERR_get_error(), NULL));
>
> On 8/30/12, Mithun Kumar wrote:
> > Hello All,
> >
> > I am using the function ERR_print_errors_fp() to get the last error in
> > case of any failure. I want to divert the output to file. When ever there
> > is a handshake fail
i could see following method failing..
uplink.c :19
static void unimplemented (void)
{ OPENSSL_showfatal (sizeof(TCHAR)==sizeof(char)?"%s\n":"%S\n",msg);
ExitProcess (1);//causing crash
}
On Thu, Aug 30, 2012 at 3:25 PM, Mithun Kumar wrote:
> Hello All,
>
Hello All,
I am using the function ERR_print_errors_fp() to get the last error in
case of any failure. I want to divert the output to file. When ever there
is a handshake failure application crashes.
If handshake is successful i don't see any crash. Any idea where things are
going wrong.
-mith
7e ba 46 50 02 4b 69*
*5c c3 8d c3 0c af e9 37 fa 80 3f e2*
*SSL_connect:SSLv2/v3 write client hello A*
Thanks in advance
mithun
On Thu, Aug 30, 2012 at 11:31 AM, Mithun Kumar wrote:
> Hello All,
>
> I am getting some errors causing SSL handshake to fail. Is there any way
&g
Hello All,
I am getting some errors causing SSL handshake to fail. Is there any way by
which i can enable logging in our OpenSSL libraries?
-mithun
Hello All,
I am trying working on getting my client connected to Microsoft SQL Server.
Handshake fails after server hello. I keep getting error Subject Issuer
Mismatch
*
int X509_check_issued(X509 *issuer, X509 *subject)
{
if(X509_NAME_cmp(X509_get_subject_name(issuer),
X509_get_is
out serverCAcert.pem
$(CAT) serverCAcert.pem serverCAkey.pem rootcert.pem > serverCA.pem
-Thanks
mithun
On Wed, Apr 11, 2012 at 1:45 AM, Dave Thompson wrote:
> > From: owner-openssl-us...@openssl.org On Behalf Of Mithun Kumar
> > Sent: Monday, 09 April, 2012 01:5
Hello All,
Our application needs to support SSL proxy. Any pointers on how this can be
done would be of great help.
-Thanks
mithun
Hello Forum,
I am currently running the samples(client1,server1) , is there any
environmental variables that i need to export so that i can get the SSL
handshake tracing?
-Thanks
mithun
Thanks Ram,
Another question too,
After exchanging the client and server hello , On what basis is the common
cipher agreed upon?
-mithun
On Sat, Nov 5, 2011 at 9:26 AM, wrote:
> By default it will send all the ciphersuites it is supporting , but you
> can always control the cipher suites yo
Thanks Ram,
i have another question,
When the client sends "client hello" will it specify all the cipher suites
it supports or are there any other parameters that can be configured at the
client so that it sends selective list of cipher suites?
-Thanks
mithun
On Sat, Nov 5, 2011 at 8:59 AM,
Hello Forum,
I want to know what are the cipher suites that the client is supporting.
How can i do that?
-mithun
thanks John,
can you please send me the link?
-mithun
On Sun, Oct 9, 2011 at 9:23 AM, John Zavgren wrote:
> I found that the examples that Eric rescorla wrote to be very helpful.
>
>
> Sent from my iPad
>
> On Oct 8, 2011, at 9:58 PM, Jeremy Farrell
> wrote:
>
Hello All,
I want to use OpenSSL for the application that i am writing. Could someone
direct me what is the best starting point. I tried Google but failed to find
any examples.
PS: I hope i am posting on the right forum.
-Thanks
mithun
44 matches
Mail list logo
