Thanks, Rich. Do you have the link to the mini-conference proceedings?
Thanks
Best Regards,
Neetish
On Wed, Oct 4, 2017 at 8:58 PM, Salz, Rich via openssl-users <
openssl-users@openssl.org> wrote:
> You should look at the IETF TLS working group. Also, there was a mini
> conference, TLS Ready o
Hi All,
Could you please suggest few research papers (apart from TLS 1.3 draft) on
TLS 1.3 that may b helpful to understand TLS 1.3 implementation and
performance. Is there any research available on TLS 1.3 performance
benchmarking?
Some papers which I am referring right now are:
1.
A Cry
t;
> - The impact of the KeyShare calculation on TLS 1.3 session resumption
> (assuming most deployments will use psk_dhe_ke)
>
> - The impact of post-handshake handshake messages.
>
>
>
> Regards
>
> Roelof
>
>
>
> *From: *openssl-users on behalf of
&g
Hi,
I worked on TLS 1.3 performance bench-marking. After my tests, I found that
TLS 1.3 based resumption is not giving us the connection latency benefits
when tested in a LAN environment. It is slower than TLS 1.2. When tested on
WAN, definitely, TLS 1.3 fares better than TLS 1.2.
I want your sugg
On Tue, Aug 1, 2017 at 10:46 AM, Neetish Pathak wrote:
>
>
> On Mon, Jul 31, 2017 at 2:00 PM, Matt Caswell wrote:
>
>>
>>
>> On 31/07/17 20:37, Neetish Pathak wrote:
>> > On 26/07/17 00:05, Neetish Pathak wrote:
On Mon, Jul 31, 2017 at 2:00 PM, Matt Caswell wrote:
>
>
> On 31/07/17 20:37, Neetish Pathak wrote:
> > On 26/07/17 00:05, Neetish Pathak wrote:
> > >> *Pseudocode for server*
> > >> *
>
On Mon, Jul 31, 2017 at 9:43 AM, Matt Caswell wrote:
> Apologies for the delayed response - I've been away on holiday. Comments
> inserted below.
>
No problem thanks for the replies
>
> Matt
>
>
> On 26/07/17 00:05, Neetish Pathak wrote:
&g
Thanks Ben for your reply
On Tue, Jul 25, 2017 at 6:11 AM, Benjamin Kaduk wrote:
> [Matt's reply is likely to be high latency]
>
>
> On 07/24/2017 08:53 PM, Neetish Pathak wrote:
>
>
>
> On Wed, Jul 19, 2017 at 2:27 AM, Matt Caswell wrote:
>
>>
>>
On Wed, Jul 19, 2017 at 2:27 AM, Matt Caswell wrote:
>
>
> On 18/07/17 22:27, Neetish Pathak wrote:
> > Hi ,
> > thanks Matt, this is helpful
> >
> >
> > One more query on how I can enable 0.5 RTT data from the server side. It
> > is mentioned
n?
I think that happens only on full-handshake in ephemeral type ciphers (e.g.
ECDHE) but not in RSA type. Am I correct ?
Thanks
BR,
Neetish
On Wed, Jul 19, 2017 at 2:27 AM, Matt Caswell wrote:
>
>
> On 18/07/17 22:27, Neetish Pathak wrote:
> > Hi ,
> > thanks Matt, this is h
On Mon, Jul 17, 2017 at 1:54 AM, Matt Caswell wrote:
>
>
> On 14/07/17 20:18, Neetish Pathak wrote:
> >
> >
> > On Fri, Jul 14, 2017 at 2:54 AM, Matt Caswell > <mailto:m...@openssl.org>> wrote:
> >
> >
> >
> > On 13/07/17 23:
On Fri, Jul 14, 2017 at 2:54 AM, Matt Caswell wrote:
>
>
> On 13/07/17 23:52, Neetish Pathak wrote:
> > Hi All,
> > Help with these queries please,
> >
> > 1) Is it possible to use external session files (with session info as
> > identifiers or tickets
Hi All,
Help with these queries please,
1) Is it possible to use external session files (with session info as
identifiers or tickets for out of band resumption) for session resumption
in TLS 1.2. Does it need some kind of callback like the way it is used in
TLS 1.3 with (SSL_set_psk_find_session_
Hi All,
In case no dh params are set and ECDHE-ECDSA type cipher is used, what is
the default size of DH params (what modulus) used on TLS handshake. I see
that X25519 EC is getting used but I am not sure about DH parameters in
that case
Thanks
Best Regards,
Neetish
--
openssl-users mailing list
ing the added delay. Could someone please provide any
explanation or point me in the right direction. It is not very clear to me
right now even after seeing the RFC
Thanks
On Thu, Jul 6, 2017 at 11:40 AM, Neetish Pathak wrote:
> Thanks for the detailed explanation Matt
>
> On Tue, Jul
On Mon, Jul 3, 2017 at 2:11 AM, Matt Caswell wrote:
>
>
> On 30/06/17 22:18, Neetish Pathak wrote:
> > Hi All,
> > Can anyone provide me pointers on how can we generate external PSK to be
> > used inTLS 1.3.
> >
> > When I save a a session using SSL_CTX_s
Hi All,
Can anyone provide me pointers on how can we generate external PSK to be
used inTLS 1.3.
When I save a a session using SSL_CTX_sess_set_new_cb(), it provides an
in-band PSK for next resumption connection.
I use PEM_write_bio_SSL_SESSION to save the session.
How do we use PSK externally.
client side or the server side?
Thanks
Best Regards,
Neetish
On Tue, Jun 27, 2017 at 4:56 PM, Neetish Pathak wrote:
> Thanks
> 1) How can i load multiple private keys and certificates on the server
> side.
> I need to use different keys and certificates when the client explicitly
keys and certificates. Can somebody
suggest the right way to do this.
Thanks
Best Regards,
Neetish
On Tue, Jun 27, 2017 at 12:56 AM, Matt Caswell wrote:
>
>
> On 27/06/17 01:05, Neetish Pathak wrote:
> > Hi ,
> >
> > 1) I am working with a client and server progra
PSK in TLS 1.3 and false start in TLS 1.2 (for my
study purpose).
Are you planning to integrate false start in OpenSSL any time. Thanks
Thanks
Best Regards,
Neetish
On Wed, Jun 21, 2017 at 3:17 PM, Neetish Pathak wrote:
>
>
> On Wed, Jun 21, 2017 at 3:11 AM, Matt Caswell wrote:
>
On Wed, Jun 21, 2017 at 3:11 AM, Matt Caswell wrote:
>
>
> On 21/06/17 00:38, Neetish Pathak wrote:
> > I wanted to understand the replay attack vulnerability in case of enable
> > early data of TLS 1.3 while false start is secure in that respect as I
> > have r
,
Neetish
On Tue, Jun 20, 2017 at 11:52 AM, Neetish Pathak wrote:
> I Appreciate your response
>
> On Tue, Jun 20, 2017 at 2:09 AM, Matt Caswell wrote:
>
>>
>>
>> On 19/06/17 19:11, Neetish Pathak wrote:
>> > 2) Can you suggest some places to put a time stamp in
I Appreciate your response
On Tue, Jun 20, 2017 at 2:09 AM, Matt Caswell wrote:
>
>
> On 19/06/17 19:11, Neetish Pathak wrote:
> > 2) Can you suggest some places to put a time stamp in OpenSSL code.
>
> I agree with Ben's responses to all your other questions. For thi
Thanks Ben for all the replies and your comments. They are extremely useful
for my study
On Mon, Jun 19, 2017 at 9:21 PM, Benjamin Kaduk wrote:
> On 06/19/2017 04:12 PM, Neetish Pathak wrote:
>
>
>
> On Mon, Jun 19, 2017 at 11:11 AM, Neetish Pathak
> wrote:
>
>> Hi M
On Mon, Jun 19, 2017 at 11:11 AM, Neetish Pathak wrote:
> Hi Matt,
> Thanks
> Could you help with following queries
>
> 1) On the blogpost for TLS1.3, you mentions the following in the session
> section
> The specification recommends that applications only use a session onc
en ? I get a PSK in first connection and use it
again for all the other connections.
2) Can you suggest some places to put a time stamp in OpenSSL code.
Thanks
Best Regards,
Neetish
On Mon, Jun 19, 2017 at 5:49 AM, Matt Caswell wrote:
>
>
> On 16/06/17 23:51, Neetish Pathak wro
Benjamin/Matt,
Appreciate your tips and help so far.
Could you give me any pointers for placing my timestamps within the OpenSSl
code for right measurement for handshake. I am reading through the master
code. I think since in TLS 1.3 is session tickets are sent after handshake,
it would be ok to pl
Thanks Matt, Appreciate ur response and tips
On Fri, Jun 16, 2017 at 3:36 PM, Matt Caswell wrote:
>
>
> On 16/06/17 20:08, Benjamin Kaduk via openssl-users wrote:
> > On 06/16/2017 01:58 PM, Neetish Pathak wrote:
> >> Hello
> >> Thanks
> >> I tried read
, Jun 15, 2017 at 2:30 AM, Matt Caswell wrote:
>
>
> On 14/06/17 18:36, Neetish Pathak wrote:
> >
> > My calling sequence is :
> >
> > client.connectToServer();
> >
> > client.sslTcpConnect();
> >
> > client.sslTcpClosure();
>
> Does
SSL_CTX_set_session_id_context
is made."
That's why I thought server side session caching is disabled by default.
>
>
> On 14/06/17 02:03, Neetish Pathak wrote:
> > Thanks for your reply Salz. However, I want to know should the session
> > caching be enabled on ser
ed, but it could be sometime later (or not at all)."
I think the server is not informing the session details to client at all in
my case and hence the resumption is not working. Can someone please suggest
how to resolve this.
Thanks
Best Regards,
Neetish
On Tue, Jun 13, 2017 at 6:03 PM,
Thanks for your reply Salz. However, I want to know should the session
caching be enabled on server side for TLS 1.3 for session resumption.
Also, I need a clarification on how does resumption work in case of session
identifiers if server side caching is not enabled
Thanks
BR,
Neetish
On Tue, Jun
Thanks Salz and Benjamin for your feedback. Indeed my Wireshark version was
unable to decode TLS 1.3. I got an update from the shared link.
I had one doubt about the server side session caching. I read that server
side server caching is disabled by default. Then, how is session resumption
possible
Thanks Matt
On Thu, Jun 8, 2017 at 3:45 PM, Matt Caswell wrote:
>
>
> On 08/06/17 23:12, Neetish Pathak wrote:
> > Thanks.
> > I had one query regarding the TLS 1.3 implementation on server side. I
> > have a simple client server program with session resumpti
wrote:
>
>
> On 08/06/17 01:26, Neetish Pathak wrote:
> > Hello All,
> >
> > I am new to the Openssl community.
> > I am using the latest version of Openssl (with TLS 1.3 enabled) for
> > performance benchmarking. I wanted to know if the session ticket suppor
Hello All,
I am new to the Openssl community.
I am using the latest version of Openssl (with TLS 1.3 enabled) for
performance benchmarking. I wanted to know if the session ticket support
for session resumption enabled;ed by default for OpenSSL TLS v 1.2 or it
needs to be explicitly enabled?
Thank
36 matches
Mail list logo
