;dubidada" -a -A -pbkdf2
-d
bad magic number
#?1|kent:tmp$ printf ${x}= | openssl enc -aes256 -k "dubidada" -a -A -pbkdf2
-d
github issue?
--steffen
|
|Der Kragenbaer,The moon bear,
|der holt sich munter he cheerfully and one by one
|einen nach dem anderen runter wa.ks himself off
|(By Robert Gernhardt)
Hello.
non-grata posting, but i think a fix would be a widely appreciated
clarification. I think noloader is on this list, so i do not bcc
him.
--- Forwarded from Steffen Nurpmeso ---
Date: Sun, 09 Jun 2024 01:58:54 +0200
Author: Steffen Nurpmeso
..
|>|> Jun 7 23:41:16 outwall/smtpd
mpilers.
'Do not know about __INTEL_COMPILER / icc, iirc came to Linux by
then, no? Benchmarked great, and big software needs that help.
--steffen
|
|Der Kragenbaer,The moon bear,
|der holt sich munter he cheerfully and one by one
|einen nach dem anderen runter wa.ks himself off
|(By Robert Gernhardt)
nt for backward compatibil\
|ity, C99 was standardized nearly a quarter of a century ago. OpenSSL \
|1.x is younger than C99. It doesn't seem like an unreasonable requirement.
Or use __extension__, which definetely worked by then.
|But as Tomas wrote, anyone who thinks it is can submit a pull
start of one of the worst API additions in the history of
this library. And as everybody knows the bar is high. Very high.
ok beck jsing sthen
--steffen
|
|Der Kragenbaer,The moon bear,
|der holt sich munter he cheerfully and one by one
|einen nach dem anderen runte
client|server)_method, algorithms etc. It also misses the
new SSL_CONF_CTX and CONF_modules_load_file() that unfortunately
is not convincingly mediated. But then again OpenSSL forks like
ressl do not support them anyway.
--steffen
|
|Der Kragenbaer,The moon bear,
|der holt sich munter
Viktor Dukhovni wrote in
:
|On Thu, Sep 30, 2021 at 02:48:39PM +0200, Steffen Nurpmeso wrote:
|> Thanks for fixing this so fast.
|> ...
|>|You should open an issue on Github. The immediate cause is:
|> ...
|>
|> I finally (re)created a github account to cause le
Viktor Dukhovni wrote in
:
|On Wed, Sep 29, 2021 at 10:30:29PM +0200, Steffen Nurpmeso wrote:
...
|> #?1|kent:$ ~/usr-kent-crux-linux-x86_64/opt/.ossl3/bin/openssl chacha20
|> Segmentation fault
Thanks for fixing this so fast.
...
|You should open an issue on Github. The imm
-crux-linux-x86_64/opt/.ossl3/bin/openssl bla
Invalid command 'bla'; type "help" for a list.
#?1|kent:$ ~/usr-kent-crux-linux-x86_64/opt/.ossl3/bin/openssl chacha20
Segmentation fault
#?139|kent:$
Works with "enc -chacha20".
--steffen
|
|Der Kragenbaer,
Randall S. Becker wrote in
<015301d7a5be$22589940$6709cbc0$@nexbridge.com>:
..
|cture" would have to reconstruct the Merkel Tree, which, even in SHA-1 \
Now you digress.
But i had nothing to say from the start..
Good night!
--steffen
|
|Der Kragenbaer,The moon
fer only https?, and "seal" all
stable/ and release/ branches as well as master, only the
development branches have no signature.)
--steffen
|
|Der Kragenbaer,The moon bear,
|der holt sich munter he cheerfully and one by one
|einen nach dem anderen runter wa.ks himself off
|(By Robert Gernhardt)
Randall S. Becker wrote in
<012201d7a590$56df08d0$049d1a70$@nexbridge.com>:
|On September 9, 2021 6:56 AM, Steffen Nurpmeso wrote:
|>Benjamin Kaduk wrote in
|> <20210908233639.gy19...@akamai.com>:
|>|On Thu, Sep 09, 2021 at 01:03:28AM +0200, Steffen Nurpmeso wrote:
...
Benjamin Kaduk wrote in
<20210908233639.gy19...@akamai.com>:
|On Thu, Sep 09, 2021 at 01:03:28AM +0200, Steffen Nurpmeso wrote:
|> But if i use
|>
|> #?0|kent:tls-openssl.git$ alias gl1
|> alias gl1='git slpn -1'
|> #?0|kent:tls-openssl.git$ git alias
Benjamin Kaduk wrote in
<2021090848.gx19...@akamai.com>:
|On Thu, Sep 09, 2021 at 12:15:44AM +0200, Steffen Nurpmeso wrote:
|>
|> P.S.: maybe at least release commits and tags could be signed?
|> And/or HTTPS access to the repository ... but then i get the gut
|> feeli
.: maybe at least release commits and tags could be signed?
And/or HTTPS access to the repository ... but then i get the gut
feeling that the answer to this will be "use github" or something.
Ciao!
--steffen
|
|Der Kragenbaer,The moon bear,
|der holt sich munter he
Yeah?
:)
--steffen
|
|Der Kragenbaer,The moon bear,
|der holt sich munter he cheerfully and one by one
|einen nach dem anderen runter wa.ks himself off
|(By Robert Gernhardt)
Steffen Nurpmeso wrote in
<20210617151209.s_znu%stef...@sdaoden.eu>:
|Matt Caswell wrote in
| <33db69e0-0f9b-c559-43f7-e5a2f85a4...@openssl.org>:
||On 17/06/2021 15:43, Steffen Nurpmeso wrote:
||> Fyi, i have $PERL5OPT=-C permanently in my environment, in
||> conju
Yes, off-topic, sorry.
Tomas Mraz wrote in
<11264f92f87def629df40cf0b7f7b0cc8f43fbe4.ca...@openssl.org>:
|On Thu, 2021-06-17 at 17:12 +0200, Steffen Nurpmeso wrote:
|>
|> P.P.S.: Tomáš Mráz: aren't you part of PAM project too? Off-topic
|> here, but i had written a some
Matt Caswell wrote in
<33db69e0-0f9b-c559-43f7-e5a2f85a4...@openssl.org>:
|On 17/06/2021 15:43, Steffen Nurpmeso wrote:
|> Fyi, i have $PERL5OPT=-C permanently in my environment, in
|> conjunction with LC_ALL=en_US.utf8 this results in the build error
|> as below. Prefixing
below. Prefixing LC_ALL=C fixes this.
#?0|kent:src$ MYPREFIX=$HOME/$USR/opt/.ossl3 make -j4 openssl
cd tls-openssl.git &&\
if [ -f NULL ]; then git checkout `cat NULL`; fi &&\
./config --prefix=/home/steffen/usr-kent-linux-x86_64/opt/.ossl3 zlib-dynamic
shared \
not.
Have a nice day.
--steffen
|
|Der Kragenbaer,The moon bear,
|der holt sich munter he cheerfully and one by one
|einen nach dem anderen runter wa.ks himself off
|(By Robert Gernhardt)
Hello.
Matt Caswell wrote in
:
|On 09/01/2021 23:24, Steffen Nurpmeso wrote:
|> Hello.
|>
|> I do use SSL_CONF_cmd() (and modules) possibility if it exists,
|> since it allow users to simply use the features of the newest
|> OpenSSL library without any code changes on my si
used
exclusively if available.
Ciao and a good Sunday from Germany i wish,
(P.S.: i have not github account.)
--steffen
|
|Der Kragenbaer,The moon bear,
|der holt sich munter he cheerfully and one by one
|einen nach dem anderen runter wa.ks himself off
|(By Robert Gernhardt)
ww.youtube.com/watch?v=F6z0Cv4PYvs (
Nice. Yes. I am hatching a bit on the story behind that.. But
then again, the Killing Joke went on stage again after meeting on
the funeral of one of their members, so something's about it. My
interpretation.
--steffen
|
|Der Kragenbaer,Th
o heaven"
from The Pixies (from the 80s), it seemed due :-))
Can we expect that the oddity that Yann Ylavic reported
({SSL_CTX,X590_STORE}_load_verify_{dir,path}(), wrong glob:) stays
as such? (I turned to Landslide of Fleetwood Mac..)
Ciao, a nice Sunday, (and Good luck!),
--steffen
|
|D
Steffen Nurpmeso wrote in
<20200425210613.scjxn%stef...@sdaoden.eu>:
|Hello once more.
|
|OpenSSL wrote in
|<20200423142936.ga24...@openssl.org>:
|| OpenSSL version 3.0 alpha 1 released
|
|I do not understand one thing at the moment. If i use
|no-deprecated then the stack
x27;sk_X509_num';
did you mean 'X509_new'? [-Wimplicit-function-declaration]
for (i = 0; i < sk_X509_num(certs); ++i) {
How can i access stacks without those accessors?
Is this documented somewhere, i stopped searching for answers
anywhere else, which is why i write
Hello and Good Evening!
Matt Caswell wrote in
<94a03020-9f9e-cf31-c3e7-88fa4579b...@openssl.org>:
|On 24/04/2020 16:12, Steffen Nurpmeso wrote:
|make: *** [Makefile:2801: build_sw] Error 2
|>
|> I have to go now, maybe this all goes away if i get myself the
|> Test::Builder
local git clone checkout at
[852c2ed260], configured via
#?0|kent:openssl$ ./config \
--prefix=/home/steffen/usr-kent-linux-x86_64/opt/.ossl-3.0 \
zlib-dynamic no-hw shared no-deprecated no-async no-tests \
-Wl,-rpath,'$(LIBRPATH)'
Operating system: x86_64-whatever-linux2
Jakob Bohm via openssl-users wrote in <23f8b94d-0078-af3c-b46a-929b9d005\
4...@wisemo.com>:
|On 28/05/2019 23:48, Steffen Nurpmeso wrote:
|> Jay Foster wrote in <84571f12-68b3-f7ee-7896-c891a2e25...@roadrunner.com\
|> >:
|>|On 5/28/2019 10:39 AM, Jay Foster wrote:
|>|
ntropy to the real pool, which is still
possible (though the interface is deprecated).
This works just fantastic, and even on my brand new laptop it is
of value. And Linux does not take the proposed bits for granted
but about halfs that. Feel free to use it. Do not use it in
conjunction with haveged
REL}"
NetBSD tar for example might say[1], which is frightening.
"%s extended headers posix ustar archive."
" Extracting as plain files. Following files might be"
" in the wrong directory or have wrong attributes.",
[1]
either, or at least not the way we use it.
Anyway, this is a satisfactory outcome.
Thank you for the help, everyone!
Regards,
Steffen
other primary identity provider we use, so we must support the existing
format. Now I really do not see any other solution but to either downgrade
or fork OpenSSL.
On Wed, Apr 3, 2019 at 9:59 AM Matt Caswell wrote:
>
>
> On 02/04/2019 17:34, Steffen wrote:
> > Hello,
> >
>
Hello,
> What had produced the signatures?
I received word from my end that the signatures may have been produced by
OpenSSL 1.0.2 (no idea which letter release) in the Cygwin environment but
I cannot confirm this.
Benjamin as well.
Thank you!
Regards,
Steffen
Hello,
I believe that I have narrowed the problem down to one specific version of
OpenSSL. Version 1.1.0b works as expected while OpenSSL 1.1.0c does not.
I have currently only verified this using PKCS7_verify and CMS_verify since
I have no CLI at hand for these versions.
The changelog for 1.1.0
ror:2E09809E:CMS routines:CMS_SignerInfo_verify:verification
failure:crypto/cms/cms_sd.c:741:
Other ideas are much appreciated!
On Mon, Apr 1, 2019 at 3:58 PM Matt Caswell wrote:
>
>
> On 01/04/2019 14:46, Steffen wrote:
> > Hello,
> >
> > I am struggling with using OpenSS
Hello,
I am struggling with using OpenSSL 1.1.1 to verify a PKCS #7/CMS structure.
Verification succeeds when I use OpenSSL 1.0.2, but 1.1.0 and 1.1.1 fails
with "bad signature". I initially had this problem when using the OpenSSL
library but I see that the problem also applies to the OpenSSL CLI.
Steffen Nurpmeso wrote in <20190107183136.-ew61%stef...@sdaoden.eu>:
...
| ...
||RAND_bytes() has always documented that it can fail. Most function
...
|So, to me.., i do not see any possible error condition, since the
|initial seeding has been testified with RAND_status().
|
|T
Jakob Bohm via openssl-users wrote in <07f4dea3-1a62-0c8c-76a4-cbe56abc8\
7...@wisemo.com>:
|On 07/01/2019 22:31, Steffen Nurpmeso wrote:
|> Good evening.
|>
|> Jakob Bohm via openssl-users wrote in <95bceb59-b299-015a-f9c2-e2487a699\
|> 8...@wisemo.com>:
|&
Good evening.
Jakob Bohm via openssl-users wrote in <95bceb59-b299-015a-f9c2-e2487a699\
8...@wisemo.com>:
|Small corrections below:
|
|On 07/01/2019 19:31, Steffen Nurpmeso wrote:
|
||...
|||RAND_load_file() and all this stuff. Just make sure the os entropy \
|||sources
|||are ava
506.ga18...@roeckx.be>:
|On Sat, Jan 05, 2019 at 08:33:18PM +0100, Steffen Nurpmeso wrote:
|>
|> (I am also really interested and will look into OpenSSL to see if
|> the abort() that seems to happen if the initial seed fails is in
|> a linker-resolved constructor, and if not, why
).
I think i will move away from RAND_ then, nonetheless, and at
least for the things i have control of.
But i will definitely reread the manual now.
Thanks for your answer.
Ciao and a nice weekend from Germany,
--steffen
|
|Der Kragenbaer,The moon bear,
|der holt sich munter
Good evening.
Please excuse the late reply.
Kurt Roeckx wrote in <20190104180735.ga25...@roeckx.be>:
|On Fri, Jan 04, 2019 at 02:48:48PM +0100, Steffen Nurpmeso wrote:
|> Dr. Matthias St. Pierre wrote in <450169f8ca7c43d1841c4c8052e78c72@Ex13.\
|> ncp.local>:
...
|>
n (yet), because i have ensured the PRNG is sufficiently
seeded, and RAND_status(3) returns success, before RAND_bytes(3)
is used the first time.
--steffen
|
|Der Kragenbaer,The moon bear,
|der holt sich munter he cheerfully and one by one
|einen nach dem anderen ru
e Oracle Studio compiler tools and it certainly isn't open
|source in any way. Works very well however.
I am not using it, but i occasionally see Christos Zoulas making
commits to the NetBSD version of lint. They also seem to keep the
code instrumented with comments like "falltrough"
Matt Caswell wrote in :
|On 17/10/2018 22:07, Steffen Nurpmeso wrote:
|>|
|>|This is definitely an environmental issue. I just installed an Alpine
|>|Linux VM. I got the above error consistently when using clang as the
|>|compiler (whether or not I added "-DOPENSSL_NO
Good evening.
Matt Caswell wrote in <18466c3a-430a-f1cb-8277-1f742e1b4...@openssl.org>:
|On 17/10/2018 14:09, Steffen Nurpmeso wrote:
|> Matt Caswell wrote in :
|>|On 17/10/2018 13:43, Steffen Nurpmeso wrote:
|>|> Matt Caswell wrote in |> >:
|>|>|On 17/10/2018
Matt Caswell wrote in :
|On 17/10/2018 13:43, Steffen Nurpmeso wrote:
|> Matt Caswell wrote in :
|>|On 17/10/2018 13:12, Steffen Nurpmeso wrote:
|>|> I have built final 1.1.1 yesterday on AlpineLinux musl after
|>|> running a prelease from end of May before. My makefile r
Matt Caswell wrote in :
|
|
|On 17/10/2018 13:12, Steffen Nurpmeso wrote:
|> Hello, and fyi.
|>
|> I have built final 1.1.1 yesterday on AlpineLinux musl after
|> running a prelease from end of May before. My makefile rule for
|> this box is (excerpt)
|>
|>
necessary in May,
but most likely not.)
--steffen
|
|Der Kragenbaer,The moon bear,
|der holt sich munter he cheerfully and one by one
|einen nach dem anderen runter wa.ks himself off
|(By Robert Gernhardt)
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Scott Neugroschl wrote in :
|Steffen Nurpmeso, Tuesday, September 25, 2018 11:57 AM
|> The RFC 7468 term "parsers SHOULD ignore whitespace and other non-
|>base64 characters" makes me wonder.
|
|The relevant clause is a few sentences up: "Data before the encapsulati
s
which may gobble that s..t!
Also because the mutt(1) MUA is pretty good in skipping over
things.
--steffen
|
|Der Kragenbaer,The moon bear,
|der holt sich munter he cheerfully and one by one
|einen nach dem anderen runter wa.ks himself off
|(By Robert Gernhardt)
--
st be available I think.
I'm afraid this shows how uninterested users are in trust...
Regards,
Steffen
[1]
https://www.thawte.com/assets/documents/repository/cps/Thawte_CPS_3_3.pd
f
[2] http://en.wikipedia.org/wiki/Extended_Validation_Certificate
harge) which is known to
be very close to the standard, currently it points to a plain
text document at http://flash-gordon.me.uk/ansi.c.txt.
oki,
Steffen
4.10.3.2 The free function
Synopsis
#include
void free(void *ptr);
Description
The free function causes the spac
andatory ptr) could lead to
issues later. Here, assert() might help to spot bugs in development. If
the pointer might be NULL, it is a valid one, of course then no assert.
Double-free looks wrong even if pointer was set to NULL and second free
has no effect.
oki,
Steffen
--
[end of message]
s providing a backtrace). Maybe adding an assert() before.
oki,
Steffen
--
[end of message]
About Ingenico: Ingenico is a leading provider of payment, transaction and
business solutions, with over 17 million terminals deployed in more than 125
co
os.de seems to be accessible again today.)
--steffen
Forza Figa!
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List
and then checking in to CVS,
when using cvsexportcommit even without losing history.
oki,
Steffen
--
end of message.
About Ingenico: Ingenico is a leading provider of payment, transaction and
business solutions, with over 15 million terminals deployed in m
authentic but not it authorized (like: anyone with a valid
password can use the VIP entry, because no guest list check is
performed).
For example, in a typical webbrowser I think you cannot configure
NOT to communicate with authentic badguy.malware.com;
} else {
select(fd+1, NULL, fd, NULL, &tv);
}
ret = SSL_connect(...);
}
Needed improvements include timeout management, handling select timeout
and handling of errors.
oki,
Steffen
End of message.
--
About Ingenico: Ingenico is
re about this formula?
I think it does not work well for small number of files
and I wonder why it isn't something like "log2(n)+20"
or "2*log2(n)+10" or so?
oki,
Steffen
End of message.
--
About Ingenico: Ingen
> can any one please help me regarding this, like how to
> retrieve the SSL pass phrase , or assign a new pass phrase
> for the same private key.
Add all information you remember (possible parts, used characters,
length information) to a key cracking tool, run it and wait?
se of a proven
compromise, permanent revocation seems very reasonable,
doesn't it?
oki,
Steffen
End of message.
--
About Ingenico: Ingenico is a leading provider of payment, transaction and
business solutions, with over 15 million terminals deployed in more than 125
countrie
oder/decoder? In this case you might take a look to
http://lionet.info/asn1c/compiler.html
It is free (BSD), is exists since many years and there is a
lot of documentations and examples, one deals with X.509.
Just in case it helps.
oki,
Steffen
>From the webpage:
The asn1c is a free, open
());
}
I don't think that you intentionally write 16 bytes?
oki,
Steffen
About Ingenico: Ingenico is a leading provider of payment, transaction and
business solutions, with over 15 million terminals deployed in more than 125
countries. Over 3,000 employees worldwide support merch
t is good to have something that can
quickly adopted to new requirements.
To monitor load and disk usage, BTW, I do not use any
cryptography, because this is non-secret data in the
monitoring net (read-only SNMP is used).
oki,
Steffen
__
> If I decide to go with openssl and blowfish what are the
> potential threats?
Yes, heaps of.
You might consider asking more detailed.
> Is there another security mechanism that I can use with blowfish?
Of course...
But what exactly do you want to know? If you can use SSL and Blowfish?
It does
rity), why not using
plain text TCP/IP communications (firewalled)?
> What is your opinion?
> What will be the best approach?
Maybe have a look at Nagios and use remote monitor plug-in
scripts using SSH-port-forwarded access, shou
tt -p ... which operation takes so long?
oki,
Steffen
About Ingenico: Ingenico is a leading provider of payment, transaction and
business solutions, with over 15 million terminals deployed in more than 125
countries. Over 3,000 employees worldwide support merchants, banks and service
provid
ow probability).
Could it even be possible that two messages shorter
than n bit accidently have the same (strong n-bit) hash?
Steffen
About Ingenico: Ingenico is a leading provider of payment, transaction and
business solutions, with over 15 million terminals deployed in more than 125
countries
ed 2^63.
Similar to MD5 (I guess ~ 2^64?).
SHA-256 should be much stronger, would this be sufficient
for your needs? Or SHA-512?
oki,
Steffen
About Ingenico: Ingenico is a leading provider of payment, transaction and
business solutions, with over 15 million terminals deployed in more than 125
e father process close(2) and the child - after finishing
the connection - shutdown(2)?
oki,
Steffen
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-u
me (except maybe an SSL protected one).
Are there standards, recommendatations or any writings discussing
such topics, in particular system date related topics?
oki,
Steffen
About Ingenico: Ingenico is a leading provider of payment, transaction and
business solutions, with over 15 millio
using sites
that support HTTPS and for which HTTPS Everywhere includes
rules.'
I would expect that if an attacker hijacks some link or performs
some phishing via let's say facebook.com.malicious.net, the
plugin probably does not help.
oki,
Steffen
mer making every
problem looking like a nail, but in turn it has to advantage that
a well researched crypto system is used.
Also it should be noted that in case of MITM the link from LDAP
client to ldap.malicious.com IS secured! Only the attacker can
en banks tell their
customers, seeing some small lock icon already means `secure'...
oki,
Steffen
---[end of message]>8===
About Ingenico: Ingenico is a leading provider
logically is wrong,
or you list all those files in a `%files' section to make them go
into the RPM package, maybe something like:
%files
%defattr(-,root,root)
/usr/lib/engines
/usr/lib/pkgconfig
or maybe better (safer) list each file
ed in the (public) certificate. SSL/TLS
handshaking verifies that each peer really has the secret key (by
requesting a signature made by it).
oki,
Steffen
--[ end of message ]--->8===
Ab
ial miss-use).
oki,
Steffen
About Ingenico: Ingenico is a leading provider of payment solutions, with over
15 million terminals deployed in more than 125 countries. Its 2,850 employees
worldwide support retailers, banks and service providers to optimize and secure
their electronic payments
t of the tool as input to ease maintenance.
I think there is a standard tool to convert binary data to C
code, but I cannot find it. Maybe `od' is a starting point for an
own construction.
oki,
Steffen
-[end of message]--
onfused.
(I'm also confused, because there is no `throw' anywhere...)
oki,
Steffen
About Ingenico: Ingenico is a leading provider of payment solutions, with over
15 million terminals deployed in more than 125 countries. Its 2,850 employees
worldwide support retailers, banks and se
e. it is not needed to make
DevStudio run the compiler, also make can do, the debugger works
in both cases). Just in case it helps.
oki,
Steffen
--
--[end of message]->8===
ng version 0.98i compiled with the wcecompat libs.
You help would be appreciated!
Cheers,
Steffen
nouncement could even `proof' this
malicious modification `authentic', if the attack had been done
in a way remaining unnoticed by OpenSSL release process).
oki,
Steffen
About Ingenico: Ingenico is a leading provider of payment solutions, with over
15 million terminals deploy
uite common.
oki,
Steffen
About Ingenico: Ingenico is a leading provider of payment solutions, with over
15 million terminals deployed in more than 125 countries. Its 2,850 employees
worldwide support retailers, banks and service providers to optimize and secure
their electronic payment
ficate by this public CA. By this, he is authenticated but
not neccesarily authorized, but often it seems both are not
separated strongly enough (in terms of high security, i.e. as
secured as the certificate itself is).
oki,
Steffen
--
--[
* Sad Clouds wrote on Mon, Feb 15, 2010 at 14:52 +:
> On Mon, 15 Feb 2010 15:19:23 +0100
> "Steffen DETTMER" wrote:
> > Delegating functionality via callbacks allows arbitrary
> > implementations; I would not consider this lame
> > - but clean, strong, ortho
ll (non-recursively); a platform may have
globally valid semaphores only or a limited number of them or...
So many things to consider that I doubt it could be encapsulated
correctly.
oki,
Steffen
--
--[ end of message ]---
Hi!
* Victor Duchovni wrote on Fri, Feb 12, 2010 at 15:03 -0500:
> On Fri, Feb 12, 2010 at 08:35:09PM +0100, Steffen DETTMER wrote:
>
> > (So DER encoding is used, and it is allowing 128 byte long
> > length fields allowing 2^1024 [a number taking four and a half
> >
tes limit of 16384 [5 digit
number] is in effect :-))
oki,
Steffen
About Ingenico: Ingenico is a leading provider of payment solutions, with over
15 million terminals deployed in more than 125 countries. Its 2,850 employees
worldwide support retailers, banks and service providers to optim
e I have any problem with that!)
Does this mean that OpenSSL has a compiled-in certificate size
limitation and to increase that it would be required to replace
the libs on the systems needing to support bigger certificates?
o
security that is to be increased, is it?
oki,
Steffen
--
--->8===
About Ingenico: Ingenico is a leading provider of payment solutions, with over
15 million terminals dep
ficates it uses RSA.
oki,
Steffen
--
--->8===
About Ingenico: Ingenico is a leading provider of payment solutions, with over
15 million terminals deploye
* Kyle Hamilton wrote on Tue, Jan 19, 2010 at 16:00 -0800:
> On Tue, Jan 19, 2010 at 6:19 AM, Steffen wrote:
> > * Kyle Hamilton wrote on Thu, Jan 14, 2010 at 15:50 -0800:
> > (assuming, that a peers identity should not change within a
> > session - but as discussed later in
* Kyle Hamilton wrote on Thu, Jan 14, 2010 at 12:03 -0800:
> * Steffen asked...
> > ...on this level
[thanks a lot again for all the clarifications: authentication
levels, authentication-agnostic, URI-dependent certificates,
bugfix because missed intention, MITM tricks twitter to de
* Kyle Hamilton wrote on Thu, Jan 14, 2010 at 15:50 -0800:
> On Wed, Jan 13, 2010 at 5:58 AM, Steffen DETTMER wrote:
> >> There is currently no way for even an ideal TLS implementation to
> >> detect this issue.
> >[...]
> >> Yes. Please see SSL_CTX_set_info_
* aerow...@gmail.com wrote on Tue, Jan 12, 2010 at 12:29 -0800:
> On Tue, Jan 12, 2010 at 3:12 AM, Steffen DETTMER
> The problem is this:
>
> The attacker makes a connection to a TLS-enabled server,
> sending no certificate. It sends a command that, for whatever
> reason
a common trust anchor tells it' makes not
much sense when working anonymously (or `pseudonymously', in case
this forms something like a understandable english term :)) in
register-for-free networks. Maybe we'll see something like this
in future?
> (Really, please
1 - 100 of 243 matches
Mail list logo
