Re: [openssl-users] JAR file of openssl source code.

2015-03-22 Thread ag@gmail
RTFM. -Amarendra -- sent via 100% recycled electrons from my mobile command center. > On Mar 22, 2015, at 11:29 AM, Niraj Sorathiya > wrote: > > Hi, > > Thanks Matt and jar file of openssl source code is available ? > I searched a lot but didn't get. > > Regards, > Niraj. > >> On 22-Mar

Re: Determine if SSLv2 is available at runtime?

2014-10-10 Thread ag@gmail
openssl s_client -ssl2... maybe? -ag -- sent via 100% recycled electrons from my mobile command center. > On Oct 10, 2014, at 8:19 AM, Jeffrey Walton wrote: > > I need to determine if SSLv2 is available at runtime. I know I can > check for NO_SSL2 at compile time, but I don't recall a runtime

Re: Heart bleed with 0.9.8 and 1.0.1

2014-04-15 Thread ag@gmail
Yes, your client is vulnerable. Which ip to connect to is governed by your application, and IP addresses can be falsified, so it is very much possible your client connects to a malicious server. -ag -- sent via 100% recycled electrons from my mobile command center. > On Apr 11, 2014, at 8:32 A

Re: Who uses heartbeat?

2014-04-13 Thread ag@gmail
That is the state of software industry today, so no surprises there. Organizations who spend time and effort on fixing code (generic usage) are far and few in between (close to being non-existent). -Amarendra -- sent via 100% recycled electrons from my mobile command center. > On Apr 13, 2014,

Re: Looking more at the Heatbleed

2014-04-10 Thread ag@gmail
No. OpenSSH is not affected. See http://undeadly.org/cgi?action=article&sid=20140408063423 -ag -- sent via 100% recycled electrons from my mobile command center. > On Apr 10, 2014, at 6:39 PM, Roberto Spadim wrote: > > hi guys, what about openssh, does it have some problem with this > vulner

Re: Looking more at the Heatbleed

2014-04-10 Thread ag@gmail
1. OpenSSL allows heartbeats during handshake. 2. Handshake request can come from any peer and is responded to (client or server is immaterial). You don't prevent it, so a peer can send heartbeat request and your openssl endpoint shall respond. From what you describe, your application is vulnera

Re: FIPS 2.0: Heart Bleed

2014-04-10 Thread ag@gmail
Yes, you are correct. -ag -- sent via 100% recycled electrons from my mobile command center. > On Apr 10, 2014, at 5:54 AM, Jason Todd wrote: > > Just to verify, heart bleed doesn't look like it effects the fipscanister. I > can just recompile openssl 1.0.1c with the no heart beat option and

Re: CVE 2014-0160 and FIPS 140-2 module

2014-04-09 Thread ag@gmail
It is not. -ag -- sent via 100% recycled electrons from my mobile command center. > On Apr 9, 2014, at 7:22 AM, Chris Bare wrote: > > Can anyone confirm my understanding that the FIPS 140-2 certified module is > NOT affected by the CVE 2014-0160 vulnerability? > > -- > Chris Bare __