Good Morning,
I am having an issue with the FIPS Module in an OpenSSL 3.0 build. Below are
the build steps and the issues that I am seeing. Sorry for the length but I am
trying to provide all of the relevant details in hopes that the solution to
this issue will be easily identifiable.
First,
Good Morning,
I am having an issue with the FIPS Module in an OpenSSL 3.0 build. Below are
the build steps and the issues that I am seeing. Sorry for the length but I am
trying to provide all of the relevant details in hopes that the solution to
this issue will be easily identifiable.
First,
munity. As an openssl user, I'd rather the conversation moved along.
--
==
Donald R. Laster Jr.
25 Heidl Ave
West Long Branch, NJ 07764
Email : las...@dlaster.com
donaldrlaste...@gmail.com (Cell)
Phone : (732) 263-923
quite sure what the right path forward is here, and I would greatly
appreciate some advice.
Many thanks.
~ Michael D. Stemle, Jr.
When I run valgrind, I get thousands of errors (exactly like I used to get
before I turned on -Dpurify).
I've found this problem running g++ on the last 3 versions of Ubuntu (1804,
1810, and 1904)
Lewis.
Hi,
I have a question that is maybe similar to this one asked about a year ago:
https://mta.openssl.org/pipermail/openssl-users/2017-December/007050.html. I
want to experiment with trying to hide the keys and certificates used during
TLS session creation inside trusted hardware. I am not sure w
On Tue, Sep 11, 2018, 13:10 Kurt Roeckx wrote:
> On Tue, Sep 11, 2018 at 04:59:45PM +0200, Juan Isoza wrote:
> > Hello,
> >
> > What is the better way, for anyone running, by example, Apache or nginx
> on
> > a popular Linux districution (Ubuntu, Debian, Suse) and want support TLS
> > 1.3 ?
> >
>
On 5/10/17 3:55 AM, 共通基盤SSL[業務ID] / COMMONSSL,GYOUMU wrote:
Hello,
I will build OpenSSL on SUSE Linux Enterprise Server for z Systems.
But, there is not yet the machine for build, so I cannot do actual
machine verification.
The CPU is not Intel architecture, is probably z/Architecture.
I wa
On Fri, Mar 17, 2017 at 12:06 PM, Michael Wojcik
wrote:
>
>> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
>> Of Neptune
>> Sent: Friday, March 17, 2017 09:26
>> To: openssl-users@openssl.org
>> Subject: [openssl-users] Static FIPS Library with Address Randomization
>>
>
What’s the replacement for code that used SKM_ASN1_SET_OF_i2d in OpenSSL 1.1?
The code I’ve got that calls this function is getting the DER encoding of a
STACK_OF() as a sorted SET. This STACK_OF() is of a custom ASN1 type; and is a
member of another structure that is also a custom ASN1 struct
> On Aug 4, 2016, at 11:00 AM, o haya wrote:
>
> Hi,
>
> I've been tasked to look into FIPS 140-2 "compliance" for our systems,
> overall, and I know that there's a "FIPS 140-2 module" for OpenSSL, that
> needs to be built from source and then integrated into OpenSSL by building
> OpenSSL wi
> On Aug 2, 2016, at 1:59 PM, jonetsu wrote:
>
> The current FIPS User Guide mentions:
>
> "3.3 Creation of Shared Libraries
>
> The FIPS Object Module is not directly usable as a shared
> library, but it can be linked into an application that is a
> shared library. A “FIPS compatible” Ope
graphic
algorithm, and what’s a cryptographic purpose). You might be able to get away
with it, but I wouldn’t want to stake a sale on it. Especially not if there
are penalties attached for failing an audit.
TOM
> Thanks,
> Pratyush.
>
> On Thu, Jul 28, 2016 at 10:23 AM, Thomas Franc
> On Jul 27, 2016, at 8:18 PM, pratyush parimal
> wrote:
>
> Hi all,
>
> I work on a consumer application which is striving to be fips-140-2 compliant.
>
> I'm using OpenSSL as recommended in the fips guide by invoking
> fips_mode_set(). However, in certain parts of the same application, I'm
tional cases, which you
can’t for something like this). You could always prepend a MIME header, but
that wouldn’t make your output a MIME body.
TOM
--
+-++
| Thomas Francis, Jr. |Preserve wildlife --|
| thomas.francis.
> On Apr 21, 2016, at 3:06 AM, Tim Culhane wrote:
>
> Hi all,
>
> My company makes calls to functions in the openssl source and thus includes
> header files defined in the openssl library.
>
> Typically these header files were gathered together in a simgle place, under
> include/openssl by way
Just FTR...
http://www.osnews.com/story/28933/Blue_Lion_new_OS_2_distribution_due_2016
Not that I'd take that as a mandate to preserve support... We are having
the same internal dialog at the ASF httpd project and coming to the same
conclusions.
On Mar 17, 2016 1:36 PM, "Salz, Rich" wrote:
> We
> On Mar 21, 2016, at 10:23 AM, Alfonso Coscione wrote:
>
> Hi OpenSSL Staff,
>
> sorry for disturb.
> I'm an italian young engineer and I'm working on new software project
> that wuold want to use yours openssl library to realize an
> encryption/decryption protocol to use for downloading updat
> On Mar 2, 2016, at 12:27 PM, Neptune wrote:
>
> Using OpenSSL 1.0.1l
>
> I just learned the painful way that OpenSSL_add_all_digests() is not a
> thread-safe function. I had been calling this in the constructor of a class
> providing hash functions for multiple threads. My question is, how do
> On Feb 4, 2016, at 10:13 AM, Lesley Kimmel wrote:
>
> All;
>
> I'm working with PosgreSQL in a DoD environment and am supposed to enforce
> FIPS operation. PostgreSQL doesn't perform a call to FIP_mode_set() but does
> provide a configuration item 'ssl_ciphers'. Is there more to FIPS_mode th
You need to compile the FIPS module and then a version of OpenSSL that
uses that module. See https://www.openssl.org/docs/fips/UserGuide.pdf
for links to appropriate documentation, depending on which version of
the FIPS module you need to use (probably the latest one if you don't
know you need th
I'm looking for a way to revalidate my CRLs and Certificate files for an active
TLS client session whenever the files themselves have been updated using the
SSL(3) api calls.
Specifically, my application would like to do the following:
Whenever a new CRL or Certificate is downloaded to my applic
On Tue, 21 May 2013 16:12:45 +0530
Abhijit Ray Chaudhury wrote:
> Hi,
>
> I have compiled openssl-fips and openssl in Windows CE 6. But when I
> run "fips_premain_dso.exe libeay32.dll" in target environment I get
> following error:
>
> =
>
> 217450134:error:2507606A:DSO support rou
On Tue, 21 May 2013 16:12:45 +0530
Abhijit Ray Chaudhury wrote:
>
> Which means GetProcAddress is failing for symbol name
> FINGERPRINT_premain. But if I do "dumpbin /exports libeay32.dll", I
> can see the symbol FINGERPRINT_premain exported.
Quote that output line from dumpbin, exactly. Namesp
Got it working .. The issue was in creating the cert via the CA
Thanks,
Hector L. Jaquez Jr.
Data Security Analyst II
HQ AAFES, Information Technology Governance
W 214-312-4449
BB 214-794-3641
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Jaquez Jr
Hey Michael Mueller,
do you think I can work with you to get this resolved? I am my own CA as well
and have made all of the changes mentioned by the group members.
Thanks,
Hector L. Jaquez Jr.
Data Security Analyst II
HQ AAFES, Information Technology Governance
W 214-312-4449
BB 214-794-3641
=issuer:copy subjectAltName = @alt_names
[alt_names]
DNS.1 = server.domain.com
DNS.2 = server_name
Thanks,
Hector L. Jaquez Jr.
Data Security Analyst II
HQ AAFES, Information Technology Governance
W 214-312-4449
BB 214-794-3641
-Original Message-
From: Jaquez Jr, Hector L.
Sent: Monday
epudiation, digitalSignature, keyEncipherment
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
subjectAltName = @alt_names
[alt_names]
DNS.1 = server.domain.com
DNS.2 = server_name
Thanks,
Hector L.
On 2012-05-31 12:01, Salatiel Filho wrote:
> On Thu, May 31, 2012
at 12:37 PM, Michael S. Zick wrote:
>
>> On Thu
May 31 2012, Salatiel Filho wrote:
>>
>>> Any other ideas ?
>> Yes,
wrong or incomplete Debian package installed.
>
> I dont think thats
the problem. I tried build the package
have servers that use Apache
so I need to learn how to import the CRT once I get it using OpenSSL, the
format the certificate needs to be in, or if there is a GUI I can use to import
the certificate. If anyone knows of a good one stop shop resource please let
me know.
Thanks,
Hector L. Jaquez Jr.
/dev/random is your culprit... your config isn't 100% transportable between
Solaris and linux.
Sent from my Verizon Wireless 4G LTE Phone
-Original message-
From: Ruiyuan Jiang
To: "openssl-users@openssl.org"
Sent: Mon, Jan 23, 2012 23:23:51 GMT+00:00
Subject: Can't start Apache when
On 1/18/2012 9:57 AM, Brooke, Simon wrote:
> Sadly, removing -fomit-frame-pointer does not work.
Isn't that the default behavior for -O3?
__
OpenSSL Project http://www.openssl.org
User Support Ma
On 11/1/2011 8:35 PM, Bin Lu wrote:
>
> Do you have an answer for my question below? Is the fips-2.0-test code
> branched off from a
> FIPS-capable version? Which version is it based on if yes?
AIUI, fipscanister doesn't include TLS 1.2. Nor 1.0, nor SSLv3 or v2.
That's the beauty of proper de
I'm using libssl0.9.8 0.9.8o-3 on Debian Lenny 5.0.3. When I use
SSL_CTX_use_certificate then SSL_CTX_add_extra_chain_cert, I get random
seg faults when calling SSL_accept for subsequent connections that reuse
the SSL_CTX. However, I stopped getting the errors when I replaced
SSL_CTX_add_extra_
On 10/5/2011 10:08 AM, Dr. Stephen Henson wrote:
> On Tue, Oct 04, 2011, William A. Rowe Jr. wrote:
>
>> On 10/4/2011 10:45 PM, Bill Durant wrote:
>>>
>>> But when I run it under Windows NT, I get the following run-time error:
>>>
>>> "
On 10/4/2011 10:45 PM, Bill Durant wrote:
>
> Does anyone know how to produce a FIPS-capable OpenSSL that works on Windows
> NT?
It's likely not possible...
> But when I run it under Windows NT, I get the following run-time error:
>
> "The procedure entry point Module32NextW could not be
On 5/7/2011 7:16 AM, Justin Schoeman wrote:
>
> It does not matter which of these I try, openssl always binds to '::1:8008',
> which does
> not accept IPV4.
>> I have tried various combinations of:
>> BIO_new_accept("0.0.0.0:8008")
This syntax should have bound to all IPv4 interfaces alone,
so
issue.
[cid:image001.png@01CBEADB.F5D2EE50]
Hector L. Jaquez Jr.
Data Security Analyst II
HQ AAFES, Information Technology
W 214-312-4449
BB 214-794-3641
jaqu...@aafes.com
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On
Message-
From: Dave Thompson
Sent: Monday, March 07, 2011 4:38 PM
To: openssl-users@openssl.org
Subject: RE: Installing a .cer file in IE
> From: owner-openssl-us...@openssl.org On Behalf Of Jaquez Jr, Hector
L.
> Sent: Monday, 07 March, 2011 14:37
> I created a .csr
to find out how to
install a cert in IE via openssl command line. If you need any additional
information please ask.
Hector L. Jaquez Jr.
Data Security Analyst II
HQ AAFES, Information Technology
W 214-312-4449
BB 214-794-3641
jaqu...@aafes.com<mailto:jaqu...@aafes.com>
On 3/6/2011 3:48 PM, Tim Hudson wrote:
>> In the example of building the openssl FIPS *capable* distribution, it
>> seems one should take the distribution from the official
>> openssl.org/source website and validate it using PGP. However,
>> FreeBSD ships openssl distribution within its source tre
On 1/31/2011 1:07 PM, John R Pierce wrote:
> On 01/31/11 10:55 AM, Harshvir Sidhu wrote:
>> Hi,
>>Can we use OpenSSL lib with Managed C++? Thanks.
> can you call native "C" style DLL's from this 'Managed C++' (whatever that
> is) ? my
> initial google of 'Managed C++' indicates its a Micros
On 1/6/2011 12:23 PM, Garry S Ditzler wrote:
>
> Can you tell me if OpenSSL 0.9.7 is still supported?
Yes, the answer is no, it is not.
__
OpenSSL Project http://www.openssl.org
User Support Mailin
On 11/18/2010 12:05 PM, Victor Duchovni wrote:
>
> None that are publically visible. You can check for yourself:
>
> No commits to the 0.9.8 branch after the release of 0.9.8p.
>
> http://cvs.openssl.org/chngview?cn=19996
I was aware of this. It's why I raised the question, if any of these
On 11/18/2010 10:36 AM, Dr. Stephen Henson wrote:
>
> A 1.0.0c release is planned in the next few days. We're just seeing if any
> other issues arise before the release: a couple have been fixed already.
Have any observed issues affected 0.9.8p? If so, is there a planned .8q?
___
On 10/13/2010 7:22 PM, Bill Durant wrote:
>
> On Oct 13, 2010, at 5:19 PM, William A. Rowe Jr. wrote:
>> On 10/13/2010 3:31 PM, Bill Durant wrote:
>>>
>>> I am interested in building the static version of the FIPS-capable OpenSSL
>>> as an universal
>&
On 10/13/2010 3:31 PM, Bill Durant wrote:
>
> I am interested in building the static version of the FIPS-capable OpenSSL as
> an universal
> binary.
Three builds, per spec, of the FIPS canister. No tweaks, no exceptions to
the security policy.
Then it's possible but non-trivial to integrate th
On 9/30/2010 11:42 AM, Jakob Bohm wrote:
>
> In Windows XP, Microsoft introduced their own badly designed idea of
> "versioned so-names" in the form of so-called "Assemblies". Unless
> you are writing .NET code, you should really avoid that nonsense.
I expect SxS packages for openssl (and severa
On 8/3/2010 1:17 PM, William A. Rowe Jr. wrote:
> On 8/3/2010 10:05 AM, Bryan wrote:
>> I see a "fips" directory in 0.9.8o. If I'm building OpenSSL with FIPS
>> on cygwin, should I use the openssl-fips, or use the 0.9.8o tarfile?
>
> This is well documented
On 8/3/2010 10:05 AM, Bryan wrote:
> I see a "fips" directory in 0.9.8o. If I'm building OpenSSL with FIPS
> on cygwin, should I use the openssl-fips, or use the 0.9.8o tarfile?
This is well documented in the FIPS user guide and security policy, and
if you haven't read them in detail, what you ar
On 7/9/2010 9:05 AM, Steve Marquess wrote:
> Mark Parr wrote:
>> Use of the FIPS OpenSSL is a mandated thing and not just something that we
>> are looking to do for the fun of it. In fact, the base OpenSSL was working
>> fine using the "FIPS AES 256 encryption" in a non "FIPS Certified" mode.
>>
>
On 6/24/2010 4:04 AM, Deckers, Rob wrote:
>Creating library out32dll\libeay32.lib and object out32dll\libeay32.exp
> IF EXIST out32dll\libeay32.dll.manifest mt -nologo -manifest
> out32dll\libeay32.dll.manifest -outputresource:out32dll\libeay32.dll;2
> mt: Unknown option -n
> Usage: mt
On 6/17/2010 10:10 PM, Dave Thompson wrote:
>> From: owner-openssl-us...@openssl.org On Behalf Of JC Yang
>> Sent: Wednesday, 16 June, 2010 23:53
>
>> Hi, I'm new to openssl. I've just compiled openssl with Visual C++
> 2008,
>> I've read the installation guide and added the
On 6/16/2010 12:10 PM, Dr. Stephen Henson wrote:
>
> Those for the bleeding egde development version are also available online too,
> see: http://www.openssl.org/docs/ the API doesn't change that much so those
> will be largely accurate for older versions of OpenSSL.
>
> The examples at the botto
On 6/2/2010 4:04 PM, Alona Rossen wrote:
> This is a suggested configuration. -D stands for preprocessor "define".
The reason I ask is that the entries in Configure should provide the
necessary defines, and if not, that is a bug. As it was 'suggested',
we'll just presume things are fine w/w-o it.
On 6/2/2010 11:08 AM, Alona Rossen wrote:
>
> Building dynamic library on HP-UX fails despite I explicitly specify
> ‘shared’ as Configure argument:
>
> ./Configure hpux64-ia64-cc -D_REENTRANT shared
Why are you adding -D for _REENTRANT?
I did a very similar build last week, no such problems, w
On 4/15/2010 12:42 PM, Adam Grossman wrote:
> hello,
>
> i had my code running on 0.9.8e without any issues. i upgraded to
> 0.9.8n, and now when my server initiates a renegotiation with the client
> (which is either IE or Firefox), SSL_renegotiation returns a 0. i
> understand from the CHANGELO
On 4/13/2010 4:49 PM, 芦翔 wrote:
> Dear all,
>I am trying to add the security flavor to an application. To achieve
> this objective, I wrote the codes to establish a security tunnel between
> the server and the client with VC2008. When I build the whole project,
> there are tens of similar error
On 4/7/2010 12:33 PM, Ryan Pfeifle wrote:
> While we are on the subject of Unicode, there are other areas of OpenSSL
> that need Unicode support added, in particular handling of paths and
> filenames on UTF16-based filesystems that require wchar_t* parameters.
> For instance, on Windows, OpenSSL c
On 3/31/2010 4:21 PM, Gatewood (Woody) Green wrote:
>
> Actually, no 140-3 will be successor to 140-2 which is successor to
> 140-1. The hyphenated number is a release version.
Woody, thanks for this clarification...
> You are trying to talk about FIPS 140-2, Level 3 certification in your
> exa
On 3/30/2010 10:58 AM, Gatewood (Woody) Green wrote:
>
> I assume the 2010 limit on new validations is the impending finalization
> of 140-3.
What you are thinking of won't be designated 140-3, it's not sequential,
there is such a FIPS level already. Probably FIPS-{new}-2 or FIPS-140-2 2010
or s
On 1/18/2010 2:42 PM, Kyle Hamilton wrote:
> The way that the FIPS module verifies its signature is that it forces
> itself to load (via a pre-main() section) and then calculate the
> checksum of the image in-core. Probably the reason why you're running
> into issues is because of the fixup step o
PIN-code as a
> parameter?
>
> If not, is there another function to directly pass a PIN-code to the HSM?
>
You can implement a ui_method and pass in the callback_data the PIN.
--
Thomas Harning Jr.
James Baker wrote:
>
> The problem does occur with full admin privileges.
To be 100% clear, this is full admin with no UAC? UAC will drop privilege
of an app seemingly running as 'administrator'.
__
OpenSSL Project
On Wed, Oct 7, 2009 at 11:05 AM, Thomas Harning Jr.
wrote:
> I'm writing a browser and a library that use OpenSSL for cryptography
(correction - browser plugin)
> support. I want to best be able to fully cleanup state when my
> plugin/library is unloaded, however it seems to me
ERR_release_err_state_table()
.. but that does no freeing, it just decrements reference count...
* ERR_get_err_state_table + manually killing all ERR_STATE's ... then
destroying table ... but that results in int_thread_hash pointing to
dead memory...
--
Thomas Harning Jr.
ERR_free_state_table-1.0.0-beta3.patch
Description: Binary data
On 10/7/09, Dr. Stephen Henson wrote:
> On Wed, Oct 07, 2009, Thomas Harning Jr. wrote:
>
> > Is there any sort of general idea as to when 1.0.0 might be released
> > out of beta... or perhaps how many expected stages the cycle goes
> > through until release (ex
Is there any sort of general idea as to when 1.0.0 might be released
out of beta... or perhaps how many expected stages the cycle goes
through until release (ex: Beta 4,5, ..., Release Candidate ...)?
--
Thomas Harning Jr
oying table ... but that results in int_thread_hash pointing to
dead memory...
--
Thomas Harning Jr.
ERR_free_state_table-1.0.0-beta3.patch
Description: Binary data
Did you check that you actually support SSLv3_client_method()?
On Wed, September 30, 2009 10:18 am, marina russo wrote:
>
> Hi!
> I'm trying to run a client server application using openssl library,but
> i've got some problems because, when i use the method:
> SSLv3_client_method() i have a segment
This has been driving me nuts for the past few weeks... I've written a
simple app that demonstrates the problem I'm running into. Basically, a
client connects to a server, they do the handshake, and all is well... or
should be. Both machines are running linux. Below is the source, and below
that is
William A. Rowe, Jr. wrote:
> Dave Thompson wrote:
>>> From: owner-openssl-us...@openssl.org On Behalf Of Pankaj Aggarwal
>>> Sent: Tuesday, 25 August, 2009 05:06
>>
>>> I am using cygwin on windows xp to compile FIPS Openssl 1.2 using
>>
Dave Thompson wrote:
>> From: owner-openssl-us...@openssl.org On Behalf Of Pankaj Aggarwal
>> Sent: Tuesday, 25 August, 2009 05:06
>
>> I am using cygwin on windows xp to compile FIPS Openssl 1.2 using
> Visual studio 2005.
>
> Apparently you mean cygwin _perl_. The MS compil
recommended ways to get OpenSSL to build for WM6.1?
--
Thomas Harning Jr.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List
sha512-ia64.pl ../$@ $(CFLAGS))
sha512-ia64.s: asm/sha512-ia64.pl
The first argument for sha1-ia64.pl should be the .s file and not the
$CFLAGS. I tested and works fine for me.
Is it enough report this here? Should I report th
Hello again,
Please, can someone help me? I need to compile openssl0.9.9 on Windows
(MSVC or MinGW/MSYS based).
Thanks.
--
Amadeu A. Barbosa Jr :: http://www.inf.puc-rio.br/~ajunior
> Hello,
>
> I´m trying to compile openssl-snap-20080729 under MinGW/MSYS environment
> but I have p
e_capi.c: In function `capi_list_certs':
e_capi.c:1335: warning: unused variable `fname'
e_capi.c: In function `capi_get_cert_key':
e_capi.c:1413: error: `CRYPT_KEY_PROV_INFO' undeclared (first use in this
function)
e_capi.c:1413: error: `pinfo' undeclared (first
Marek Marcola wrote:
Hello,
are there some available settings to build openssl for small footprint
applications and devices?
I mean to get a smaller library like matrixssl [1] and strip thing and
module out someone might not need ?
In my personal opinion: no.
(This is why MatrixSSL was
Hi,
are there some available settings to build openssl for small footprint
applications and devices?
I mean to get a smaller library like matrixssl [1] and strip thing and
module out someone might not need ?
Thanks in advance for your reply
Cheers
Michael
[1] http://matrixssl.com/
__
[EMAIL PROTECTED] wrote:
>
> In the previous post, another subscriber suggested patching SunStudio 11.
> I applied all the patches I could find on SunSolve (namely, 120761-03,
> 121023-04, and 122142-03.) I'm getting the same result, so I'm really
> baffled at this point. Any suggestions would
Michael Durket wrote:
> There seem to be a few problems successfully building OpenSSL
> on a Sun T2000 running Solaris 10 using the Sun Studio 11
> compiler suite.
>
> I ignored those warnings and ran make which appeared to
> work. However, after doing a 'make test' I received this
> error:
>
Because Solaris has a loop unroll optimization bug.
Apply all the latest patches to SunStudio 11 and it should work. Please
check back in to let us know.
It's a really high level bug - because it hit both sparc and x86 :)
Donny Dinh wrote:
>
> I managed to get the solaris build to work properl
Michael - just to rest your mind - you might want to examine both wsock32.dll
and winsock2.dll using DEPENDS.EXE.
You'll find the results are interesting :)
__
OpenSSL Project http://www.openssl.org
Brown, Michael A wrote:
> I’m looking at an app where the app and all libs/DLLs it uses EXCEPT
> openssl use ws2_32, and openssl uses wsock32. Is this a problem or can
> the two coexist peacefully? It makes me somewhat uneasy.
Well, using winsock period makes me uneasy ;-)
Seriously - no - there'
Marek Marcola wrote:
> Hello,
>> I have read the advisory an I am a bit puzzled regarding the there are
>> CAs using exponent 3 in wide use comment, I have tried to check and
>> could not found any CA using this exponent, all the CA’s I have seen
>> are using 0x10001 (CA’s I have generate by OpenSS
Ryan Shon wrote:
>
> I work for nFocal, a company in
> Rochester, New York. We want to develop a variant of OpenSSL
> in which we optimize the cryptography library to run on
> a particular DSP. The other components of OpenSSL would remain
> unchanged except where needed to utilize our custom lib
Thomas J. Hruska wrote:
> Now compare that number to how many hackers know and care about the same
> information.
None. If an exploit exists, it will be exploited. You are a fool if you
expect that a hacker would rely on the reported version number to elect
one of the dozens of past exploits. T
Randy Turner wrote:
> I would probably consider the publishing of the openssl version on the web
> server announcment message as a security issue.
And some of us would laugh in your general direction ;-)
Exploiters don't need to know, they can just persist till they find
a known exploit.
___
David Schwartz wrote:
Notice the two persistent connection headers returned? And, in practice,
the connection is in fact persistent. If you were correct, the server would
ignore the "Connection" header since it "has no meaning". Try it without a
connection header and you will see the dif
httpd's scripts are known to the autoconf community as gross bastardizations
of intent of autoconf, so forwared ;-) But they do illustrate verifying the
version of openssl, take a look at APACHE_CHECK_SSL_TOOLKIT in;
http://svn.apache.org/repos/asf/httpd/httpd/trunk/acinclude.m4
Matt England wr
Kendall, Jerry wrote:
Now, I have a Unix Project that runs wonderfully on Linux/Aix/Solaris…..
There are two lines of code that cause a windows exception.
PEM_write_PrivateKey(fp, NewKeyReq, Cipher, GetCode(0),strlen(GetCode(0)),
NULL, NULL);
PEM_write_X509(fp, x509_Cert);
Did you call
I heard 'very soon now' :)
Tinnerello, Richard wrote:
Can anyone say when the openssl-fips-1.1.tar.gz distribution announced
on Saturday will be available for download? Thanks!
Richard
__
OpenSSL Project
Kyle Hamilton wrote:
It will violate the FIPS security policy. That much has been stated,
but there's been no workaround that I'm aware of to select alternate
options like that.
Right, not with openssl ./config. However, some folks might want to consider
if their compiler environment can be a
hunter wrote:
On 5/7/06, William A. Rowe, Jr. <[EMAIL PROTECTED]> wrote:
Typically one links to the static library then, which of course will only
link in .obj files that are consumed. One bit of OpenSSL magic are the
seperate objects which create a (relatively) quite small binary. T
Mike Ehlert wrote:
but what I'm after now is some information on any tricks to compiling
the DLL's with only the features needed for my application to reduce
their size.
Typically one links to the static library then, which of course will only
link in .obj files that are consumed. One bit of
Rovan, Jim (IMS) wrote:
When I attempt to follow the instructions from the "Compilation of
OpenSSL-fips-1.0 under Windows" thread (2006-03-31) to build fips
OpenSSL for Borland Builder 5, I can make it through the point where I
run "ms\do_nasm fips" to create bcb.mak for the 0.9.7 snapshot. But
William A. Rowe, Jr. wrote:
Bill Angus wrote:
I'm having a little trouble with setting up a secure server on windows
with openssl and Apache2 + Mod_SSL.
The config I am attempting to use for the secure directory is as below.
listen 443
...
Why *:443? stop and consider - them&#x
Bill Angus wrote:
I'm having a little trouble with setting up a secure server on windows
with openssl and Apache2 + Mod_SSL.
Well, you are in the wrong place, this should be on [EMAIL PROTECTED]
Neverminding that blunder, and possibly aggrivating your good openssl user
supporters by entertaini
[EMAIL PROTECTED] wrote:
I am unable to install openssl 0.9.8a as I sent earlier. Here is make
report:
Compiler: gcc version egcs-2.91.66 19990314/Linux (egcs-1.1.2
release)
EEEK! 2.91? Really?
Try a more modern compiler that understands modern assembly syntax.
___
Venkata Sairam wrote:
I am also encountering the same problem. I tried adding in options as
suggested. I had modified the CFLAG and LFLAG as below.
CFLAG= /MD /Ox /O2 /Zi /Oy /Ob2 /W3 /WX /Gs0 /GF /Gy /nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32 -D_CRT_SECURE_NO_D
1 - 100 of 152 matches
Mail list logo
