Fred,
You're welcome. Best of luck with your Canadian government, er, friends. ;-)
Ger
BTW: nitpicking my own text there: it was restricted to 56 bits tops
back then. Irrelevant though.
On Tue, Aug 19, 2008 at 2:53 PM, Fred Picher <[EMAIL PROTECTED]> wrote:
> --- On Fri, 8/15/08, Ger Hobbelt <
--- On Fri, 8/15/08, Ger Hobbelt <[EMAIL PROTECTED]> wrote:
> Ahh... This brings back memories... I had to do the same
> 'selective compilation' back before 2000 when the USA would
> prohibit cipher export at 128 bit and beyond unless you had a
> specific license.
Ger,
Many thanks for taking
PM
To: openssl-users@openssl.org
Subject: Re: DES-only OpenSSL version
--- On Fri, 8/15/08, Kyle Hamilton <[EMAIL PROTECTED]> wrote:
Thanks for your comments.
> Well, the question becomes: Which government are you trying to
> work around the restrictions of? OpenSSL is open-source.
--- On Fri, 8/15/08, Kyle Hamilton <[EMAIL PROTECTED]> wrote:
Thanks for your comments.
> Well, the question becomes: Which government are you trying to
> work around the restrictions of? OpenSSL is open-source.
In this very specific case: the Canadian gouvernment. The whole
thing does not loo
Kyle Hamilton wrote:
> Well, the question becomes: Which government are you trying to work
> around the restrictions of?
>
> OpenSSL is open-source. In the United States, while it may fall under
> the export class EI on the CCR, it also falls under export exemption
> TSU (see http://www.access.gpo
-Original Message-
>From: Fred Picher <[EMAIL PROTECTED]>
>Sent: Aug 14, 2008 11:18 AM
> Unfortunately this is seemingly the case, as told by actual
> gouvernement reps.
>
Fred, I'm sorry I'm not of any help on the technical side, but I would strongly
advise you to heavily discount wh
On Fri, Aug 15, 2008 at 5:11 PM, Fred Picher <[EMAIL PROTECTED]> wrote:
[...]
>> If this is not sufficient you may check out ssl/sslv3.c etc and
>> actually remove the ciphers you don't want to support in your
>> libssl from the registration tables.
>
> As a test, I've commented out every cipher de
ers.
>
>
> --- On Wed, 8/13/08, David Schwartz <[EMAIL PROTECTED]> wrote:
>
>> From: David Schwartz <[EMAIL PROTECTED]>
>> Subject: RE: DES-only OpenSSL version
>> To: openssl-users@openssl.org
>> Received: Wednesday, August 13, 2008, 10:18 PM
>
red Picher wrote:
Hi,
Unfortunately this is seemingly the case, as told by actual
gouvernement reps.
Cheers.
--- On Wed, 8/13/08, David Schwartz <[EMAIL PROTECTED]> wrote:
From: David Schwartz <[EMAIL PROTECTED]>
Subject: RE: DES-only OpenSSL version
To: openssl-user
Fred Picher wrote:
> Hello,
>
> Thanks for your reply.
>
>
>> If this is not sufficient you may check out ssl/sslv3.c etc and
>> actually remove the ciphers you don't want to support in your
>> libssl from the registration tables.
>>
>
> As a test, I've commented out every cipher definiti
Hello,
Thanks for your reply.
> If this is not sufficient you may check out ssl/sslv3.c etc and
> actually remove the ciphers you don't want to support in your
> libssl from the registration tables.
As a test, I've commented out every cipher definition in
ssl/s3_lib.c, like this example:
The
Fred Picher wrote:
> Hello all,
>
> I'd like to get all of the ciphers that are tagged 'export' as
> well as the 56-bit ones that are not. Eg.:
>
> (list somewhat shortened in width)
>
> EDH-RSA-DES-CBC-SHA SSLv3 Kx=DH Enc=DES(56)
> EDH-DSS-DES-CBC-SHA SSLv3 Kx=DH Enc=DES(56)
Hello all,
I'd like to get all of the ciphers that are tagged 'export' as
well as the 56-bit ones that are not. Eg.:
(list somewhat shortened in width)
EDH-RSA-DES-CBC-SHA SSLv3 Kx=DH Enc=DES(56)
EDH-DSS-DES-CBC-SHA SSLv3 Kx=DH Enc=DES(56)
DES-CBC-SHA SSLv3 Kx=
Hi,
Unfortunately this is seemingly the case, as told by actual
gouvernement reps.
Cheers.
--- On Wed, 8/13/08, David Schwartz <[EMAIL PROTECTED]> wrote:
> From: David Schwartz <[EMAIL PROTECTED]>
> Subject: RE: DES-only OpenSSL version
> To: openssl-users@o
Fred Picher:
> For export regulations compliance I must dumb down OpenSSL to use
> only DES. And that's only DES, no 3DES ! So I got it down to:
Are you sure you aren't trying to comply with ancient regulations that no
longer apply? It's been years since anyone I know of has had to dumb thei
Hello,
For export regulations compliance I must dumb down OpenSSL to use
only DES. And that's only DES, no 3DES ! So I got it down to:
openssl ciphers -v
EDH-DSS-DES-CBC3-SHA
SSLv3 Kx=DH
Au=DSS
Enc=3DES(168)
Mac=SHA1
EDH-DSS-DES-CBC-SHA
SSLv3 Kx=DH
Au=D
16 matches
Mail list logo
