> From: openssl-users On Behalf Of
> Steven_M.irc via openssl-users
> Sent: Wednesday, 2 November, 2022 17:18
>
> I'm really worried about the vulnerabilities recently found in OpenSSL
> versions 3.0.0 - 3.0.6.
Why? What's your threat model?
> If I understand
On Wed, Nov 02, 2022 at 11:17:31PM +, Steven_M.irc via openssl-users wrote:
> I'm really worried about the vulnerabilities recently found in OpenSSL
> versions 3.0.0 - 3.0.6.
Just upgrade any affected systems and you'll be fine.
> If I understand things correctly (and p
Hi All,
I'm really worried about the vulnerabilities recently found in OpenSSL versions
3.0.0 - 3.0.6. If I understand things correctly (and please do correct me if
I'm wrong), it doesn't matter which version of OpenSSL clients are running,
only which version of OpenSSL *serve
Dear team,
It would be nice if there was a user- and security-friendly best
practice document for distributions (such as Linux distributions) that
freeze on an OpenSSL release version (such as 1.1.1z) and then backport
any important fixes.
Perhaps something like the following:
1. The distri
Hi,
Thank you Salz Rich. It's clear now.
Regards,
Sanjaya
On Mon, Nov 27, 2017 at 6:42 PM, Salz, Rich via openssl-users <
openssl-users@openssl.org> wrote:
>
>- Whether openssl 1.0.x and 1.1.x can interwork ?
>
>
>
> Yup. As long as they share a TLS version, no problem.
>
> --
> openssl-use
* Whether openssl 1.0.x and 1.1.x can interwork ?
Yup. As long as they share a TLS version, no problem.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Thank you for the confirmation Matt.
Regards,
Sanjaya
On Mon, Nov 27, 2017 at 3:50 PM, Matt Caswell wrote:
>
>
> On 27/11/17 08:47, Sanjaya Joshi wrote:
> > Hello,
> > Whether openssl 1.0.x and 1.1.x can interwork ?
> > That is, whether TLS client on top of openssl 1.1.x and TLS server on
> > t
On 27/11/17 08:47, Sanjaya Joshi wrote:
> Hello,
> Whether openssl 1.0.x and 1.1.x can interwork ?
> That is, whether TLS client on top of openssl 1.1.x and TLS server on
> top of openssl 1.0.x (or vice versa) can interwork efficiently ?
Yes - absolutely.
Matt
--
openssl-users mailing list
To
Hello,
Whether openssl 1.0.x and 1.1.x can interwork ?
That is, whether TLS client on top of openssl 1.1.x and TLS server on top
of openssl 1.0.x (or vice versa) can interwork efficiently ?
Regards,
Sanjaya
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/ope
On 17/10/17 10:01, Grace Priscilla Jero wrote:
> Thank you Matt for the quick response.
> For "2," does it mean that every cipher suite can operate in multiple
> levels?
> I thought that there were specific set of cipher suites operating in
> each of the levels.
Not quite. The security levels l
The security levels are simply a classification of the cipher
suites by quality. Typically one would select all ciphers above
a certain level.
Most cipher suites work with all protocol levels >= a certain
level, with SSL2 (dead) and TLS1.3 (future) being exceptions.
Selecting something like "TLS
Thank you Matt for the quick response.
For "2," does it mean that every cipher suite can operate in multiple
levels?
I thought that there were specific set of cipher suites operating in each
of the levels.
Thanks,
Grace
On Tue, Oct 17, 2017 at 2:25 PM, Matt Caswell wrote:
>
>
> On 17/10/17 09:2
On 17/10/17 09:21, Grace Priscilla Jero wrote:
> Hi All,
>
> 1)
> The below APIs used to set the maximum and minimum versions are
> available in 1.1.0f version of OPENSSL.
>
> int SSL_CTX_set_min_proto_version(SSL_CTX *ctx, int version);
> int SSL_CTX_set_max_proto_version(SSL_CTX *ctx, int v
Hi All,
1)
The below APIs used to set the maximum and minimum versions are available
in 1.1.0f version of OPENSSL.
int SSL_CTX_set_min_proto_version(SSL_CTX *ctx, int version);
int SSL_CTX_set_max_proto_version(SSL_CTX *ctx, int version);
int SSL_set_min_proto_version(SSL *ssl, int version);
On Fri, 15 Nov 2013, Dr. Stephen Henson wrote:
On Fri, Nov 15, 2013, Dimitrios Apostolou wrote:
On Fri, 15 Nov 2013, Dr. Stephen Henson wrote:
If the certificate contains no useful information then why check it at all
other than to make sure it carries the correct public key?
I was not sur
On Thu, 14 Nov 2013, Dr. Stephen Henson wrote:
On Thu, Nov 14, 2013, Dimitrios Apostolou wrote:
+ *) Don't reencode certificate when calculating signature: cache and use
+ the original encoding instead. This makes signature verification of
+ some broken encodings work correctly.
Can
On Thu, Nov 14, 2013, Dimitrios Apostolou wrote:
> some time now I'm having problems with X509_verify() from
> openssl-1.0.0-27.el6_4.2.i686 shipped with latest RHEL 6. The
> problem is that a self-signed certificate that I generate and verify
> on the server side, fails to verify on the client si
Hello,
some time now I'm having problems with X509_verify() from
openssl-1.0.0-27.el6_4.2.i686 shipped with latest RHEL 6. The problem is
that a self-signed certificate that I generate and verify on the server
side, fails to verify on the client side after the TLS handshake.
Since this works
.9.8y with fips
everything works ok.
I put some logs in openssl code and I checked that openssl read PEM header
and resolve cipher by name from DEK-Info (of course it's obvious, I just
double-checked that it works correctly). I compared ciphers parameters which
different openssl version
unsubscribe openssl-users
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Leonardo Laface de Almeida
Sent: Wednesday, January 23, 2013 5:35 PM
To: openssl-users@openssl.org
Subject: RES: Openssl versions compability
-Mensagem original-
De: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] Em
nome de Ken Goldman
Enviada em: quarta-feira, 23 de janeiro de 2013 13:13
Para: openssl-users@openssl.org
Assunto: Re: Openssl versions compability
On 1/23/2013 9:51 AM, Jeffrey Walton
On Wed, Jan 23, 2013 at 10:12:36AM -0500, Ken Goldman wrote:
> On 1/23/2013 9:51 AM, Jeffrey Walton wrote:
> >Binary compatibility can be tricky, and it brings up all the old
> >wounds of Microsoft's COM. Are you claiming there is binary
> >compatibility among tool vendors? For example, can I buil
On 1/23/2013 9:51 AM, Jeffrey Walton wrote:
Binary compatibility can be tricky, and it brings up all the old
wounds of Microsoft's COM. Are you claiming there is binary
compatibility among tool vendors? For example, can I build the base
with GCC, and then build patches with ICC? How about differe
On Wed, Jan 23, 2013 at 09:51:08AM -0500, Jeffrey Walton wrote:
> Binary compatibility can be tricky, and it brings up all the old
> wounds of Microsoft's COM. Are you claiming there is binary
> compatibility among tool vendors? For example, can I build the base
> with GCC, and then build patches
On Wed, Jan 23, 2013 at 9:42 AM, Viktor Dukhovni
wrote:
> On Wed, Jan 23, 2013 at 09:12:41AM -0500, Ken Goldman wrote:
>
>> My experience is that you should not expect binary compatibility.
>> Since errors will often be in little used corner cases, it's safer
>> to always recompile.
>
> Please do
On Wed, Jan 23, 2013 at 09:12:41AM -0500, Ken Goldman wrote:
> My experience is that you should not expect binary compatibility.
> Since errors will often be in little used corner cases, it's safer
> to always recompile.
Please do not spread FUD, the OpenSSL project made a commitment a
while back
My experience is that you should not expect binary compatibility. Since
errors will often be in little used corner cases, it's safer to always
recompile.
Sometimes recompiling is enough. Sometimes versions are so incompatible
that you will have to port your application.
However, more recen
Hi,
I'd like to know about it. I have a software developed in 1.0.0b version. I
think it might be better to use some other newer release version, like
1.0.1c.
Will I have any trouble doing this?
I don't know if changes the answer, but it's for arm processor.
Thanks,
Leonardo
I appear to have several versions of openSSL installed in various
directories, which resulted from installing other programs that use its
functionality. My OS is WinXP pro SP3, and I use Cygwin also. I would like
to remove any redundant versions of this program if possible; or, if a
second versi
Hi,
I am testing a dummy code for AES256_SHA decryption. Please see the
attached server private key and the C code.
The same code works for "OpenSSL 0.9.8r" and "OpenSSL 0.9.8k".
But it produces junk after decryption on machine with OpenSSL version
"OpenSSL 1.0.0b".
Could someone please comm
Thanks Dr. Stephen an Mr. Willy Weisz, the comments clarifies the
different matching options.
Still, bugged with the details that made OpenSSL complain about two
strings apparently equal, I've sniffed out the certificates:
0.9.8
SET (1 elem)
SEQUENCE (2
On Mon, Sep 19, 2011, Gabriel Marques wrote:
> Hello folks,
>
> I'm developing a tool for signing digital TV apps, and for testing
> I'm creating a lot of different test scenarios.
>
> Well, using OpenSSL 1.0.0e to create a new certificate, signed by a
> snakeoil one I got the following error:
>
Hi Gabriel,
openssl performs as it is described.
You probably wanted the behaviour activated by the option "supplied"
which requires the DN component to be present, but doesn't tie it to the
corresponding entry in the CA DN.
Regards
Willy
Am 19.09.2011 17:02, schrieb Gabriel Marques:
> Hello fo
Hello folks,
I'm developing a tool for signing digital TV apps, and for testing I'm
creating a lot of different test scenarios.
Well, using OpenSSL 1.0.0e to create a new certificate, signed by a
snakeoil one I got the following error:
--> The stateOrProvinceName field needed to be the same
Hi. I'm looking for experiences in the community with dynamic loading and
lookup of crypto/SSL entry points when multiple versions of the libraries might
be loaded into the process space.
Background is too detailed to start with, so I'll watch for takers and
interested parties, so as not to c
/usr/lib/libcrypto.1.0.0.dylib
/usr/lib/libssl.1.0.0.dylib
What about engines? Are engines compiled in one specific OpenSSL
version guaranteed to work with all other OpenSSL versions? If not, I
could manually install them to different directories (e.g. /usr/lib/
openssl098-engines and /usr/lib/
Hi,
I wrote an app that prints out the fingerprint of a certificate.
I used SSL_get_peer_certificate(ssl) to get the cert. This works fine with
openssl 0.9.8b but not with c (I always get NULL for the cert). Any ideas
why?
I used SSL_set_verify on the SSL object before making a sslconnect/acceppt.
not sure whether my apache webserver will still
run without any problems. Can anyone help me here ?
What if instead of installing openssl 0.9.7i, I
install openssl version 0.9.8 ?
In connection to with this I have general questions
regarding openssl versions:
1. are openssl versions backward
In message <[EMAIL PROTECTED]> on Wed, 26 Jun 2002 17:28:19 -0500, Ken Hoo
<[EMAIL PROTECTED]> said:
Ken_Hoo> Does anyone know how to find the documented differences between the
Ken_Hoo> different versions of OpenSSL? I can't seem to locate the information
Ken_Hoo> on the website. Thanks.
htt
Does anyone know how to find the documented differences between the
different versions of OpenSSL? I can't seem to locate the information
on the website. Thanks.
__
OpenSSL Project http://www.ope
40 matches
Mail list logo
