On 2011-11-14 08:55 + (Mon), Alan Buxey wrote:
> you are using cryptodev with that Atom rather than just using
> software-only OpenSSL?
I know this was directed at the other guy, but I'm using "software-only"
OpenSSL. Is there some reason to use cryptodev instead? Is there some
Atom hardware
hi,
you are using cryptodev with that Atom rather than just using software-only
OpenSSL?
alan
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@
On 2011-11-14 03:51 +0100 (Mon), jb-open...@wisemo.com wrote:
> Running outside TLS context will also allow you to manage
> key selection independently of socket level connection setup [etc. etc.]
Yes, I've actually considered rolling my own cryptosystem for this
stuff. For example, in some situa
For authenticated encryption speed on a typical general purpose processor
(such as Atom), I would suggest AES-128 in GCM (Galois Counter Mode),
this does one 12-round AES per 16 bytes, plus one extra per message, with
no additional hashing algorithm use.
I don't know if that mode is in TLS, or yo
I'm dealing with some of the exact same issues; I am trying to satisfy
a requirement that a rather lightweight host (an embedded system with
an Atom processor) handle conversations with about 5,000 other hosts
with strict latency requirements. I'm currently attempting this as
peer-to-peer TLS commu
text:
http://old.nabble.com/TLS-Overhead-tp32834379p32834379.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
__
OpenSSL Project http://www.openssl.org
User Support Mailing
Dear All,
Actually in large TLS client deployment network what are the Silence points
we need to take into consideration to have a healthy handshakes with data
traffic without any issues?
If my TLS client does not support Session Resumption(means every time it
does Full handshakes) then what wou
All who have answered: Thanks a lot.
Yes, I understood that the poll() should read to a buffer last night,
in the shower. You know how that works ;). But I also understood that
I had misunderstood the way the "poll" and "read" methods were being
used, and "read" will be called no matter what "poll
On Wed, Apr 16, 2008, Tomas Neme wrote:
> does one of the flags in the BIO object say anything about the
> blocking nature of the BIO? For example, does SSL_connect return
> automatically or not depending on the BIO flags, or on the BIO_write
> and read return values?
>
If a BIO is blocking it s
* Tomas Neme wrote on Wed, Apr 16, 2008 at 17:44 -0300:
> The problem is that SSL_pending might return 0 if there's
> stuff on the socket, but isn't enough to decode a full record.
If you want SSL to be transparent, why are you interested in
intermediate protocol-specific data which would not be
supported/documented.
Cheers,
Michael.
> -Original Message-
> From: Tomas Neme [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, April 15, 2008 4:24 PM
> To: openssl-users@openssl.org
> Subject: Re: SSL overhead
>
> OK, I think I'll implement my own BIO. My C is good, althou
> One more question: I'm working on an ansynchronous framework, and
> there's a "poll" method that gets called in each iteration. In our
> sockets, this method's supposed to do whatever needs doing, and return
> how many bytes are waiting to be read from the socket, so the return
> value should be
does one of the flags in the BIO object say anything about the
blocking nature of the BIO? For example, does SSL_connect return
automatically or not depending on the BIO flags, or on the BIO_write
and read return values?
T
--
|_|0|_|
|_|_|0|
|0|0|0|
(\__/)
(='.'=)This is Bunny. Copy and paste b
One more question: I'm working on an ansynchronous framework, and
there's a "poll" method that gets called in each iteration. In our
sockets, this method's supposed to do whatever needs doing, and return
how many bytes are waiting to be read from the socket, so the return
value should be the value
> It would seem that the socket BIO handles the socket abstraction, but
> it does not handle calls to BIO_S_CONNECT. Actually, a grep for
> BIO_S_CONNECT returns only bss_conn.. why is this? shouldn't sockets
> have a call to connect too?
sorry, I forgot that you create the BIO_socket with the
On Tue, Apr 15, 2008 at 04:22:03PM -0300, Tomas Neme wrote:
> Stephen:
>
> > > Most of them you don't need to worry about. I'd suggest looking at the
> > > fd BIO
> > > and copy some of the functionality from that.
>
> I also need to know which of the BIO_CTRL_* params do I have to
> impleme
Stephen:
> > Most of them you don't need to worry about. I'd suggest looking at the fd
> > BIO
> > and copy some of the functionality from that.
I also need to know which of the BIO_CTRL_* params do I have to
implement in my _ctrl function. Is there a reason why you said to look
at the fd BIO
> Most of them you don't need to worry about. I'd suggest looking at the fd BIO
> and copy some of the functionality from that.
OK, I will. I just wondered because mem_new (the new method of
BIO_s_mem) sets shutdown = 1 ; init = 1; num = -1 and rtcp does init =
1 ; num = 0 ; flags = 0 ; so I'd l
On Tue, Apr 15, 2008, Tomas Neme wrote:
> Is there any reference of what do the different members of the BIO
> objects mean? method, ptr, next_bio and prev_bio are pretty obvious,
> but the rest, I don't know, and I haven't been able to find any
> details out there.. I'll keep googling, but if any
Is there any reference of what do the different members of the BIO
objects mean? method, ptr, next_bio and prev_bio are pretty obvious,
but the rest, I don't know, and I haven't been able to find any
details out there.. I'll keep googling, but if anyone knows of a good
detail out there, please poin
OK, I think I'll implement my own BIO. My C is good, although not
brilliant, but I can do it. What stopped me from trying that approach
in the first place was that the BIO* functions are so many and
that I don't know which ones do I actually *need* to reimplement (that
is, which ones is the eng
> The documentation's poor at best, and I don't completely get the
> general concepts. From reading examples I figure that only the
> BIO_f_ssl does encryption-decryption when written into? so what should
> I do if I want to provide an api that has functions b_encrypt and
> encrypt_flush?
I think
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Tomas Neme wrote:
| The documentation's poor at best, and I don't completely get the
| general concepts. From reading examples I figure that only the
| BIO_f_ssl does encryption-decryption when written into? so what should
| I do if I want to provide
> general concepts. From reading examples I figure that only the
> BIO_f_ssl does encryption-decryption when written into? so what should
Or doing SSL_write into a SSL object with a BIO_s_mem object as the
write-bio will write the encrypted data into it?
T
--
|_|0|_|
|_|_|0|
|0|0|0|
(\__/)
(
I'm getting started with ssl, and there's a lot of things I don't get
about the library, small, and quite a lot of them
Isn't there an IRC channel, or some kind of faster communication way than this?
The documentation's poor at best, and I don't completely get the
general concepts. From reading e
om the BIO and put it into the socket.
We want to minimize memory allocation, working with a fixed-size
buffer, so I'd like to know if there's a way to know the size overhead
on SSL headers, so I know that if I feed it, say 200B blocks, I have
to read with a 350B buffer, or something like
Should not be that bad, since all the gore happens at the
beginning of the connection, so when the data is actually
flowing it's just a standard symmetric encryption which is
usually one-to-one - however there is some overhead as the
session key is periodically recomputed.
You could
Hi all,
I am looking for average overhead of SSL over plain tcp. Can I have some
kind of numbers like for one SSL connection ( from connect to transfer and
then disconnect ) for N KB of raw data, how much overhead I have ?
The reason I ask is I am applying OpenSSL to my phone apps, and the
> Sorry, I don't have much knowledge of the SSL API's. So have to rely on
the
> published Standards:
> According to http://www.ietf.org/rfc/rfc2246.txt, below is an example of
> calculating overhead:
>
> "Example: If the block leng
- Original Message -
From: "Fred Crable" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, July 07, 2003 4:12 PM
Subject: RE: Estimating the packet overhead imposed by SSL.
> Far from trying to calculate the overhead, I would try finding the
> lowes
Far from trying to calculate the overhead, I would try finding the
lowest level function call to std::write or std::read and simply log the
bytes written/read :) A good starting point would be BIO_write
(crpyto/bio_lib.c) or SSL_write, then trace from there to find the write
system call. Same
Hi all,
We're trying to compile some data on the amount of overhead that certs add
to packets when authenticating to an ldap directory, as well as general
network statistics, cpu usage, performance impact of certs, etc, does anyone
have any material on this? Any help is greatly apprec
onnections. So I think I am forced to use a separate
context for each connection.
I am wondering what the overhead is compared to using a single
context ?
Thx, Jasper
__
OpenSSL Project http://www.o
Where I work we are going to deploy a large secure
site, and the question comes up over and over again
about the bandwidth overhead involved with SSL/TLS
when using client authenticated certs.
By using openssl s_client to connect to our SSL
server here is the results:
content = 2529 bytes or
34 matches
Mail list logo
