SSL_accept hanging with blocking socket

2009-11-17 Thread TheSquad
Hello everyone, I have multithreaded the Handshake of SSL by creating a thread after each connection to my server. the handshake is done on a separate thread. So there is two question poping up : 1 - How come if I connect to my server with telnet without SSL support, the socket hang indefinitel

help need on usage of "no-tlsext" flag in openssl build.

2009-11-17 Thread pramod ravula
There is a bug in Java SSL Hello extension handling code which is exposed by newer openssl versions. Newer versions of openssl (0.9.8j and greater) have enabled extensions in SSL handshakes by default.   The client hello extension which is now enabled exposes a bug in Java hello extension hand

SHA-2 support in openssl?

2009-11-17 Thread smitha daggubati
Hello all, Does openssl have support for SHA-2. ? I know that SHA-2 is part of the crypto library but looking at the way the context is setup in ssl_ctx_new we are setiing up ret->sha1=EVP_get_digestbyname("ssl3-sha1")) So is there a way to establish an openssl connection using SHA-2 currently

OpenSSL PRNG built in polling function strength

2009-11-17 Thread hagai yaffe
Hello,   I am using OpenSSL 0.9.8l on windows that is built according to FIPS user guide. And I would like to understand what is the strength in terms of random of the random data that is gathered by OpenSSL built in functions that poll for random data on OpenSSL startup (rand_poll function).  

Re: how to merge multiple public domain certs into one file?

2009-11-17 Thread Victor B. Wagner
On 2009.11.16 at 12:22:13 -0500, Crypto Sal wrote: > On 11/16/2009 03:46 AM, H?cber C?rdova wrote: >> Since 0.9.8f OpenSSL supports SNI (server name indication) TLS >> extension. Support of this extension in mod_ssl is discussed on >> httpd-...@apache.org for years, and even if it haven't yet got

how to decrypt a binary file which is encryptes by aes 256 cbc mode

2009-11-17 Thread NaGaGo
Can any one help me out with the code below I dont understand properly what is the error problem in this . I'm using AES API's to decrypt. Here is my code : I need to decrypt a binary file...i only have key and iv and i was given the mode of encryption asked to decrypt the binary file..so this was

help me decrypting a binary file which is encrypted by aes 256 cbc mode

2009-11-17 Thread NaGaGo
Hai this is the openssl shell command i'm using to decrypt a binary file... openssl enc -d -K 3834373532303435333730323834383132373330393233343531323330383839 -iv 3636383630393433313132323031 -aes-256-cbc-in final2.bin -out test.zip As my target doesnot support openssl commd i was asked to wr

Problem building OpenSSL on Mac OS X with Kerberos support

2009-11-17 Thread monipol
Hello. I'm having the following problem when building OpenSSL with Kerberos support, both 0.9.8l and 1.0.0beta4, on Intel Mac OS 10.5.8. I'm able to build both versions if I use --no-krb5, though. What should I be looking for in order to fix this build problem? Any pointers are greatly appr

Re: help me decrypting a binary file which is encrypted by aes 256 cbc mode

2009-11-17 Thread Christian Hohnstaedt
Hi, you used the ASCII representation of the key, instead of the real key. Same with iv. On Tue, Nov 17, 2009 at 02:43:48AM -0800, NaGaGo wrote: > > Hai > this is the openssl shell command i'm using to decrypt a binary file... > openssl enc -d -K > 3834373532303435333730323834383132373330393233

Re: Problem building OpenSSL on Mac OS X with Kerberos support

2009-11-17 Thread Lou Picciano
For what it's worth, just built 1.0.0b4, with no problem, using only ./config - with no options passed. This is on OS X 10.6.2, Intel. We don't have a $PERL in our build environment - and why are you needing to pass all those options re Kerberos? Lou Picciano - Original Message -

Re: Problem building OpenSSL on Mac OS X with Kerberos support

2009-11-17 Thread monipol
./config alone won't enable Kerberos support. Also, it won't create a shared/dynamic library and won't use zlib: $ ./config (...) Configuring for darwin-i386-cc no-krb5 [krb5-flavor not specified] OPENSSL_NO_KRB5 no-shared [default] no-zlib [default] no-zlib-dy

Re: Problem building OpenSSL on Mac OS X with Kerberos support

2009-11-17 Thread monipol
./config alone won't enable Kerberos support, won't create a shared/ dynamic library, won't use zlib: Configuring for darwin-i386-cc no-krb5 [krb5-flavor not specified] OPENSSL_NO_KRB5 no-shared [default] no-zlib [default] no-zlib-dynamic [default] And true

RE: SSL_accept hanging with blocking socket

2009-11-17 Thread David Schwartz
TheSquad wrote: > Hello everyone, > > I have multithreaded the Handshake of SSL by creating a thread after > each > connection to my server. > the handshake is done on a separate thread. > So there is two question poping up : I've said it before and I'll say it again -- this is the worst possib

Multiple OpenSSL versions and engines

2009-11-17 Thread monipol
Hello, all. I'm not sure if this is supposed to be posted to -dev instead; if so, please tell me. Currently it's possible to have multiple shared library versions of OpenSSL because of their different names, e.g. /usr/lib/libcrypto.0.9.8.dylib /usr/lib/libssl.0.9.8.dylib and /usr/lib/libc

RE: Getting started - d2i_PKCS12_fp: on Win

2009-11-17 Thread Dave Thompson
> From: owner-openssl-us...@openssl.org On Behalf Of Tim Ward > Sent: Monday, 16 November, 2009 12:01 > Further info: > > I get the same results running the pkread.c sample program. > > If I compile with /MD without the applink stuff present it works. > What toolset (mingw or msvc, and which ve

Re: Getting started - d2i_PKCS12_fp: on Win

2009-11-17 Thread Tim Ward
From: "Dave Thompson" Thanks very much for your reply. Further info: I get the same results running the pkread.c sample program. If I compile with /MD without the applink stuff present it works. What toolset (mingw or msvc, and which version) and library build (own or other) are you using?

Re: DTLS ClientHello exchange broken by renegotiation patch in 0.9.8l

2009-11-17 Thread Alex Lam
Hi Steve, Is there a 0.9.8m with the DTLS and TLS reneg fix planned in the near future? I tried the head of branch from OpenSSL_0_9_8-stable as adviced. First there was compilation issue due to FIPS issue which I overcame with ./config no-fips Then, I run into a segfault on s_server :-( Th