x27; case.
> Is there something else that should be done here, or something I didn't do?
Hmm, I'm not familiar with the output. Can you use Wireshark to trace
the communication on the loopback interface? Is there a complete
handshake? I would like to make sure that it is not a firewall o
On May 7, 2011, at 2:16 PM, Justin Schoeman wrote:
> Further information...
>
> I have read the source, and it says that either the port number (eg. "8008"
> alone, or '*:' (eg:"*:8008) will bind to all interfaces, and
> '::' (eg "::8008") will bind to the IPV6 wildcard, which on most
> OSs wi
On May 7, 2011, at 10:40 PM, Justin Schoeman wrote:
> William A. Rowe Jr. wrote:
>> On 5/7/2011 7:16 AM, Justin Schoeman wrote:
>>
>>> It does not matter which of these I try, openssl always binds to
>>> '::1:8008', which does
>>> not accept IPV4.
>>>
>>
>>
I have tried various comb
On May 7, 2011, at 11:14 PM, Justin Schoeman wrote:
> Michael Tüxen wrote:
>> On May 7, 2011, at 10:40 PM, Justin Schoeman wrote:
>>
>>
>>> William A. Rowe Jr. wrote:
>>>
>>>> On 5/7/2011 7:16 AM, Justin Schoeman wrote:
>>>>
On May 26, 2011, at 12:32 AM, John Zavgren wrote:
> Greetings:
>
> How does one configure openSSL so that it builds with DTLS support?
I don't think any specific option is required. You just want to use
the latest 1.0.0 version, or even OpenSSL 1.0.0-stable.
http://sctp.fh-muenster.de/dtls-sampl
On May 31, 2011, at 8:02 AM, Neo Liu wrote:
> Hi, everyone,
>
> I'm developing a EAP-TLS server using OpenSSL. I need to derive key material
> from TLS session as described in RFC5216. Like the follow figure shows:
>
> | | pre_master_secret |
>serv
On Jun 1, 2011, at 4:02 AM, Neo Liu wrote:
>
>
> On Tue, May 31, 2011 at 6:41 PM, Michael Tüxen
> wrote:
>
> What about using SSL_tls1_key_extractor()?
>
> I didn't this function in OpenSSL source.
I don't understand what you are saying...
> I c
On Sep 21, 2011, at 9:40 PM, Huaqing Wang wrote:
> Hi,
>
> I don't know if any other person met this issue.
> I use openssl1.0.0e, and working on dtls, in client side, if I set
> SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_QUERY_MTU);
> SSL_set_mtu(ss_ssl, 1500);
> I met a segmentation fault on the
On Apr 30, 2010, at 9:29 AM, denot...@libero.it wrote:
> Hi all.
> I need to generate a BIGNUM C that is relatively prime with a BIGNUM N(
> GCD
> (N,C)=1 )
> is there a pre-built function in openssl library ??
Doesn't C=1 or C=N+1 solve your problem?
Best regards
Michael
>
> Thanks.
>
On Jun 30, 2010, at 1:03 PM, Byron Campen wrote:
> I am looking into the possibility of using openssl on an sctp
> association (for SIP, specifically), and the standardized way of doing it is
> non-trivial (although not terribly complex; I call it non-trivial because it
> is doing somethi
Hi Sebastian,
which version of openssl are you using? 0.9.8 contains
a lot of bugs regarding DTLS. (You can see a list of fixes
at http://sctp.fh-muenster.de/dtls-patches.html).
They are fixed in 1.0.? Do the same problems show up with 1.0.??
Best regards
Michael
On Sep 15, 2010, at 7:10 PM, Se
Hi Henry,
Robin (CCed) is currently debugging the DTLS implementation which is
part
of the OpenSSL library.
He has sent 3 or 4 patches to the list which fix several bugs in the
DTLS implementation. You might want to apply them yo your sources.
Maybe it is possible that someone from the core t
Hi Daniel,
why not use DTLS on top of SCTP? SCTP would check using its heartbeat
mechanism
whether the connection is still alive.
Best regards
Michael
On Jan 19, 2009, at 10:47 AM, Daniel Mentz wrote:
Hi everybody,
how can I detect a dead server with *DTLS*?
I'm developing an application
Hi Daniel,
comments in-line.
Best regards
Michael
On Jan 19, 2009, at 10:54 PM, Daniel Mentz wrote:
Thank you all for your answers.
I think I will go for the hack that misuses re-negotiation as a kind
of
heartbeat, keep alive or echo request. I tried to avoid this hack at
first because it
Hi Giang,
I think Robin tested it, so yes it works... But you need the bugfixes
he sent to the list...
Robin: Am I right?
Best regards
Michael
On Jan 20, 2009, at 5:59 PM, Giang Nguyen wrote:
I think I will go for the hack that misuses re-negotiation as a
kind of
heartbeat, keep alive or
gards,
Robin
Am 20.01.2009 um 18:38 schrieb Michael Tüxen:
Hi Giang,
I think Robin tested it, so yes it works... But you need the bugfixes
he sent to the list...
Robin: Am I right?
Best regards
Michael
On Jan 20, 2009, at 5:59 PM, Giang Nguyen wrote:
I think I will go for the hack that misus
only affect DTLS but also TLS which supports
session resumption, too. In my opinion neither a DTLS specific
method nor an untested generic method is a good solution.
Understood and agreed.
Regards,
Robin
Am 20.01.2009 um 19:42 schrieb Michael Tüxen:
Hi Robin,
what would be needed to add
Hi,
DTLS is already implemented in openssl-0.9.8j. We have done
some testing and found a couple of bugs which where fixed
bu Robin. These patches are available at
http://sctp.fh-muenster.de/dtls-patches.html
Robin also prepared some example programs which are available at
http://sctp.fh-muenster.
You might want to take a look at the examples at
http://sctp.fh-muenster.de/dtls-samples.html
Best regards
Michael
On Apr 11, 2009, at 10:03 PM, Miguel Ghobangieno wrote:
Any information on this?
--- On Thu, 4/9/09, Miguel Ghobangieno wrote:
From: Miguel Ghobangieno
Subject: (DTLS) Nexu
On Apr 16, 2009, at 7:03 PM, Miguel Ghobangieno wrote:
Thanks :)
Though the memory leak in the guy's code might be a problem :P .
"The bad news is that some have complained the OpenSSL developers
aren't proactively applying patches for DTLS so it's unknown exactly
when these issues will be
Hi Daniel,
yes, you are right. The command line arg is passed to
SSL_set_mtu() which just sets d1->mtu.
The rest of the code assumes that d1->mtu does
only covers the UDP payload. So we need to fix
the handling of SSL_CTRL_SET_MTU to reduce the
value by 20+8.
Regarding path MTU discovery there s
bin, how we can handle that...
Best regards
Michael
On May 13, 2009, at 12:48 AM, Michael Tüxen wrote:
Hi Daniel,
yes, you are right. The command line arg is passed to
SSL_set_mtu() which just sets d1->mtu.
The rest of the code assumes that d1->mtu does
only covers the UDP payload. So we
tract the
overhead for the IP, UDP and DTLS Record Header but I think that's a
violation of the layering principle. I - as an application developer
- don't want to be concerned with the DTLS Record Layer.
Best regards,
Daniel
Michael Tüxen wrote:
Hi Daniel,
yes, you are right.
Hi Daniel,
for discussing IETF specifications, you might want to use the
appropriate
IETF mailing list...
However, as stated in my other mail, I think the definition on the RFC
is
correct. Your definition does only work for DTLS/UDP/IPv4 without using
IP options. In all other cases your de
24 matches
Mail list logo