[openssl.org #127] AES draft cipher suites
RFC3268 makes the AES cipher suites official, so the AESdraft problem no longer exists. However, it would still be a good idea to create a NONE cipher suite group alias because it is useful in the other scenarios given in the problem description. __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: create_empty_fragment in do_ssl3_write seems to breaks renegotiation in IE 6.0
On Wed, Jul 03, 2002 at 01:57:26PM +0200, [EMAIL PROTECTED] wrote: I'm doing some testing of openssl. I'm realized that the 'create-empty-fragment' introduced in do_ssl3_write [OpenSSL 0.9.6d] to avoid IV weakness causes that IE 6.0 (other versions, too?) don't work if a client renegotiation is performed. Modifying the code to avoid these procedure, renegotiation will work OK. I don't think that renegotiation is a problem. The problem probably is the ciphersuite selected during renegotiation -- presumably you switch from RC4 to a DES-based cipher. Using RC4 avoids the problem with IE. OpenSSL 0.9.6e or 0.9.7 will allow disabling the empty-fragment method. This is useful when interoperability with MSIE is more important than security. You might want to try the latest beta for OpenSSL 0.9.7. -- Bodo Möller [EMAIL PROTECTED] PGP http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller/0x36d2c658.html * TU Darmstadt, Theoretische Informatik, Alexanderstr. 10, D-64283 Darmstadt * Tel. +49-6151-16-6628, Fax +49-6151-16-6036 __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[openssl.org #136] [Fwd: Bug#151197: openssl: verify should fail when verification fails]
__ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: GMP-based ENGINE implementation
Hello all, I try to run GMP-based engine implementation, following up to instructions of Geoff. Actually I cannot even configure it. I have latest engine version. (2) add the obvious L GMP hw_gmp_err.h hw_gmp_err.c entry to crypto/engine/hw.ec= WHERE is this file? there is no such file in ../crypto/engine (4) declare void ENGINE_load_gmp(void); in crypto/engine/engine.h like all the other engines. actually i didn't find other declarations here... (5) add a call to ENGINE_load_gmp(); in crypto/engine/eng_all.c. There is no such file as well... Thanks in advance, Catherine Goldin _ Send and receive Hotmail on your mobile device: http://mobile.msn.com __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]