Re: OpenSSL Security Advisory
https://www.openssl.org/news/changelog.html 1.0.1 introduced the heartbeat support. 1.0.0 and earlier are fortunate in that they didnt have it.but then they didnt have things to stop you from being BEASTed so some you win, some you lose. ;) alan
Re: OpenSSL Security Advisory
True. Thanks for the quick reply. On Wednesday, April 9, 2014 3:33 PM, Alan Buxey a.l.m.bu...@lboro.ac.uk wrote: https://www.openssl.org/news/changelog.html 1.0.1 introduced the heartbeat support. 1.0.0 and earlier are fortunate in that they didnt have it.but then they didnt have things to stop you from being BEASTed so some you win, some you lose. ;) alan
Re: How to swap engines / register functionality on the fly
I call a EVP-based verify function (that works), I then call a HSM/dynamic/OpenSC/pkcs11-based sign function ( works too ) , but then a second call to my verify functions complains with ecc_ssl_gen_EC_KEY EC_KEY_generate_key FAIL error:2D06D075:FIPS routines:fips_pkey_signature_test:test failure I'm concluding something in the sign() is causing this but have no clue. I do set fips off too. openssl version - OpenSSL 1.0.1e-fips 11 Feb 2013 -- View this message in context: http://openssl.6102.n7.nabble.com/How-to-swap-engines-register-functionality-on-the-fly-tp48982p49159.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Help me for ECDHE algorithm
I am newer to this and i want to make ECDHE algorithm for cilient-server. Can anyone tell me basic steps and functions to do this. all response are acceptable. Thankss in advance -- View this message in context: http://openssl.6102.n7.nabble.com/Help-me-for-ECDHE-algorithm-tp49168.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: SSL vs. SSH in the context of CVE 2014-0160
Thanks Wim. On Tue, Apr 8, 2014 at 10:36 PM, Wim Lewis w...@omnigroup.com wrote: On 8 Apr 2014, at 7:14 PM, Chris Hill wrote: Team, I am having a discussions with a few friends about why this OpenSSL vuln (CVE 2014-0160) does not affect SSH. This may be TOO basic for many of you (apologize in advance), but can't think of any other way to prove my point other than speaking to the folks who really know (that's u). Or maybe I am the one wrong, wouldn't be the first time ;). A quick response to my frieds could be simply diffing the files for the actual OpenSSL change, e.g. ssl/d1_both.c and ssl/t1_lib.c, but I want a more classy answer. Is the below ok or am I completely off? Thank you in advance SSH and SSL/TLS are simply different protocols (doh). They may share some similar underlying crypto implementations, but as of their respective RFCs, they are just different protocols. The TLS Heartbeat TLS extension would not apply to SSH. SSH may have its own way to keep alive, but that would be a different one. Chris. This is correct as I understand it. ssh uses openssl mostly for crypto operations, but the ssh protocol does not have anything in common with ssl/tls (other than some fairly general design aspects). The heartbeat bug is particular to the openssl implementation of the heartbeat feature in tls, and that code isn't used by openssh. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
about ecdsa patent in openssl code
Hi all, I have a question on openssl ECDSA code. Can ECDSA be safely used without infringing on patents? The ECDSA implementation which is patent-free in openssl ? I would like to make use of ECDSA in embedded system, so I porting code from openssl. Will there be any problem? Best Wishes!
about ecdsa patent in openssl code
Hi all, I have a question on openssl ECDSA code. Can ECDSA be safely used without infringing on patents? The ECDSA implementation which is patent-free in openssl ? I would like to make use of ECDSA in embedded system, so I porting code from openssl. Will there be any problem? Best Wishes!
Error in `openssl': munmap_chunk(): invalid pointer: 0x00007ffffc1065af
Hi, when you set the -host parameter as last, you will get the following error: ~/cert-test/ $ openssl ocsp -CApath /etc/ssl/certs -no_nonce -issuer issuer.crt -cert cert.crt -url http://ocsp2.globalsign.com/gsalphag2 -host ocsp2.globalsign.com Error querying OCSP responsder 139638328587920:error:27076072:OCSP routines:PARSE_HTTP_LINE1:server response error:ocsp_ht.c:250:Code=403,Reason=Forbidden *** Error in `openssl': munmap_chunk(): invalid pointer: 0x7fff0b82859d *** === Backtrace: = /lib64/libc.so.6(+0x741bf)[0x7f001440e1bf] /lib64/libc.so.6(+0x79ace)[0x7f0014413ace] /usr/lib64/libcrypto.so.1.0.0(CRYPTO_free+0x1d)[0x7f00148874cd] openssl[0x45981b] openssl[0x418e78] openssl[0x418bc6] /lib64/libc.so.6(__libc_start_main+0xf5)[0x7f00143bbb15] openssl[0x418c4b] === Memory map: 0040-00478000 r-xp fe:03 303689 /usr/bin/openssl 00678000-00679000 r--p 00078000 fe:03 303689 /usr/bin/openssl 00679000-0067e000 rw-p 00079000 fe:03 303689 /usr/bin/openssl 0067e000-0067f000 rw-p 00:00 0 025fb000-0263d000 rw-p 00:00 0 [heap] 7f0013d6a000-7f0013d7f000 r-xp fe:03 192002 /usr/lib64/gcc/x86_64-pc-linux-gnu/4.8.2/libgcc_s.so.1 7f0013d7f000-7f0013f7e000 ---p 00015000 fe:03 192002 /usr/lib64/gcc/x86_64-pc-linux-gnu/4.8.2/libgcc_s.so.1 7f0013f7e000-7f0013f7f000 r--p 00014000 fe:03 192002 /usr/lib64/gcc/x86_64-pc-linux-gnu/4.8.2/libgcc_s.so.1 7f0013f7f000-7f0013f8 rw-p 00015000 fe:03 192002 /usr/lib64/gcc/x86_64-pc-linux-gnu/4.8.2/libgcc_s.so.1 7f0013f8-7f0013f95000 r-xp fe:03 160220 /lib64/libz.so.1.2.8 7f0013f95000-7f0014194000 ---p 00015000 fe:03 160220 /lib64/libz.so.1.2.8 7f0014194000-7f0014195000 r--p 00014000 fe:03 160220 /lib64/libz.so.1.2.8 7f0014195000-7f0014196000 rw-p 00015000 fe:03 160220 /lib64/libz.so.1.2.8 7f0014196000-7f0014198000 r-xp fe:03 667133 /lib64/libdl-2.19.so 7f0014198000-7f0014398000 ---p 2000 fe:03 667133 /lib64/libdl-2.19.so 7f0014398000-7f0014399000 r--p 2000 fe:03 667133 /lib64/libdl-2.19.so 7f0014399000-7f001439a000 rw-p 3000 fe:03 667133 /lib64/libdl-2.19.so 7f001439a000-7f0014539000 r-xp fe:03 667200 /lib64/libc-2.19.so 7f0014539000-7f0014739000 ---p 0019f000 fe:03 667200 /lib64/libc-2.19.so 7f0014739000-7f001473d000 r--p 0019f000 fe:03 667200 /lib64/libc-2.19.so 7f001473d000-7f001473f000 rw-p 001a3000 fe:03 667200 /lib64/libc-2.19.so 7f001473f000-7f0014743000 rw-p 00:00 0 7f0014743000-7f00148ea000 r-xp fe:03 301863 /usr/lib64/libcrypto.so.1.0.0 7f00148ea000-7f0014aea000 ---p 001a7000 fe:03 301863 /usr/lib64/libcrypto.so.1.0.0 7f0014aea000-7f0014b04000 r--p 001a7000 fe:03 301863 /usr/lib64/libcrypto.so.1.0.0 7f0014b04000-7f0014b0f000 rw-p 001c1000 fe:03 301863 /usr/lib64/libcrypto.so.1.0.0 7f0014b0f000-7f0014b13000 rw-p 00:00 0 7f0014b13000-7f0014b72000 r-xp fe:03 301866 /usr/lib64/libssl.so.1.0.0 7f0014b72000-7f0014d72000 ---p 0005f000 fe:03 301866 /usr/lib64/libssl.so.1.0.0 7f0014d72000-7f0014d76000 r--p 0005f000 fe:03 301866 /usr/lib64/libssl.so.1.0.0 7f0014d76000-7f0014d7d000 rw-p 00063000 fe:03 301866 /usr/lib64/libssl.so.1.0.0 7f0014d7d000-7f0014d9e000 r-xp fe:03 666577 /lib64/ld-2.19.so 7f0014f8e000-7f0014f92000 rw-p 00:00 0 7f0014f9b000-7f0014f9d000 rw-p 00:00 0 7f0014f9d000-7f0014f9e000 r--p 0002 fe:03 666577 /lib64/ld-2.19.so 7f0014f9e000-7f0014f9f000 rw-p 00021000 fe:03 666577 /lib64/ld-2.19.so 7f0014f9f000-7f0014fa rw-p 00:00 0 7fff0b808000-7fff0b829000 rw-p 00:00 0 [stack] 7fff0b991000-7fff0b992000 r-xp 00:00 0 [vdso] ff60-ff601000 r-xp 00:00 0 [vsyscall] Aborted (core dumped) $ openssl version OpenSSL 1.0.1g 7 Apr 2014 gcc-4.8.2, glibc-2.19 -- Regards, Igor __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
STORE support
Hi all, Since 1.0.0 version the STORE functionallity has been removed from openssl distirbutive by default. We may see in CHANGES *) Removed effectively defunct crypto/store from the build. [Ben Laurie] Does anybody know why the STORE support has been disabled?
Re: OpenSSL Security Advisory
How do I determine whether or not the web servers I run are affected? They are Apache 2.4, built for 64 bit Windows and downloaded from Apachelounge. I have no idea what version of openssl it was built with. Does anyone here know if the feature that introduces the risk can be turned off, without introducing other risks? If so, how? Also, could the security keys we bought have been compromised? Any advice on how I can protect my servers better would be appreciated. Thanks Ted -- R.E.(Ted) Byers, Ph.D.,Ed.D. On Mon, Apr 7, 2014 at 4:31 PM, OpenSSL open...@openssl.org wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 OpenSSL Security Advisory [07 Apr 2014] TLS heartbeat read overrun (CVE-2014-0160) == A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server. Only 1.0.1 and 1.0.2-beta releases of OpenSSL are affected including 1.0.1f and 1.0.2-beta1. Thanks for Neel Mehta of Google Security for discovering this bug and to Adam Langley a...@chromium.org and Bodo Moeller bmoel...@acm.org for preparing the fix. Affected users should upgrade to OpenSSL 1.0.1g. Users unable to immediately upgrade can alternatively recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS. 1.0.2 will be fixed in 1.0.2-beta2. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBCAAGBQJTQt1bAAoJENNXdQf6QOniGhkP/AjjZgV+g7ZyxnxdnvA2+sdV sxNso208Cod8DKnDONtXHuPTkTFfyHl72FM1ea99woe3X6JWj3PyiZGvSfeo4Jj/ QiDJvvcHc5Xq00gAr6MIarhMJbRtYkM+Th6PPXyqODYcb/pDoqy5VWo/R9QkZTPn zaiXPyapJB/qSYo4UqXWerT9YTLdYmiro//kQN0U/SedF/fNz4CEBcMyz6z7YJAC LFoE6Vf54PAkNvxjcX9ugIKluBMk5YONRG8PB0X/UDwf9Kj4L6OTT51x1yeFw3Sg GzTqvKD+2JWzFDCcfJULRCSCEwHhKbjR7n3sI1RPaaEWp5E63+9HSMRYjVOFIwt/ OTrMPbW1BEiX0A7NB7HSrrvddnYd3sz8A44v00oesr+XaW5nyu79IndQwLhPkKYF Dkb67quw/tfV6Y1r4sETqSd2FrM7MpFzltywMKzVKWNpMSwOAWSBGUl7VH0m84Ty zAufUSEnYIA3dMC2DnHie+ot4WnjJlTErBmfUb/QNbNYDt0vjhS60oydP1NJ8AlG aoUK7mslOlVCauAIeGNbi4PzJ+LvWYmyFFGT+M1/UOBZFFvG7jsReBjTIu9dg3Za S7NE7CeMvRRpOEm1+T9L8a26/c6C9dwF7JPQvMpTR3BeT2jjkYe8rdTCkT91g1sd J37YgDNuefzrsA+B5/o7 =szjb -END PGP SIGNATURE- __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL Security Advisory
http://filippo.io/Heartbleed/#www.unlocator.com On Wed, Apr 9, 2014 at 2:05 PM, Ted Byers r.ted.by...@gmail.com wrote: How do I determine whether or not the web servers I run are affected? They are Apache 2.4, built for 64 bit Windows and downloaded from Apachelounge. I have no idea what version of openssl it was built with. Does anyone here know if the feature that introduces the risk can be turned off, without introducing other risks? If so, how? Also, could the security keys we bought have been compromised? Any advice on how I can protect my servers better would be appreciated. Thanks Ted -- R.E.(Ted) Byers, Ph.D.,Ed.D. On Mon, Apr 7, 2014 at 4:31 PM, OpenSSL open...@openssl.org wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 OpenSSL Security Advisory [07 Apr 2014] TLS heartbeat read overrun (CVE-2014-0160) == A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server. Only 1.0.1 and 1.0.2-beta releases of OpenSSL are affected including 1.0.1f and 1.0.2-beta1. Thanks for Neel Mehta of Google Security for discovering this bug and to Adam Langley a...@chromium.org and Bodo Moeller bmoel...@acm.org for preparing the fix. Affected users should upgrade to OpenSSL 1.0.1g. Users unable to immediately upgrade can alternatively recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS. 1.0.2 will be fixed in 1.0.2-beta2. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBCAAGBQJTQt1bAAoJENNXdQf6QOniGhkP/AjjZgV+g7ZyxnxdnvA2+sdV sxNso208Cod8DKnDONtXHuPTkTFfyHl72FM1ea99woe3X6JWj3PyiZGvSfeo4Jj/ QiDJvvcHc5Xq00gAr6MIarhMJbRtYkM+Th6PPXyqODYcb/pDoqy5VWo/R9QkZTPn zaiXPyapJB/qSYo4UqXWerT9YTLdYmiro//kQN0U/SedF/fNz4CEBcMyz6z7YJAC LFoE6Vf54PAkNvxjcX9ugIKluBMk5YONRG8PB0X/UDwf9Kj4L6OTT51x1yeFw3Sg GzTqvKD+2JWzFDCcfJULRCSCEwHhKbjR7n3sI1RPaaEWp5E63+9HSMRYjVOFIwt/ OTrMPbW1BEiX0A7NB7HSrrvddnYd3sz8A44v00oesr+XaW5nyu79IndQwLhPkKYF Dkb67quw/tfV6Y1r4sETqSd2FrM7MpFzltywMKzVKWNpMSwOAWSBGUl7VH0m84Ty zAufUSEnYIA3dMC2DnHie+ot4WnjJlTErBmfUb/QNbNYDt0vjhS60oydP1NJ8AlG aoUK7mslOlVCauAIeGNbi4PzJ+LvWYmyFFGT+M1/UOBZFFvG7jsReBjTIu9dg3Za S7NE7CeMvRRpOEm1+T9L8a26/c6C9dwF7JPQvMpTR3BeT2jjkYe8rdTCkT91g1sd J37YgDNuefzrsA+B5/o7 =szjb -END PGP SIGNATURE- __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: OpenSSL Security Advisory
Hi Ted,
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
How do I determine whether or not the web servers I run are affected?
They are Apache 2.4, built for 64 bit Windows and downloaded from
Apachelounge. I have no idea what version of openssl it was built with. Does
anyone here know if the feature that introduces the risk can be turned off,
without introducing other risks? If so, how?
you can check for yourself:
- http://filippo.io/Heartbleed/
- http://possible.lv/tools/hb/
- https://github.com/noxxi/p5-scripts/blob/master/check-ssl-heartbleed.pl
Also, could the security keys we bought have been compromised?
Certainly yes. You should replace them. I read today that some CAs offer free
replacements.
HTH,
Patrick Eisenacher
:��IϮ��r�m
(Z+�K
�+1���x
��h[�z�(Z+�
��f�y��
�f���h��)z{,���
RE: OpenSSL Security Advisory
Ø How do I determine whether or not the web servers I run are affected? Here's a simple way: echo B | openssl s_client -connect $HOST:$PORT if you see heartbeating at the end, then $HOST is vulnerable. How can you tell if private keys have been taken? You can't, really. You can estimate the likelihood by looking closely at how OpenSSL_Malloc() return values are used and layed out. The risk is that an allocated ssl-record buffer is right up against a private key being stored. /r$ -- Principal Security Engineer Akamai Technology Cambridge, MA
CVE 2014-0160 and FIPS 140-2 module
Can anyone confirm my understanding that the FIPS 140-2 certified module is NOT affected by the CVE 2014-0160 vulnerability? -- Chris Bare
Re: OpenSSL Security Advisory
Thanks Rich, I have obtained the new, patched, release of Apache from Apache lounge, and applied the patch to one server, which the online services say fix the problem on it, but your simple way of checking still says heartbeating at the end. Does that mean that the patch didn't truly work? I get the heartbeating message on both unpatched and patched servers. Should that make me worry about the patched machines? Thanks Ted -- R.E.(Ted) Byers, Ph.D.,Ed.D. On Wed, Apr 9, 2014 at 9:54 AM, Salz, Rich rs...@akamai.com wrote: Ø How do I determine whether or not the web servers I run are affected? Here's a simple way: echo B | openssl s_client -connect $HOST:$PORT if you see heartbeating at the end, then $HOST is vulnerable. How can you tell if private keys have been taken? You can't, really. You can estimate the likelihood by looking closely at how OpenSSL_Malloc() return values are used and layed out. The risk is that an allocated ssl-record buffer is right up against a private key being stored. /r$ -- Principal Security Engineer Akamai Technology Cambridge, MA
Re: OpenSSL Security Advisory
Thanks Patrick. Apache lounge already has a patched release released. So, once I deploy that, and get my certificates reissued, I ought to be OK. Thanks Ted -- R.E.(Ted) Byers, Ph.D.,Ed.D. On Wed, Apr 9, 2014 at 8:37 AM, Eisenacher, Patrick patrick.eisenac...@bdr.de wrote: Hi Ted, -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl- How do I determine whether or not the web servers I run are affected? They are Apache 2.4, built for 64 bit Windows and downloaded from Apachelounge. I have no idea what version of openssl it was built with. Does anyone here know if the feature that introduces the risk can be turned off, without introducing other risks? If so, how? you can check for yourself: - http://filippo.io/Heartbleed/ - http://possible.lv/tools/hb/ - https://github.com/noxxi/p5-scripts/blob/master/check-ssl-heartbleed.pl Also, could the security keys we bought have been compromised? Certainly yes. You should replace them. I read today that some CAs offer free replacements. HTH, Patrick Eisenacher
Re: CVE 2014-0160 and FIPS 140-2 module
It is not. -ag -- sent via 100% recycled electrons from my mobile command center. On Apr 9, 2014, at 7:22 AM, Chris Bare chris.b...@gmail.com wrote: Can anyone confirm my understanding that the FIPS 140-2 certified module is NOT affected by the CVE 2014-0160 vulnerability? -- Chris Bare __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Reading an otherName value from a subjectAltName certificate extension
It looks like OpenSSL always shows unsupported for a subjectAltName of
otherName.
The string that was written (both via M2Crypto, and directly at the
commandline via openssl.cnf):
1.2.3.4;UTF8:some other identifier
Dumped (openssl x509 -in test.crt -noout -text):
c3:88:36:93:82:58:0c:08:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Alternative Name:
othername:unsupported
Signature Algorithm: sha1WithRSAEncryption
05:76:d5:fc:d0:44:50:af:39:76:05:b4:cb:b6:99:9f:7c:c0:
Grepping through the OpenSSL source for otherName, this stood out to me
(in v3_alt.c):
1:
STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method,
GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret)
{
unsigned char *p;
char oline[256], htmp[5];
int i;
switch (gen-type)
{
case GEN_OTHERNAME:
X509V3_add_value(othername,unsupported, ret);
break;
case GEN_X400:
X509V3_add_value(X400Name,unsupported, ret);
break;
case GEN_EDIPARTY:
X509V3_add_value(EdiPartyName,unsupported, ret);
break;
2:
int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen)
{
unsigned char *p;
int i;
switch (gen-type)
{
case GEN_OTHERNAME:
BIO_printf(out, othername:unsupported);
break;
case GEN_X400:
BIO_printf(out, X400Name:unsupported);
break;
case GEN_EDIPARTY:
/* Maybe fix this: it is supported now */
BIO_printf(out, EdiPartyName:unsupported);
break;
So, I'm willing to bet that both this and the empirical knowledge coming
from my attempts above mean that I shouldn't ever expect that the
otherName values will *ever* be properly rendered via the command-line or
library calls. This might be because they're actual, encoded ASN.1 strings.
So, how can I do it? How do people extract these values? If they are actual
ASN.1 strings, is it up to the developer to decode them?
Dustin
Re: OpenSSL Security Advisory
On Wed, Apr 09, 2014 at 10:55:23AM -0400, Ted Byers wrote: I get the heartbeating message on both unpatched and patched servers. Should that make me worry about the patched machines? No, unfortunately both patched and unpatched systems respond the same way to valid heartbeat requests as send by s_client(1). To detect a difference, you need to send invalid heartbeat requests whose payload is shorter than promised. If you patch a copy of the source code for OpenSSL 1.0.1 as below, and build statically linked and run ./apps/openssl s_client ... from the build tree: --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -2702,7 +2702,7 @@ tls1_heartbeat(SSL *s) /* Message Type */ *p++ = TLS1_HB_REQUEST; /* Payload length (18 bytes here) */ - s2n(payload, p); + s2n(0x4000, p); /* Sequence number */ s2n(s-tlsext_hb_seq, p); /* 16 random bytes */ then you can detect the difference. Patched systems won't respond to the malformed heartbeat request. Replace echo B | with something like: (sleep 10; echo B; sleep 10) | ... to make sure that the handshake is complete by the time the request is sent, and the client does not disconnect too quickly. -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: OpenSSL Security Advisory
Ø I get the heartbeating message on both unpatched and patched servers. Should that make me worry about the patched machines? Not necessarily. If they updated to the 'g' release, then they are doing buffer-overrun checking and you're safe. You can probably find out by connecting to your server (via s_client again) and seeing what it says in the server line, as in echo HEAD / HTTP/1.0 | openssl s_client -connect $HOST:$PORT The server usually says things like apache/2.0 openssl/1.0.1g ... and other modules that are bundled in. To be safest, heartbeats should just be disabled. Nobody really uses them. /r$ -- Principal Security Engineer Akamai Technology Cambridge, MA
Re: Help me for ECDHE algorithm
On 9 April 2014 08:39, chetan chet...@neominds.in wrote: I am newer to this and i want to make ECDHE algorithm for cilient-server. Can anyone tell me basic steps and functions to do this. all response are acceptable. Thankss in advance Its unclear from your question whether you are looking to programatically use openssl's ECDHE capabilities directly, or whether you are looking to set up an SSL/TLS communication using ECDHE based ciphersuites. Assuming the former, then this page is a good start: http://wiki.openssl.org/index.php/Elliptic_Curve_Diffie_Hellman Matt __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL Security Advisory
- Forwarded message from Salz, Rich rs...@akamai.com - Date: Wed, 9 Apr 2014 09:54:25 -0400 From: Salz, Rich rs...@akamai.com To: openssl-users@openssl.org openssl-users@openssl.org Subject: RE: OpenSSL Security Advisory Ø How do I determine whether or not the web servers I run are affected? Here's a simple way: echo B | openssl s_client -connect $HOST:$PORT if you see heartbeating at the end, then $HOST is vulnerable. How can you tell if private keys have been taken? You can't, really. You can estimate the likelihood by looking closely at how OpenSSL_Malloc() return values are used and layed out. The risk is that an allocated ssl-record buffer is right up against a private key being stored. /r$ Hello Rich, Can you please post a good and a bad server example. I have tested a lot of servers, including 'akamai.com', and they all show HEARTBEATING at the end: $ echo B | openssl s_client -connect akamai.com:https ... Verify return code: 20 (unable to get local issuer certificate) --- HEARTBEATING 675358796:error:1413B16D:SSL routines:SSL_F_TLS1_HEARTBEAT:peer does not accept heartbearts:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/t1_lib.c:2562: Thanks for clarification. matthias -- Sent from my FreeBSD netbook Matthias Apitz, g...@unixarea.de, http://www.unixarea.de/ f: +49-170-4527211 UNIX since V7 on PDP-11, UNIX on mainframe since ESER 1055 (IBM /370) UNIX on x86 since SVR4.2 UnixWare 2.1.2, FreeBSD since 2.2.5 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: OpenSSL Security Advisory
Can you please post a good and a bad server example. I have tested a lot of servers, including 'akamai.com', and they all show HEARTBEATING at the end: Look at Victor's recent post about how to patch openssl/s_client to make your own test. That's the simplest. My example tests only for those who have disabled TLs heartbeats, which is the safest thing, but not necessarily the only thing, to do. -- Principal Security Engineer Akamai Technology Cambridge, MA __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL version 1.0.1g release signed with unauthorized key???
Attention: The .asc file I downloaded directly from openssl.org for the 1.0.1g tarball was signed with a key NOT authorized by the fingerprints.txt file distributed in previous tarballs, nor by the (unverifiable) fingerprints.txt available from http://www.openssl.org/docs/misc/ Specifically, it was signed by a PGP key purporting to belong to Dr. Henson, but with a different identifier and a different e-mail address than the authorized key listed for him in fingerprints.txt. I suspect this is just a mixup at your end, but one cannot feel too sure without a valid file signature consistent with the securely distributed signature list. For now, I will have to avoid installing this critical security update and try the workaround instead. On 4/7/2014 7:38 PM, OpenSSL wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 OpenSSL version 1.0.1g released === OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 1.0.1g of our open source toolkit for SSL/TLS. For details of changes and known issues see the release notes at: http://www.openssl.org/news/openssl-1.0.1-notes.html OpenSSL 1.0.1g is available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under http://www.openssl.org/source/mirror.html): * http://www.openssl.org/source/ * ftp://ftp.openssl.org/source/ The distribution file name is: o openssl-1.0.1g.tar.gz Size: 4509047 MD5 checksum: de62b43dfcd858e66a74bee1c834e959 SHA1 checksum: b28b3bcb1dc3ee7b55024c9f795be60eb3183e3c The checksums were calculated using the following commands: openssl md5 openssl-1.0.1g.tar.gz openssl sha1 openssl-1.0.1g.tar.gz Yours, The OpenSSL Project Team. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBCAAGBQJTQtiiAAoJENNXdQf6QOniC/EQALRkau9Gx+qzyp1nx1FDTJI1 ox93n7SKC3QIjX4veVuFjpaPymNQXVRM8IbgET5tE4GPT5w+PrscpyGSJJr8yvWN TKy48JSKl13GVMODnEC6nEffsS/sci5o2PHXhDYa7aC+xRF6UUSMa8tqXnhGJP7e uv7a1tYjtgE8Ix9tdoK32UkPOM0Z1qr11lPFDdG0GrIs+mbjPirdKSgvQm22w4IU jyn5AmmReA6ZnIpffOHGQY5OgpGTg4yg+aaFKenisOfIL80raNZlVuWrzDkTUS9k +gikqtBRg1pFMd1UGpl0S7sIXZNm01yv4K4aO3a9aykXqPQLOc8WmvfDgf99+8HR zUrowh7Xf1CvHsgIs4s0XaggZdXhkXpMpSWdWpVh7ZVm/TPInoPWwyj8Zp/TL8XF N/GrNHRLuWvSgCuyA7qhkee33FmtCblnYTHSLyGQrVpfq/cVEzvpznsZnObjFG+/ 4Gss0qUVQZ0LJUUKZHx5cGvHliXYEeZQaBz/VLJ7J8fvy6Fsp0vKFjbrobG6srB6 pa6NYQKjHhobx+eEW380j3r60iBiz1GjdMSOdLvnSOA9dOcWmXFxl5GLcASnM+F0 kGtZBjLXsaImnp749V50sme+bNgQ/ErUvikTLXefk0rtUnfjCmJec44Kn5Gh7J1k iI/CjhJrI2B83C48m2kE =lxo1 -END PGP SIGNATURE- __ OpenSSL Project http://www.openssl.org Announcement Mailing List openssl-annou...@openssl.org Automated List Manager majord...@openssl.org Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL version 1.0.1g release signed with unauthorized key???
On Apr 9, 2014 7:30 PM, Jakob Bohm jb-open...@wisemo.com wrote: Attention: The .asc file I downloaded directly from openssl.org for the 1.0.1g tarball was signed with a key NOT authorized by the fingerprints.txt file distributed in previous tarballs, nor by the (unverifiable) fingerprints.txt available from http://www.openssl.org/docs/misc/ Specifically, it was signed by a PGP key purporting to belong to Dr. Henson, but with a different identifier and a different e-mail address than the authorized key listed for him in fingerprints.txt. I suspect this is just a mixup at your end, but one cannot feel too sure without a valid file signature consistent with the securely distributed signature list. For now, I will have to avoid installing this critical security update and try the workaround instead. Not great timing. Dustin On 4/7/2014 7:38 PM, OpenSSL wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 OpenSSL version 1.0.1g released === OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 1.0.1g of our open source toolkit for SSL/TLS. For details of changes and known issues see the release notes at: http://www.openssl.org/news/openssl-1.0.1-notes.html OpenSSL 1.0.1g is available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under http://www.openssl.org/source/mirror.html): * http://www.openssl.org/source/ * ftp://ftp.openssl.org/source/ The distribution file name is: o openssl-1.0.1g.tar.gz Size: 4509047 MD5 checksum: de62b43dfcd858e66a74bee1c834e959 SHA1 checksum: b28b3bcb1dc3ee7b55024c9f795be60eb3183e3c The checksums were calculated using the following commands: openssl md5 openssl-1.0.1g.tar.gz openssl sha1 openssl-1.0.1g.tar.gz Yours, The OpenSSL Project Team. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBCAAGBQJTQtiiAAoJENNXdQf6QOniC/EQALRkau9Gx+qzyp1nx1FDTJI1 ox93n7SKC3QIjX4veVuFjpaPymNQXVRM8IbgET5tE4GPT5w+PrscpyGSJJr8yvWN TKy48JSKl13GVMODnEC6nEffsS/sci5o2PHXhDYa7aC+xRF6UUSMa8tqXnhGJP7e uv7a1tYjtgE8Ix9tdoK32UkPOM0Z1qr11lPFDdG0GrIs+mbjPirdKSgvQm22w4IU jyn5AmmReA6ZnIpffOHGQY5OgpGTg4yg+aaFKenisOfIL80raNZlVuWrzDkTUS9k +gikqtBRg1pFMd1UGpl0S7sIXZNm01yv4K4aO3a9aykXqPQLOc8WmvfDgf99+8HR zUrowh7Xf1CvHsgIs4s0XaggZdXhkXpMpSWdWpVh7ZVm/TPInoPWwyj8Zp/TL8XF N/GrNHRLuWvSgCuyA7qhkee33FmtCblnYTHSLyGQrVpfq/cVEzvpznsZnObjFG+/ 4Gss0qUVQZ0LJUUKZHx5cGvHliXYEeZQaBz/VLJ7J8fvy6Fsp0vKFjbrobG6srB6 pa6NYQKjHhobx+eEW380j3r60iBiz1GjdMSOdLvnSOA9dOcWmXFxl5GLcASnM+F0 kGtZBjLXsaImnp749V50sme+bNgQ/ErUvikTLXefk0rtUnfjCmJec44Kn5Gh7J1k iI/CjhJrI2B83C48m2kE =lxo1 -END PGP SIGNATURE- __ OpenSSL Project http://www.openssl.org Announcement Mailing List openssl-annou...@openssl.org Automated List Manager majord...@openssl.org Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
OpenSSL version 1.0.1g fails to link on Win32
Hi - I just compiled OpenSSL 1.0.1g for Win32 using Visual Studio 2005; my application failed to link because of an unresolved external _check_winnt In crypto/rand/rand_win.c, function readscreen, this line: if (GetVersion() 0x8000 OPENSSL_isservice()0) was changed to if (check_winnt() OPENSSL_isservice()0) And also in crypto/cryptlib.c, function OPENSSL_showfatal, this line: if (GetVersion() 0x8000 OPENSSL_isservice() 0) was changed to if (check_winnt() OPENSSL_isservice() 0) I can't seem to find where check_winnt() is declared/defined. So, I just changed it back. This seems to work for me, but I thought I should mention it for other users. -Geoffrey __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL version 1.0.1g fails to link on Win32
I just compiled 32 bit with ntdll.mak with nasm 2.11.02 and Visual Studio Express 2013 with no issues, with and without the DOPENSSL_NO_HEARTBEATS option. I was making it to drop the keys files into Apache 2.2.26: openssl.exe ssleay32.dll libeay32.dll I am doing this to compile: perl Configure VC-WIN32 --prefix=C:\ApacheSoftware\Apache22\bin --openssldir=C:\ApacheSoftware\Apache22\conf ms\do_nasm nmake -f ms\ntdll.mak I know this is in the docs and such but so many people are working in this right now I just thought I'd post that it can work OK with a newer VS version. Steve... On Wed, Apr 9, 2014 at 9:36 PM, Geoffrey Coram gjco...@gmail.com wrote: Hi - I just compiled OpenSSL 1.0.1g for Win32 using Visual Studio 2005; my application failed to link because of an unresolved external _check_winnt In crypto/rand/rand_win.c, function readscreen, this line: if (GetVersion() 0x8000 OPENSSL_isservice()0) was changed to if (check_winnt() OPENSSL_isservice()0) And also in crypto/cryptlib.c, function OPENSSL_showfatal, this line: if (GetVersion() 0x8000 OPENSSL_isservice() 0) was changed to if (check_winnt() OPENSSL_isservice() 0) I can't seem to find where check_winnt() is declared/defined. So, I just changed it back. This seems to work for me, but I thought I should mention it for other users. -Geoffrey __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- Steve Kneizys Senior Business Process Engineer Voice: (610) 256-1396 [For Emergency Service (888)864-3282] Ferrilli Information Group -- Quality Service and Solutions for Higher Education web: http://www.ferrilli.com/ http://www.figsolutions.com/ Making you a success while exceeding your expectations.
Re: OpenSSL version 1.0.1g fails to link on Win32
Thanks for the report. Is check_winnt() in the Windows libraries or in OpenSSL? I tried Googling it, but didn't come up with anything, and I didn't find a declaration in the OpenSSL source code. I do nmake -f ntlib.mak, which makes some static libraries for me, using only code in crypto/ and ssl/ I suppose if check_winnt() is in a different directory, that would be my problem (and my fault for not re-running perl Configure). -Geoffrey On 04/09/2014 21:58, Steven Kneizys sknei...@ferrilli.com wrote: I just compiled 32 bit with ntdll.mak with nasm 2.11.02 and Visual Studio Express 2013 with no issues, with and without the DOPENSSL_NO_HEARTBEATS option. I was making it to drop the keys files into Apache 2.2.26: openssl.exe ssleay32.dll libeay32.dll I am doing this to compile: perl Configure VC-WIN32 --prefix=C:\ApacheSoftware\Apache22\bin --openssldir=C:\ApacheSoftware\Apache22\conf ms\do_nasm nmake -f ms\ntdll.mak I know this is in the docs and such but so many people are working in this right now I just thought I'd post that it can work OK with a newer VS version. Steve... On Wed, Apr 9, 2014 at 9:36 PM, Geoffrey Coram gjco...@gmail.com wrote: Hi - I just compiled OpenSSL 1.0.1g for Win32 using Visual Studio 2005; my application failed to link because of an unresolved external _check_winnt In crypto/rand/rand_win.c, function readscreen, this line: if (GetVersion() 0x8000 OPENSSL_isservice()0) was changed to if (check_winnt() OPENSSL_isservice()0) And also in crypto/cryptlib.c, function OPENSSL_showfatal, this line: if (GetVersion() 0x8000 OPENSSL_isservice() 0) was changed to if (check_winnt() OPENSSL_isservice() 0) I can't seem to find where check_winnt() is declared/defined. So, I just changed it back. This seems to work for me, but I thought I should mention it for other users. -Geoffrey __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org -- Steve Kneizys Senior Business Process Engineer Voice: (610) 256-1396 [For Emergency Service (888)864-3282] Ferrilli Information Group -- Quality Service and Solutions for Higher Education web: http://www.ferrilli.com/ http://www.figsolutions.com/ Making you a success while exceeding your expectations. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL version 1.0.1g release signed with unauthorized key???
On 9 Apr 2014, at 4:12 PM, Jakob Bohm wrote: Attention: The .asc file I downloaded directly from openssl.org for the 1.0.1g tarball was signed with a key NOT authorized by the fingerprints.txt file distributed in previous tarballs, nor by the (unverifiable) fingerprints.txt available from http://www.openssl.org/docs/misc/ Specifically, it was signed by a PGP key purporting to belong to Dr. Henson, but with a different identifier and a different e-mail address than the authorized key listed for him in fingerprints.txt. I suspect this is just a mixup at your end, but one cannot feel too sure without a valid file signature consistent with the securely distributed signature list. I also noticed this--- previous tarballs were all signed by the F295C759 key (fingerprint ending in D57EE597), but this announcement and the 1.0.1g tarball were both signed by the FA40E9E2 key. However, the new key (all three of its userids) *is* signed by the old key, so there is I think some assurance that the new key also belongs to Dr Stephen Henson and that the release is legitimate. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: OpenSSL version 1.0.1g fails to link on Win32
Googling check_winnt suggests openssl/e_os.h. From: Geoffrey Coram [mailto:gjco...@gmail.com] Sent: Thursday, April 10, 2014 3:27 AM Thanks for the report. Is check_winnt() in the Windows libraries or in OpenSSL? I tried Googling it, but didn't come up with anything, and I didn't find a declaration in the OpenSSL source code. I do nmake -f ntlib.mak, which makes some static libraries for me, using only code in crypto/ and ssl/ I suppose if check_winnt() is in a different directory, that would be my problem (and my fault for not re-running perl Configure). -Geoffrey On 04/09/2014 21:58, Steven Kneizys sknei...@ferrilli.com wrote: I just compiled 32 bit with ntdll.mak with nasm 2.11.02 and Visual Studio Express 2013 with no issues, with and without the DOPENSSL_NO_HEARTBEATS option. I was making it to drop the keys files into Apache 2.2.26: openssl.exe ssleay32.dll libeay32.dll I am doing this to compile: perl Configure VC-WIN32 --prefix=C:\ApacheSoftware\Apache22\bin --openssldir=C:\ApacheSoftware\Apache22\conf ms\do_nasm nmake -f ms\ntdll.mak I know this is in the docs and such but so many people are working in this right now I just thought I'd post that it can work OK with a newer VS version. Steve... On Wed, Apr 9, 2014 at 9:36 PM, Geoffrey Coram gjco...@gmail.com wrote: Hi - I just compiled OpenSSL 1.0.1g for Win32 using Visual Studio 2005; my application failed to link because of an unresolved external _check_winnt In crypto/rand/rand_win.c, function readscreen, this line: if (GetVersion() 0x8000 OPENSSL_isservice()0) was changed to if (check_winnt() OPENSSL_isservice()0) And also in crypto/cryptlib.c, function OPENSSL_showfatal, this line: if (GetVersion() 0x8000 OPENSSL_isservice() 0) was changed to if (check_winnt() OPENSSL_isservice() 0) I can't seem to find where check_winnt() is declared/defined. So, I just changed it back. This seems to work for me, but I thought I should mention it for other users. -Geoffrey __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
