[openssl-users] Openssl connects with Des-Cbc-sha in tls1. 2
Hi all, I am getting connection success in a tls1.2 connection with Des-Cbc-sha cipher. But upto my knowledge this cipher is depreciated on tls1.2. Thanks for your help. Regards, Vishnu -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Return type of SSL_ctrl
> (Does OpenSSL support any platform in which type int is 16 bits?) No. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Return type of SSL_ctrl
> From: Salz, Rich, Wednesday, November 30, 2016 9:38 AM > > > We're moving up to OpenSSL 1.0.2j from OpenSSL 0.9.8, and > > noticed that the SSL functions based on SSL_ctrl() changed from returning > > type int to returning type long. > > The "proper" answer is to not use long, but rather sized types, which we are > slowly moving toward. Funny you should mention this, because this topic arose internally after someone decided to change the return type of SSL_ctrl() to intprt_t. I have no idea why, since as far as I can tell, all of the return values would fit in a 32-bit integer; thus my question about why it was changed to long, which is either 32 bits or 64 bits, depending on platform. I suspect it was the use of long that tricked someone into thinking it might be holding a pointer, and thus led to the change to intptr_t, so it would fit on Windows. (Blind/stupid global replacement.) (Does OpenSSL support any platform in which type int is 16 bits?) Thanks, Mark -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Return type of SSL_ctrl
> We're moving up to OpenSSL 1.0.2j from OpenSSL 0.9.8, and > noticed that the SSL functions based on SSL_ctrl() changed from returning > type int to returning type long. The when and the why is probably lost to history. Doing 'git log' and looking for SSL_ctrl doesn't show anything. Oh well. The "proper" answer is to not use long, but rather sized types, which we are slowly moving toward. -- Senior Architect, Akamai Technologies Member, OpenSSL Dev Team IM: richs...@jabber.at Twitter: RichSalz -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] Return type of SSL_ctrl
Greetings, We're moving up to OpenSSL 1.0.2j from OpenSSL 0.9.8, and noticed that the SSL functions based on SSL_ctrl() changed from returning type int to returning type long. It's not clear why this is necessary, by spot-checking the documented numerical domain of the return values of the SSL functions (macros) deriving from SSL_ctrl(). Why was this done? (I don't see mention of this in the CHANGES file.) Thanks, Mark Ludwig Siemens Product Lifecycle Management Software Inc. Communications and Government Affairs Product Lifecycle Management Lifecycle Coll 5939 Rice Creek Parkway Shoreview, MN 55126 United States Tel. :+1 (651) 855-6140 Fax :+1 (651) 855-6280 ludwig.m...@siemens.com www.siemens.com/plm -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] When ciphers are deprecated?
Thanks Matt, it's all i need! 2016-11-30 10:58 GMT+01:00 Matt Caswell: > > > On 30/11/16 09:35, Mattia Rossi wrote: >> Hi all, >> >> After updating from 1.0.2h to 1.0.2j some of my PHP script is broken, >> because it can't connect to the server, after some research the server >> supports very old TLSv1.0 ciphers. >> >> So i check what ciphers PHP query for and with different versions of >> openssl i get different result, so in libssl 1.0.2h i have these >> chipers: >> - EDH-RSA-DES-CBC3-SHA >> - DES-CBC3-SHA >> >> In the last version i haven't. >> >> Where is the information when ciphers are dropped? and why? > > These ciphers have not been dropped in 1.0.2, but reclassified from the > "HIGH" cipherstring keyword to the "MEDIUM" cipherstring keyword. Major > changes such as these are normally described in the CHANGES file: > > https://github.com/openssl/openssl/blob/OpenSSL_1_0_2-stable/CHANGES > > In this case, the following entry is relevant: > > > *) In order to mitigate the SWEET32 attack, the DES ciphers were moved > from > HIGH to MEDIUM. > > This issue was reported to OpenSSL Karthikeyan Bhargavan and Gaetan > Leurent (INRIA) > (CVE-2016-2183) > [Rich Salz] > > > You can read more about SWEET32 here: > > https://www.openssl.org/blog/blog/2016/08/24/sweet32/ > > Matt > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] When ciphers are deprecated?
On 30/11/16 09:35, Mattia Rossi wrote: > Hi all, > > After updating from 1.0.2h to 1.0.2j some of my PHP script is broken, > because it can't connect to the server, after some research the server > supports very old TLSv1.0 ciphers. > > So i check what ciphers PHP query for and with different versions of > openssl i get different result, so in libssl 1.0.2h i have these > chipers: > - EDH-RSA-DES-CBC3-SHA > - DES-CBC3-SHA > > In the last version i haven't. > > Where is the information when ciphers are dropped? and why? These ciphers have not been dropped in 1.0.2, but reclassified from the "HIGH" cipherstring keyword to the "MEDIUM" cipherstring keyword. Major changes such as these are normally described in the CHANGES file: https://github.com/openssl/openssl/blob/OpenSSL_1_0_2-stable/CHANGES In this case, the following entry is relevant: *) In order to mitigate the SWEET32 attack, the DES ciphers were moved from HIGH to MEDIUM. This issue was reported to OpenSSL Karthikeyan Bhargavan and Gaetan Leurent (INRIA) (CVE-2016-2183) [Rich Salz] You can read more about SWEET32 here: https://www.openssl.org/blog/blog/2016/08/24/sweet32/ Matt -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] When ciphers are deprecated?
Hi all, After updating from 1.0.2h to 1.0.2j some of my PHP script is broken, because it can't connect to the server, after some research the server supports very old TLSv1.0 ciphers. So i check what ciphers PHP query for and with different versions of openssl i get different result, so in libssl 1.0.2h i have these chipers: - EDH-RSA-DES-CBC3-SHA - DES-CBC3-SHA In the last version i haven't. Where is the information when ciphers are dropped? and why? Thanks! -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users