IMHO, that's a good call. If a 'broken' algorithm gets in, it tends to stay there for a very long time.
DES_OLD, SHA0 are examples already in the OpenSSL code base.
Something else that could easily be killed now.
Pete-owner-openssl-...@openssl.org wrote: -
To: "openssl-dev@openssl.org"
Hi, In the ssl_cipher_get_evp() function, there are two off-by-one
errors in index validation before accessing arrays. The attached patch
fixes the problem.
Regards,
Kurt Cancemi
From 72e339f36be4a40436b95a0d07d68167605c31e2 Mon Sep 17 00:00:00 2001
From: Kurt Cancemi k...@x64architecture.com
On 06/01/2014 09:28 AM, Janpopan wrote:
is there a list of currently supported platforms?
Which platforms are deprecaded an could/should be removed in the
sourcecode?
MS-DOS?
Windows 16 Bit?
OS/2?
Windows 95/98/ME?
Windows NT/2000/XP?
I think there is plenty of code which assumes size_t (and
On Út, 2014-06-03 at 16:41 +, Viktor Dukhovni wrote:
On Tue, Jun 03, 2014 at 06:01:03PM +0200, Tomas Mraz via RT wrote:
openssl advertises ECC ciphersuites in SSLv2 client hello if ssl23
method is used. This is incorrect because the TLS extensions that
indicate supported curves and
On Wed, Jun 04, 2014 at 10:45:59AM +0200, Tomas Mraz wrote:
SSLv2 is disabled by default, however when you use the ALL cipher list
which is of course something you should not do but it happened in perl
LDAP module the SSLv2 ciphers are added to the cipherlist and SSLv2
client hello is used.
On St, 2014-06-04 at 13:03 +, Viktor Dukhovni wrote:
On Wed, Jun 04, 2014 at 10:45:59AM +0200, Tomas Mraz wrote:
SSLv2 is disabled by default, however when you use the ALL cipher list
which is of course something you should not do but it happened in perl
LDAP module the SSLv2 ciphers
Hi Peter and Rich,
thx for your answer, I needed to decipher them first though ;-)
(http://marc.info/?l=openssl-devm=140181264527042w=2,
http://marc.info/?l=openssl-devm=140186408414195w=2).
1-2 points to this:
If it's broken (@Peter) why is it in the git tree or why was it accepted?
Google's
On Wed, Jun 4, 2014 at 8:35 AM, Dirk Wetter d...@testssl.sh wrote:
If it's broken (@Peter) why is it in the git tree or why was it accepted?
It would be best if that branch were dropped. It's not maintained and
doesn't reflect the current spec.
Cheers
AGL
- Original Message -
From: Matt Caswell via RT r...@openssl.org
To: hka...@redhat.com
Cc: openssl-dev@openssl.org
Sent: Saturday, May 31, 2014 12:42:56 AM
Subject: [openssl.org #3363] Patch to fix bad example in ciphers(1) man page
Hi Hubert
The title for this request is
Somehow the patch got a prepended to it, the attached patch removes it.
---
Kurt Cancemi
http://www.getwnmp.org
0001-Fix-off-by-one-errors-in-ssl_cipher_get_evp.patch
Description: Binary data
Thanks to a few brave volunteers and the support of the core OpenSSL
team, it looks like we can begin moving on this effort soon. I've
begun to document the current state of things on the wiki:
http://wiki.openssl.org/index.php/Unit_Testing
There's lots to discuss with regard to the Goals,
On Mon, Jun 02, 2014 at 10:38:05AM -0400, Mike Bland wrote:
It seems that the encryption algorithms themselves are relatively
well-tested; in contrast, Heartbleed was an infrastructure bug. It's
in shoring up the test coverage of the infrastructure bits where I can
be of most direct service,
On 04/06/14 23:29, Kurt Roeckx wrote:
On Mon, Jun 02, 2014 at 10:38:05AM -0400, Mike Bland wrote:
It seems that the encryption algorithms themselves are relatively
well-tested; in contrast, Heartbleed was an infrastructure bug. It's
in shoring up the test coverage of the infrastructure bits
Hi, guys
I download the latest openssl library. the version is 1.0.1g.
and download musl libc at the same time. it 's at version 1.1.1.
the following configure command:
./Configure --prefix=/home/xxx/filesystem/rootfs/usr os/compiler:musl-gcc
Unfortunately, the info below showed up when i
14 matches
Mail list logo