Re: [openssl-dev] 1.1.0 pre5 seems to ignore CIPHER_SERVER_PREFERENCE

> On May 26, 2016, at 9:44 AM, Angus Robertson - Magenta Systems Ltd > wrote: > > I have two custom Windows web sites, running released and beta versions > of OpenSSL. The beta version only gets an A- score with SSL Labs, > whereas the release version gets A+. > >

Re: [openssl-dev] How to get SSL version from SSL_SESSION using OpenSSL-1.1.x?

On Thu, May 26, 2016, at 14:52, Matt Caswell wrote: > > One of the modules maintains the server-side SSL session cache, > > comprised of SSL_SESSION objects. For debugging purposes, there's a > > tool to dump out the sessions in the cache. I had initially used > > SSL_SESSION_print() for this

Re: [openssl-dev] How to get SSL version from SSL_SESSION using OpenSSL-1.1.x?

On Thu, May 26, 2016 at 09:58:09PM +, Viktor Dukhovni wrote: > The following should work: > > const char *get_session_protocol(SSL_CTX *ctx, SSL_SESSION *session) > { > const char *protocol; > SSL_CTX *tmp_ctx = NULL; > > /* Typically you'd pass in a suitable

Re: [openssl-dev] How to get SSL version from SSL_SESSION using OpenSSL-1.1.x?

On Thu, May 26, 2016 at 10:45:54PM +0100, Matt Caswell wrote: > > Using OpenSSL-1.0.x, I currently use: > > > > ssl_version = sess->ssl_version; > > > > However, I don't see an equivalent accessor in the 1.1.x APIs. Have I > > missed something, or does such a thing not exist yet? > > I

Re: [openssl-dev] How to get SSL version from SSL_SESSION using OpenSSL-1.1.x?

On 26/05/16 22:48, TJ Saunders wrote: > > >>> I'm currently working on updating proftpd and its various modules to >>> work with the changed APIs in OpenSSL-1.1.x. My current obstacle(?) is >>> to determine the SSL protocol version, given an SSL_SESSION pointer. >>> >>> Using OpenSSL-1.0.x, I

Re: [openssl-dev] How to get SSL version from SSL_SESSION using OpenSSL-1.1.x?

> > I'm currently working on updating proftpd and its various modules to > > work with the changed APIs in OpenSSL-1.1.x. My current obstacle(?) is > > to determine the SSL protocol version, given an SSL_SESSION pointer. > > > > Using OpenSSL-1.0.x, I currently use: > > > > ssl_version =

Re: [openssl-dev] How to get SSL version from SSL_SESSION using OpenSSL-1.1.x?

On 26/05/16 22:27, TJ Saunders wrote: > > I'm currently working on updating proftpd and its various modules to > work with the changed APIs in OpenSSL-1.1.x. My current obstacle(?) is > to determine the SSL protocol version, given an SSL_SESSION pointer. > > Using OpenSSL-1.0.x, I currently

[openssl-dev] How to get SSL version from SSL_SESSION using OpenSSL-1.1.x?

I'm currently working on updating proftpd and its various modules to work with the changed APIs in OpenSSL-1.1.x. My current obstacle(?) is to determine the SSL protocol version, given an SSL_SESSION pointer. Using OpenSSL-1.0.x, I currently use: ssl_version = sess->ssl_version; However, I

Re: [openssl-dev] Syncing OpenSSL and BoringSSL mont ASM code

> 1. Please > see > https://boringssl.googlesource.com/boringssl/+/75b833cc819a9d189adb0fdd56327bee600ff9e9. > > I think it would be good for OpenSSL to work with Google to integrate > this patch. Will be looked into... > 2. Is the `__chkstk` code that was added [1] to `bn_mul_mont` really >

Re: [openssl-dev] Why is `volatile` used in MOD_EXP_CTIME_COPY_FROM_PREBUF?

> See > https://github.com/openssl/openssl/commit/d6482a82bc2228327aa4ba98aeeecd9979542a31#diff-3aca3afd18ad75a8f6a09a9860bc6ef5R631 > > + volatile BN_ULONG *table = (volatile BN_ULONG *)buf; > > Why is `volatile` used here? Is it to work around the effective type > (strict aliasing) violations

Re: [openssl-dev] Making assembly language optimizations working on Cortex-M3

> > Cortex-M platforms are so limited that every bit of performance and > > space savings matters. So, I think it is definitely worthwhile to > > support the non-NEON ARMv7-M configuration. One easy way to do this > > would be to avoid building NEON code when __TARGET_PROFILE_M is

[openssl-dev] [openssl.org #4180] Isses with respect to malloc failures handling.

You don't say what version of OpenSSL you were testing. It seems to be either 1.0.2 or 1.0.1 (not master). Anyway, comments inserted. On Mon Dec 14 13:45:20 2015, skoripe...@juniper.net wrote: > Issue 1) > We could have failed to allocate the ctx->cipher_data in > EVP_CipherInit_ex > >

[openssl-dev] 1.1.0 pre5 seems to ignore CIPHER_SERVER_PREFERENCE

I have two custom Windows web sites, running released and beta versions of OpenSSL. The beta version only gets an A- score with SSL Labs, whereas the release version gets A+. https://www1.telecom-tariffs.co.uk/serverinfo.htm shows server status, and that it's running OpenSSL 1.1.0-pre5 (beta)