Nice, thanks. :)
2014-05-12 1:09 GMT+02:00 Matt Caswell via RT r...@openssl.org:
Patch applied in commit 308505b838e4e3ce8485bb30f5b26e2766dc7f8b. Similar
commits in the 1.0.2, 1.0.1, 1.0.0 and 0.9.8 branches.
Many thanks for your contribution.
Matt
On Mon, May 12, 2014 at 11:20:19AM +0200, Otto Moerbeek wrote:
On Mon, May 12, 2014 at 01:09:15AM +0200, Matt Caswell via RT wrote:
Patch applied in commit 308505b838e4e3ce8485bb30f5b26e2766dc7f8b. Similar
commits in the 1.0.2, 1.0.1, 1.0.0 and 0.9.8 branches.
Many thanks for your
I think this is the right change. However, I see that there is another
len-tot in the following conditional block
#if !defined(OPENSSL_NO_MULTIBLOCK) EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK
This is within the same function. I wonder whether that line is also prone to
the same issue and need the same
On 12 May 2014 11:36, Ajit Menon via RT r...@openssl.org wrote:
I think this is the right change. However, I see that there is another
len-tot in the following conditional block
#if !defined(OPENSSL_NO_MULTIBLOCK) EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK
This is within the same function. I wonder
I think this is the right change. However, I see that there is another
len-tot in the following conditional block
#if !defined(OPENSSL_NO_MULTIBLOCK) EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK
This is within the same function. I wonder whether that line is also prone to
the same issue and need the same
On Mon, May 12, 2014 at 11:20:19AM +0200, Otto Moerbeek wrote:
This diff contains a use before init (spotted by Miod Vallat).
Not sure want went wrong there since the original patch was
correct. I've created a new github pull request for it (#105).
Kurt
On Mon, May 12, 2014 at 11:20:19AM +0200, Otto Moerbeek wrote:
This diff contains a use before init (spotted by Miod Vallat).
Not sure want went wrong there since the original patch was
correct. I've created a new github pull request for it (#105).
Kurt
I'm happy that the PFS key exchange normalization changesets haveb been
merged into master.
I've submitted https://github.com/openssl/openssl/pull/106 for the 1.0.2
stable branch to add similar aliasing for the library input strings. This
provides forward compatibility with any documentation
Nice catch - thanks!
I've committed Kurt's revised patch to all appropriate branches.
Matt
__
OpenSSL Project http://www.openssl.org
Development Mailing List
I promised to look at this again after a week. Including myself and Mike I have
had 5 people express an opinion on this (one of those privately to me).
Of those:
3 have spoken in favour of the patch
2 have spoken in favour of the status quo
My concern was that this fix might break existing
Dear OpenSSL Developers,
I am somewhat involved with the BetterCrypto(.org) project that tries to
provide the operations community with a BCP for daemon settings,
references and other recommendations. We've discovered an inconsistency
that could be called a flaw starting with OpenSSL 0.9.7m
On Tue, May 13, 2014 at 01:28:55AM +0200, Aaron Zauner wrote:
I am somewhat involved with the BetterCrypto(.org) project that tries to
provide the operations community with a BCP for daemon settings,
references and other recommendations.
Be careful what you advise, sometimes seemingly more
Viktor Dukhovni wrote:
Be careful what you advise, sometimes seemingly more secure settings
result in substantially reduced security if the result is a failed
handshake and fallback to even weaker protection (possibly cleartext).
We are. We'd be happy for more people of the OpenSSL team to
On Tue, May 13, 2014 at 03:02:21AM +0200, Aaron Zauner wrote:
Can you describe in words what you believe to be the nature of the
inconsistency you found? The semantics of OpenSSL cipherlist
strings definitely changed for the better in 1.0.0, were you
expecting identical results?
Yes I
14 matches
Mail list logo
