On Mon, Jun 15, 2009 at 5:46 AM, Phil Pennock wrote:
> When RFC 5246 came out, specifying TLS 1.2 and having all mandated
> cipher suites use SHA-256, we assumed that to aid the transition OpenSSL
> would add EVL_sha256() to the list of digests initialised in
> SSL_library_init(), even before supp
Hi all,
I was trying curl/libcurl compiled against OpenSSL 0.9.9.
I noticed a very strange behaviour that I was able to workaround with a
couple of sleep().
Curl fails to connect with:
curl: (52) SSL read: error:140943F2:SSL routines:SSL3_READ_BYTES:sslv3
alert unexpected message, errno 11
The b
On Mon, Jun 15, 2009, Emanuele Cesena wrote:
> Hi all,
>
> I was trying curl/libcurl compiled against OpenSSL 0.9.9.
> I noticed a very strange behaviour that I was able to workaround with a
> couple of sleep().
>
> Curl fails to connect with:
> curl: (52) SSL read: error:140943F2:SSL routines:S
On Mon, 2009-06-15 at 14:30 +0200, Dr. Stephen Henson wrote:
> > I was trying curl/libcurl compiled against OpenSSL 0.9.9.
> > I noticed a very strange behaviour that I was able to workaround with a
> > couple of sleep().
> >
> > Curl fails to connect with:
> > curl: (52) SSL read: error:140943F2:
Hi Stephen,
> I can't see how anything could cause an issue with 85 CAs. The attached
> descriptions imply it might be a mod_ssl issue (not reproducible with
> s_server).
There is a bit more information now in our ticket:
https://savannah.cern.ch/bugs/?48458
Romain Wartel wrote:
> So 4 c
Hi Stephen,
I can't see how anything could cause an issue with 85 CAs. The attached
descriptions imply it might be a mod_ssl issue (not reproducible with
s_server).
There is a bit more information now in our ticket:
https://savannah.cern.ch/bugs/?48458
Romain Wartel wrote:
> So 4 condit
Hi Kyle,
My OpenSSL installation has been on my machine a while and I'm not sure that
it's my installation
that's at fault. This, https://launchpad.net/pyopenssl , has already built
and run successfully
again my installation. Python interface for OpenSSL. I'm guessing that the
test code I used
On 2009-06-15 at 11:02 +0200, Bodo Moeller wrote:
> On Mon, Jun 15, 2009 at 5:46 AM, Phil Pennock wrote:
>
> > When RFC 5246 came out, specifying TLS 1.2 and having all mandated
> > cipher suites use SHA-256, we assumed that to aid the transition OpenSSL
> > would add EVL_sha256() to the list of d
Phil Pennock wrote:
> The approach of the Exim MTA to cryptography is simple -- don't
> second-guess the SSL library developers when it comes to choosing which
> algorithms/digests/etc to load, and provide a knob
> ("tls_require_ciphers") for administrators to restrict what can be
> loaded. The
Maarten Litmaath wrote:
Hi Stephen,
I can't see how anything could cause an issue with 85 CAs. The attached
descriptions imply it might be a mod_ssl issue (not reproducible with
s_server).
There is a bit more information now in our ticket:
https://savannah.cern.ch/bugs/?48458
Romain War
Maarten Litmaath wrote:
> Hi Stephen,
>
>> I can't see how anything could cause an issue with 85 CAs. The attached
>> descriptions imply it might be a mod_ssl issue (not reproducible with
>> s_server).
>
> There is a bit more information now in our ticket:
>
> https://savannah.cern.ch/bugs/?
On 2009-06-15 at 14:17 -0700, David Schwartz wrote:
> Phil Pennock wrote:
> > The approach of the Exim MTA to cryptography is simple -- don't
> > second-guess the SSL library developers when it comes to choosing which
> > algorithms/digests/etc to load, and provide a knob
> > ("tls_require_ciphers"
Hi Roumen,
> > > it hangs the same , remove a few cas and it works.
> > >
> > > # rpm -q httpd mod_ssl openssl fedora-release
> > > httpd-2.2.11-8.x86_64
> > > mod_ssl-2.2.11-8.x86_64
> > > openssl-0.9.8k-4.fc11.x86_64
> > > fedora-release-11-1.noarch
> [...]
>
> May be problem is in 64-bi
Hi Roumen,
> > > it hangs the same , remove a few cas and it works.
> > >
> > > # rpm -q httpd mod_ssl openssl fedora-release
> > > httpd-2.2.11-8.x86_64
> > > mod_ssl-2.2.11-8.x86_64
> > > openssl-0.9.8k-4.fc11.x86_64
> > > fedora-release-11-1.noarch
> [...]
>
> May be problem is in 64-bi
Phil Pennock wrote:
> > That just won't work. Cryptography is not a "drop in a library
> > and mark a
> > checkbox on your product" thing. It has to be properly integrated in an
> > application with decisions made as to what the application
> > actually needs,
> > what threat models it faces, an
Hi,
Roumen Petrov schrieb:
> In the past we can download a file with CA certificates (
> ca-bundle.crt.tar.gz ) from mod_ssl site. Now file is removed but it
> contain more then 90 certificates (PEM format concatenated together).
many use the Perl script I've hacked for cURL to create a ca-bundle.c
These scripts pull the latest version of the Mozilla-approved CAs.
OpenSSL is not in the business of making CA certificates available,
but having the ability to do this in the stock package might be very
good for the users. (Make sure that such a tool warns the user that
the CA certificates are th
Hi openssl-devs,
Just wanted to query the best openssl version for basing patches on.
I have a number of patches relating to the ocf-linux project and other
embedded linux work that I'd like to post for review and/or inclusion.
I am currently based on 0.9.8k, but 1.0.0 beta or a snapshot is no
18 matches
Mail list logo