In my case (not Md Lazreg) I can control only client part of connection.
I use heavily patched OpenSSL 0.9.8d
The sever side use some version of MS WIndows. I believe it MS Server
2003 or newer.
I was hoping that the solution for Md Lazreg will help in my case.
Kyle Hamilton пишет:
Dr. Stephen Henson wrote:
On Wed, Jan 07, 2009, Victor Duchovni wrote:
This is not very clear to me. Which signatures are poorly verified:
1. The server's signature on SSL/TLS protocol messages that must
be signed under the server's private key (corresponding to the
private
Hi all,
I have an application that essentially performs the same purpose
as apps/enc.c and have a couple of questions. I have spent a few
days checking out enc.c and others plus googling and have checked
the mailing list archive, I also have the O'Reilly books.
1. I am calling
Thank you, I missed that step.
I did add that step and noted that ML (MASM) is part of visual studio 9
and switched to DO_MASM.
After making that change, everything compiled but I had a link error:
_bn_sub_part_words was multiply defined.
I looked at the code and saw that _bm_sub_part_words
On Fri, Jan 09, 2009, Jean-Marc Desperrier wrote:
Stephen, can you elaborate on that response because from the patch it seems
that more than only client validation of the server signature in SSL
sessions is affected.
cms/cms_sd.c is affected, but the consequence is only a missing error
On Thu, Jan 08, 2009, PGNet wrote:
...
Testing SHA-512 ... passed.
Testing SHA-384 ... passed.
if [ -n libcrypto ]; then \
../util/shlib_wrap.sh ./fips_shatest SHAmix.r | diff -w
SHAmix.x - ; \
fi
Hi Stephen,
On Fri, Jan 9, 2009 at 8:18 AM, Dr. Stephen Henson st...@openssl.org wrote:
You can get the answer with openssl errstr or by checking the source file
referenced.
Noted. Thanks.
So either use a box supporting SSE2 or use a pure C build (no-asm) which
will have poorer performance.
On Fri, Jan 9, 2009 at 10:20 AM, Steve Chaplin
steve.chap...@coppereye.com wrote:
Hi all,
I have an application that essentially performs the same purpose
as apps/enc.c and have a couple of questions. I have spent a few
days checking out enc.c and others plus googling and have checked
the
Problems with decrypting using openssl-0.9.8b and windows 64 (x64).
Same test works on windows 32 bit os.
We are having difficulties trying to decrypt a encrypted text string
using a simple test application on a windows 64 bit os. The same test
application works as expected on windows 32 bit
If you're running it on a processor with SSE, and it's failing, what
does this tell you? SSE2 is required to use the asm code path. SSE
just doesn't cut it.
In the fips-1.2 configuration step, use
./config fipscanisterbuild no-asm
-Kyle H
On Fri, Jan 9, 2009 at 9:25 AM, PGNet
On Fri, Jan 9, 2009 at 12:25 PM, Kyle Hamilton aerow...@gmail.com wrote:
In the fips-1.2 configuration step, use
./config fipscanisterbuild no-asm
As I had alread noted above, I did.
So either use a box supporting SSE2 or use a pure C build (no-asm) which
will have poorer performance.
My mistake.
That's for fipscanisterbuild.
Trying now ...
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager
per advice,
./config fipscanisterbuild no-asm
completes without error, but, now,
make
fails @,
...
/usr/bin/ranlib ../libssl.a || echo Never mind.
make[1]: Leaving directory `/usr/local/src/openssl/openssl-fips-1.2/ssl'
make[1]: Entering directory `/usr/local/src/openssl/openssl-fips-1.2'
Kevin Murphy kevinpatrickmur...@gmail.com writes:
...would like to get some clarification on the above points.
It would be terrific if I could use one certificate for multiple hosts.
Kevin:
That is the default behavior of Apache when you configure the SSL
enabled web server instance to respond
Delete the directory, untar it fresh, and reconfigure with that config line.
What you're seeing is a situation caused by prior builds not being
completely cleaned. The problem is that if you do anything that isn't
in the security policy (including 'make clean'), the result cannot be
claimed to
You can configure a single apache instance, with many virtualhosts SSL
enabled on the same IP/Port, but every virtualhost must be under the
same domain.
This can be done using a "wildcard certificate" where you can use the
subjectalternativenames set to DNS:*.mydomain.com.
Then if your
Kyle,
On Fri, Jan 9, 2009 at 2:37 PM, Kyle Hamilton aerow...@gmail.com wrote:
Delete the directory, untar it fresh, and reconfigure with that config line.
ok,
rm -rf openssl-fips-1.2
tar zxf openssl-fips-1.2.tar.gz
cd openssl-fips-1.2/
Directory: /usr/local/src/openssl/openssl-fips-1.2
'no-asm' used to be a violation of the security policy with the 1.1.x
series, but it is explicitly allowed in the 1.2 policy.
If you read it, you too will see this. :)
-Kyle H
On Fri, Jan 9, 2009 at 3:13 PM, PGNet pgnet.trash+...@gmail.com wrote:
Kyle,
On Fri, Jan 9, 2009 at 2:37 PM, Kyle
On Fri, Jan 9, 2009 at 3:29 PM, Kyle Hamilton aerow...@gmail.com wrote:
If you read it, you too will see this. :)
Actually, I HAD already read section 4.2.1 of the UserGuide for *v1.2*,
4.2.1Building the FIPS Object Module from Source
The specification of any other options on the command line,
and, just for reference, per guidance above, finally,
uname -a
Linux dt.loc 2.6.27.7-9-default #1 SMP 2008-12-04 18:10:04 +0100
i686 i686 i386 GNU/Linux
openssl version
OpenSSL 0.9.8j-fips 07 Jan 2009
thanks!
__
OpenSSL
Mark Allison wrote:
Problems with decrypting using openssl-0.9.8b and windows 64 (x64).
Same test works on windows 32 bit os.
My first recommendation would be to try the LATEST version of OpenSSL.
A lot of things have changed since that version and the version you are
linking against has
Steve,
Thank you for the prompt reply! Here is the command that I'm using to
create a pkcs8 formatted key:
openssl pkcs8 -in file -topk8 -v2 des3 -passout pass:pass
As you said The bit you are missing is the PKCS#5 spec which gives details
of the PBKDF2 key derivation algorithm.
My
You're looking at the User Guide. This isn't the right thing to look
at; the relevant document (and indeed the controlling document) is the
Security Policy, http://openssl.org/docs/fips/SecurityPolicy-1.2.pdf ,
and the relevant section is Appendix A, Installation Instructions.
It's very likely
From: owner-openssl-us...@openssl.org On Behalf Of prathima
Sent: Wednesday, 07 January, 2009 05:27
(I haven't seen any other response yet, although this is pretty basic)
I am using Microst Live Communication server 2005 as server for
Mutual TLS
authentication with a SIP phone.(Polycom
Hello All:
At first , I make SSL connection By OpenSSL ,and then ,I want IE can share
this connection ,which means that IE do not need SSL authentication again
,so IE can connect the WEB server on the SSL tunnel.
Now,SSL connection is built by OpenSSL. But ,I do not know IE how to share
the SSL
25 matches
Mail list logo