TLS_ECDHE_ECDSA_WITH_AES_128_CCM

Hi, can anyone tell me when the TLS cipher suite TLS_ECDHE_ECDSA_WITH_AES_128_CCM will be supported by openssl? I have a request to implement this cipher suite in my embedded client TLS software. For this implementation it would be helpful to have a working TLS server. Maybe at least the

Re: TLS_ECDHE_ECDSA_WITH_AES_128_CCM

On Tue, Nov 13, 2012, Albers, Thorsten wrote: Hi, can anyone tell me when the TLS cipher suite TLS_ECDHE_ECDSA_WITH_AES_128_CCM will be supported by openssl? I have a request to implement this cipher suite in my embedded client TLS software. For this implementation it would be helpful to

Re: openssl 1.0.1c cannot parse newest GOST/PFX

On Tue, Nov 13, 2012, Eugene Grosbein wrote: Hi! Recently we purchased Aladdin eToken USB with digital signature inside that uses GOST 34.11/34.10-2001 for official electronic contacts with Russian Government. It works just fine with Windows XP and CryptoPro CSP. I've exported it with

Re: openssl 1.0.1c cannot parse newest GOST/PFX

13.11.2012 20:10, Dr. Stephen Henson пишет: On Tue, Nov 13, 2012, Eugene Grosbein wrote: Hi! Recently we purchased Aladdin eToken USB with digital signature inside that uses GOST 34.11/34.10-2001 for official electronic contacts with Russian Government. It works just fine with Windows XP

Re: openssl 1.0.1c cannot parse newest GOST/PFX

On Tue, Nov 13, 2012, Eugene Grosbein wrote: 13.11.2012 20:10, Dr. Stephen Henson ?: On Tue, Nov 13, 2012, Eugene Grosbein wrote: Hi! Recently we purchased Aladdin eToken USB with digital signature inside that uses GOST 34.11/34.10-2001 for official electronic contacts with

Re: openssl 1.0.1c cannot parse newest GOST/PFX

14.11.2012 00:33, Dr. Stephen Henson пишет: You can only convert the certificates to PKCS#7 not the private key. There is an option in Windows to export to PKCS#7. Yes, openssl converts the certificates with -nokeys option just fine. If you want to decrypt the PKCS#12 file you need to

I can't believe how much this sucks

I have been struggling with openssl for a few months now writing batch scripts on windows trying to make a .net web client with a client certificate work with 2-way ssl against an apache web server. Do you guys just want to continue to answer questions on this alias and not FIX the docs

Re: I can't believe how much this sucks

On 11/13/2012 07:34 PM, Sanford Staab wrote: Do you guys just want to continue to answer questions on this alias and not FIX the docs somewhat over time? I could go into a litany of how much information is just missing from the docs with INCOMPLETE everywhere. You might have overlooked the

Re: I can't believe how much this sucks

For things that the peer support forum and the existing documentation don't cover, you have the source code, which is definitive. Additionally, there are professional OpenSSL consultants you can use for help. It would be more productive to submit bugs and patches, instead of a litany :-)

RE: I can't believe how much this sucks

AMEN! Why is it easier to answer dumb question after dumb question here rather than to document the darned product once? (Never mind the cumulative labor of all the programmers trying to figure out and debug the same problems again and again and again, all over the world.) Consider

RE: Problem with AES 256 algorithm / GCM mode.

Hello. I send my request to this other E-mail address because I had no response to my question with the E-mail address openssl-users@openssl.orgmailto:openssl-users@openssl.org. Regards. De : MACH Christian Envoyé : lundi 8 octobre 2012 17:04 À : 'openssl-users@openssl.org' Objet : Problem with

Re: I can't believe how much this sucks

On Tue, Nov 13, 2012 at 6:34 PM, Sanford Staab sanfo...@gmail.com wrote: I have been struggling with openssl for a few months now writing batch scripts on windows trying to make a .net web client with a client certificate work with 2-way ssl against an apache web server. Do you guys just want

Re: [openssl-users] I can't believe how much this sucks

Answers inline. -- Erwann ABALEA - paléocapridé: genre de vieille bique, cf paléotalpidé (vieille taupe) ou paléogadidé (vieille morue) Le 13/11/2012 19:34, Sanford Staab a écrit : I have been struggling with openssl for a few months now writing batch scripts on windows trying to make a

Re: I can't believe how much this sucks

It's a GREAT product and I love it and am grateful but why after years and years do the man pages still say under construction? Because it is an open source project and the things that get done are the things people volunteer to do. Most programmers would much rather create cool things than

Re: I can't believe how much this sucks

On Tue, Nov 13, 2012 at 2:02 PM, Lee Fisher blib...@gmail.com wrote: For things that the peer support forum and the existing documentation don't cover, you have the source code, which is definitive. Additionally, there are professional OpenSSL consultants you can use for help. It would be

Re: I can't believe how much this sucks

On Tue, Nov 13, 2012 at 1:34 PM, Sanford Staab sanfo...@gmail.com wrote: I have been struggling with openssl for a few months now writing batch scripts on windows trying to make a .net web client with a client certificate work with 2-way ssl against an apache web server. Do you guys just want

Re: I can't believe how much this sucks

On Tue, Nov 13, 2012 at 1:51 PM, Magosányi, Árpád m4g...@gmail.com wrote: On 11/13/2012 07:34 PM, Sanford Staab wrote: Do you guys just want to continue to answer questions on this alias and not FIX the docs somewhat over time? I could go into a litany of how much information is just missing

Re: I can't believe how much this sucks

Hi, I am not criticising the documentation for openssl, and will not; but I would encourage those who are responsible for maintaining and improving openssl to not neglect the documentation.  It would be a mistake to leave it is an Open Source project - thus there is also an onus on

Re: I can't believe how much this sucks

I beg to differ and this is one reason I am not very active. Several years ago I contributed a function to determine endianess. I had done it years and years before so it was quite simple for me. I took the time to put documentation in the function. Also I am a professional consulting

Re: I can't believe how much this sucks

On Tue, Nov 13, 2012 at 07:51:24PM +0100, Magosányi, Árpád wrote: On 11/13/2012 07:34 PM, Sanford Staab wrote: Do you guys just want to continue to answer questions on this alias and not FIX the docs somewhat over time? I could go into a litany of how much information is just missing

Re: I can't believe how much this sucks

Couldn’t agree more Ted. I think the bar on open-source product documentation has been going way up over time. If I were these guys, I’d get it right so I wouldn’t have to keep bothering to answer so many questions over and over. From: Ted Byers Sent: Tuesday, November 13, 2012 2:49 PM To:

Re: I can't believe how much this sucks

You miss the fact that I VOLUNTEER TO HELP FIX IT if someone will tell me where to start. There are lots of open source projects out there with WAY better docs. Take JQuery for one example. I think the reason openssl docs suck is because the authors don’t really care about docs and they

Re: I can't believe how much this sucks

On Tue, Nov 13, 2012 at 3:18 PM, alan buxey a.l.m.bu...@lboro.ac.uk wrote: Hi, I am not criticising the documentation for openssl, and will not; but I would encourage those who are responsible for maintaining and improving openssl to not neglect the documentation. It would be

openssh_DSA_verify_inFIPS EVP_VerifyFinal BAD SIG code:-1 ERROR

We are getting the following error in the syslogs secure:Nov 9 19:32:04 cls2-pub authpriv 3 sshd[9526]: error: openssh_DSA_verify_inFIPS EVP_VerifyFinal BAD SIG code:-1 when we connect between two servers using ssh key based authentication. This issue happens only in FIPS mode and not in non

RE: I can't believe how much this sucks

EXACTLY! Charles From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Sanford Staab Sent: Tuesday, November 13, 2012 12:53 PM To: openssl-users@openssl.org Subject: Re: I can't believe how much this sucks Couldn’t agree more Ted. I think the bar on

Re: I can't believe how much this sucks

Hi, Nonsense.  No-one knows better how the code ought to be working than the folk who developed it.  I begin with the assumption that all my coders are i'd cite the cathedral and the bazaar ...or the 'many eyes make all bugs shallow' views - if you are given the API and the documents,

Re: I can't believe how much this sucks

On Tue, Nov 13, 2012 at 4:38 PM, alan buxey a.l.m.bu...@lboro.ac.uk wrote: Hi, Nonsense. No-one knows better how the code ought to be working than the folk who developed it. I begin with the assumption that all my coders are i'd cite the cathedral and the bazaar ...or the 'many

Re: I can't believe how much this sucks

If we would have to have deep understanding of the various codes we are using everyday (I am myself a programmer, and openssl WCE contributor), we would not have enough time to work, to produce anything. Anyway understanding what the code is SUPPOSED to do is one thing, and HOW it is doing it,

Re: I can't believe how much this sucks

For things that the peer support forum and the existing documentation don't cover, you have the source code, which is definitive. The source code can tell you what it DOES do - but the cost of understanding that can be very high in some cases, and the problem domain of OpenSSL almost

Re: I can't believe how much this sucks

the 'many eyes make all bugs shallow' views You don't believe that, do you? The number of counter-examples of long-standing bugs in widely available and active open-source systems should be large enough to call it now. Especially in subtle, complex systems where there is no documentation of