Hi all,
Recently, OpenSSL Security Advisory sent a message about a new vulnerability
which was found and numbered as CVE-2013-0169. This announce advises to all
SSL and TLS users to upgrade the OpenSSL version.
But from a quick Google search, it looks like there is a contradiction between
Sorry, but the mailing list program has eaten more than half of my
rant. Looks like it doesn't like a dot on it's own on a line (Yes, I
know it's the SMTP signal for EOT).
Hi,
I was monkeying around a bit with s_client. Idea is to feed s_client a
file with commands required to STARTTLS,
Thank you, Steve for your input.
You say it is dynamic linked. How are you actually handling that? Are
you
linking to libeay32.dll only or fipscanister.lib too?
If I do not manually export FIPS_selftest through crypto.h and libeay.def I
have to
use the fipscanister.lib too otherwise Visual
I have a certificate chain in a file chain.pem .it also has root
certificate(self signed) .
How can i verify the chain,if all certificates are present in the chain .
Thanks
--
View this message in context:
http://openssl.6102.n7.nabble.com/check-certificate-chain-in-a-pem-file-tp43871.html
Hello,
I am trying to implement TLS security (in the client side) over a UDP
connection. I have a parallel TCP connection(to the same server) over
which TLS is already done and it works fine. In the same session of my
application I am creating a UDP connection to the same server (UDP
socket) and
-Original Message-
From: saurav barik
Can I use
TLS over a UDP connection(I understand DTLS can be used but my project
needs TLS)?
No, you can't. You need a reliable transport protocol, i.e. TCP. See RFC 5246.
It's right there in the first paragraph of chapter one.
Patrick
Perhaps some on this list are better qualified than me to answer this
question, but this is my $0.02.
Generally speaking, higher-bit key lengths (than 2048) become much slower
when used on embedded hardware (even high-end smartphones). In some cases
it may be impossible to support keys longer
On 22/02/2013 6:41 p.m., saurav barik wrote:
Hello,
I am trying to implement TLS security (in the client side) over a UDP
connection. I have a parallel TCP connection(to the same server) over
which TLS is already done and it works fine. In the same session of my
application I am creating a UDP
On 2/22/2013 9:16 AM, Rajeswari K wrote:
Hello Team,
We have a requirement to support onboard crypto engine which doesn't
share private keys to openssl. Current openssl code requires private
keys in its possession to succeed with handshake process.
Is there any way to skip updation of private
On 2/21/2013 11:12 AM, Mozes, Rachel wrote:
Hi all,
Recently, OpenSSL Security Advisory sent a message about a new
vulnerability which was found and numbered as CVE-2013-0169. This
announce advises to all SSL and TLS users to upgrade the OpenSSL version.
But from a quick Google search, it
Hope this helps : http://www.keylength.com/en/3/
Le 22/02/2013 08:38, Ashok C a écrit :
Hi,
What is the current industry standard for private key lengths?
As of now, my application supports 2048 bit-wide keys.
I'm planning to support higher key lengths now, and want your
suggestions on how
On 2/21/2013 2:29 PM, ashish2881 wrote:
I have a certificate chain in a file chain.pem .it also has root
certificate(self signed) .
How can i verify the chain,if all certificates are present in the chain .
Thanks
Good question!
I recently tested this myself, and here are my (preliminary)
http://csrc.nist.gov/groups/ST/key_mgmt/documents/Transitioning_CryptoAlgos_070209.pdf
On 2/22/2013 2:38 AM, Ashok C wrote:
What is the current industry standard for private key lengths?
As of now, my application supports 2048 bit-wide keys.
I'm planning to support higher key lengths now, and
Att. openssl.org web server maintenance team.
The latest security advisory for OpenSSL links to the research site for
the lucky 13 attack analysis, which links to their report in pdf
format. That report in its list of references includes a link to an
old (2004) document by Bodo Moeller at
On 02/22/2013 04:13 PM, Jakob Bohm wrote:
Att. openssl.org web server maintenance team.
The latest security advisory for OpenSSL links to the research site for
the lucky 13 attack analysis, which links to their report in pdf
format. That report in its list of references includes a link to
I don't know what this is saying. I want to build openssl as 64-bit only on a
Niagara T2
with fairly specific CFLAGS which specifiy memory cache options and other flags
that
work great for everything from autoconf to zlib .. but not openssl. What is my
confusion
here please ?
$ ./Configure
EXP-RC2-CBC-MD5 does not appear to work in 0.9.8y. It does in 0.9.8x.
system:user/openssl-0.9.8y/apps 27% ./openssl s_client -connect 10.1.1.1:443
-tls1 -cipher EXP-RC2-CBC-MD5
CONNECTED(0003)
certificate stuff deleted
95776:error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or
On Fri, Feb 22, 2013, no_spam...@yahoo.com wrote:
EXP-RC2-CBC-MD5 does not appear to work in 0.9.8y. It does in 0.9.8x.
A known issue, fixed in recent snapshots.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
On Thu, 2013-02-21 at 05:15 -0500, Jeffrey Walton wrote:
You enabled it with -Wextra, then you turned it off with
-Wno-missing-field-initializers. Its not latched - the last option
wins.
Good catch! I forgot to remove that while doing some rapid prototyping.
In addition, GCC's analysis may
19 matches
Mail list logo
