-Original Message-
From: Venkataragavan Narayanaswamy v...@brocade.com
Sender: owner-openssl-us...@openssl.org
Date: Tue, 23 Apr 2013 00:29:17
To: openssl-...@openssl.orgopenssl-...@openssl.org;
openssl-users@openssl.orgopenssl-users@openssl.org
Reply-To: openssl-users@openssl.org
On Wed, Apr 24, 2013 at 03:18:45PM +, Nikola Vassilev wrote:
We are currently analyzing and understanding the security strength
of the openSSL internal implementation to certify the products.
In version 0.9.8d, TLSv1.0 alone is supported. Can you please
answer the following or provide me
Hi
I am new to openssl application development.
I had a question on how to handle expired certificates.
So at the time of openssl connection establishment, the certificate is valid.
But while the connection is still up, the certificate expires.
Is the application supposed to handle this or
Hello Folks !
I have a question that I hope you can help me with.
A server with OpenSSL 0.9.8k installed can be upgraded to OpenSSL 1.0.x without
break any dependencies?
I mean compile from the source and install the new version.
Regards
Sincerely
Víctor Martínez.
This email and any files
I found the solution, it has nothing to do with forking. Here is what i did-
I was writing IN FIPS MODE message to *stdout*. When sshd forks
child process to handle scp, this stdout was being passed over the pipe
causing the issue.
My issue got resolved after writing the FIPS mode message
Hi,
I complied and installed FIPS capable OPENSSL 1.0.1c and OPENSSH 6.1p1 with
FIPS.
While debugging i found that SSH fails for *ctr* mode of cipher operation.
Here is what i get when i connect using aes256-ctr or aes128-cbc
FIPS mode initialized
debug1: inetd sockets after dupping: 3, 3
Hi,
given the point this was posted in 2011, i hope this is resolved and i can
get some help with my problem!
I have a similar problem with openssl 1.0.1c compiled with FIPS 2.0.2 and
OPENSSH 6.1p1.
Here is the debug mode of sshd with aes256-ctr cipher
FIPS mode initialized
debug1: inetd sockets
OpenSSL does nothing about this. It's an interesting question. As for as
TLS/SSL is concerned, it is only using the certificate at the time the
connection is initially established, and therefore expiration (or revocation)
during the application's use of the certificate is up to the
On Tue, Apr 23, 2013 at 10:17:54AM -0700, Vijaya Venkatachalam wrote:
So at the time of openssl connection establishment, the certificate is valid.
But while the connection is still up, the certificate expires.
The certificate was valid at the time it was verified, this is sufficient.
Is the
OpenSSL doesn't take care of the expiration of your certificate
automagically in the background and call some function in your
application to asynchronously tell that the certificate you received
several seconds ago has now expired.
Identically, OpenSSL doesn't take care of external events that
From: Salz, Rich
OpenSSL does nothing about this. It’s an interesting question. As for as
TLS/SSL is concerned,
it is only using the certificate at the time the connection is initially
established, and therefore
expiration (or revocation) during the application’s use of the certificate
On Wed, Apr 24, 2013, Cipher wrote:
Hi,
I complied and installed FIPS capable OPENSSL 1.0.1c and OPENSSH 6.1p1 with
FIPS.
While debugging i found that SSH fails for *ctr* mode of cipher operation.
Here is what i get when i connect using aes256-ctr or aes128-cbc
FIPS mode initialized
Looking at the xts128.c code, it looks like the tweak is recalculated from
scratch every time CRYPTO_xts128_encrypt() is called:
memcpy(tweak.c, iv, 16);
(*ctx-block2)(tweak.c,tweak.c,ctx-key2);
It seems like this would break the chaining between successive calls to
I have a piece of data like a JPG and a MD from it and a signature PKCS#1
from the MD.
int rc= RSA_sign(NID_sha1, md, 20, sigret, siglen, rsapriv)
I send the data and the signature to someone to verify the data and they use
it.
Now maybe there is standard measure to package the data and the
On Wed, Apr 24, 2013 at 03:18:45PM +, Nikola Vassilev wrote:
We are currently analyzing and understanding the security strength
of the openSSL internal implementation to certify the products.
In version 0.9.8d, TLSv1.0 alone is supported. Can you please
answer the following or provide me
On Wed, Apr 24, 2013 at 01:55:36PM -0700, d...@deadhat.com wrote:
On Wed, Apr 24, 2013 at 03:18:45PM +, Nikola Vassilev wrote:
We are currently analyzing and understanding the security strength
of the openSSL internal implementation to certify the products.
In version 0.9.8d,
2013/4/24 redpath redp...@us.ibm.com
I have a piece of data like a JPG and a MD from it and a signature PKCS#1
from the MD.
int rc= RSA_sign(NID_sha1, md, 20, sigret, siglen, rsapriv)
I send the data and the signature to someone to verify the data and they
use
it.
Now maybe there is
I saw the CMS but I did not see how to store raw data which I need to
extract?
Lets assume the data was a JPG and I created signature from the MD (SHA1)
how can I get the JPG use it and validate it. I looked at the PKCS7 and no
mention of adding
objects.
Any example is best to learn assuming
Hi,
Can I do CRL checking by adding both the base and delta CRLs with
X509_STORE_add_crl() or should I construct a complete CRL with the base and
delta CRLs and then add it to the store?
Thanks,
-binlu
Hello,
I have some code which I am using to generate a CSR and some code which I
am using to generate a cert using my cert authority.
If I view the CSR, I can see that my alt names were added correctly. If I
view the cert itself, the altnames are not there. I had kind of thought
that if I had a
First poster:
We are currently analyzing and understanding the security strength of
the openSSL internal implementation to certify the products.
In version 0.9.8d, TLSv1.0 alone is supported. Can you please answer
the following or provide me with the documentation reference
1. Does
From: owner-openssl-us...@openssl.org On Behalf Of redpath
Sent: Wednesday, 24 April, 2013 18:10
I saw the CMS but I did not see how to store raw data which I need to
extract?
Lets assume the data was a JPG and I created signature from
the MD (SHA1)
how can I get the JPG use it and
On Wed, Apr 24, 2013 at 10:35:04PM -0400, Dave Thompson wrote:
I am assuming RSA though I would like to do ECDSA.
These APIs will use any privatekey for which a signature
scheme is available; that's RSA DSA ECDSA (or pedantically
EC; openssl uses the same EC_KEY struct for ECDSA and
23 matches
Mail list logo
