Hi Rich,
Can you please elaborate?
-Thanks
On Tue, Jun 3, 2014 at 6:47 PM, Salz, Rich rs...@akamai.com wrote:
Ø 2014-06-03 07:12:05 EDT LOG: SSL error: unsafe legacy renegotiation
disabled
Somebody has an outdated implementation that doesn’t do secure
renegotiation. Google search.
Folks,
What is the right syntax in IdentityFIle to specify a specific PKCS#11 provider
or, even better, a
specific slot or key ?
I am failing to trigger below code :) i.e. getting key populated right.
Thanks,
Dw.
/* Prefer PKCS11 keys that are explicitly listed */
Op 4 jun. 2014, om 10:41 heeft Dirk-Willem van Gulik di...@webweaving.org het
volgende geschreven:
What is the right syntax in IdentityFIle to specify a specific PKCS#11
provider or, even better, a
specific slot or key ?
I am failing to trigger below code :) i.e. getting key populated
Well, that's not how it works. Normally when OpenSSL returns with
something like WANT_READ or WANT_WRITE, it is possible to later
determine whether the preconditions for moving forward are satisfied.
In this case you're asking OpenSSL to just wait for nothing in
particular. That feature
Hi All,
I am trying to cross compile OpenSSL FIPS module for linux-mips architecture
(there is no direct support for the same).
On building my test application using fipsld,
$CC fips_mode.c -o fips_mode.exe -L ../openssl-1.0.1e -ldl -lcrypto
where CC = ../fips/bin/fipsld
I get the error
Hi All,
I am trying to cross compile OpenSSL FIPS module for linux-mips architecture
(there is no direct support for the same).
On building my test application using fipsld,
$CC fips_mode.c -o fips_mode.exe -L ../openssl-1.0.1e -ldl -lcrypto
where CC = ../fips/bin/fipsld
I get the error :
Ø Can you please elaborate?
Ø
One side of your connection, and it could be either the client or the server,
is doing the old-style (OpenSSL calls it LEGACY) renegotiation and the other
side is rejecting it. One use for renegotiation is to get a client cert, for
example. For information
On Wed, Jun 04, 2014 at 12:04:14PM +0200, DEXTER wrote:
In this case you're asking OpenSSL to just wait for nothing in
particular. That feature does not exist.
That's the problem. I'm asking kindly the devs of openssl to make this
feature exist.
Now that Openssl has two full time
You could try the OpenSSL RT. I would suspect that such a feature would be
relatively low on the priority list.
Especially because OpenSSL's programming model is to use threads, not events.
/r$
--
Principal Security Engineer
Akamai Technologies, Cambridge, MA
IM: rs...@jabber.me;
On Wed, Jun 04, 2014 at 10:03:34AM -0400, Salz, Rich wrote:
You could try the OpenSSL RT. I would suspect that such a feature would be
relatively low on the priority list.
Especially because OpenSSL's programming model is to use threads, not events.
It supports both, in fact given the
On Wed, Jun 04, 2014, DEXTER wrote:
Well, that's not how it works. Normally when OpenSSL returns with
something like WANT_READ or WANT_WRITE, it is possible to later
determine whether the preconditions for moving forward are satisfied.
In this case you're asking OpenSSL to just wait
On Wed, Jun 04, 2014 at 04:29:19PM +0200, Dr. Stephen Henson wrote:
In the server case the callback is called when the server certificate is
required. It has a feature where the callback can return -1 and this then sets
a special state SSL_ERROR_WANT_X509_LOOKUP and you can retry in the same
It supports both, yet lots of complicated work to create a full event system.
Well, okay :)
As opposed to have the SNI callback block on a mutex while some other thread
wakes up and does whatever work is needed.
/r$
--
Principal Security Engineer
Akamai Technologies, Cambridge, MA
Hello,
SSL renegotiation is error prone in PostgreSQL version 9.3 and below.
You can either upgrade your PostgreSQL server or as a work around ,if
network security is not your major concern SSL renegotiation parameter can
be switched off to avoid connection lost errors due to SSL renegotiation.
Hi there,
I am working on a TLS server at present, but am having problems with
handshaking on occasion.
The setup:
* My TLS server sets up a TLS context, and three BIOs; an SSL bio, and
a BIO pair (application and socket).
* A remote party attempts to start a TLS handshake
Hi there,
I am looking into building OpenSSL for CE8.0 (Compact 2013).
Has anyone done this before and succeeded? I also wonder if it is still
necessary to build wceompat and how to get that to build for my CE8.0 SDK.
These are the errors I get when trying to build wcecompat. Has anyone a
clue
Hello,
I am currently porting it (again): V102 on WCE5/WM6.
For your information, you can check my previous V100a port on WCE5/WM6
here :
http://delaage.pierre.free.fr.
I use the free EVC4 and SDK 420.
and check this thread about my port of a V102 snap in 2012 :
17 matches
Mail list logo