Thanks for the reply.
I am currently resetting the below flag by resetting using
SSL_CTX_clear_options(). Still the handshake fails.
SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
Any inputs ?
On Wed, Jun 4, 2014 at 6:57 PM, Salz, Rich rs...@akamai.com wrote:
Ø Can you please elaborate?
Ø
You must ensure that the option is set, not cleared.
-Kyle H
On Wed, Jun 4, 2014 at 11:37 PM, Mithun Kumar mithunsi...@gmail.com wrote:
Thanks for the reply.
I am currently resetting the below flag by resetting using
SSL_CTX_clear_options(). Still the handshake fails.
Hi,
I'm getting the following error when using SSL_Connect on a non-blocking
socket. I've included some debug output that shows POLLOUT was set after
the socket successfully connected. SSL_Connect then returns
SSL_ERROR_WANT_READ, so the program waits for a POLLIN to be set at
which point it
On Wed, Jun 4, 2014 at 4:49 PM, Viktor Dukhovni openssl-us...@dukhovni.org
wrote:
Sounds like the requested feature is already implemented. That's some
fast work. :-)
Indeed, it is some fast work. That's all that about the itching feature,
low priority, and many years...
--
Hi Steve,
That is exactly what I needed. I've just tried it out with
OpenSSL-1.0.2-beta1 and it works perfectly.
Do you have any ETA on when the 1.0.2 will be released?
Thank you!
On Wed, Jun 4, 2014 at 4:29 PM, Dr. Stephen Henson st...@openssl.org
wrote:
On Wed, Jun 04, 2014, DEXTER wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [05 Jun 2014]
SSL/TLS MITM vulnerability (CVE-2014-0224)
===
An attacker using a carefully crafted handshake can force the use of weak
Hi All,
I am trying to decrypt emails using openssl.
I am getting smime.p7m file from the server. But it is in DER format.
I can decrypt this file using command prompt, with the command
openssl smime -decrypt -in openssl_working_smime.p7m -inform DER
-inkey mycert.pem dec_mail.eml
But now I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [05 Jun 2014]
Resend: first version contained characters which could cause signature failure.
SSL/TLS MITM vulnerability (CVE-2014-0224)
===
It must therefore be that the *other side* is trying to do unsafe
renegotiation. Someone posted a note about PostGres issues, IIRC.
/r$
--
Principal Security Engineer
Akamai Technologies, Cambridge, MA
IM: rs...@jabber.memailto:rs...@jabber.me; Twitter: RichSalz
Hi,
To load a DER-encoded PKCS7 structure from the file you have to
use d2i_PKCS7_bio() function.
2014-06-05 15:51 GMT+04:00 Yash Dosi yashd...@gmail.com:
Hi All,
I am trying to decrypt emails using openssl.
I am getting smime.p7m file from the server. But it is in DER format.
I can
Hello,
I have implemented an SSL server on the ecos platform and it seems to be
working well however I am a tiny bit unclear about the requirements around
whether or not calls to SSL_read and SSL_write need to be syncrhonized and I
want to avoid doing something incorrect. The specific question
Please ignore. Turned out another library I was linking against had a
function called MD5_Final and the linker was using this one instead of
OpenSSL's.
On 6/4/2014 4:12 PM, Brandon W Yuille wrote:
Hi,
I'm getting the following error when using SSL_Connect on a non-blocking
socket. I've
hello karan,
i am built wcecompat but when i try to compile openssl i can not compiled
it. so can you gave me the steps for compiling openssl. and if you don't
mind then gave me the step to compile wcecompat as well so i check my
compiled libs have any problem or not. so please help me out
In 0.9.8za at least, there is a missing directive to include limits.h.
Without it, compilation fails on SPARC Solaris 10 with INT_MAXbeing
undefined on line 536, which looks like:
OPENSSL_assert(s-s3-wnum INT_MAX);
It appears that 1.0.0m has the same problem. I haven't looked at
1.0.1h as
Hi Steve,
That’s quite a few in one go - is this due to greater testing of OpenSSL and
more scrutiny of the code by the community?
Of the flaws listed, which is the one of most concern?
This kind of begs the question what to do with all those embedded systems that
run older versions of
I am developing an application similar to a VPN which uses OpenSSL for DTLS
and am trying to sort out path MTU discovery. The first issue I am having
is that the man pages for SSL_write and SSL_read provide the following
warning:
When an SSL_write() [or SSL_read()] operation has to be repeated
CVE-2014-0224 looks like an interesting issue
(https://www.openssl.org/news/secadv_20140605.txt):
An attacker using a carefully crafted handshake
can force the use of weak keying material in
OpenSSL SSL/TLS clients and servers. This can
be exploited by a Man-in-the-middle (MITM)
Can anyone explain the vulnerability?
A handful of links
Here's the timeline, a public document:
https://plus.google.com/u/0/+MarkJCox/posts/L8i6PSsKJKs
And this blog entry from the guy who found the bug. BTW, it's 16 years old.
CVE-2014-0195 is a buffer overflow
(https://www.openssl.org/news/secadv_20140605.txt):
A buffer overrun attack can be triggered
by sending invalid DTLS fragments to an
OpenSSL DTLS client or server. This is
potentially exploitable to run arbitrary code
on a vulnerable client
I am also quite curious.
Also, how long has this exploit been around, and could hackers have
exploited this already?
2014-06-05 22:46 GMT+02:00 Jeffrey Walton noloa...@gmail.com:
CVE-2014-0224 looks like an interesting issue
(https://www.openssl.org/news/secadv_20140605.txt):
An
Openssl-0.9.8za will not build in FIPS mode. The openssl-fips-1.2(.4) seems to
be missing the symbol BN_consttime_swap.
Woody
Gatewood C Green Jr (Woody)
Principal Software Engineer, Product Security Champion
SIEM Engineering
McAfee. Part of Intel Security.
Direct: 208.552.8269
Mobile:
On Thu, Jun 5, 2014 at 4:49 PM, Salz, Rich rs...@akamai.com wrote:
Can anyone explain the vulnerability?
A handful of links
Here's the timeline, a public document:
https://plus.google.com/u/0/+MarkJCox/posts/L8i6PSsKJKs
And this blog entry from the guy who found the bug. BTW, it's
Does that mean this RCE is a heap based overflow?
I/O buffers in openssl are generally (always?) from the heap, not on the stack.
So yes in general, and yes in this specific case.
/r$
--
Principal Security Engineer
Akamai Technologies, Cambridge, MA
IM: rs...@jabber.me; Twitter:
I've also added these into the wiki at
http://wiki.openssl.org/index.php/SECADV_20140605 - so that others
looking back through the issues can find a handy reference to the
additional information from various locations - the link at
http://wiki.openssl.org/index.php/Security_Advisories basically
Thanks for the info!
I looked at the demos programs in the given link
http://git.openssl.org/gitweb/?p=openssl.git;a=blob;f=demos/evp/aesgcm.c;h=324d8a55b1481c507c7754fa7f33c30a02bdb737;hb=HEAD
.
I have a question in encrypt:
...
/* Finalise: note get no output for GCM */
63
On Tue, May 27, 2014 at 3:00 AM, Anant Rao a...@noknok.com wrote:
Hi,
I have ciphertext encrypted in Java (using BouncyCastle - BC) with
AES/GCM/NoPadding cipher.
When I tried to decrypt it using OpenSSL in a 'c' program, the last call
'EVP_DecryptFinal_ex' fails. Somehow,
26 matches
Mail list logo
