Re: [openssl-users] Query regarding MSG_NOSIGNAL with SSL_Write

2017-04-27 Thread Viktor Dukhovni
On Thu, Apr 27, 2017 at 04:32:33PM +0100, Matt Caswell wrote: > >>> Does openssl provide any way to set MSG_NOSIGNAL on sendmsg (Underlying > >>> TCP/IP socket layer) ? > >> > >> No. You will have to modify the code yourself. > > > > Actually, it is possible to do the I/O in application code,

Re: [openssl-users] Query regarding MSG_NOSIGNAL with SSL_Write

2017-04-27 Thread Ryan Murray
Great article. Who is the author? Sent from Mail for Windows 10 From: Viktor Dukhovni Sent: Thursday, April 27, 2017 11:54 AM To: openssl-users@openssl.org Subject: Re: [openssl-users] Query regarding MSG_NOSIGNAL with SSL_Write On Thu, Apr 27, 2017 at 12:32:42PM +, Salz, Rich via

Re: [openssl-users] Query regarding MSG_NOSIGNAL with SSL_Write

2017-04-27 Thread Matt Caswell
On 27/04/17 15:53, Viktor Dukhovni wrote: > On Thu, Apr 27, 2017 at 12:32:42PM +, Salz, Rich via openssl-users wrote: > >>> Does openssl provide any way to set MSG_NOSIGNAL on sendmsg (Underlying >>> TCP/IP socket layer) ? >> >> No. You will have to modify the code yourself. > >

Re: [openssl-users] Query regarding MSG_NOSIGNAL with SSL_Write

2017-04-27 Thread Viktor Dukhovni
On Thu, Apr 27, 2017 at 12:32:42PM +, Salz, Rich via openssl-users wrote: > > Does openssl  provide any way to set MSG_NOSIGNAL on sendmsg (Underlying > > TCP/IP socket layer) ? > > No. You will have to modify the code yourself. Actually, it is possible to do the I/O in application code,

Re: [openssl-users] How many SAN entries...?

2017-04-27 Thread Blumenthal, Uri - 0553 - MITLL
It depends on the CA in question, more so on the number of the attributes that are included, and of course on the set of users. ;-) So far I assure you I've no concern for pitchforks. ;-) Regards, Uri P.S. Why do you think validating, e.g., three email addresses is any more difficult than

Re: [openssl-users] How many SAN entries...?

2017-04-27 Thread Jochen Bern
On 04/27/2017 04:09 PM, openssl-users-requ...@openssl.org digested: > From: "Blumenthal, Uri - 0553 - MITLL" > > You do not "revoke" a subset of attributes aka SAN emails. When any of > the certified attributes changes (i.e., is certification no longer valid), > the certificate

Re: [openssl-users] How many SAN entries...?

2017-04-27 Thread Blumenthal, Uri - 0553 - MITLL
You do not "revoke" a subset of attributes aka SAN emails. When any of the certified attributes changes (i.e., is certification no longer valid), the certificate is revoked and (possibly) re-issued. The process is no different than with any other set of attributes, several of which may be

Re: [openssl-users] How many SAN entries...?

2017-04-27 Thread Jochen Bern
On 04/26/2017 07:13 PM, Viktor Dukhovni was digested as writing: > On Apr 26, 2017, at 1:03 PM, Blumenthal, Uri - 0553 - MITLL > wrote: >> It?s been my understanding that a cert can contain as many SAN attributes as >> needed, >> but it appears that Apple believes it has to be

Re: [openssl-users] AES-256 Do I need random IV?

2017-04-27 Thread Yaşar Arabacı
Hello Again, Sorry, I should have explained myself better. I am using AES-256 in CBC mode. I am getting a string as a password, and using PKCS5_PBKDF2_HMAC_SHA1 function to generate 256 bit key and 128 bit IV. I was wondering if generating and IV like this is necessary, or can I just use a

Re: [openssl-users] AES-256 Do I need random IV?

2017-04-27 Thread Blumenthal, Uri - 0553 - MITLL
Classic requirement is that IV is unique per key. As theoretical crypto evolved, and attacks like Chosen Ciphertext Attack (you can make the victim to encrypt any plaintext of your choice (aka CPA), *and* *decrypt* any ciphertext of your choice) were developed, CBC could not hold against such

Re: [openssl-users] AES-256 Do I need random IV?

2017-04-27 Thread Salz, Rich via openssl-users
> For AES-256 encryption, should IV be random? I am already using a random > salt, so I was wondering if IV should be random too. It should be non-repeating. It can just be a counter. (Yes, I know OP didn't ask about AESGCM. But if they're coming here for advice ... ) -- openssl-users

Re: [openssl-users] Query regarding MSG_NOSIGNAL with SSL_Write

2017-04-27 Thread Salz, Rich via openssl-users
> Does openssl  provide any way to set MSG_NOSIGNAL on sendmsg (Underlying > TCP/IP socket layer) ? No. You will have to modify the code yourself. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] AES-256 Do I need random IV?

2017-04-27 Thread Jakob Bohm
On 27/04/2017 14:00, Yaşar Arabacı wrote: Hi, For AES-256 encryption, should IV be random? I am already using a random salt, so I was wondering if IV should be random too. Thanks in advance AES itself takes neither an IV nor a salt. AES in CBC mode takes a 128 bit IV for the CBC mode, it is

Re: [openssl-users] AES-256 Do I need random IV?

2017-04-27 Thread Hanno Böck
On Thu, 27 Apr 2017 15:00:37 +0300 Yaşar Arabacı wrote: > For AES-256 encryption, should IV be random? I am already using a > random salt, so I was wondering if IV should be random too. An IV is part of a cipher mode. AES-256 is just a block cipher. You can't use it on its

[openssl-users] AES-256 Do I need random IV?

2017-04-27 Thread Yaşar Arabacı
Hi, For AES-256 encryption, should IV be random? I am already using a random salt, so I was wondering if IV should be random too. Thanks in advance -- http://ysar.net/ -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Query regarding MSG_NOSIGNAL with SSL_Write

2017-04-27 Thread Wouter Verhelst
On 27-04-17 13:01, Wouter Verhelst wrote: > On 27-04-17 12:56, mahesh gs wrote: >> Hi, >> >> We are using Openssl for establish a secure communications for both >> TCP/SCTP connections. >> >> In our application it is possible that remote end forcefully disconnect >> the connection due to which >>

Re: [openssl-users] Query regarding MSG_NOSIGNAL with SSL_Write

2017-04-27 Thread Matt Caswell
On 27/04/17 11:56, mahesh gs wrote: > Hi, > > We are using Openssl for establish a secure communications for both > TCP/SCTP connections. > > In our application it is possible that remote end forcefully disconnect > the connection due to which > > SSL_Write raises a SIGPIPE which we want to

Re: [openssl-users] Query regarding MSG_NOSIGNAL with SSL_Write

2017-04-27 Thread Wouter Verhelst
On 27-04-17 12:56, mahesh gs wrote: > Hi, > > We are using Openssl for establish a secure communications for both > TCP/SCTP connections. > > In our application it is possible that remote end forcefully disconnect > the connection due to which > > SSL_Write raises a SIGPIPE which we want to

[openssl-users] Query regarding MSG_NOSIGNAL with SSL_Write

2017-04-27 Thread mahesh gs
Hi, We are using Openssl for establish a secure communications for both TCP/SCTP connections. In our application it is possible that remote end forcefully disconnect the connection due to which SSL_Write raises a SIGPIPE which we want to suppress. Does openssl provide any way to set