Re: [openssl-users] Considering C# OpenSSL openssl-net-master

2017-07-26 Thread J. J. Farrell
On 26/07/2017 20:58, Jakob Bohm wrote: On 25/07/2017 19:00, Salz, Rich via openssl-users wrote: If you want to use those ciphers, you need to set SECLEVEL=0 when you specify the ciphers. When did TLS_RSA_WITH_AES_128_CBC_SHA256 and higher become "low security"? It looks like the client is

Re: [openssl-users] Considering C# OpenSSL openssl-net-master

2017-07-26 Thread Jakob Bohm
On 25/07/2017 19:00, Salz, Rich via openssl-users wrote: If you want to use those ciphers, you need to set SECLEVEL=0 when you specify the ciphers. I have no idea how to do that for the OpoenSSL C# binding. Maybe post an issue on openssl-net? When did TLS_RSA_WITH_AES_128_CBC_SHA256

Re: [openssl-users] private key difference: openssl genrsa vs opnessl req newkey

2017-07-26 Thread Michele Mase'
Tx. So, what should be the command line to use in order to obtain the same key? openssl genrsa openssl req -nodes -newkey rsa:2048 some_extra_parameters Michele MAsè On Wed, Jul 26, 2017 at 6:29 PM, Benjamin Kaduk wrote: > On 07/26/2017 10:13 AM, Michele Mase'

Re: [openssl-users] private key difference: openssl genrsa vs opnessl req newkey

2017-07-26 Thread Benjamin Kaduk via openssl-users
On 07/26/2017 10:13 AM, Michele Mase' wrote: > During the generation of x509 certificates, both commands give the > same results: > > Command "a": openssl req -nodes -newkey rsa:2048 -keyout example.key > -out example.csr -subj "/C=GB/ST=London/L=London/O=Global > Security/OU=IT

[openssl-users] private key difference: openssl genrsa vs opnessl req newkey

2017-07-26 Thread Michele Mase'
During the generation of x509 certificates, both commands give the same results: Command "a": openssl req -nodes -newkey rsa:2048 -keyout example.key -out example.csr -subj "/C=GB/ST=London/L=London/O=Global Security/OU=IT Department/CN=example.com" Command "b": openssl genrsa -out example.key

[openssl-users] C# OpenSSL openssl-net-master - OpenSSL Server malfunction

2017-07-26 Thread Hegazi, Amr
Hello *, Even if no one know what to do, has anyone ever used OpenSSL Server? and if so, is there any configuration parameters that I should take care of in case of OpenSSL Server? I hope to hear positive response from you guys. Best Regards, Amr From: Hegazi, Amr Sent: Tuesday, July 25,

Re: [openssl-users] Security of DH in TLS

2017-07-26 Thread Paul Yang
No idea on OpenVPN, I guess you could ask them directly : ) > On 26 Jul 2017, at 18:38, SaAtomic wrote: > > > Thank you for the elaboration and the link. > One more follow-up question :) > > With OpenVPN, when I configure a TLS cipher suite like >

Re: [openssl-users] Security of DH in TLS

2017-07-26 Thread SaAtomic
Thank you for the elaboration and the link. One more follow-up question :) With OpenVPN, when I configure a TLS cipher suite like `TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256`, I never manually created an ECC private key. You mentioned that this is required for such cipher suites. Does in this

Re: [openssl-users] Security of DH in TLS

2017-07-26 Thread Paul Yang
> On 26 Jul 2017, at 16:21, SaAtomic wrote: > > The subject is much clearer to me now, thank you. > > The EC key you mentioned is not created manually, correct? > This key is a result of ECC, which is done by OpenSSL. > > So if I set up a server offering TLS connections

Re: [openssl-users] Security of DH in TLS

2017-07-26 Thread SaAtomic
The subject is much clearer to me now, thank you. The EC key you mentioned is not created manually, correct? This key is a result of ECC, which is done by OpenSSL. So if I set up a server offering TLS connections and only offer ECDH/ECDHE, no additional data has to be generated manually,

Re: [openssl-users] Security of DH in TLS

2017-07-26 Thread Paul Yang
> On 26 Jul 2017, at 15:56, SaAtomic wrote: > > Thanks for the reply. > I'm still not sure I understand this correctly. > > So the length of modulus is the essential part, determining the security of > the DH, right? Mostly. > With ECC, this is defined by the used

Re: [openssl-users] Security of DH in TLS

2017-07-26 Thread SaAtomic
Thanks for the reply. I'm still not sure I understand this correctly. So the length of modulus is the essential part, determining the security of the DH, right? With ECC, this is defined by the used curves. Without ECC, this is determined by the DH parameters (from the .pem file I mentioned).

Re: [openssl-users] Security of DH in TLS

2017-07-26 Thread Paul Yang
The ‘key size’ concept is usually referred to the length of modulus. (In public key crypto area) For DH and ECDH, it (the size) ’s generated and defined in the ‘parameters’, as you pasted. Parameters are not exactly the final ‘keys’, they are the ‘materials’ to produce keys (both private ones

[openssl-users] Security of DH in TLS

2017-07-26 Thread SaAtomic
I'm trying to comprehend the security impact of the different DH implementations on TLS. The main differences between the implementations are: DHDHEECDHECDHE Where the ephemeral DH provides forward secrecy, thus provides additional security. I'm not really sure how the elliptic curves