Re: [openssl-users] DSA2048 support in openssl-fips-2.0.14.

2017-10-21 Thread Manjunath SM
2nd try, Thx Manju On 17 Oct 2017 3:16 pm, "Manjunath SM" wrote: Hi All, Am using openssl-fips-2.0.14 at server side on top of openssl1.0.2K. Server is operating in FIPS mode(fips mode enabled thru FIPS_mode_set). Created DSA2048 host key at server which is running in

Re: [openssl-users] Failed to access LDAP server when a valid certificate is at .1+

2017-10-21 Thread Viktor Dukhovni
On Oct 21, 2017, at 11:20 AM, Misaki Miyashita wrote: > We encountered a problem using OpenLDAP with OpenSSL when there were more > than one certificate with the same subject. > > Does OpenSSL stop searching for a valid certificate when it finds a > certificate

[openssl-users] Failed to access LDAP server when a valid certificate is at .1+

2017-10-21 Thread Misaki Miyashita
Hi, We encountered a problem using OpenLDAP with OpenSSL when there were more than one certificate with the same subject. In our test setup, there were three self-signed certificates with the same subject, two of which were expired and one was valid. When the valid certificate is at .0,

Re: [openssl-users] Generating CSR based on an x25519 public key

2017-10-21 Thread Salz, Rich via openssl-users
They are NOT using a 25519 certificate; it says “key exchange” From: Codarren Velvindron Date: Saturday, October 21, 2017 at 9:38 AM To: Rich Salz , openssl-users Subject: Re: [openssl-users] Generating CSR based on an x25519

Re: [openssl-users] Generating CSR based on an x25519 public key

2017-10-21 Thread Jeffrey Walton
On Sat, Oct 21, 2017 at 9:38 AM, Codarren Velvindron wrote: > https://tls13.crypto.mozilla.org is using : The connection to this site is > encrypted and authenticated using a strong protocol (TLS 1.3), a strong key > exchange (X25519), and a strong cipher (AES_128_GCM).

Re: [openssl-users] Generating CSR based on an x25519 public key

2017-10-21 Thread Codarren Velvindron
https://tls13.crypto.mozilla.org is using : The connection to this site is encrypted and authenticated using a strong protocol (TLS 1.3), a strong key exchange (X25519), and a strong cipher (AES_128_GCM). Using openssl standard tools is it possible to generate a CSR through Ed25519 ? --

Re: [openssl-users] Generating CSR based on an x25519 public key

2017-10-21 Thread Salz, Rich via openssl-users
* How would we be able to achieve this? I have read somewhere on a 2016 mail in the archives that it is an "encrypt-only" algorithm and that is not possible. X25519 is a key-exchange-only algorithm. Ed25519 is a signing algorithm. Unlike classic RSA, the signing and the key exchange are

[openssl-users] Generating CSR based on an x25519 public key

2017-10-21 Thread Codarren Velvindron
Errata: I meant private key -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Generating CSR based on an x25519 public key

2017-10-21 Thread Codarren Velvindron
Hello, How would we be able to achieve this? I have read somewhere on a 2016 mail in the archives that it is an "encrypt-only" algorithm and that is not possible. But I have found many sites on let's encrypt already using this. Does anyone know how to do this? Thanks, Codarren --