[openssl-users] Supported cipher suites

Hi All, Do we have the exact list of cipher suites supported by default in openssl for each of the below in 1.1.0g version of openSSL. TLS 1.0 TLS 1.1 TLS 1.2 DTLS 1.0 DTLS 1.2 Thanks, Grace -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Compiling OpenSSL 1.0.2l static library with FIPS -2.0.16 on Windows

* FYI, I came up with following manual solution to correctly build 1.0.2l static library with FIPS - 2.0.16 on Windows, using Visual Studio 2015. This seems to work, and I no longer need to carry run time DLLs along with the application. I feel this should be an acceptable solution. Does

Re: [openssl-users] Building OpenSSL for Intel Xeon Phi

Thank for your answer, it is very helpful: I build OpenSSL with a Linux installed on the virtual box. I think it's much easier than looking for solutions on a Windows. best regards, Alexander. -- Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html -- openssl-users mailing list

Re: [openssl-users] Verifying a timestamp signed using a cert issued by a sub CA (intermediate)

> On Nov 14, 2017, at 2:30 AM, Marcus Lundblad > wrote: > > I'm trying to verify a timestamp that was signed using a signer > certificate that has been issued by an intermediate CA. > I'm only able to verify when specifying the intermediate CA certificate > as

Re: [openssl-users] Deactivation of client renegotiation particularily in OpenSSL 1.1.0

On 14/11/17 09:40, marcus.schafheu...@gmx.de wrote: > Hello, >   > I am referring to the DoS via repeated SSL session renegotiations > (http://kalilinuxtutorials.com/thc-ssl-dos/). >   > Prior to OpenSSL 1.1.0 the approach to deactivate client renegotiation > was to set the corresponding flag

Re: [openssl-users] Compiling OpenSSL 1.0.2l static library with FIPS -2.0.16 on Windows

FYI, I came up with following manual solution to correctly build 1.0.2l static library with FIPS - 2.0.16 on Windows, using Visual Studio 2015. This seems towork, and I no longer need to carry run time DLLs along with the application. I feel this should be an acceptable solution. Does anyone

Re: [openssl-users] Building OpenSSL for Intel Xeon Phi

Hi, On 14/11/17 10:25, Richard Levitte wrote: From the look of that PNG, you're building in a native Windows environment. The ony configs available in the main source are for Visual C, and are configured like this: perl Configure --prefix=D:\openssl\bin shared VC-WIN64A If you meant to

Re: [openssl-users] Verifying a timestamp signed using a cert issued by a sub CA (intermediate)

Hi Marcus, Try giving -CAfile a concatenated file with both CA certificates inside. hulk:/tmp $ cat DSS* > chain.pem hulk:/tmp $ openssl ts -verify -in /tmp/out10.tsp -queryfile /tmp/out10.tsq -CAfile chain.pem Verification: OK Cheers, -Dave > On Nov 14, 2017, at 02:30, Marcus Lundblad

Re: [openssl-users] API SSL_Connect fails and always returns SSL_ERROR_WANT_READ causes infinite loop in application

On 14/11/17 10:44, mahesh gs wrote: > case SSL_ERROR_SYSCALL: > > if (EWOULDBLOCK == errno || EAGAIN == errno) > { >   /* Nothing to do, retry to connect again */ > } This doesn't look right. If SSL_connect() fails due to an NBIO event then you should get SSL_ERROR_WANT_READ or

Re: [openssl-users] API SSL_Connect fails and always returns SSL_ERROR_WANT_READ causes infinite loop in application

Hi, As per the suggestion from openssl documentation whenever the SSL API returns SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE, The calling process then must repeat the call after taking appropriate action to satisfy the needs of SSL_connect(). I am copying the code bits here, do { /* Clear

Re: [openssl-users] API SSL_Connect fails and always returns SSL_ERROR_WANT_READ causes infinite loop in application

On 14 Nov 2017, at 12:00 PM, mahesh gs wrote: > We have application that provide DTLS security for SCTP connections. During > our testing we found that API "SSL_connect " fail and always returns > SSL_ERROR_WANT_READ which causes infinite loop in the application. Are you

[openssl-users] API SSL_Connect fails and always returns SSL_ERROR_WANT_READ causes infinite loop in application

Hi All, We have application that provide DTLS security for SCTP connections. During our testing we found that API "*SSL_connect* " fail and always returns SSL_ERROR_WANT_READ which causes infinite loop in the application. Scenario: 1) On Server side "Client Certificate Request" is enabled by

[openssl-users] Deactivation of client renegotiation particularily in OpenSSL 1.1.0

Hello,   I am referring to the DoS via repeated SSL session renegotiations (http://kalilinuxtutorials.com/thc-ssl-dos/).   Prior to OpenSSL 1.1.0 the approach to deactivate client renegotiation was to set the corresponding flag via a callback function, e.g. : --- SSL *connection; ...

Re: [openssl-users] Building OpenSSL for Intel Xeon Phi

>From the look of that PNG, you're building in a native Windows environment. The ony configs available in the main source are for Visual C, and are configured like this: perl Configure --prefix=D:\openssl\bin shared VC-WIN64A If you meant to cross compile for a Linux, I do not have an