Re: [openssl-users] A question DH parameter generation and usage

2017-12-06 Thread Jakob Bohm
On 06/12/2017 20:25, Michael Wojcik wrote: From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Viktor Dukhovni Sent: Wednesday, December 06, 2017 13:21 On Dec 6, 2017, at 8:51 AM, Michael Wojcik wrote: Note: If you use OpenSSL 1.0.x

Re: [openssl-users] ECC ciphers in OpenSSL and Citricom Patent/License terms

2017-12-06 Thread Jakob Bohm
On 06/12/2017 14:51, Michael Wojcik wrote: This probably should just have gone to openssl-users. Please don't copy every question to openssl-dev. From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Jayalakshmi bhat Sent: Wednesday, December 06, 2017 01:07 Does it mean

Re: [openssl-users] VS2017 15.5 hangs indefinitely with Blake2b.c

2017-12-06 Thread Oliver Niebuhr
Morning. Yeah my fault. I mixed up CL and Link Version Numbers: Link Version is 14.12.25830.2 and CL Version 19.12.25830.2 but Compiler Tool Set Version is 14.12 You have to love their Versioning Scheme ;) BTW: It turned out that the VS SSA-Optimizer is at fault here! After disabling it with

Re: [openssl-users] Disable SSL_ERROR_WANT_READ / WRITE ?

2017-12-06 Thread Salz, Rich via openssl-users
➢Or at least that used to be the case. TLSv1.3 got rid of renegotiation, so if you have a TLSv1.3 connection, it will never renegotiate. But it could ask for a certificate, which would trigger SSL_WANT_WRITE -- openssl-users mailing list To unsubscribe:

Re: [openssl-users] A question DH parameter generation and usage

2017-12-06 Thread Michael Wojcik
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf > Of Viktor Dukhovni > Sent: Wednesday, December 06, 2017 13:21 > > > On Dec 6, 2017, at 8:51 AM, Michael Wojcik > wrote: > > > > > > Note: If you use OpenSSL 1.0.x and you use the DH

Re: [openssl-users] Disable SSL_ERROR_WANT_READ / WRITE ?

2017-12-06 Thread Michael Wojcik
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of > pratyush parimal > Sent: Wednesday, December 06, 2017 12:55 > But what I don't understand is, why does the library need to re-do the > handshake? I don't wish to sound rude, but this is answered right in the

Re: [openssl-users] A question DH parameter generation and usage

2017-12-06 Thread Viktor Dukhovni
> On Dec 6, 2017, at 8:51 AM, Michael Wojcik > wrote: > > > Note: If you use OpenSSL 1.0.x and you use the DH parameter callback, be > aware that the callback isn't invoked in a useful manner by OpenSSL. (It > always asks for a 1024-bit group, unless an

Re: [openssl-users] [openssl-dev] A question DH parameter generation and usage

2017-12-06 Thread Jayalakshmi bhat
Hi Rich, Thanks for the reply. We are planning to use DHE_RSA based ciphers. Regards Jaya On Wed, Dec 6, 2017 at 7:20 PM, Salz, Rich via openssl-users < openssl-users@openssl.org> wrote: > You can re-use the keys, but then you get no forward secrecy, and sessions > generated with one

Re: [openssl-users] [openssl-dev] A question DH parameter generation and usage

2017-12-06 Thread Jayalakshmi bhat
Hi Michael, Thanks for very detailed answers. This will surely help me to investigate further. Regards Jaya On Wed, Dec 6, 2017 at 7:37 PM, Michael Wojcik < michael.woj...@microfocus.com> wrote: > > From: openssl-users [mailto:openssl-users-boun...@openssl.org] On > Behalf Of Salz, Rich via

[openssl-users] Disable SSL_ERROR_WANT_READ / WRITE ?

2017-12-06 Thread pratyush parimal
Hi all, I see a lot of questions and answers about how to handle SSL_ERROR_WANT_READ / WRITE during SSL_read/write, and I understand that the error is returned when the SSL library needs to do a handshake in the middle of read/write operation, so we need to repeat the call when the appropriate

Re: [openssl-users] ECC ciphers in OpenSSL and Citricom Patent/License terms

2017-12-06 Thread Jayalakshmi bhat
Hi Michael Thanks for the input. Regards Jaya On Wed, Dec 6, 2017 at 7:21 PM, Michael Wojcik < michael.woj...@microfocus.com> wrote: > This probably should just have gone to openssl-users. Please don't copy > every question to openssl-dev. > > > From: openssl-users

Re: [openssl-users] [openssl-dev] A question DH parameter generation and usage

2017-12-06 Thread Michael Wojcik
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of > Salz, Rich via openssl-users > Sent: Wednesday, December 06, 2017 08:50 > You can re-use the keys, but then you get no forward secrecy, and sessions > generated with one connection are > vulnerable to another. If

Re: [openssl-users] VS2017 15.5 hangs indefinitely with Blake2b.c

2017-12-06 Thread Michael Wojcik
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf > Of Oliver Niebuhr > Sent: Wednesday, December 06, 2017 08:43 > > Like mentioned below, I updated the VS 2017 Compiler to 14.12 - but it > also happens with 14.11. I don't know where those version numbers come from

Re: [openssl-users] ECC ciphers in OpenSSL and Citricom Patent/License terms

2017-12-06 Thread Michael Wojcik
This probably should just have gone to openssl-users. Please don't copy every question to openssl-dev. > From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of > Jayalakshmi bhat > Sent: Wednesday, December 06, 2017 01:07 > Does it mean to use ECC ciphers from OpenSSL does

Re: [openssl-users] A question DH parameter generation and usage

2017-12-06 Thread Michael Wojcik
For TLSv1.3, servers are no longer allowed to specify arbitrary DH groups (for finite-field or EC DH). They must use one of the named groups. So for 1.3, there's no point in generating your own groups; conforming implementations can't use them. For finite-field DH, those are the groups

Re: [openssl-users] [openssl-dev] A question DH parameter generation and usage

2017-12-06 Thread Salz, Rich via openssl-users
You can re-use the keys, but then you get no forward secrecy, and sessions generated with one connection are vulnerable to another. Why are you using DH? Unless you have compelling reasons (interop with legacy), you really should use ECDHE. -- openssl-users mailing list To unsubscribe:

Re: [openssl-users] VS2017 15.5 hangs indefinitely with Blake2b.c

2017-12-06 Thread Oliver Niebuhr
Hi. Like mentioned below, I updated the VS 2017 Compiler to 14.12 - but it also happens with 14.11. Problem is: There is No Error Message of any kind - CL.exe keeps running (well more or less) indefinitely. It simply stops working. It really seems like a Compiler Bug. But I am too OpenSSL

Re: [openssl-users] VS2017 15.5 hangs indefinitely with Blake2b.c

2017-12-06 Thread Matt Caswell
On 06/12/17 08:24, Oliver Niebuhr wrote: > Hello. > > I am not sure if it is a VS Compiler Bug or a Bug in OpenSSL. > > When the Compiler reaches 'Blake2b.c', it creates the 'Blake2b.obj' and > then hangs indefinitely. > > CPU usage for CL stays at 27-28 Percent. Used RAM stays at 34-35

Re: [openssl-users] A question DH parameter generation and usage

2017-12-06 Thread Jayalakshmi bhat
Hi Jakob and Paul, Thank you so much for the reply. We have the RSA certificates. I wanted to understand how generally DH parameters are generated. Thanks for the detailed answers. Regards Jayalakshmi On Wed, Dec 6, 2017 at 12:48 AM, Jakob Bohm wrote: > On 06/12/2017

[openssl-users] VS2017 15.5 hangs indefinitely with Blake2b.c

2017-12-06 Thread Oliver Niebuhr
Hello. I am not sure if it is a VS Compiler Bug or a Bug in OpenSSL. When the Compiler reaches 'Blake2b.c', it creates the 'Blake2b.obj' and then hangs indefinitely. CPU usage for CL stays at 27-28 Percent. Used RAM stays at 34-35 Megabyte. OpenSSL Version: 1.1.0 Git up2date, Static and