Is it possible to check Key/IV update feature via these tools?
Thanks!
2018-05-23 20:33 GMT+08:00 Matt Caswell :
>
>
> On 23/05/18 12:39, John Jiang wrote:
> > Hi,
> > If just using s_server and s_client, can I test the TLS 1.3 features,
> > likes HelloRetryRequest and resumption?
>
> Yes.
>
>
I will look into the wireshark trace
Here is the output with the debug option
CONNECTED(0003)
write to 0x55f11344dea0 [0x55f11345f100] (176 bytes => 176 (0xB0))
- 16 03 01 00 ab 01 00 00-a7 03 03 8c 1a 33 4f 8e .3O.
0010 - fb e3 3f 51 82 36 ae 38-5e 86 3c af d2 82 0f d9
On 07/06/18 17:57, wazzu62 wrote:
> When I run the following command on the server the reverse proxy is pointing
> to I get a similar error
> *openssl s_client -connect localhost:443*
> CONNECTED(0003)
> 140508314333632:error:1408F10B:SSL routines:ssl3_get_record:wrong version
>
> Of course people have been harvesting entropy, or trying to, from network
> sources for decades. There's a famous paragraph regarding it in RFC 4086,
> which is an expanded version of a similar statement from RFC 1750 (1994):
>
> Other external events, such as network packet arrival times
I'm reading the TLSv1.3 notes that suggest SSL_CTX_sess_set_get_cb is
called for both clients and servers, but am confused by the
documentation.
The 1.1.1 manual page still starts 'provide callback functions for
server side external session caching' with no mention of clients.
I'm updating
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
> Of wazzu62
> Sent: Thursday, June 07, 2018 10:57
> Attempts to connect to the reverse proxy endpoint via a browser generate
> the following error in the apache log file
By "the apache log file", you mean the log for the
I will preface this with the fact I am not an ssl expert.
I am trying to resolve an issue I am having with apache and a reverse proxy
that I think is ssl related.
Attempts to connect to the reverse proxy endpoint via a browser generate the
following error in the apache log file
[Tue May 29
On 07/06/18 16:02, Jordan Brown wrote:
> I do not understand, however, how the 80 relates to a 1024-bit limit.
It's a measure of the "security bits" of an algorithm according to table
2 in this doc:
https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-57pt1r4.pdf
Matt
--
On 6/6/2018 11:22 PM, Sanjaya Joshi wrote:
> >>Current OpenSSL isn't willing to connect to a server using a DH key size
> below 1024 bits.
> Yes, i have verified this. However, not sure, how my OpenSSL-based
> client can do this, as our requirement is that we must not use DH key
> size below 2048
Hi Clint
its been awhile since I built on 11i, have you tried :
http://hpux.connect.org.uk/hppd/hpux/Development/Libraries/openssl-1.0.2j/
http://hpux.connect.org.uk/hppd/hpux/Development/Libraries/
???
They appear to have build notes here :
Hi!
Since I can’t find any current pre-build versions of OpenSSL for this platform,
I am trying to build OpenSSL 1.1.0h with GCC 4.6.1 on HPUX 11.0.
I’ve tried a basic ./config approach but that appears to select
hpux-parisc1_1-gcc when I want PARISC2.
I tried building it, but had problems
Hi!
Since I can’t find any current pre-build versions of OpenSSL for this platform,
I am trying to build OpenSSL 1.1.0h with GCC 4.6.1 on HPUX 11.0.
I’ve tried a basic ./config approach but that appears to select
hpux-parisc1_1-gcc when I want PARISC2.
I tried building it, but had problems
On 07/06/18 04:10, Viktor Dukhovni wrote:
>
>
>> On Jun 6, 2018, at 7:15 PM, Salz, Rich via openssl-users
>> wrote:
>>
>> Without commenting on whether or not your understanding is correct (the
>> client gets the params and can see how big the key is, no?), I will point
>> out that the way
Hello,
I have golang based openssl server with FIPS mode set. I am using Openssl
library build with fips module 2.0.
With Openssl 1.0.1u version, everything was running fine.
Recently I upgraded to version 1.0.2o. With this version, under high
traffic condition (more than 4k requests per minute),
Hello,
Thank you all for your responses. I forgot to mention that we are on
OpenSSL 1.1.0 and TLS 1.2.
I have some more queries though.
>>Current OpenSSL isn't willing to connect to a server using a DH key size
below 1024 bits.
Yes, i have verified this. However, not sure, how my OpenSSL-based
15 matches
Mail list logo