Even if session life time is proposed by server.. if client has a
configuration local configuration shouldn't we pick the minimum of what
server is configuring and what client is configured with?.
If we don't have this option in openssl should we have this change.. any
one interested to work
Hi,
I looked for "NO_UI" in the source code but did not find any
references to it. I'll take a closer look and see if I can find some
other flag, which disables the UI_METHOD function calls.
By the way, I found your code for this in eap-tls.c very helpful and
easy to follow. :) I did
You could set the default property query to "?fips=yes". This will
prefer FIPS algorithms over any others but will not prevent other
algorithms from being fetched.
Pauli
On 27/1/21 10:47 am, Zeke Evans wrote:
I understand that PKCS12 cannot be implemented in the fips provider but I'm
I understand that PKCS12 cannot be implemented in the fips provider but I'm
looking for a suitable workaround, particularly something that is close to the
same behavior as 1.0.2 with the fips 2.0 module.
In my case, the default provider is loaded but I am calling
I'm not even sure that NIST can validate the PKCS#12 KDF.
If it can't be validated, it doesn't belong in the FIPS provider.
Pauli
On 26/1/21 10:48 pm, Tomas Mraz wrote:
On Tue, 2021-01-26 at 11:45 +, Matt Caswell wrote:
On 26/01/2021 11:05, Jakob Bohm via openssl-users wrote:
On
Thank you both for bringing this to my attention, your points are
invaluable.
If this is something which gets set from server on client side. can client
override this?. Can i change this to something less and try?. Has anyone
tried?.
Whats the option in openssl.conf or some other place?.
On Tue, 2021-01-26 at 11:45 +, Matt Caswell wrote:
>
> On 26/01/2021 11:05, Jakob Bohm via openssl-users wrote:
> > On 2021-01-25 17:53, Zeke Evans wrote:
> > > Hi,
> > >
> > >
> > >
> > > Many of the PKCS12 APIs (ie: PKCS12_create, PKCS12_parse,
> > > PKCS12_verify_mac) do not work in
On 26/01/2021 11:05, Jakob Bohm via openssl-users wrote:
> On 2021-01-25 17:53, Zeke Evans wrote:
>>
>> Hi,
>>
>>
>>
>> Many of the PKCS12 APIs (ie: PKCS12_create, PKCS12_parse,
>> PKCS12_verify_mac) do not work in OpenSSL 3.0 when using the fips
>> provider. It looks like that is because
On 2021-01-25 17:53, Zeke Evans wrote:
Hi,
Many of the PKCS12 APIs (ie: PKCS12_create, PKCS12_parse,
PKCS12_verify_mac) do not work in OpenSSL 3.0 when using the fips
provider. It looks like that is because they try to load PKCS12KDF
which is not implemented in the fips provider. These
On 26/01/21 05:28, George wrote:
Hi,
I'm trying to get OpenSSL 1.0.2u with the FIPS Object Module
2.0.16 in Windows 10 to prompt the user for a smart card's PIN number
every time the application is launched. However, I cannot seem to get
it to work. My UI_METHOD callback functions are
That should be fixed, I merged a fixup commit yesterday.
Cheers,
Richard
On Mon, 25 Jan 2021 15:56:28 +0100,
The Doctor wrote:
>
> Anyone using BSD running into basename issues?
>
> --
> Member - Liberal International This is doctor@@nl2k.ab.ca Ici
> doctor@@nl2k.ab.ca
> Yahweh, Queen &
Hi,
We've Java on the client side & OpenSSL on the server side. After updating
Java to 1.8u261 & started getting following exception:
Javax.Crypto.AEADBadTagException: Tag Mismatch
when trying to communicate with a server having OpenSSL 1.0.2.
Looks like the issue is due to AES-GCM ciphers.
12 matches
Mail list logo
