DH group cipher suites getting rejected

Hi, Why google rejected DH ciphers suites, I am trying *openssl s_client -cipher 'DHE-RSA-AES128-GCM-SHA256' -connect www.google.com:443 * However if I try ECDHE, it works fine. Is DHE only cipher suites less common now ? I believe its responsibility of server to

Re: PrivateKey Decrypt Failure

Thanks very much, that worked. On Wed, Sep 11, 2019 at 10:56 PM Wim Lewis wrote: > > > On Sep 11, 2019, at 3:31 AM, Chitrang Srivastava < > chitrang.srivast...@gmail.com> wrote: > > I am using openssl 1.1.1b and I am storing private key encrypted. > >

PrivateKey Decrypt Failure

Hi, I am using openssl 1.1.1b and I am storing private key encrypted. I am storing private key as *PEM_write_bio_PrivateKey*(bio, pkey, EVP_aes_128_cbc(), PKeyPassPKCS12, 0, 0, NULL); and on system startup reading using the following way if(!*PEM_read_bio_PrivateKey*(keyBIO, _s_key, NULL,

Re: Acquire Entropy for embedded platform

ources. > I dread the effort that this would entail. > > Pauli > -- > Dr Paul Dale | Distinguished Architect | Cryptographic Foundations > Phone +61 7 3031 7217 > Oracle Australia > > > > > On 16 Aug 2019, at 8:28 pm, Chitrang Srivastava < > chitrang.sriv

Re: Acquire Entropy for embedded platform

7217 > Oracle Australia > > > > > On 16 Aug 2019, at 7:31 pm, Robert Moskowitz wrote: > > > > On 8/16/19 5:26 AM, Chitrang Srivastava wrote: > > Hi, > > I am working on an embedded platform and now ported openssl 1.1.1b > TLS 1.2/1.3 is working

Acquire Entropy for embedded platform

Hi, I am working on an embedded platform and now ported openssl 1.1.1b TLS 1.2/1.3 is working fine. While analysing random number , Rand pool initialization calls where I am returning like this , size_t *rand_pool_acquire_entropy*(RAND_POOL *pool) { return

Re: SSL Server setup DH/ECDH

ries to delete this cipher_list and hence crash ? Any pointer what I am missing? -Thanks On Tue, Aug 6, 2019 at 7:48 PM Matt Caswell wrote: > > > On 06/08/2019 14:58, Chitrang Srivastava wrote: > > Yeah I mean TLS 1.3 cipher , sorry I haven't pasted exact names. > > So after SSL_OP_CI

Re: SSL Server setup DH/ECDH

which is used in practice. On Tue, Aug 6, 2019 at 3:42 PM Matt Caswell wrote: > > > On 06/08/2019 11:07, Chitrang Srivastava wrote: > > Thanks Matt, > > > > So now I have, which i believe is enough ? > > > > SSL_CTX_set_

Re: SSL Server setup DH/ECDH

Thanks Matt, So now I have, which i believe is enough ? SSL_CTX_set_options(s_ctx, SSL_OP_NO_RENEGOTIATION | SSL_OP_CIPHER_SERVER_PREFERENCE); SSL_CTX_set_min_proto_version(s_ctx, TLS1_2_VERSION); On Tue, Aug 6, 2019 at 3:04 PM Matt Caswell wrote: > > > On 06/08/2019 09:42,

SSL Server setup DH/ECDH

Hi, I am implementing HTTPs server using openssl 1.1.1b. Is it mandatory to setup these API's while creating ssl context ? SSL_CTX_set_tmp_ecdh SSL_CTX_set_tmp_dh Also any suggestion what all options one should set while setting up server like SSL_CTX_set_options like SSL_OP_NO_SSLv2

Re: Compile EC(Elliptic Curve) crypto

Thanks, I will check out. On Mon, Jun 3, 2019 at 6:18 PM Jakob Bohm via openssl-users < openssl-users@openssl.org> wrote: > On 03/06/2019 14:35, Chitrang Srivastava wrote: > > Hi, > > > > I am porting Openssl 1.1.1b for an embedded platform. > > I see that EC

Compile EC(Elliptic Curve) crypto

Hi, I am porting Openssl 1.1.1b for an embedded platform. I see that EC folder generate some of function in assembly for e.g These functions are generated based on environment like x86-64/ppc/armv8 etc. Is there any C version of these function to use directly ? Thanks,

Re: rand interface while upgrading openssl

SHA1/SHA2 of a mix of CPU clock and various other thing(serial #, mac, ) to seed. -Thanks, On Wed, Apr 17, 2019 at 1:23 AM Michael Wojcik < michael.woj...@microfocus.com> wrote: > > From: openssl-users [mailto:openssl-users-boun...@openssl.org] On > Behalf Of Chitrang Srivastava &g

rand interface while upgrading openssl

Hi, I am trying to upgrade openssl for my embedded OS platform. The one we currently use is pretty old i.e. *OpenSSL 0.9.6a * , but porting to Openssl 1.1.1b works fine. I need suggestion regarding random number interface , earlier we were using RAND_METHOD. Can I still use the same mechanism?