memory leak observed with openssl 1.0.2l version of openssl

Hi All, We are using 1.0.2l version of system openssl that causes memory leak during a state of congestion. Is this already a known issue? The same was tested with 1.1.g version of openssl and there was'nt any leaks. Do anyone know the changes or difference between these 2 versions. Thanks,

Re: [openssl-users] Issue with select after SSL_get_wfd

ur own application level acks and retries etcetera, but before you > know it you are rebuilding TCP. > > See e.g. https://www.diffen.com/difference/TCP_vs_UDP for a comparison > between UDP and TCP. > > rgds, > > Hugh > > On 16 Feb 2018, at 04:35, Grace Priscilla Jero

[openssl-users] Version compactibility

Hi All, Which version on 1.0.2x is the same as 1.1.0g(bug fixing branch)? Thanks, Grace -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Issue with select after SSL_get_wfd

Hi All, I want to know the status of the SSL_WRITE for DTLS on UDP on a non-blocking socket. Only if the other end does the recvfrom I want to continue with subsequent SSL_WRITE. Below is what I have tried. //Making the socket blocking - if I dont do below then select call hangs if (wfd =

Re: [openssl-users] DTLS multiple peer issue on shutdown

Hi All, Can someone assist from openssl on this issue. To be more elaborate: We are using SSL_peek followed by BIO_dgram_get_peer to get the peer port infomation. When we pass incorrect ssl value to SSL_peek it gives the correct peer information while using BIO_dgram_get_peer but any operation

Re: [openssl-users] DTLS multiple peer issue on shutdown

The shutdown does not close the socket. The peer close is not intimated to server when there are 2 peers to the server and the server is serving the other peer. Thanks, Grace On Thu, Feb 1, 2018 at 9:05 PM, Salz, Rich wrote: > Doesn’t shutdown close the socket? > > > --

Re: [openssl-users] DTLS multiple peer issue on shutdown

Hi Rich, We are using DTLS over UDP and are using different SSL(different peer) for the same server socket. It is successfully able to receive the message from both peers without any issue with the different SSL. We have used the peer ports as the identifier for the peers. But during shutdown we

[openssl-users] DTLS multiple peer issue on shutdown

Hi All, We are having a issue during ssl_shutdown using multiple clients. We have a 2 SSL associated with a socket via 2 BIO's for 2 peers on the server. When oen of the peer issues a ssl_shutdown, the alert is lost as the SSL_read or the SSL_peek operating during that time for the other peer

Re: [openssl-users] Information to detach a BIO from fd

PM, Grace Priscilla Jero < grace.prisci...@gmail.com> wrote: > Hi Michael, > The connections are from different peers and we are unable to use same > SSL. > Also getpeername on the UDP does not work as we have enabled SSL for the > sender peer socket. > Any suggestions to r

Re: [openssl-users] Information to detach a BIO from fd

t;m...@sandelman.ca> wrote: > > Grace Priscilla Jero <grace.prisci...@gmail.com> wrote: > > Below is our scenario on DTLS. > > > We have multiple connections to the same server. We have mapped one > fd > > to the ssl in the server to receive all connection

[openssl-users] Fwd: Information to detach a BIO from fd

. Any help is appreciated. Any APIs available to close up the 2nd ssl associated with the fd. ssl_clear and ssl_free does not work. Thanks, Grace On Thu, Jan 11, 2018 at 6:30 PM, Michael Richardson <m...@sandelman.ca> wrote: > > Grace Priscilla Jero <grace.prisci...@gmail.com>

Re: [openssl-users] Information to detach a BIO from fd

PM, Michael Richardson <m...@sandelman.ca> wrote: > > Grace Priscilla Jero <grace.prisci...@gmail.com> wrote: > > We are having a scenario wherein we are having 2 BIOs for DTLS > > attached to the same fd. Each BIO has a different SSL associated with >

[openssl-users] Information to detach a BIO from fd

Hi All, We are having a scenario wherein we are having 2 BIOs for DTLS attached to the same fd. Each BIO has a different SSL associated with it. The messages are getting written to different BIO each time and we are trying to resolve it. Is there a API or any way to detach one of the BIO/SSL from

Re: [openssl-users] Issue on DTLS over UDP

Thankyou Matt! On Thu, Jan 11, 2018 at 1:01 AM, Matt Caswell <m...@openssl.org> wrote: > > > On 10/01/18 09:24, Grace Priscilla Jero wrote: > > Thankyou Matt for the patch. > > It works fine now with the patch. In which release will you be including > > thi

Re: [openssl-users] Issue on DTLS over UDP

Thankyou Matt for the patch. It works fine now with the patch. In which release will you be including this patch? It is a negative scenario setup on configuration. Thanks, Grace On Fri, Jan 5, 2018 at 4:28 PM, Matt Caswell <m...@openssl.org> wrote: > > > On 05/01/18 05:30, Grace

Re: [openssl-users] Issue on DTLS over UDP

Hi, Can someone please respond to the below mail as we want to confirm if it is an issue with our application or a bug in openSSL. Thanks, Grace On Fri, Dec 15, 2017 at 3:23 PM, Grace Priscilla Jero < grace.prisci...@gmail.com> wrote: > Hi All, > > We are having an issue w

[openssl-users] Issue on DTLS over UDP

Hi All, We are having an issue with DTLS on UDP. The scenario is that, when a client of DTLS version 1.2 is trying to connect to a server which is at version DTLS 1.0 the SSL_accept continuously loops with error 2. The ALERT is not processed. Is this a known bug? Because of the loop, the

Re: [openssl-users] Supported cipher suites

=ranlib ARFLAGS = PERL =/usr/bin/perl Thanks, Grace On Wed, Nov 15, 2017 at 8:12 PM, Grace Priscilla Jero < grace.prisci...@gmail.com> wrote: > Thankyou Matt. > Some of them that we tried does not work. Is there any additional criteria > for it to work. > I r

Re: [openssl-users] Supported cipher suites

15/11/17 06:08, Grace Priscilla Jero wrote: > > Hi All, > > Do we have the exact list of cipher suites supported by default in > > openssl for each of the below in 1.1.0g version of openSSL. > > > > TLS 1.0 > > TLS 1.1 > > TLS 1.2 > > DTLS 1.0

[openssl-users] Supported cipher suites

Hi All, Do we have the exact list of cipher suites supported by default in openssl for each of the below in 1.1.0g version of openSSL. TLS 1.0 TLS 1.1 TLS 1.2 DTLS 1.0 DTLS 1.2 Thanks, Grace -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Same library usage for DTLS on SCTP and UDP

Thank-you Matt. We will upgrade and test On 13-Nov-2017 5:36 PM, "Matt Caswell" <m...@openssl.org> wrote: > > > On 13/11/17 11:42, Grace Priscilla Jero wrote: > > It is 1.1.0f version. > > Ah! This is probably this bug: > > https://github.com/open

Re: [openssl-users] Same library usage for DTLS on SCTP and UDP

It is 1.1.0f version. Thanks, Grace On 13-Nov-2017 4:02 PM, "Matt Caswell" <m...@openssl.org> wrote: On 13/11/17 06:48, Grace Priscilla Jero wrote: > Hi, > > We are using openssl library for UDP and SCTP connections. The library > is compiled with "sctp"

[openssl-users] Same library usage for DTLS on SCTP and UDP

Hi, We are using openssl library for UDP and SCTP connections. The library is compiled with "sctp" option. But when it is used for DTLS on UDP the connection hangs at SSL_accept. When we remove the sctp option in compilation, the call for DTLS on UDP goes fine. Do we have any additional option

Re: [openssl-users] Issue with DTLS for UDP

Matt, If you have any way to enable some kind of logging it will be useful to find what is the issue. Why do we get error 2 for ssl_accept. We have seen this for connect but not sure why we get it for accept. Thanks, Grace On 31-Oct-2017 6:56 PM, "Grace Priscilla Jero" <grace.prisci

Re: [openssl-users] Issue with DTLS for UDP

, Grace Priscilla Jero < grace.prisci...@gmail.com> wrote: > Please find attached the pcap. It only has Client Hello. > While debugging SSL_accept, I see it stuck in s->method->ssl_read_bytes > > Thanks, > Grace > > > On Tue, Oct 31, 2017 at 4:16 PM, M

Re: [openssl-users] Issue with DTLS for UDP

out why it hangs. Only client hello is sent. Is there any way to spot what is going wrong. Thanks, Grace On Tue, Oct 31, 2017 at 3:50 PM, Matt Caswell <m...@openssl.org> wrote: > > > On 31/10/17 06:06, Grace Priscilla Jero wrote: > > Thankyou for the suggestions. After c

Re: [openssl-users] Issue with DTLS for UDP

SLerr(SSL_F_DTLSV1_LISTEN, SSL_R_COOKIE_GEN_CALLBACK_FAILURE);" We are using 1.1.0f version. Is there a way we can disable cookies? Thanks, Grace On Fri, Oct 27, 2017 at 12:39 PM, Grace Priscilla Jero < grace.prisci...@gmail.com> wrote: > Hi Matt, > > SSL_get_error() returns 5. > It i

Re: [openssl-users] Issue with DTLS for UDP

L then my guess is that there is a > problem with sock_id. How do create it? > > Matt > > > > > > > > > > Thanks, > > Grace > > > > On Tue, Oct 24, 2017 at 4:07 PM, Matt Caswell <m...@openssl.org > > <mailto:m...@openssl.org>> wro

Re: [openssl-users] Issue with DTLS for UDP

= SSL_new(ctx) bio = BIO_new_dgram(sock_id,BIO_NOCLOSE) SSL_set_bio(ssl, bio, bio); VI_res = SSL_connect(ssl) Thanks, Grace On Tue, Oct 24, 2017 at 4:07 PM, Matt Caswell <m...@openssl.org> wrote: > > > On 24/10/17 11:25, Grace Priscilla Jero wrote: > > We are using SSL_

[openssl-users] Issue with DTLS for UDP

Hi All, We are currently facing an issue while initiating DTLS for UDP conenctions. Below is the backtrace for the coredump. Program terminated with signal 11, Segmentation fault. #0 0x7fdf1825c760 in BIO_method_type () from /opt/OC/ins/external/lib/libcrypto.so.1.1 (gdb) bt #0

Re: [openssl-users] Query on API availability for openssl versions

sl.org> wrote: > > > On 17/10/17 09:21, Grace Priscilla Jero wrote: > > Hi All, > > > > 1) > > The below APIs used to set the maximum and minimum versions are > > available in 1.1.0f version of OPENSSL. > > > > int SSL_CTX_set_min_proto_version

[openssl-users] Query on API availability for openssl versions

Hi All, 1) The below APIs used to set the maximum and minimum versions are available in 1.1.0f version of OPENSSL. int SSL_CTX_set_min_proto_version(SSL_CTX *ctx, int version); int SSL_CTX_set_max_proto_version(SSL_CTX *ctx, int version); int SSL_set_min_proto_version(SSL *ssl, int version);

[openssl-users] Query on usage of openssl 1.1.0f with openssl-FIPS

Hi All, We would want to build our openssl 1.1.0f with FIPS but we noticed it is mentioned as “The 2.0 FIPS module is compatible with OpenSSL releases 1.0.1 and 1.0.2, and no others”. I am unable to find the openssl-fips module for 1.1.0f. Do you know when it will be available? Could you