,
Hubert Kario
Principal Quality Engineer, RHEL Crypto team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
the backporting policy:
https://access.redhat.com/security/updates/backporting
and contact Red Hat Support if you have questions about specific CVEs.
--
Regards,
Hubert Kario
Principal Quality Engineer, RHEL Crypto team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech
;-)
Could this be at the step of the Server Hello Response, or later?
Well, this is probably stupid, but I'm curious...
resumption handshakes, closely followed by PSK handshakes, require least
amount of data to be transferred to establish a TLS connection
--
Regards,
Hubert Kario
Principal
sprüngliche Nachricht-
Von: Hubert Kario
Gesendet: Donnerstag, 9. Juni 2022 14:59
An: Beilharz, Michael
Cc: openssl-users@openssl.org
Betreff: Re: AW: How to figure out if .P12 is RSA or ECC crypted
On Thursday, 9 June 2022 14:54:48 CEST, Beilharz, Michael wrote:
Well, i have
steps work for
both RSA and ECDSA.
I would like to detect, if a P12 is RSA or ECC crypted, so that I
offer only one Method and the method itself decide the correct way to
convert the P12.
What actual problem are you trying to solve?
--
Regards,
Hubert Kario
Principal Quality Engineer,
ylogfile in
s_server.
Here's an example use:
https://github.com/openssl/openssl/blob/598bd7741568a1aae678e5472f18aae1ab991e8d/apps/lib/s_cb.c#L1517
--
Regards,
Hubert Kario
Principal Quality Engineer, RHEL Crypto team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
, Tomas Mraz wrote:
Yes, unfortunately PKCS12_parse currently does not support PKCS12 files
without the MAC. Such support could be easily added. As a workaround
you can look at how the pkcs12 application is implemented and use these
calls instead.
--
Regards,
Hubert Kario
Senior Quality Engineer
detected as enabled on server side.
Given that there is no version of openssl that simultaneously supports
SSLv2
and TLS 1.3, you can't reliably test arbitrary servers using openssl, even
if the server uses openssl too.
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.c
l namespace in MacOS is "flat", then you may indeed
run into trouble because of symbol conflicts between the real
OpenSSL and the LibreSSL fork.
Good luck.
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
On Thursday, 16 September 2021 17:59:48 CEST, Viktor Dukhovni wrote:
The Internet does not solely consist of browser traffic from portable
devices at wifi hotspots to taboo web sites.
taboo web sites are not the only reason to expect privacy...
--
Regards,
Hubert Kario
Senior Quality Engineer
On Thursday, 16 September 2021 16:28:47 CEST, Benjamin Kaduk wrote:
On Thu, Sep 16, 2021 at 04:11:49PM +0200, Hubert Kario wrote:
On Thursday, 16 September 2021 04:41:44 CEST, Jaya Muthiah wrote:
I am trying to get the remaining lifetime of the ticket so that server
can decide to renew ticket
, server needs to send a
new
one.
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
quot;RSA+SHA512");
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
://access.redhat.com/support/policy/updates/errata
and OpenSSL is part of the ELS Inclusion List:
https://access.redhat.com/articles/4997301
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech
distribution, not just RHEL or CentOS.
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic
It's supported in clients like Firefox and curl, as well as in servers,
like httpd: https://github.com/apache/httpd/pull/74
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic
ards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic
It's not necessary to install dependencies to a virtual environment,
but that setup is described in the official docs:
https://tlsfuzzer.readthedocs.io/en/latest/quickstart.html
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red
by command
line or with any other option.we need it for our local server bring up.
Please support us.
why?
size of g has no impact on security of the DHE key agreement what so
ever...
you really should use parameters defined in RFC 7919 and not some custom
ones
--
Regards,
Hubert Kario
Senior Quality
key was still valid
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic
does simple check at *now,* it has no support for
CAdES-A,
if you need it, you need to implement it yourself
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic
(convert from DER
to
CBOR)
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic
disabling RC4-MD5 cipher, that may help
Best Regards,
Le 05/08/2020 à 22:46, Benjamin Kaduk a écrit :
On Wed, Aug 05, 2020 at 10:28:26PM +0200, Patrick Mooc wrote: ...
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o
key
3. Subject DN can be empty, if that will be accepted by CA is up to CAs
policy
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic
the certificate well-formed.
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic
Jakob
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic
contact red hat support: they can talk in Cantonese and Mandarin
see https://access.redhat.com/support/contact/technicalSupport/
or open a new support case here:
https://access.redhat.com/support/cases/new
在 2020年3月17日,19:10,Hubert Kario 写道:
On Tuesday, 17 March 2020 10:04:34 CET, guoxiaobi
...@openssl.org
[mailto:openssl-users-boun...@openssl.org] 代表 Matt Caswell ...
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic
e cipher suite decide this?
If yes, what are the ciphers which do "encrypt-then-mac" and what ciphers
to "mac-then-encrypt"?
etm vs mte happens based on negotiated extension, not cipher suite
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.
' comes first.
The handshake however ends up with `secp256r1'. Is there a way to tell
openssl to prefer `x25519' over `secp256r1'?
use the server preference setting? for s_server it's the -serverpref switch
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web
server we periodically get the following errors in the Apache logs:
SSL Library Error: error:xx:FIPS_drbg_generate:selftest failed. In
some cases, the server continues to service requests, but in
other cases ...
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web
primitive?" and "is the curve safe when used in X.509 and TLS?"
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic
ntributing a fingerprint to https://github.com/WestpointLtd/tls_prober
would
also be really welcome, for the same reasons
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic
l about openssl 1.1.1, not the protocol
itself; the answer is then no
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic
signature.asc
Description: This is a digitally signed message part.
ttps://www.ssllabs.com/ssltest/analyze.html?d=webservices.voeazul.com.br
> test
that server is willing to negotiate ECDHE_RSA ciphers, you'd be better off
disabling ciphers that use DHE and RSA key exchange and using ECDHE_RSA
instead of trying to make 1024 bit work – it really is weak an
se the handshake to be smaller when the resumption is
rejected by server – that will require reconfiguring the server
disabling sending of padding extension should also reduce the size of
ClientHello message (at a potential cost of interoperability issues)
--
Regards,
Hubert Kario
Senior Qualit
ates provided by the server MUST be signed by a
>hash/signature algorithm pair that appears in that extension.
OTOH, the practice in TLS 1.2, and behaviour codified in TLS 1.3 RFC, is that
if you have just one chain, give it to client and let it sort out if it likes
it or not
--
Regards,
H
t; SSL_set1_groups.
filed https://github.com/openssl/openssl/issues/9014 to track this
probably "good first issue"?
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic
signature.asc
Description: This is a digitally signed message part.
ssl.com -verify_hostname 1000-sans.badssl.com
...
Verify return code: 0 (ok)
https://
longextendedsubdomainnamewithoutdashesinordertotestwordwrapping.badssl.com
works fine too
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic
signature.asc
Description: This is a digitally signed message part.
ch version of openssl?
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic
signature.asc
Description: This is a digitally signed message part.
e is any other way to disable TLSv1.0 and TLS1.1
sorry, I'm not familiar with openssl compilation configuration to say if this
is expected and correct behaviour
> Thanks in advance,
> Chethan Kumar
> -Original Message-
> From: Hubert Kario [mailto:hka...@redhat.com]
> Sent: Friday, A
gt; Kindly let me know what could be changed to disable TLS 1.0 and 1.1 at least
> by changing code in openssl.
macros may still be generated because the API is retained for ABI
compatibility, do adding `no-tls1-method` and `no-tls1_1-method` produce the
expected result?
> -Origina
re
> option[CONFOPTS] in Makefile.
what evidence you have that what you do is ineffective?
why you're not using?
./config no-tls1 no-tls1_1
> Thanks in advance,
> Chethan Kumar
>
>
> -Original Message-
> From: Hubert Kario [mailto:hka...@redhat.com]
> Sent: Thurs
and opened, it is the responsibility
> of the recipient to ensure that it is virus free and no responsibility
> is accepted by Toshiba Embedded Software India Pvt. Ltd, for any loss or
> damage arising in any way from its use.
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic
signature.asc
Description: This is a digitally signed message part.
r's Finished message), same for
even older protocols
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic
signature.asc
Description: This is a digitally signed message part.
log for the CVE fixes
also:
https://access.redhat.com/security/updates/backporting
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic
signature.asc
Description: This is a digitally signed message part.
y for the
TLS implementation.
I recall that some very old NSS versions were intolerant to undefined
signature algorithms[1,2]. Which NSS version is the server using?
And OpenSSL needs to add rsa_pss_* signature algorithms to the ClientHello -
those are the only ones allowed for RSA keys in TLS 1.
ICFNowDQYJKoZIhvcNAQELBQAwUjELMAkGA1UEBhMCTkwx
>
>
> it's that part *before* the --BEGIN CERTIFICATE-- on which the
> asn1parse command chokes. You can feed it either a DER file or a PEM
> blob - but not a certificate file with the certificate info listed in it.
ah, y
and announced a third. I think it's far too often for such a critical
and integral part of operating systems.
IMNSHO such API cleanup should be mandatory part of the OpenSSL 3.0 (4.0)
deliverable.
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.r
.com/tomato42/tlsfuzzer/blob/master/scripts/test-tls13-conve
> > rsation.py
> > https://github.com/tomato42/tlsfuzzer/blob/master/scripts/test-tls13-hrr.
> > py and
> >
> > https://github.com/tomato42/tlsfuzzer/blob/master/scripts/test-tls13-sessi
> > on-res
lob/master/scripts/test-tls13-session-resumption.py
respectively to test regular handshake, one with HelloRetryRequest
and one that performs session resumption.
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 6
e issues in openssl
I'd suggest trying memtest86 and trying to capture full kernel stacktrace with
netconsole, in this order. But this mailing list is not a good place for
follow up on this.
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat
forward compatibility (compiling with new glibc and running with old library)
is not supported, and even if it may appear to work initially, it's not
something that is generally supported and in practice very hard to support and
may lead to hard to detect vulnerabilities.
--
Regards,
Hubert Kario
Senior
On Monday, 4 February 2019 16:56:56 CET Dmitry Belyavsky wrote:
> Dear Hubert,
>
> On Mon, Feb 4, 2019 at 6:52 PM Hubert Kario wrote:
> > On Thursday, 31 January 2019 11:09:00 CET Dmitry Belyavsky wrote:
> > > Hello,
> > >
> > > What is b
file and invoke 'make generate_crypto_objects',
> but during the branch development, the changes in the main openssl branch
> usually cause numerous merge conflicts. So any advice is appreciated.
why using oid_section in config file
(https://www.openssl.org/docs/man1.0.2/man5/config.html) is not workable for
>
> I'd start by trying to isolate whether the problem is on the client side,
> the server side, or the network. e.g. if the client is on the same host as
> the server does the issue occur? Can you connect from a different client
> (different application and/or different l
t;TLS v1.3 cipher suites" specifies all ciphers that are supported for
TLS 1.3 while -ciphersuites is used to change which are enabled
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Repub
it does in newer versions (it is definitely present in 1.1.0i):
-attime intmax verification epoch time
> Nor does it have
> an option to input a recorded OCSP response or CRL to be validated
> and used according to that "as of" date.
that's true
--
Regards,
Hubert Kario
Seni
On Thursday, 17 January 2019 18:03:55 CET Eliot Lear wrote:
> On 17.01.19 17:29, Hubert Kario wrote:
> > alternatively, you can save all the certificates and revocation data, bind
> > it to the original signature using a timestamp from a TSA and store that
> > (that's
time)
but that is very close to reimplementing CAdES, or related standards, and is
far from simple (for one, requires adding, regularly, new timestamps to extend
validity of the original signature and subsequent timestamps)
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security te
On Wednesday, 16 January 2019 13:22:53 CET Eliot Lear wrote:
> Hi Hubert
>
> On 16.01.19 12:27, Hubert Kario wrote:
> > For maintaining signatures that need to be valid long into the future
> > standards like CAdES should be used. They keep time of signing in
> > timest
by trusted time-stamping authorities, along with the rest of revocation
data necessary to verify the original signature.
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic
signature.asc
De
hould I look ?
beating my own drum: there's https://github.com/tomato42/tlsfuzzer aimed
specifically for doing that (testing and full control over handshake)
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00
> > but is this an extension, or is it explicitly permitted by the
> > standards/specifications?
> https://tools.ietf.org/html/rfc7468#section-2
then it looks like the parser used in asn1parse -inform pem is non-
compliant...
https://github.com/openssl/openssl/issues/7317
--
nd it is, of course, open
source
I wouldn't say that there is a "best" one, if it does match your requirements,
it should be good enough.
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Cze
ersion
is not the same thing as FIPS module version.
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic
signature.asc
Description: This is a digitally signed message part.
--
openssl-users
` to kernel command line) not
necessarily puts the whole system (and thus OpenSSL) into fips mode
please check the module's Security Policy on the NIST Cryptographic Module
Validation Program website to find the authoritative instructions on how to
ensure FIPS mandated behaviour of the module
--
Regards,
Hub
f many people (hell, most interoperability testing can be performed
with a certificate generated with a openssl one-liner:
openssl req -x509 -newkey rsa -keyout localhost.key -out localhost.crt \
-subj /CN=localhost -nodes -batch
the problem starts when you need anything more complex).
> On Mon, Aug
Changing Subject to help googlability :)
On Monday, 27 August 2018 22:38:24 CEST Robert Moskowitz wrote:
> On 08/27/2018 04:07 PM, Hubert Kario wrote:
> > now, for generating testing certificates (and what's more important, the
> > whole PKI) we are using this script to provide se
On Monday, 27 August 2018 20:57:53 CEST Robert Moskowitz wrote:
> On 08/27/2018 02:33 PM, Hubert Kario wrote:
> > On Thursday, 23 August 2018 16:35:01 CEST Robert Moskowitz wrote:
> >> On 08/23/2018 09:00 AM, Tomas Mraz wrote:
> >>> On Wed, 2018-08-22 at 20:08
for testing.
> Wait to push the draft out until 1.1.1 is fully released.
> Fudge the draft by adding yet another caveat (yes there is a caveat
> section that I developed in creating the ECDSA pki draft) that the
> commands are for how it is suppose to work in production 1.1.1
On Saturday, 18 August 2018 19:48:21 CEST Juan Isoza wrote:
> What is the difference between draft 28 and rfc for tls 1.3 ?
the downgrade protection mechanism gets enabled for the first time
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red
than the certificate.
the point is to have a certificate that can not be used for Bleichenbacher
attacks, and for it it needs to be baked into certificate
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno,
g decisions about their TLS settings, regularly updating it,
this may feel intrusive
but please remember, this is not the typical user behaviour
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Re
hat is usable for rsa_pss_rsae_sha256 signatures has a
rsaEncryption Subject Public Key Info, that means it is generally usable both
for encrypting the premaster key (TLS_RSA_* ciphers) and making signatures of
its own (TLS_ECDHE_RSA_* ciphers), unless the KeyUsage X509v3 extension
doesn't sa
OpenSSL look good.
We do have a lot more sketched out than actually done though: https://
github.com/tomato42/tlsfuzzer/projects/1 (in total about 170 different
scenarios are planned with just 12 implemented).
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.
ts a KeyUpdate from the peer.
Are there similar commands to perform or control post-handshake client
authentication?
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic
signature.asc
ight
> experience is that TLSv1.2 and TLSv1.3 share the same name for PSKs,
> when really they are only related at a conceptual level: at an
> implementation level they are totally different. Perhaps it would have
> been better if they had been called something different. That is
> s
with s_client -tls1_2 a PSK cipher is selected (DHE-PSK-AES256-GCM-
SHA384) and in TLS1.3 I see both the pre_shared_key extension and the
psk_key_exchange_modes extension in client hello, so I'm really confused why
it doesn't work.
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security
80 matches
Mail list logo