adopted "too clever by half" as a design goal.
Thanks Matt and Michael. I just did a build in a clean Buster VM and it
is working fine. I'll have to clean up my system and retry.
--
Regards,
John Boxall
enssl-bin-cmp_mock_srv.d.tmp -MT
apps/lib/openssl-bin-cmp_mock_srv.o -c -o
apps/lib/openssl-bin-cmp_mock_srv.o apps/lib/cmp_mock_srv.c
In file included from
/usr/lib/gcc/x86_64-linux-gnu/8/include-fixed/syslimits.h:7,
from
/usr/lib/gcc/x86_64-linux-gnu/8/include-fixed/limits.h:
What OpenSSL functions to use in "Visual Studio 2022" to create a C++ program::
PSK = PBKDF2(Passphrase, SSID, 4096)
PMK = PBKDF2(HMAC−SHA1, PSK, SSID, 4096, 256)
PMKID = HMAC-SHA1-128(PMK,"PMK Name" | MAC_AP | MAC_STA)
Sample test data for PSK (Pre-Shared Key)
Network SSID: linksys54gh
Pauli,
Thanks for the link, but apparently that code requires having an account to
view it.
However, I've passed the information from this thread onto the guy I'm
working with and he's going to reevaluate what he wants to do.
Regards,
...John
<http://www.avg.com/email-signature?utm_med
to see what he wants to do next. Thanks
again!
Regards,
...John
<http://www.avg.com/email-signature?utm_medium=email_source=link_campaign=sig-email_content=webmail>
Virus-free.
www.avg.com
<http://www.avg.com/email-signature?utm_medium=email_source=link_campaign=sig-email_conten
efficient way to search this email list? I was trying
to search for similar questions but wasn't able.I guess I could use
google and the email list name?
Thanks for any help,
Regards
...John
On 1/6/22 5:58 AM, Gaurav Jain wrote:
Hi
-Original Message-
From: John Baldwin
Sent: Thursday, January 6, 2022 12:26 AM
To: Gaurav Jain ; bor...@mellanox.com; openssl-
us...@openssl.org
Cc: Varun Sethi ; Pankaj Gupta
Subject: [EXT] Re: KTLS with openssl 3.0 fail with error ENOTCONN
On 1/4/22 11:49 PM, Gaurav Jain wrote:
Hello Boris/John
I am from NXP and currently working on enabling KTLS on NXP platforms via
openssl.
I see that you enabled KTLS support in openssl
3.0(https://www.openssl.org/news/changelog.html#openssl-30).
when I configure openssl 3.0 or 3.1.0
with SM3.
Why doesn't openssl x509 tool display this name?
Does OpenSSL support this signature scheme?
Best regards,
John Jiang
.
Thanks,
John
On Thu, 25 Feb 2021 at 17:29, Benjamin Kaduk wrote:
> That sounds like the certificate is encoded using ASN.1 BER rules, that
> openssl
> accepts, but the python library is insisting on DER encoding (per the
> spec).
>
> -Ben
>
> On Thu, Feb 25, 2021 at 05:19
rong tree, is there something else that I
can use other than the asn1parse option to figure out where the error might
be coming from?
Cheers,
John
--
*John Robson*
in an internal buffer in libc?
--
John Baldwin
Hi list,
The session reuse question posted on the mailing list earlier
(https://mta.openssl.org/pipermail/openssl-users/2021-January/013360.html)
reminded of a somewhat similar question I have.
As per the docs,
https://www.openssl.org/docs/man1.0.2/man3/SSL_get_default_timeout.html, it
says
Please remove my email from your distribution
> On Jan 7, 2021, at 9:08 AM, OpenSSL wrote:
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
>
> OpenSSL version 3.0 alpha 10 released
> =
>
> OpenSSL - The Open Source toolkit for SSL/TLS
>
Please remove my email
> On Jan 7, 2021, at 3:23 AM, Jan Just Keijser wrote:
>
> On 06/01/21 21:57, Michael Wojcik wrote:
>>
>> The same way you'd track down an intermittent cause of Undefined Behavior in
>> any other program: some combination of dynamic monitoring, symbolic
>> execution,
to and then manually
read/wrote their contents on its tunnel socket).
--
John Baldwin
tl;dr: Found an issue with update-ca-trust extract
OpenSSL doing what it should, but update-ca-trust is only pushing the cert
into some of the trust stores.
Thanks Tomas
On Tue, 29 Sep 2020 at 07:06, Tomas Mraz wrote:
>
> On Mon, 2020-09-28 at 22:35 +0100, John Robson via openssl-users
oint below.
Thanks,
John
--
# Check that the root is installed into the trusted bundle:
# awk -v cmd='openssl x509 -noout -subject -serial -fingerprint; echo'
'/BEGIN/{close(cmd)};{print | cmd}' < /etc/ssl/certs/ca-bundle.trust.crt |
grep -A1 CAROOT
subject= /CN=CAROOT/O=org/C=XX
serial=4D4
On 8/18/20 9:49 AM, Matt Caswell wrote:
>
>
> On 17/08/2020 18:55, John Baldwin wrote:
>> 1) Is 'auth_level' supposed to work for this? The CHANGES.md change
>>references SSL_CTX_set_security_level and openssl(1) claims that
>>'-auth_level' changes this? Is
s well).
So I guess two questions:
1) Is 'auth_level' supposed to work for this? The CHANGES.md change
references SSL_CTX_set_security_level and openssl(1) claims that
'-auth_level' changes this? Is the CHANGES.md entry wrong and only
SECLEVEL=0 for the ciphers work by design?
2) The hang when using a 'master' client seems like a regression?
--
John Baldwin
On 6/10/20 3:48 PM, John Baldwin wrote:
> On 6/8/20 4:12 AM, Kurt Roeckx wrote:
>> On Thu, Jun 04, 2020 at 09:00:08AM -0700, John Baldwin wrote:
>>> At the moment there are 3 open PRs related to Kernel TLS offload
>>> support that I'm aware of:
>>>
>&g
/man1.1.1/man1/ocsp.html
Though this option is supported by 1.1.1 series.
On Mon, Jul 6, 2020 at 6:15 AM John Jiang wrote:
> I just want to know how does OpenSSL implement RFC 6960 section 4.4.7.2
> Responder Signature Algorithm Selection.
>
> Could I take a OpenSSL responder to use
, Jul 4, 2020 at 12:18 AM John Jiang wrote:
> Hi,
> I'm using OpenSSL 1.1.1.
>
> Can I configure the OCSP response signature algorithm?
> For a RSA issuer, it looks SHA256withRSA always be selected.
>
> PreferredSignatureAlgorithms extension in OCSP request may affect this
&
Hi,
I'm using OpenSSL 1.1.1.
Can I configure the OCSP response signature algorithm?
For a RSA issuer, it looks SHA256withRSA always be selected.
PreferredSignatureAlgorithms extension in OCSP request may affect this
algorithm in OpenSSL OCSP response. However, I prefer to use configuration.
On 6/8/20 4:12 AM, Kurt Roeckx wrote:
> On Thu, Jun 04, 2020 at 09:00:08AM -0700, John Baldwin wrote:
>> At the moment there are 3 open PRs related to Kernel TLS offload
>> support that I'm aware of:
>>
>> - 11589 adds TLS1.3 for Linux, has one approval from Matt Cas
Hi,
Can I specify multiple certificates for tools s_server and s_client?
I need to check the certificate selection with certificate_authorities.
And it looks s_server has no option for certificate_authorities, however
s_client has -requestCAfile for that extension.
Best regards,
John
nice if 3.0 did not require additional patches out of the
box.
Thanks!
--
John Baldwin
Crypto++ in it!
Any pointers would be gratefully appreciated. For what it's worth, this is
something I'm fairly new to so, if what I'm asking isn't clear, or if it sounds
like I have some concepts wrong, please let me know gently ;-)
Many thanks
John
ase of s_client/s_server this actually uncovered a bug
> in s_server, which is why you see the problem there.
>
> Matt
>
> On 24/03/2020 23:35, John Baldwin wrote:
>> I replied to the original commit on GH but haven't seen any responses so
>> thought I would follow up here
a bug in my changes until I finally narrowed it back to this
commit. It seems a bit odd for a normal close to trigger an error instead of
a clean EOF back from SSL_read().
--
John Baldwin
support. This is the hard part in terms of
>> effort. We currently have no such thing at all for RISC-V, and I
>> haven't seen any attempts to start such an effort... PRs would
>> certainly be welcome, but anyone who tries this will have to be
>> prepared for it to take a while to get into the main source.
>>
>> Cheers,
>> Richard
>>
>> --
>> Richard Levitte levi...@openssl.org
>> OpenSSL Project http://www.openssl.org/~levitte/
>> <https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fwww.openssl.org%2f~levitte%2f=E,1,X0wuSd-kz2nVhT_NOTOEEEyCfRQ3PVlEpzPg7qMVOE18vBdtM4EJjJ0PDdArARBsvQZdWJpbcy94bbUgzuKmj9jsBIiAzT87yPNJQ_aU-tOjP9VR4huaxBYl6g,,=1>
>>
>>
>
--
John Baldwin
ld perhaps have a SSL_writev() that did a single system call for KTLS
and fell back to a loop of SSL_write() calls otherwise. However, you
wouldn't have a SSL_readv() equivalent which might feel odd from an API
perspective.
--
John Baldwin
On Thu, Feb 27, 2020 at 9:27 PM Salz, Rich wrote:
>
>- Run the command: openssl s_client -tls1_3 -groups ffdhe2048 host:port
>
>
>
> TLS 1.3 doesn’t have those groups.
>
Per section Supported Groups in RFC 8446 [1], FFDHE groups could be
supported.
enum {
/* Elliptic Curve Groups
ERR_R_EVP_LIB);
Reference:
https://github.com/tpm2-software/tpm2-pkcs11/pull/403#issuecomment-590395767
Thank you,
John
I would have highlighted that OpenSSL 1.1.1d was being used in my testing.
On Thu, Feb 27, 2020 at 5:13 PM John Jiang wrote:
> Hi,
> It sounds FFDHE groups are already supported [1]
> But the tools, like s_client, also support them.
> Run the command: openssl s_client -tls1_3 -grou
Hi,
It sounds FFDHE groups are already supported [1]
But the tools, like s_client, also support them.
Run the command: openssl s_client -tls1_3 -groups ffdhe2048 host:port
it just raised the issue: Error with command: "-groups ffdhe2048"
If using P-256 or X25519, it worked fine.
I also tried
On 12/14/19 2:09 AM, Matt Caswell wrote:
>
>
> On 13/12/2019 23:52, John Baldwin wrote:
>> I've recently been working on adding support for kernel TLS offload
>> to FreeBSD and have some patches merged into master already along
>> with a couple of open reviews (and
then I can come
up with a candidate patch series.
--
John Baldwin
On Fri, Oct 25, 2019 at 8:50 PM Matt Caswell wrote:
>
>
> On 25/10/2019 09:39, Viktor Dukhovni wrote:
> > On Fri, Oct 25, 2019 at 03:33:43PM +0800, John Jiang wrote:
> >
> >> I'm using OpenSSL 1.1.1d.
> >> Just want to confirm if DHE_DSS cipher suites
Hi,
I'm using OpenSSL 1.1.1d.
Just want to confirm if DHE_DSS cipher suites are not supported by this
version.
Please consider the below simple case,
1. s_server uses a DSA certifcate
2. force s_client to use TLS 1.2 and TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
(DHE-DSS-AES256-GCM-SHA384)
the
You do not say what OS you are running on. Solaris 11 has a known problem with
not reporting queued data. This was fixed by SRU-28.
Regards,
John Unsworth
From: openssl-users on behalf of 路连峰
Sent: Monday, September 23, 2019 4:55 am
To: openssl-users
Subject
RC4 and MD5 are both considered broken.
>
Don't worry, just for some testing.
Thanks!
>
> Pauli
> --
> Dr Paul Dale | Cryptographer | Network Security & Encryption
> Phone +61 7 3031 7217
> Oracle Australia
>
>
>
> On 26 Jun 2019, at 11:41 am, John Jiang wrote:
>
Hi,
I'm using s_server and s_client from OpenSSL 1.1.1.
It looks the weak cipher suites, like SSL_RSA_WITH_RC4_128_MD5, are
disabled.
Is there any way to re-enable these cipher suites?
Thanks!
On Thu, Jun 13, 2019 at 12:28 PM Viktor Dukhovni
wrote:
> On Thu, Jun 13, 2019 at 10:49:14AM +0800, John Jiang wrote:
>
> > I got the point: the server certificate is ECDSA with curve secp256r1.
> > It works with RSA certificate and curves
> > sepc256r1/sepc384r1/sepc52
I got the point: the server certificate is ECDSA with curve secp256r1.
It works with RSA certificate and curves
sepc256r1/sepc384r1/sepc521r1/x25519/x448.
On Thu, Jun 13, 2019 at 3:00 AM Viktor Dukhovni
wrote:
> On Wed, Jun 12, 2019 at 05:31:30PM +0800, John Jiang wrote:
>
> > >
On Wed, Jun 12, 2019 at 4:34 PM Viktor Dukhovni
wrote:
> On Wed, Jun 12, 2019 at 03:45:12PM +0800, John Jiang wrote:
>
> > Using OpenSSL 1.1.1.
> > Just want to confirm that if OpenSSL supports curves X25519 and X448 for
> > TLSv1.2.
>
> Yes, it does.
>
>
Hi,
Using OpenSSL 1.1.1.
Just want to confirm that if OpenSSL supports curves X25519 and X448 for
TLSv1.2.
Tried below commands,
openssl s_server -trace -state -cert server.cer -key server.key -accept port
openssl s_client -trace -state -CAfile ca.cer -tls1_2 -groups X25519
-connect
Hi,
I'm using OpenSSL 1.1.1
I just use the below s_client command to test resumption.
openssl s_client -CAfile CA.cer -tls1_2 -sess_in openssl.sess -connect
localhost:9443
Is there any option to take this tool to use only session id or session
ticket for resumption?
Thanks!
Hello,
I am working on a Solaris 11.4 x86 64bit virtual server. There are no specific
applications loaded on it yet. I am preparing it to be a BIND server
eventually.
To that end, I downloaded and installed OpenSSL 1.1.1b so I have the latest and
greatest to work with.
The installation
Thanks. So in the meantime we can remove the DEFINE macros and the pragmas (or
just the pragmas as we have done) to build the no-shared libraries.
Regards,
John.
Originalmeddelande
Från: Richard Levitte
Skickat: 16 maj 2019 08:34:06 GMT-07:00
Till: John Unsworth
Ämne: RE
on Solaris - solution and possible fix
On 5/16/19 6:46 AM, John Unsworth wrote:
> In the absence of any steer from openssl gurus we will proceed by
> removing the #pragmas in safestack.h and lhash.h while we build the
> no-shared libraries on solaris. Hopefully someone will come up with a
In the absence of any steer from openssl gurus we will proceed by removing the
#pragmas in safestack.h and lhash.h while we build the no-shared libraries on
solaris. Hopefully someone will come up with a proper fix at some point.
Regards,
John
From: openssl-users On Behalf Of John
Unsworth
ps that used the .h files (hard to avoid since they are basic crypto
header files) but did not link with libcrypto.so. That library was explicitly
loaded by the app, but the app would not start because of the missing symbols.
See issues 6912 and 8102.
Regards,
John.
John Unsworth |Meta-Directory
ned(__SUNPRO_C)
#pragma weak getisax
in crypto\sparcv9cap.c
so maybe that needs consideration too.
Regards,
John.
-Original Message-
From: openssl-users On Behalf Of John
Unsworth
Sent: 10 May 2019 16:23
To: openssl-users@openssl.org
Subject: RE: OpenSSL 1.1.1b tests fail on Solaris - solut
originated from outside of Synchronoss.
On 5/10/19 11:23 AM, John Unsworth wrote:
> This seems to be caused by the ongoing saga documented
I have this working flawlessly on S10 ... what is the issue :
jupiter # /usr/local/bin/openssl version OpenSSL 1.1.1b 26 Feb 2019
dc
r openssl1.1.1.
So, in 1.1.1b I can observe that OPENSSL_sk_new_null has been defined as below
in safestack.h.
pragma weak OPENSSL_sk_new_null
Can this be related ? Am I missing anything while Configure ?
<<<<<<<<<<<<<<<
Regards,
John.
-Original Message-
Fr
|2|2
|OPENSSL_sk_zero
Does the Bind Type WEAK indicate anything?
>> Note - Weak symbols are intended primarily for use in system software. Their
>> use in application programs is discouraged.
Shouldn't they be GLOBAL like the rest? How to change them?
Regards,
John
-Origi
: -xarch=v9 is deprecated, use -m64 to create 64-bit programs
Does it need -lssl?
John
-Original Message-
From: openssl-users On Behalf Of John
Unsworth
Sent: 09 May 2019 10:13
To: openssl-users@openssl.org
Subject: RE: OpenSSL 1.1.1b tests fail on Solaris
CAUTION: This email originated from
ssl: fatal: relocation error: file openssl: symbol
OPENSSL_sk_new_null: referenced symbol not found
I have built static libraries.
John
-Original Message-
From: openssl-users On Behalf Of Matt
Caswell
Sent: 09 May 2019 09:38
To: openssl-users@openssl.org
Subject: Re: OpenSSL 1.1.1b tests f
(wstat 256, 0x100)
Failed 1/1 subtests
../test/recipes/04-test_bio_callback.t . Dubious, test returned 1
(wstat 256, 0x100)
Failed 1/1 subtests
Regards,
John.
Just a thought. Would it not be possible for the SSL session to create a mutex
and lock it where required?
Error details could be stored in Thread Local Storage to obliviate the need to
call SSL_get_error() within the mutex block.
Regards,
John
-Original Message-
From: openssl-users
Thanks, the mutex is tied to the SSL session and used for all calls (now!).
The good news is that moving SSL_get_error() into the same mutex unit as
SSL_read() has solved the problem.
Thank you for all your help and advice.
Regards,
John.
John Unsworth |Meta-Directory Engineering and Support
Testing changed code.
Regards
John
From: openssl-users on behalf of Matt
Caswell
Sent: Friday, May 3, 2019 10:16 am
To: openssl-users@openssl.org
Subject: Re: SSL_read() returning SSL_ERROR_SYSCALL with errno 11 EAGAIN
CAUTION: This email originated from
>> I think that's an application bug.
Thanks.
I thought you might say that. I will change the code and get the customer to
retest.
Regards,
John
-Original Message-
From: openssl-users On Behalf Of Viktor
Dukhovni
Sent: 02 May 2019 18:23
To: openssl-users@openssl.org
Subje
() calls.
> I gather the protocol is full-duplex and multiple outstanding requests can be
> written before the corresponding replies are read? Or is it strict
> half-duplex request-response?
It is full duplex and there can be multiple operations in progress.
Regards,
John.
-Origi
Openssl 1.1.0h
We have implemented the workaround - if SSL_ERROR_SYSCALL and errno=EAGAIN then
treat as WANT_READ/WANT_WRITE. This (seems to) work fine. No subsequent
problems, everything continues correctly.
Regards,
John
-Original Message-
From: openssl-users On Behalf Of Matt
SSL handle that.
Both ends OpenSSL 1.1.0h.
Problem seems to occur at random - only reproducable on customer site and after
a long time running their soak test.
Regards,
John.
-Original Message-
From: openssl-users On Behalf Of Viktor
Dukhovni
Sent: 02 May 2019 07:25
To: openssl-us
a soak test and thousands (maybe millions) of reads worked
fine until the failing one.
Regards,
John.
-Original Message-
From: openssl-users On Behalf Of Erik
Forsberg
Sent: 01 May 2019 03:05
To: openssl-users@openssl.org
Subject: Re: SSL_read() returning SSL_ERROR_SYSCALL with errno
a soak test and thousands (maybe millions) of reads worked
fine until the failing one.
Regards,
John.
-Original Message-
From: openssl-users On Behalf Of Erik
Forsberg
Sent: 01 May 2019 03:05
To: openssl-users@openssl.org
Subject: Re: SSL_read() returning SSL_ERROR_SYSCALL with errno
ite(). Are we correct?
Regards,
John.
st_evp V=1 test
All tests successful.
Files=1, Tests=9, 1 wallclock secs ( 0.02 usr + 0.00 sys = 0.02 CPU)
Result: PASS
Regards,
John
-Original Message-
From: openssl-users On Behalf Of John
Unsworth
Sent: 13 April 2019 15:28
To: openssl-users@openssl.org
Subject: RE: Tests fail on
.19 sys = 0.92 CPU)
Result: PASS
Regards,
John
-Original Message-
From: openssl-users On Behalf Of Matt
Caswell
Sent: 12 April 2019 14:16
To: openssl-users@openssl.org
Subject: Re: Tests fail on openssl 1.1.1b Windows 7 built with VS 2013
CAUTION: This email originated from outs
Attached. This is with the debug build.
John
-Original Message-
From: openssl-users On Behalf Of Matt
Caswell
Sent: 11 April 2019 17:40
To: openssl-users@openssl.org
Subject: Re: Tests fail on openssl 1.1.1b Windows 7 built with VS 2013
CAUTION: This email originated from outside
, 7, 9
Non-zero exit status: 4
test\recipes\80-test_ssl_new.t(Wstat: 512 Tests: 29 Failed: 2)
Failed tests: 20, 28
Non-zero exit status: 2
Thanks,
John Unsworth
I had tried TLS Fuzzer, and it worked for me.
I just wished that OpenSSL can do the similar things.
Thanks!
On Tue, Feb 26, 2019 at 9:56 PM Hubert Kario wrote:
> On Tuesday, 26 February 2019 07:22:52 CET John Jiang wrote:
> > Is it possible to check if peer implements middlebox comp
Is it possible to check if peer implements middlebox compatibility by
s_server/s_client?
It looks the test tools don't care this point.
For example, if a server doesn't send change_cipher_spec after
HelloRetryRequest, s_client still feels fine.That's not bad. But can I
setup these tools to check
Nicola,
Brilliant - that sorted it. I have produced a public key this way and
successfully compared it with the public key in the original key pair.
You may want to update the wiki page to add that step into the sample code
Regards
John
-Original Message-
From: openssl-users
.
I'm using openssl 1.10h
Any pointers or help would be appreciated.
John
---
BN_CTX *ctx;
ctx = BN_CTX_new();
if(!ctx) {
outputInfo("unable to create openssl BN_CTX");
org> wrote:
> s_client has -sess_out and -sess_in options that can be used
> to save session information to a file and read it in for a subsequent
> connection. Neither is used by default.
>
> -Ben
>
> On Sun, Sep 30, 2018 at 11:06:14AM +0800, John Jiang wrote:
> >
Does s_client resume any session in the local session file?
On Sun, Sep 30, 2018 at 3:19 AM Salz, Rich via openssl-users <
openssl-users@openssl.org> wrote:
>
>- The debug logs display two "SSL-Session" blocks in a full handshake.
>
> Only one "SSL-Session" block is displayed in a
Using OpenSSL 1.1.1.
The debug logs display two "SSL-Session" blocks in a full handshake.
Only one "SSL-Session" block is displayed in a resumption.
Why does full handshake has two sessions?
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Matt
>
>
> On 12/09/18 12:25, John Jiang wrote:
> > Very strange. I re-tried the same case, but the resumption failed.
> > The attached logs contain the full outputs in the both connections on
> > server and client sides.
> >
> > On Wed, Sep 12, 2018 at 7:09 PM Ma
t; log including *both* connections, i.e. the original connection attempt
> to create the session, followed by the subsequent resume.
>
> Thanks
>
> Matt
>
>
> On 12/09/18 11:50, John Jiang wrote:
> > Could you please take a look at the attached s_client.log?
> >
Could you please take a look at the attached s_client.log?
It was outputted by s_client with options -trace and -state in the second
connection.
Matt Caswell 于2018年9月12日周三 下午4:48写道:
>
>
> On 12/09/18 09:34, John Jiang wrote:
> >
> > It looks the session was resumed,
Matt Caswell 于2018年9月12日周三 下午4:16写道:
>
>
> On 12/09/18 08:07, John Jiang wrote:
> > I just build OpenSSL 1.1.1 on MacOSX.
> > Tried 0-RTT, and the commands like the followings,
> > openssl s_server -cert server.cer -key server.key -tls1_3 -early_data
> > -accept
I just build OpenSSL 1.1.1 on MacOSX.
Tried 0-RTT, and the commands like the followings,
openssl s_server -cert server.cer -key server.key -tls1_3 -early_data
-accept 9443
...
openssl s_client -CAfile ca.cer -tls1_3 -sess_in openssl.sess -early_data
data -connect localhost:9443
s_client reported
In the standard make files published for 1.0.2o
How can we change the name of these files to reflect the architecture(bitness)
of the OS.
We would like the 32 bit and 64 bit names to be different.
libeay32.dll
libeay32.lib
ssleay32.dll
ssleay32.lib
This e-mail, including attachments, may
2018-06-20 17:01 GMT+08:00 Matt Caswell :
>
>
> On 20/06/18 07:11, John Jiang wrote:
> > 2018-06-19 6:21 GMT+08:00 Matt Caswell > <mailto:m...@openssl.org>>:
> >
> >
> >
> > On 18/06/18 21:23, Hubert Kario wrote:
> >
2018-06-19 6:21 GMT+08:00 Matt Caswell :
>
>
> On 18/06/18 21:23, Hubert Kario wrote:
> > On Friday, 8 June 2018 10:26:07 CEST Matt Caswell wrote:
> >> On 08/06/18 02:48, John Jiang wrote:
> >>> Is it possible to check Key/IV update feature via these too
2018-06-19 23:11 GMT+08:00 Jakob Bohm :
> On 19/06/2018 15:40, John Jiang wrote:
>
>> Using OpenSSL 1.1.1-pre7
>>
>> Please consider the following cases and handshaking results:
>> 1. rsa_pss_pss_256 certificate + TLS_RSA_WITH_AES_256_GCM_SHA384 cipher
Using OpenSSL 1.1.1-pre7
Please consider the following cases and handshaking results:
1. rsa_pss_pss_256 certificate + TLS_RSA_WITH_AES_256_GCM_SHA384 cipher
suite
Handshaking failed with no suitable cipher
2. rsa_pss_pss_256 certificate + TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
cipher suite
Hi OpenSSL team,
Our team has successfully built Window dlls for OpenSSL code version 1.0.2n.
The dll names where libeay32.dll & ssleay32.dll.
They worked on Windows 7 and Windows Server 2012 OS.
Our team has built Window dlls for the OpenSSL code using version 1.1.0h.
The dll names where
Is it possible to check Key/IV update feature via these tools?
Thanks!
2018-05-23 20:33 GMT+08:00 Matt Caswell :
>
>
> On 23/05/18 12:39, John Jiang wrote:
> > Hi,
> > If just using s_server and s_client, can I test the TLS 1.3 features,
> > likes HelloRetryRequ
Hi Matt,
Thanks for your reply!
2018-05-23 20:33 GMT+08:00 Matt Caswell :
>
> To test resumption first create a full handshake TLSv1.3 connection and
> save the session:
>
> $ openssl s_server -cert cert.pem -key key.pem
> $ openssl s_client -sess_out session.pem
>
> Close the
Hi,
If just using s_server and s_client, can I test the TLS 1.3 features, likes
HelloRetryRequest and resumption?
2018-04-29 18:43 GMT+08:00 Kurt Roeckx :
> The upcomming OpenSSL 1.1.1 release will have TLS 1.3 support. TLS
> 1.3 brings a lot of changes that might cause
Anyway, I can download it via
https://www.openssl.org/source/openssl-1.1.1-pre6.tar.gz
John
2018-05-02 10:48 GMT+08:00 John Jiang <john.sha.ji...@gmail.com>:
> Hi,
> I don't see the link for openssl-1.1.1-pre6.tar.gz on page
> https://www.openssl.org/source/
>
> Thanks,
&g
Hi,
I don't see the link for openssl-1.1.1-pre6.tar.gz on page
https://www.openssl.org/source/
Thanks,
John
2018-05-01 21:06 GMT+08:00 OpenSSL <open...@openssl.org>:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
>
>OpenSSL version 1.1.
set_method.
rsa->flags |= RSA_FLAG_SIGN_VER;
But shouldn't OpenSSL work without me having to do that?
Perhaps RSA_set_method() should also copy the flags field to match what
RSA_new_method does?
Either that, or the meth->flags field should be tested.
Which is it?
-Ike-
John Eiche
implementation.
-Ike-
John Eichenberger
Intermec by Honeywell
Principal Engineer: Sustaining Engineering
425.921.4507
-Original Message-
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
Richard Levitte
Sent: Tuesday, April 03, 2018 7:43 PM
To: openssl-users
p; rsa->meth->rsa_verify) {
return rsa->meth->rsa_verify(dtype, m, m_len, sigbuf, siglen, rsa);
}
--
-Ike-
John Eichenberger
Intermec by Honeywell
Principal Engineer: Sustaining Engineering
425.921.4507
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
1 - 100 of 740 matches
Mail list logo