(SOLVED) Re: OpenSSL 3.0.7 make failure on Debian 10 (buster)

adopted "too clever by half" as a design goal. Thanks Matt and Michael. I just did a build in a clean Buster VM and it is working fine. I'll have to clean up my system and retry. -- Regards, John Boxall

OpenSSL 3.0.7 make failure on Debian 10 (buster)

enssl-bin-cmp_mock_srv.d.tmp -MT apps/lib/openssl-bin-cmp_mock_srv.o -c -o apps/lib/openssl-bin-cmp_mock_srv.o apps/lib/cmp_mock_srv.c In file included from /usr/lib/gcc/x86_64-linux-gnu/8/include-fixed/syslimits.h:7, from /usr/lib/gcc/x86_64-linux-gnu/8/include-fixed/limits.h:

PBKDF2 & HMAC-SHA1-128 Functions

What OpenSSL functions to use in "Visual Studio 2022" to create a C++ program:: PSK = PBKDF2(Passphrase, SSID, 4096) PMK = PBKDF2(HMAC−SHA1, PSK, SSID, 4096, 256) PMKID = HMAC-SHA1-128(PMK,"PMK Name" | MAC_AP | MAC_STA) Sample test data for PSK (Pre-Shared Key) Network SSID:   linksys54gh

Re: RSA and DES encryption and decryption with C++ on Windows

Pauli, Thanks for the link, but apparently that code requires having an account to view it. However, I've passed the information from this thread onto the guy I'm working with and he's going to reevaluate what he wants to do. Regards, ...John <http://www.avg.com/email-signature?utm_med

Re: RSA and DES encryption and decryption with C++ on Windows

to see what he wants to do next. Thanks again! Regards, ...John <http://www.avg.com/email-signature?utm_medium=email_source=link_campaign=sig-email_content=webmail> Virus-free. www.avg.com <http://www.avg.com/email-signature?utm_medium=email_source=link_campaign=sig-email_conten

RSA and DES encryption and decryption with C++ on Windows

efficient way to search this email list? I was trying to search for similar questions but wasn't able.I guess I could use google and the email list name? Thanks for any help, Regards ...John

Re: [EXT] Re: KTLS with openssl 3.0 fail with error ENOTCONN(Transport endpoint is not connected)

On 1/6/22 5:58 AM, Gaurav Jain wrote: Hi -Original Message- From: John Baldwin Sent: Thursday, January 6, 2022 12:26 AM To: Gaurav Jain ; bor...@mellanox.com; openssl- us...@openssl.org Cc: Varun Sethi ; Pankaj Gupta Subject: [EXT] Re: KTLS with openssl 3.0 fail with error ENOTCONN

Re: KTLS with openssl 3.0 fail with error ENOTCONN(Transport endpoint is not connected)

On 1/4/22 11:49 PM, Gaurav Jain wrote: Hello Boris/John I am from NXP and currently working on enabling KTLS on NXP platforms via openssl. I see that you enabled KTLS support in openssl 3.0(https://www.openssl.org/news/changelog.html#openssl-30). when I configure openssl 3.0 or 3.1.0

SM3WithSM2 Certificate

with SM3. Why doesn't openssl x509 tool display this name? Does OpenSSL support this signature scheme? Best regards, John Jiang

Re: ASN.1 encoding error

. Thanks, John On Thu, 25 Feb 2021 at 17:29, Benjamin Kaduk wrote: > That sounds like the certificate is encoded using ASN.1 BER rules, that > openssl > accepts, but the python library is insisting on DER encoding (per the > spec). > > -Ben > > On Thu, Feb 25, 2021 at 05:19

ASN.1 encoding error

rong tree, is there something else that I can use other than the asn1parse option to figure out where the error might be coming from? Cheers, John -- *John Robson*

Re: OPenssl 3.0 issues

in an internal buffer in libc? -- John Baldwin

Default value of a session resumption timeout (300 seconds vs 7200 seconds)

Hi list, The session reuse question posted on the mailing list earlier (https://mta.openssl.org/pipermail/openssl-users/2021-January/013360.html) reminded of a somewhat similar question I have. As per the docs, https://www.openssl.org/docs/man1.0.2/man3/SSL_get_default_timeout.html, it says

Re: OpenSSL version 3.0.0-alpha10 published

Please remove my email from your distribution > On Jan 7, 2021, at 9:08 AM, OpenSSL wrote: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > > OpenSSL version 3.0 alpha 10 released > = > > OpenSSL - The Open Source toolkit for SSL/TLS >

Re: Random and rare Seg faults at openssl library level

Please remove my email > On Jan 7, 2021, at 3:23 AM, Jan Just Keijser wrote: > > On 06/01/21 21:57, Michael Wojcik wrote: >> >> The same way you'd track down an intermittent cause of Undefined Behavior in >> any other program: some combination of dynamic monitoring, symbolic >> execution,

Re: Use OpenSSL to decrypt TLS session from PCAP files

to and then manually read/wrote their contents on its tunnel socket). -- John Baldwin

Re: OpenSSL not accepting a certificate, whilst curl does.

tl;dr: Found an issue with update-ca-trust extract OpenSSL doing what it should, but update-ca-trust is only pushing the cert into some of the trust stores. Thanks Tomas On Tue, 29 Sep 2020 at 07:06, Tomas Mraz wrote: > > On Mon, 2020-09-28 at 22:35 +0100, John Robson via openssl-users

OpenSSL not accepting a certificate, whilst curl does.

oint below. Thanks, John -- # Check that the root is installed into the trusted bundle: # awk -v cmd='openssl x509 -noout -subject -serial -fingerprint; echo' '/BEGIN/{close(cmd)};{print | cmd}' < /etc/ssl/certs/ca-bundle.trust.crt | grep -A1 CAROOT subject= /CN=CAROOT/O=org/C=XX serial=4D4

Re: Testing TLS 1.0 with OpenSSL master

On 8/18/20 9:49 AM, Matt Caswell wrote: > > > On 17/08/2020 18:55, John Baldwin wrote: >> 1) Is 'auth_level' supposed to work for this? The CHANGES.md change >>references SSL_CTX_set_security_level and openssl(1) claims that >>'-auth_level' changes this? Is

Testing TLS 1.0 with OpenSSL master

s well). So I guess two questions: 1) Is 'auth_level' supposed to work for this? The CHANGES.md change references SSL_CTX_set_security_level and openssl(1) claims that '-auth_level' changes this? Is the CHANGES.md entry wrong and only SECLEVEL=0 for the ciphers work by design? 2) The hang when using a 'master' client seems like a regression? -- John Baldwin

Re: How to help with getting KTLS patches merged

On 6/10/20 3:48 PM, John Baldwin wrote: > On 6/8/20 4:12 AM, Kurt Roeckx wrote: >> On Thu, Jun 04, 2020 at 09:00:08AM -0700, John Baldwin wrote: >>> At the moment there are 3 open PRs related to Kernel TLS offload >>> support that I'm aware of: >>> >&g

Re: OCSP response signature algorithm

/man1.1.1/man1/ocsp.html Though this option is supported by 1.1.1 series. On Mon, Jul 6, 2020 at 6:15 AM John Jiang wrote: > I just want to know how does OpenSSL implement RFC 6960 section 4.4.7.2 > Responder Signature Algorithm Selection. > > Could I take a OpenSSL responder to use

Re: OCSP response signature algorithm

, Jul 4, 2020 at 12:18 AM John Jiang wrote: > Hi, > I'm using OpenSSL 1.1.1. > > Can I configure the OCSP response signature algorithm? > For a RSA issuer, it looks SHA256withRSA always be selected. > > PreferredSignatureAlgorithms extension in OCSP request may affect this &

OCSP response signature algorithm

Hi, I'm using OpenSSL 1.1.1. Can I configure the OCSP response signature algorithm? For a RSA issuer, it looks SHA256withRSA always be selected. PreferredSignatureAlgorithms extension in OCSP request may affect this algorithm in OpenSSL OCSP response. However, I prefer to use configuration.

Re: How to help with getting KTLS patches merged

On 6/8/20 4:12 AM, Kurt Roeckx wrote: > On Thu, Jun 04, 2020 at 09:00:08AM -0700, John Baldwin wrote: >> At the moment there are 3 open PRs related to Kernel TLS offload >> support that I'm aware of: >> >> - 11589 adds TLS1.3 for Linux, has one approval from Matt Cas

Specify multiple certs for s_server and s_client

Hi, Can I specify multiple certificates for tools s_server and s_client? I need to check the certificate selection with certificate_authorities. And it looks s_server has no option for certificate_authorities, however s_client has -requestCAfile for that extension. Best regards, John

How to help with getting KTLS patches merged

nice if 3.0 did not require additional patches out of the box. Thanks! -- John Baldwin

Can RSA PSS-R be done simply with OpenSSL?

Crypto++ in it! Any pointers would be gratefully appreciated. For what it's worth, this is something I'm fairly new to so, if what I'm asking isn't clear, or if it sounds like I have some concepts wrong, please let me know gently ;-) Many thanks John

Re: New decode_errors due to EOF changes in master and 1.1.1e

ase of s_client/s_server this actually uncovered a bug > in s_server, which is why you see the problem there. > > Matt > > On 24/03/2020 23:35, John Baldwin wrote: >> I replied to the original commit on GH but haven't seen any responses so >> thought I would follow up here

New decode_errors due to EOF changes in master and 1.1.1e

a bug in my changes until I finally narrowed it back to this commit. It seems a bit odd for a normal close to trigger an error instead of a clean EOF back from SSL_read(). -- John Baldwin

Re: Compiling for RISC-V

support. This is the hard part in terms of >> effort. We currently have no such thing at all for RISC-V, and I >> haven't seen any attempts to start such an effort... PRs would >> certainly be welcome, but anyone who tries this will have to be >> prepared for it to take a while to get into the main source. >> >> Cheers, >> Richard >> >> -- >> Richard Levitte levi...@openssl.org >> OpenSSL Project http://www.openssl.org/~levitte/ >> <https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fwww.openssl.org%2f~levitte%2f=E,1,X0wuSd-kz2nVhT_NOTOEEEyCfRQ3PVlEpzPg7qMVOE18vBdtM4EJjJ0PDdArARBsvQZdWJpbcy94bbUgzuKmj9jsBIiAzT87yPNJQ_aU-tOjP9VR4huaxBYl6g,,=1> >> >> > -- John Baldwin

Re: writev over OpenSSL

ld perhaps have a SSL_writev() that did a single system call for KTLS and fell back to a loop of SSL_write() calls otherwise. However, you wouldn't have a SSL_readv() equivalent which might feel odd from an API perspective. -- John Baldwin

Re: Support FFDHE?

On Thu, Feb 27, 2020 at 9:27 PM Salz, Rich wrote: > >- Run the command: openssl s_client -tls1_3 -groups ffdhe2048 host:port > > > > TLS 1.3 doesn’t have those groups. > Per section Supported Groups in RFC 8446 [1], FFDHE groups could be supported. enum { /* Elliptic Curve Groups

[RFC] TLS salt length auto detection, switch from DIGEST to AUTO

ERR_R_EVP_LIB); Reference: https://github.com/tpm2-software/tpm2-pkcs11/pull/403#issuecomment-590395767 Thank you, John

Re: Support FFDHE?

I would have highlighted that OpenSSL 1.1.1d was being used in my testing. On Thu, Feb 27, 2020 at 5:13 PM John Jiang wrote: > Hi, > It sounds FFDHE groups are already supported [1] > But the tools, like s_client, also support them. > Run the command: openssl s_client -tls1_3 -grou

Support FFDHE?

Hi, It sounds FFDHE groups are already supported [1] But the tools, like s_client, also support them. Run the command: openssl s_client -tls1_3 -groups ffdhe2048 host:port it just raised the issue: Error with command: "-groups ffdhe2048" If using P-256 or X25519, it worked fine. I also tried

Re: Backporting KTLS to 1.1.1

On 12/14/19 2:09 AM, Matt Caswell wrote: > > > On 13/12/2019 23:52, John Baldwin wrote: >> I've recently been working on adding support for kernel TLS offload >> to FreeBSD and have some patches merged into master already along >> with a couple of open reviews (and

Backporting KTLS to 1.1.1

then I can come up with a candidate patch series. -- John Baldwin

Re: Are DHE_DSS cipher suites not supported?

On Fri, Oct 25, 2019 at 8:50 PM Matt Caswell wrote: > > > On 25/10/2019 09:39, Viktor Dukhovni wrote: > > On Fri, Oct 25, 2019 at 03:33:43PM +0800, John Jiang wrote: > > > >> I'm using OpenSSL 1.1.1d. > >> Just want to confirm if DHE_DSS cipher suites

Are DHE_DSS cipher suites not supported?

Hi, I'm using OpenSSL 1.1.1d. Just want to confirm if DHE_DSS cipher suites are not supported by this version. Please consider the below simple case, 1. s_server uses a DSA certifcate 2. force s_client to use TLS 1.2 and TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 (DHE-DSS-AES256-GCM-SHA384) the

Re: My client can not receive data in blocking mode

You do not say what OS you are running on. Solaris 11 has a known problem with not reporting queued data. This was fixed by SRU-28. Regards, John Unsworth From: openssl-users on behalf of 路连峰 Sent: Monday, September 23, 2019 4:55 am To: openssl-users Subject

Re: Enabled weak cipher suites

RC4 and MD5 are both considered broken. > Don't worry, just for some testing. Thanks! > > Pauli > -- > Dr Paul Dale | Cryptographer | Network Security & Encryption > Phone +61 7 3031 7217 > Oracle Australia > > > > On 26 Jun 2019, at 11:41 am, John Jiang wrote: >

Enabled weak cipher suites

Hi, I'm using s_server and s_client from OpenSSL 1.1.1. It looks the weak cipher suites, like SSL_RSA_WITH_RC4_128_MD5, are disabled. Is there any way to re-enable these cipher suites? Thanks!

Re: Is X25519/X448 supported for TLSv1.2?

On Thu, Jun 13, 2019 at 12:28 PM Viktor Dukhovni wrote: > On Thu, Jun 13, 2019 at 10:49:14AM +0800, John Jiang wrote: > > > I got the point: the server certificate is ECDSA with curve secp256r1. > > It works with RSA certificate and curves > > sepc256r1/sepc384r1/sepc52

Re: Is X25519/X448 supported for TLSv1.2?

I got the point: the server certificate is ECDSA with curve secp256r1. It works with RSA certificate and curves sepc256r1/sepc384r1/sepc521r1/x25519/x448. On Thu, Jun 13, 2019 at 3:00 AM Viktor Dukhovni wrote: > On Wed, Jun 12, 2019 at 05:31:30PM +0800, John Jiang wrote: > > > >

Re: Is X25519/X448 supported for TLSv1.2?

On Wed, Jun 12, 2019 at 4:34 PM Viktor Dukhovni wrote: > On Wed, Jun 12, 2019 at 03:45:12PM +0800, John Jiang wrote: > > > Using OpenSSL 1.1.1. > > Just want to confirm that if OpenSSL supports curves X25519 and X448 for > > TLSv1.2. > > Yes, it does. > >

Is X25519/X448 supported for TLSv1.2?

Hi, Using OpenSSL 1.1.1. Just want to confirm that if OpenSSL supports curves X25519 and X448 for TLSv1.2. Tried below commands, openssl s_server -trace -state -cert server.cer -key server.key -accept port openssl s_client -trace -state -CAfile ca.cer -tls1_2 -groups X25519 -connect

Session ID or Session ticket?

Hi, I'm using OpenSSL 1.1.1 I just use the below s_client command to test resumption. openssl s_client -CAfile CA.cer -tls1_2 -sess_in openssl.sess -connect localhost:9443 Is there any option to take this tool to use only session id or session ticket for resumption? Thanks!

OpenSSL 1.1.1b installation

Hello, I am working on a Solaris 11.4 x86 64bit virtual server. There are no specific applications loaded on it yet. I am preparing it to be a BIND server eventually. To that end, I downloaded and installed OpenSSL 1.1.1b so I have the latest and greatest to work with. The installation

RE: OpenSSL 1.1.1b tests fail on Solaris - solution and possible fix

Thanks. So in the meantime we can remove the DEFINE macros and the pragmas (or just the pragmas as we have done) to build the no-shared libraries. Regards, John. Originalmeddelande Från: Richard Levitte Skickat: 16 maj 2019 08:34:06 GMT-07:00 Till: John Unsworth Ämne: RE

RE: OpenSSL 1.1.1b tests fail on Solaris - solution and possible fix

on Solaris - solution and possible fix On 5/16/19 6:46 AM, John Unsworth wrote: > In the absence of any steer from openssl gurus we will proceed by > removing the #pragmas in safestack.h and lhash.h while we build the > no-shared libraries on solaris. Hopefully someone will come up with a

RE: OpenSSL 1.1.1b tests fail on Solaris - solution and possible fix

In the absence of any steer from openssl gurus we will proceed by removing the #pragmas in safestack.h and lhash.h while we build the no-shared libraries on solaris. Hopefully someone will come up with a proper fix at some point. Regards, John From: openssl-users On Behalf Of John Unsworth

OpenSSL 1.1.1b tests fail on Solaris - solution and possible fix

ps that used the .h files (hard to avoid since they are basic crypto header files) but did not link with libcrypto.so. That library was explicitly loaded by the app, but the app would not start because of the missing symbols. See issues 6912 and 8102. Regards, John. John Unsworth |Meta-Directory

RE: OpenSSL 1.1.1b tests fail on Solaris - solution and possible fix

ned(__SUNPRO_C) #pragma weak getisax in crypto\sparcv9cap.c so maybe that needs consideration too. Regards, John. -Original Message- From: openssl-users On Behalf Of John Unsworth Sent: 10 May 2019 16:23 To: openssl-users@openssl.org Subject: RE: OpenSSL 1.1.1b tests fail on Solaris - solut

RE: OpenSSL 1.1.1b tests fail on Solaris - solution

originated from outside of Synchronoss. On 5/10/19 11:23 AM, John Unsworth wrote: > This seems to be caused by the ongoing saga documented I have this working flawlessly on S10 ... what is the issue : jupiter # /usr/local/bin/openssl version OpenSSL 1.1.1b 26 Feb 2019 dc

RE: OpenSSL 1.1.1b tests fail on Solaris - solution

r openssl1.1.1. So, in 1.1.1b I can observe that OPENSSL_sk_new_null has been defined as below in safestack.h. pragma weak OPENSSL_sk_new_null Can this be related ? Am I missing anything while Configure ? <<<<<<<<<<<<<<< Regards, John. -Original Message- Fr

RE: OpenSSL 1.1.1b tests fail on Solaris

|2|2 |OPENSSL_sk_zero Does the Bind Type WEAK indicate anything? >> Note - Weak symbols are intended primarily for use in system software. Their >> use in application programs is discouraged. Shouldn't they be GLOBAL like the rest? How to change them? Regards, John -Origi

RE: OpenSSL 1.1.1b tests fail on Solaris

: -xarch=v9 is deprecated, use -m64 to create 64-bit programs Does it need -lssl? John -Original Message- From: openssl-users On Behalf Of John Unsworth Sent: 09 May 2019 10:13 To: openssl-users@openssl.org Subject: RE: OpenSSL 1.1.1b tests fail on Solaris CAUTION: This email originated from

RE: OpenSSL 1.1.1b tests fail on Solaris

ssl: fatal: relocation error: file openssl: symbol OPENSSL_sk_new_null: referenced symbol not found I have built static libraries. John -Original Message- From: openssl-users On Behalf Of Matt Caswell Sent: 09 May 2019 09:38 To: openssl-users@openssl.org Subject: Re: OpenSSL 1.1.1b tests f

OpenSSL 1.1.1b tests fail on Solaris

(wstat 256, 0x100) Failed 1/1 subtests ../test/recipes/04-test_bio_callback.t . Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests Regards, John.

RE: SSL_read() returning SSL_ERROR_SYSCALL with errno 11 EAGAIN

Just a thought. Would it not be possible for the SSL session to create a mutex and lock it where required? Error details could be stored in Thread Local Storage to obliviate the need to call SSL_get_error() within the mutex block. Regards, John -Original Message- From: openssl-users

RE: SSL_read() returning SSL_ERROR_SYSCALL with errno 11 EAGAIN

Thanks, the mutex is tied to the SSL session and used for all calls (now!). The good news is that moving SSL_get_error() into the same mutex unit as SSL_read() has solved the problem. Thank you for all your help and advice. Regards, John. John Unsworth |Meta-Directory Engineering and Support

Re: SSL_read() returning SSL_ERROR_SYSCALL with errno 11 EAGAIN

Testing changed code. Regards John From: openssl-users on behalf of Matt Caswell Sent: Friday, May 3, 2019 10:16 am To: openssl-users@openssl.org Subject: Re: SSL_read() returning SSL_ERROR_SYSCALL with errno 11 EAGAIN CAUTION: This email originated from

RE: SSL_read() returning SSL_ERROR_SYSCALL with errno 11 EAGAIN

>> I think that's an application bug. Thanks. I thought you might say that. I will change the code and get the customer to retest. Regards, John -Original Message- From: openssl-users On Behalf Of Viktor Dukhovni Sent: 02 May 2019 18:23 To: openssl-users@openssl.org Subje

RE: SSL_read() returning SSL_ERROR_SYSCALL with errno 11 EAGAIN

() calls. > I gather the protocol is full-duplex and multiple outstanding requests can be > written before the corresponding replies are read? Or is it strict > half-duplex request-response? It is full duplex and there can be multiple operations in progress. Regards, John. -Origi

RE: SSL_read() returning SSL_ERROR_SYSCALL with errno 11EAGAIN

Openssl 1.1.0h We have implemented the workaround - if SSL_ERROR_SYSCALL and errno=EAGAIN then treat as WANT_READ/WANT_WRITE. This (seems to) work fine. No subsequent problems, everything continues correctly. Regards, John -Original Message- From: openssl-users On Behalf Of Matt

RE: SSL_read() returning SSL_ERROR_SYSCALL with errno 11 EAGAIN

SSL handle that. Both ends OpenSSL 1.1.0h. Problem seems to occur at random - only reproducable on customer site and after a long time running their soak test. Regards, John. -Original Message- From: openssl-users On Behalf Of Viktor Dukhovni Sent: 02 May 2019 07:25 To: openssl-us

RE: SSL_read() returning SSL_ERROR_SYSCALL with errno 11 EAGAIN

a soak test and thousands (maybe millions) of reads worked fine until the failing one. Regards, John. -Original Message- From: openssl-users On Behalf Of Erik Forsberg Sent: 01 May 2019 03:05 To: openssl-users@openssl.org Subject: Re: SSL_read() returning SSL_ERROR_SYSCALL with errno

RE: SSL_read() returning SSL_ERROR_SYSCALL with errno 11 EAGAIN

a soak test and thousands (maybe millions) of reads worked fine until the failing one. Regards, John. -Original Message- From: openssl-users On Behalf Of Erik Forsberg Sent: 01 May 2019 03:05 To: openssl-users@openssl.org Subject: Re: SSL_read() returning SSL_ERROR_SYSCALL with errno

SSL_read() returning SSL_ERROR_SYSCALL with errno 11EAGAIN

ite(). Are we correct? Regards, John.

RE: Tests fail on openssl 1.1.1b Windows 7 built with VS 2013

st_evp V=1 test All tests successful. Files=1, Tests=9, 1 wallclock secs ( 0.02 usr + 0.00 sys = 0.02 CPU) Result: PASS Regards, John -Original Message- From: openssl-users On Behalf Of John Unsworth Sent: 13 April 2019 15:28 To: openssl-users@openssl.org Subject: RE: Tests fail on

RE: Tests fail on openssl 1.1.1b Windows 7 built with VS 2013

.19 sys = 0.92 CPU) Result: PASS Regards, John -Original Message- From: openssl-users On Behalf Of Matt Caswell Sent: 12 April 2019 14:16 To: openssl-users@openssl.org Subject: Re: Tests fail on openssl 1.1.1b Windows 7 built with VS 2013 CAUTION: This email originated from outs

RE: Tests fail on openssl 1.1.1b Windows 7 built with VS 2013

Attached. This is with the debug build. John -Original Message- From: openssl-users On Behalf Of Matt Caswell Sent: 11 April 2019 17:40 To: openssl-users@openssl.org Subject: Re: Tests fail on openssl 1.1.1b Windows 7 built with VS 2013 CAUTION: This email originated from outside

Tests fail on openssl 1.1.1b Windows 7 built with VS 2013

, 7, 9 Non-zero exit status: 4 test\recipes\80-test_ssl_new.t(Wstat: 512 Tests: 29 Failed: 2) Failed tests: 20, 28 Non-zero exit status: 2 Thanks, John Unsworth

Re: s_server/s_client on checking middlebox compatibility

I had tried TLS Fuzzer, and it worked for me. I just wished that OpenSSL can do the similar things. Thanks! On Tue, Feb 26, 2019 at 9:56 PM Hubert Kario wrote: > On Tuesday, 26 February 2019 07:22:52 CET John Jiang wrote: > > Is it possible to check if peer implements middlebox comp

s_server/s_client on checking middlebox compatibility

Is it possible to check if peer implements middlebox compatibility by s_server/s_client? It looks the test tools don't care this point. For example, if a server doesn't send change_cipher_spec after HelloRetryRequest, s_client still feels fine.That's not bad. But can I setup these tools to check

Re: [openssl-users] Incompatible Object error from EC_POINT_mul (Nicola)

Nicola, Brilliant - that sorted it. I have produced a public key this way and successfully compared it with the public key in the original key pair. You may want to update the wiki page to add that step into the sample code Regards John -Original Message- From: openssl-users

[openssl-users] Incompatible Object error from EC_POINT_mul

. I'm using openssl 1.10h Any pointers or help would be appreciated. John --- BN_CTX *ctx; ctx = BN_CTX_new(); if(!ctx) { outputInfo("unable to create openssl BN_CTX");

Re: [openssl-users] Two sessions in a single full handshake

org> wrote: > s_client has -sess_out and -sess_in options that can be used > to save session information to a file and read it in for a subsequent > connection. Neither is used by default. > > -Ben > > On Sun, Sep 30, 2018 at 11:06:14AM +0800, John Jiang wrote: > >

Re: [openssl-users] Two sessions in a single full handshake

Does s_client resume any session in the local session file? On Sun, Sep 30, 2018 at 3:19 AM Salz, Rich via openssl-users < openssl-users@openssl.org> wrote: > >- The debug logs display two "SSL-Session" blocks in a full handshake. > > Only one "SSL-Session" block is displayed in a

[openssl-users] Two sessions in a single full handshake

Using OpenSSL 1.1.1. The debug logs display two "SSL-Session" blocks in a full handshake. Only one "SSL-Session" block is displayed in a resumption. Why does full handshake has two sessions? -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Why was early data rejected?

Matt > > > On 12/09/18 12:25, John Jiang wrote: > > Very strange. I re-tried the same case, but the resumption failed. > > The attached logs contain the full outputs in the both connections on > > server and client sides. > > > > On Wed, Sep 12, 2018 at 7:09 PM Ma

Re: [openssl-users] Why was early data rejected?

t; log including *both* connections, i.e. the original connection attempt > to create the session, followed by the subsequent resume. > > Thanks > > Matt > > > On 12/09/18 11:50, John Jiang wrote: > > Could you please take a look at the attached s_client.log? > >

Re: [openssl-users] Why was early data rejected?

Could you please take a look at the attached s_client.log? It was outputted by s_client with options -trace and -state in the second connection. Matt Caswell 于2018年9月12日周三 下午4:48写道： > > > On 12/09/18 09:34, John Jiang wrote: > > > > It looks the session was resumed,

Re: [openssl-users] Why was early data rejected?

Matt Caswell 于2018年9月12日周三 下午4:16写道： > > > On 12/09/18 08:07, John Jiang wrote: > > I just build OpenSSL 1.1.1 on MacOSX. > > Tried 0-RTT, and the commands like the followings, > > openssl s_server -cert server.cer -key server.key -tls1_3 -early_data > > -accept

[openssl-users] Why was early data rejected?

I just build OpenSSL 1.1.1 on MacOSX. Tried 0-RTT, and the commands like the followings, openssl s_server -cert server.cer -key server.key -tls1_3 -early_data -accept 9443 ... openssl s_client -CAfile ca.cer -tls1_3 -sess_in openssl.sess -early_data data -connect localhost:9443 s_client reported

[openssl-users] How can we change the names of the libraries from standard names

In the standard make files published for 1.0.2o How can we change the name of these files to reflect the architecture(bitness) of the OS. We would like the 32 bit and 64 bit names to be different. libeay32.dll libeay32.lib ssleay32.dll ssleay32.lib This e-mail, including attachments, may

Re: [openssl-users] Call for testing TLS 1.3

2018-06-20 17:01 GMT+08:00 Matt Caswell : > > > On 20/06/18 07:11, John Jiang wrote: > > 2018-06-19 6:21 GMT+08:00 Matt Caswell > <mailto:m...@openssl.org>>: > > > > > > > > On 18/06/18 21:23, Hubert Kario wrote: > >

Re: [openssl-users] Call for testing TLS 1.3

2018-06-19 6:21 GMT+08:00 Matt Caswell : > > > On 18/06/18 21:23, Hubert Kario wrote: > > On Friday, 8 June 2018 10:26:07 CEST Matt Caswell wrote: > >> On 08/06/18 02:48, John Jiang wrote: > >>> Is it possible to check Key/IV update feature via these too

Re: [openssl-users] rsa_pss_pss_*/rsa_pss_rsae_* and TLS_RSA_*/TLS_ECDHE_RSA_*

2018-06-19 23:11 GMT+08:00 Jakob Bohm : > On 19/06/2018 15:40, John Jiang wrote: > >> Using OpenSSL 1.1.1-pre7 >> >> Please consider the following cases and handshaking results: >> 1. rsa_pss_pss_256 certificate + TLS_RSA_WITH_AES_256_GCM_SHA384 cipher

[openssl-users] rsa_pss_pss_*/rsa_pss_rsae_* and TLS_RSA_*/TLS_ECDHE_RSA_*

Using OpenSSL 1.1.1-pre7 Please consider the following cases and handshaking results: 1. rsa_pss_pss_256 certificate + TLS_RSA_WITH_AES_256_GCM_SHA384 cipher suite Handshaking failed with no suitable cipher 2. rsa_pss_pss_256 certificate + TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 cipher suite

[openssl-users] Windows 7 cryptbase.dll failing to load

Hi OpenSSL team, Our team has successfully built Window dlls for OpenSSL code version 1.0.2n. The dll names where libeay32.dll & ssleay32.dll. They worked on Windows 7 and Windows Server 2012 OS. Our team has built Window dlls for the OpenSSL code using version 1.1.0h. The dll names where

Re: [openssl-users] Call for testing TLS 1.3

Is it possible to check Key/IV update feature via these tools? Thanks! 2018-05-23 20:33 GMT+08:00 Matt Caswell : > > > On 23/05/18 12:39, John Jiang wrote: > > Hi, > > If just using s_server and s_client, can I test the TLS 1.3 features, > > likes HelloRetryRequ

Re: [openssl-users] Call for testing TLS 1.3

Hi Matt, Thanks for your reply! 2018-05-23 20:33 GMT+08:00 Matt Caswell : > > To test resumption first create a full handshake TLSv1.3 connection and > save the session: > > $ openssl s_server -cert cert.pem -key key.pem > $ openssl s_client -sess_out session.pem > > Close the

Re: [openssl-users] Call for testing TLS 1.3

Hi, If just using s_server and s_client, can I test the TLS 1.3 features, likes HelloRetryRequest and resumption? 2018-04-29 18:43 GMT+08:00 Kurt Roeckx : > The upcomming OpenSSL 1.1.1 release will have TLS 1.3 support. TLS > 1.3 brings a lot of changes that might cause

Re: [openssl-users] OpenSSL version 1.1.1 pre release 6 published

Anyway, I can download it via https://www.openssl.org/source/openssl-1.1.1-pre6.tar.gz John 2018-05-02 10:48 GMT+08:00 John Jiang <john.sha.ji...@gmail.com>: > Hi, > I don't see the link for openssl-1.1.1-pre6.tar.gz on page > https://www.openssl.org/source/ > > Thanks, &g

Re: [openssl-users] OpenSSL version 1.1.1 pre release 6 published

Hi, I don't see the link for openssl-1.1.1-pre6.tar.gz on page https://www.openssl.org/source/ Thanks, John 2018-05-01 21:06 GMT+08:00 OpenSSL <open...@openssl.org>: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > >OpenSSL version 1.1.

Re: [openssl-users] [External] Re: Correct the check of RSA_FLAG_SIGN_VER

set_method. rsa->flags |= RSA_FLAG_SIGN_VER; But shouldn't OpenSSL work without me having to do that? Perhaps RSA_set_method() should also copy the flags field to match what RSA_new_method does? Either that, or the meth->flags field should be tested. Which is it? -Ike- John Eiche

Re: [openssl-users] [External] Re: Correct the check of RSA_FLAG_SIGN_VER

implementation. -Ike- John Eichenberger Intermec by Honeywell Principal Engineer: Sustaining Engineering 425.921.4507 -Original Message- From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Richard Levitte Sent: Tuesday, April 03, 2018 7:43 PM To: openssl-users

[openssl-users] Correct the check of RSA_FLAG_SIGN_VER

p; rsa->meth->rsa_verify) { return rsa->meth->rsa_verify(dtype, m, m_len, sigbuf, siglen, rsa); } -- -Ike- John Eichenberger Intermec by Honeywell Principal Engineer: Sustaining Engineering 425.921.4507 -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

  1   2   3   4   5   6   7   8   >