Hi Andreas,
Below repo has examples to use OpenSSL for mTLS (mutual certificate
authentication) with sample certificates. You can refer this.
https://github.com/TalkWithTLS/TalkWithTLS/blob/master/src/sample/openssl_tls13_server_both_auth.c
question is does anyone uses SSL_read and SSL_write in parallel thread
in much better way ?
Regards,
Raja Ashok
it removes buffer overflow kind of issues completely
from code. And also currently using secure c calls is a general industry
practice.
Please share your opinion on it, and if any discussion happened in OpenSSL
coummunity to do this change in future.
Thanks in advance.
Raja Ashok
it removes buffer overflow kind of issues completely
from code. And also currently using secure c calls is a general industry
practice.
Please share your opinion on it, and if any discussion happened in OpenSSL
community to do this change in future.
Thanks in advance.
Raja Ashok
Hi,
Need to use *SSL_CTX_set1_curves_list()*, for ECC curves configuration
using string.
SSL_CTX_set1_curves_list(ctx, "P-521:P-384:P-256")
Regards,
R Ashok
On Tue, Nov 26, 2019 at 1:42 PM Rohit Kaushal
wrote:
> Hi,
>
> I would like to ask if anyone here has actually been able to trim the EC
Hi All,
For using with TLS1.3, I am able to generate rsa_pss_pss cert (Both Public
key and Signature of RSA_PSS OID) with the below script.
https://github.com/raja-ashok/sample_certificates/blob/master/RSA_PSS_PSS_Certs/gen_rsa_cert.sh
Can some one help me to find out the command for generating
use TLSv1.2 RFC 5246
also mandates to do this check.
If the client provided a "signature_algorithms" extension, then all
certificates provided by the server MUST be signed by a
hash/signature algorithm pair that appears in that extension.
Fix should b
aEncrypted cert with
signature of type rsa_pss_rsae_sha256 then it should not use that
certificate, but it is using currently.
On Thu, Jun 6, 2019 at 9:11 PM Matt Caswell wrote:
>
>
> On 06/06/2019 16:15, Raja Ashok wrote:
> > Hi,
> >
> > Currently has_usable_cert() fu
extension. Is this behaviour correct ?
As per my understanding a new index should be created like
SSL_PKEY_RSA_PSS_RSAE_SIGN for rsa_pss_rsae_xxx type certs.
Regards,
Raja Ashok
Hi All,
I feel like some TLS 1.3 configuration APIs in OpenSSL 1.1.1 are
uncomfortable in using it.
*1) Configuring Cipher Suit:* There is a new API for configuring TLS1.3
cipher suite, which is *SSL_set_ciphersuites()*. But calling only
*SSL_set_ciphersuites()* does not work. Need to call old
Hi,
When Nonblock IO failure happens on DTLSv1_listen() its returning 0. But
SSL_get_error() is not returning SSL_ERROR_WANT_READ. Instead it
returns SSL_ERROR_SYSCALL.
Can someone tell its intentionally kept this behaviour ?
Thanks & Regards,
Ashok,
Huawei Technologies, India
| ((tot != 0) && (len < (tot + s->s3->wpend_tot{
s->s3->wnum = tot;
SSLerr(SSL_F_SSL3_WRITE_BYTES, SSL_R_BAD_LENGTH);
return (-1);
}
Regards,
Ashok
____
[Company_logo]
Raja Ashok V K
Huawei Technol
end_tot)) before
calling ssl3_write_pending.
if ((len < tot) || (len < (tot + s->s3->wpend_tot))){
SSLerr(SSL_F_SSL3_WRITE_BYTES, SSL_R_BAD_LENGTH);
return (-1);
}
Note : I am referring 1.0.2k version of OpenSSL.
Regards,
Ashok
____
in this case, so we need to set the alert in “al” and do
“goto f_err”.
In case of TLS we are sending alert.
Note : I am referring 1.0.2.k version of OpenSSL
Regards,
Ashok
[Company_logo]
Raja Ashok V K
Huawei Technologies
Bangalore, India
http://www.huawei.com
). So
user should not pass more than 65535 value to “plen” in
SSL_export_keying_material right ?
Please provide your valuable suggestion on this. I am referring 1.0.2k version
of OpenSSL.
Thanks & Regards,
Ashok
[Company_logo]
Raja Ashok V K
Huawei Technolo
ssl-1.0.2k and asking this doubt.
Regards,
Ashok
[Company_logo]
Raja Ashok V K
Huawei Technologies
Bangalore, India
http://www.huawei.com
本邮件及其附件含有华为公司的保密信息,仅限于发送给上面地址中列出的个人或群组。禁
止任何其他人以任何形式使用(包括但不限于全部或部分地泄露、复制、或散发)本邮件中
的信息。如果您错收了本邮件,请您立即电话
16 matches
Mail list logo