Re: Mac OS X and openssl 3
>> Just wondering if Apple OS is compatible with OPenssl 3 . >> > >MacOS should work just fine with OpenSSL 3.0. At least master is >regularly tested, e.g. > >https://github.com/openssl/openssl/runs/6151999376?check_suite_focus=true It works fine on all of my MacOS machines,
Re: Mac OS X and openssl 3
On 24/04/2022 00:13, The Doctor via openssl-users wrote: Just wondering if Apple OS is compatible with OPenssl 3 . MacOS should work just fine with OpenSSL 3.0. At least master is regularly tested, e.g. https://github.com/openssl/openssl/runs/6151999376?check_suite_focus=true Matt
Mac OS X and openssl 3
Just wondering if Apple OS is compatible with OPenssl 3 . -- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising! Look at Psalms 14 and 53 on Atheism
Re: Unable to load PKCS#12 with password and no MAC
On Thursday, 17 February 2022 10:31:40 CET, Florin Spătar wrote: I see. Thanks for the suggested workaround. Are there any plans for PKCS12_parse to support PKCS12 files without MAC or any plans to use a FIPS approved algorithm for PKCS12 MAC? Any of these would help dealing with PKCS12 files
Re: Unable to load PKCS#12 with password and no MAC
On Thu, 2022-02-17 at 11:31 +0200, Florin Spătar wrote: > I see. Thanks for the suggested workaround. > > Are there any plans for PKCS12_parse to support PKCS12 files without > MAC That would be a simple feature PR against master branch if anyone wants to take it. It would requir
Re: Unable to load PKCS#12 with password and no MAC
I see. Thanks for the suggested workaround. Are there any plans for PKCS12_parse to support PKCS12 files without MAC or any plans to use a FIPS approved algorithm for PKCS12 MAC? Any of these would help dealing with PKCS12 files in FIPS mode. Thanks, Florin Spatar On 16.02.2022 17:25
Re: Unable to load PKCS#12 with password and no MAC
Yes, unfortunately PKCS12_parse currently does not support PKCS12 files without the MAC. Such support could be easily added. As a workaround you can look at how the pkcs12 application is implemented and use these calls instead. Regards, Tomas Mraz, OpenSSL On Wed, 2022-02-16 at 14:09 +
Unable to load PKCS#12 with password and no MAC
Hi, I am trying to use OpenSSL 3 in FIPS mode to load a PKCS#12. First, I got this error: [root@q032 ~]# openssl pkcs12 -nokeys -info -in agent.p12 -passin pass:opsware_admin MAC: sha256, Iteration 2048 MAC length: 32, salt length: 8 Error verifying PKCS12 MAC; no PKCS12KDF
Re: Which RFC explains how the mac-then-encrypt needs to be implemented
On 2020-03-03 07:46, Phani 2004 wrote: Hi Team, I am trying to implement mac-then-encrypt for aes_cbc_hmac_sha1 combined cipher. From the code i could understand that the first 16 bytes were being used as explicit IV while decrypting and the hmac is done for 13 bye AAD and 16 byte Fin record
Which RFC explains how the mac-then-encrypt needs to be implemented
Hi Team, I am trying to implement mac-then-encrypt for aes_cbc_hmac_sha1 combined cipher. From the code i could understand that the first 16 bytes were being used as explicit IV while decrypting and the hmac is done for 13 bye AAD and 16 byte Fin record in finish message. Which RFC/section
Re: Stitched aes-128 and hmac-sha1 (encrypt-then-mac)
arge impact. > > > > Is it planned to add aes-128-hmac-sha1 encrypt-then-mac? > > There are no current plans. You might investigate the impact of using > AEAD ciphers instead. > > Matt > > > > > On Fri, Nov 1, 2019 at 1:32 PM Matt Caswell > &l
Re: Stitched aes-128 and hmac-sha1 (encrypt-then-mac)
gt; Is it planned to add aes-128-hmac-sha1 encrypt-then-mac? There are no current plans. You might investigate the impact of using AEAD ciphers instead. Matt > > On Fri, Nov 1, 2019 at 1:32 PM Matt Caswell <mailto:m...@openssl.org>> wrote: > > > >
Re: Stitched aes-128 and hmac-sha1 (encrypt-then-mac)
Thank you for the explanation. The use case is a WebRTC server (SFU) that encrypts and authenticate SRTP packets. Encryption is a major part of CPU load on SFU servers. Reducing it by 50% will have a large impact. Is it planned to add aes-128-hmac-sha1 encrypt-then-mac? On Fri, Nov 1, 2019 at 1
Re: Stitched aes-128 and hmac-sha1 (encrypt-then-mac)
On 01/11/2019 07:56, pablo platt wrote: > Hi, > > Stitching aes-cbc with sha1 can result with x2 performance [1]. > Is there support for stitched aes-128-hmac-sha1 encrypt-then-mac? This > issue [2] says that only mac-then-encrypt is supported in OpenSSL. The issue is co
Stitched aes-128 and hmac-sha1 (encrypt-then-mac)
Hi, Stitching aes-cbc with sha1 can result with x2 performance [1]. Is there support for stitched aes-128-hmac-sha1 encrypt-then-mac? This issue [2] says that only mac-then-encrypt is supported in OpenSSL. Does this implement mac-then-encrypt and relevant [3]? Is it possible to use the same code
Re: [openssl-users] Engines on Mac OS X
or messages in response to > "openssl engine -t capi"? > > Regards, > Uri > > Sent from my iPhone > >> On Sep 3, 2018, at 12:27, Richard Levitte wrote: >> >> In message <62b8aa9b-d6d2-4f33-94c5-7bfe11e46...@akamai.com> on Mon, 3 Sep >>
Re: [openssl-users] Engines on Mac OS X
; On Sep 3, 2018, at 12:27, Richard Levitte wrote: > > In message <62b8aa9b-d6d2-4f33-94c5-7bfe11e46...@akamai.com> on Mon, 3 Sep > 2018 13:56:41 +, "Salz, Rich" said: > >>> Gotcha. In that case why does it get built on Mac? I.e., why >>> doesn’t
Re: [openssl-users] Engines on Mac OS X
In message <62b8aa9b-d6d2-4f33-94c5-7bfe11e46...@akamai.com> on Mon, 3 Sep 2018 13:56:41 +, "Salz, Rich" said: > > Gotcha. In that case why does it get built on Mac? I.e., why > > doesn’t the build process exclude it automatically? > > Beats me. It ends
Re: [openssl-users] Engines on Mac OS X
On 03/09/18 14:56, Salz, Rich via openssl-users wrote: > *>*Gotcha. In that case why does it get built on Mac? I.e., why doesn’t > the build process exclude it automatically? > > > > Beats me. It ends up being a zero-length object file, more or less. > Perha
Re: [openssl-users] Engines on Mac OS X
>Gotcha. In that case why does it get built on Mac? I.e., why doesn’t the build >process exclude it automatically? Beats me. It ends up being a zero-length object file, more or less. Perhaps Richard Levitte knows. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/m
Re: [openssl-users] Engines on Mac OS X
What's Windows? Why doesn't it work like my Mac? (I wasnt serious but thanks for being a sport) On Sep 2, 2018 5:02 PM, "Salz, Rich" wrote: - Gotcha. But why doesn't it work on Mac? The CAPI engine uses Microsoft libraries that are part of windows. -- openssl-users ma
Re: [openssl-users] Engines on Mac OS X
On Sep 2, 2018, at 20:02, Salz, Rich via openssl-users wrote: > Gotcha. But why doesn't it work on Mac? > > The CAPI engine uses Microsoft libraries that are part of windows. Gotcha. In that case why does it get built on Mac? I.e., why doesn’t the build process exclude it auto
Re: [openssl-users] Engines on Mac OS X
* Gotcha. But why doesn't it work on Mac? The CAPI engine uses Microsoft libraries that are part of windows. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Engines on Mac OS X
Gotcha. But why doesn't it work on Mac? On Sun, Sep 2, 2018, 2:22 PM Salz, Rich via openssl-users < openssl-users@openssl.org> wrote: > *>*The capi engine is still broken, however > > > > That is windows-only, using the MSFT CryptoAPI. > -- > openssl-users mailin
Re: [openssl-users] Engines on Mac OS X
>The capi engine is still broken, however That is windows-only, using the MSFT CryptoAPI. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Engines on Mac OS X
Never mind. My binding entry point was misbehaving. The capi engine is still broken, however. On Sun, Sep 2, 2018 at 1:51 AM Thomás Inskip wrote: > Hi. > > I am trying to develop an engine for OpenSSL. To this effect I have built > OpenSSL 1.1.0i for Darwin. However, when I try to load any
[openssl-users] Engines on Mac OS X
Hi. I am trying to develop an engine for OpenSSL. To this effect I have built OpenSSL 1.1.0i for Darwin. However, when I try to load any engine, including capi, which is installed as part of OpenSSL, I get the following: *openssl* engine -t -c capi 140735831704448:error:260B606D:engine
[openssl-users] Build OpenSSL for Android in MAC
Hello all, I would like to compile openssl (libcrypto and libssl) and use it within my android app as an external library with NDK. My development machine is a MAC. I have read the instructions in the wiki, but apparently they are for an older version of openssl and linux systems
[openssl-users] Errors building 1.0.2e on Mac OS X 10.7.5
I know the OS is a bit old, but thought I’d better upgrade OpenSSL on it in now. To configure I used: ./Configure --prefix=/usr/local shared darwin64-x86_64-cc Running make gives lots of errors like this: cc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -fPIC -fno-common
Re: [openssl-users] upgrade system's OpenSSL and libs on Mac OS X 10.6.8
On 11 mai 2015, at 07:43, Viktor Dukhovni openssl-us...@dukhovni.org wrote: On Mon, May 11, 2015 at 07:07:13AM +0200, Patrick Proniewski wrote: I would like to upgrade openssl, libssl and libcrypto on my Mac OS X 10.6.8 system. The purpose is to allow system and softwares to use the new libs
Re: [openssl-users] compared performances on Mac OS X 10.6.8
On 11 mai 2015, at 07:45, Viktor Dukhovni openssl-us...@dukhovni.org wrote: On Mon, May 11, 2015 at 07:24:10AM +0200, Patrick Proniewski wrote: I've compiled OpenSSL 1.0.2a on Mac OS X 10.6.8, and used `openssl speed` to compare performances with stock OpenSSL (0.9.8). In many tests, 1.0.2a
[openssl-users] compared performances on Mac OS X 10.6.8
Hello, I've compiled OpenSSL 1.0.2a on Mac OS X 10.6.8, and used `openssl speed` to compare performances with stock OpenSSL (0.9.8). In many tests, 1.0.2a is a bit faster, or as fast as 0.9.8y, but on the 6 AES tests, the old one is almost twice as fast as the new one: OpenSSL 1.0.2a 19 Mar
Re: [openssl-users] compared performances on Mac OS X 10.6.8
On Mon, May 11, 2015 at 07:24:10AM +0200, Patrick Proniewski wrote: I've compiled OpenSSL 1.0.2a on Mac OS X 10.6.8, and used `openssl speed` to compare performances with stock OpenSSL (0.9.8). In many tests, 1.0.2a is a bit faster, or as fast as 0.9.8y, but on the 6 AES tests, the old one
[openssl-users] upgrade system's OpenSSL and libs on Mac OS X 10.6.8
Hi, Disclaimer: I'm not a developer. I would like to upgrade openssl, libssl and libcrypto on my Mac OS X 10.6.8 system. The purpose is to allow system and softwares to use the new libs (for example ssh, sshd, Mail...). Do you think it's possible? I can already install openssl and libs
Re: [openssl-users] upgrade system's OpenSSL and libs on Mac OS X 10.6.8
On Mon, May 11, 2015 at 07:07:13AM +0200, Patrick Proniewski wrote: I would like to upgrade openssl, libssl and libcrypto on my Mac OS X 10.6.8 system. The purpose is to allow system and softwares to use the new libs (for example ssh, sshd, Mail...). Do you think it's possible? You can
EAP-SIM simulation, Is there any oepnssl utilities that will calculate the MAC value for AT_MAC attribute in EAP-SIM
Hi All, I need a help to calculate the MAC value for AT_MAC attribute in EAP-SIM. Is there any openssl utilities (e.g. openssl dgst .) or online tool which will calculate the MAC value when we pass the required input e.g AT_RAND. Thanks, Sanjay
Build issue on Mac OS X 10.9 (64 bit) with JHBuild
OpenSSL 0.9.8y (like that one installed on my Mac), Openssl-fips 1.2.4 and OpenSSL-fips 2.0.5. They return other errors that don’t help me at all. Which preparations and options do I need to get it compiled on my system? Thank you in advance, Sven PS: I already posted this question a few hours ago
Re: Build issue on Mac OS X 10.9 (64 bit) with JHBuild
On 5/31/2014 2:26 PM, scl wrote: Hi, for days now I have tried to build and install OpenSSL 1.0.1g on OS X Mavericks (64 bit), but to no avail. The goal is to include OpenSSL into an application package for OS X 10.6+; I’m not aiming to install it locally on my computer. My build is
Getting bad record mac error
failed or bad record mac).. Anyone can help me on this? -- View this message in context: http://openssl.6102.n7.nabble.com/Getting-bad-record-mac-error-tp49508.html Sent from the OpenSSL - User mailing list archive at Nabble.com
OpenSSL on Mac
My Mac still has OpenSSL 0.9.8. How may I update this to the latest stable version? I believe the latest stable version is at least 1.0.01
Re: [openssl-users] OpenSSL on Mac
Darwinports. -- Erwann ABALEA Le 31/03/2014 21:18, Landen Landens a écrit : My Mac still has OpenSSL 0.9.8. How may I update this to the latest stable version? I believe the latest stable version is at least 1.0.01
Re: OpenSSL on Mac
On Mon, Mar 31, 2014 at 3:18 PM, Landen Landens landenfam...@gmail.com wrote: My Mac still has OpenSSL 0.9.8. How may I update this to the latest stable version? You can't because 0.9.8 and 1.0.1 are *not* binary compatible. You can download OpenSSL, `./Configure darwin64-x86_64-cc`, `make
Re: OpenSSL on Mac
On Tue, Apr 01, 2014 at 05:37:05AM -0400, Jeffrey Walton wrote: You can download OpenSSL, `./Configure darwin64-x86_64-cc`, `make`, and then `sudo make install`. Your updated version will be located in `/usr/local/ssl`. Using it in programs can be tricky, though. Apple's linkers do not
Re: OpenSSL on Mac
On Tue, Apr 1, 2014 at 9:24 AM, Viktor Dukhovni openssl-us...@dukhovni.org wrote: On Tue, Apr 01, 2014 at 05:37:05AM -0400, Jeffrey Walton wrote: You can download OpenSSL, `./Configure darwin64-x86_64-cc`, `make`, and then `sudo make install`. Your updated version will be located in
Re: OpenSSL on Mac
On Tue, Apr 01, 2014 at 10:01:16AM -0400, Jeffrey Walton wrote: However, alternative flags that achieve the same effect are available: To build a library whose SONAME involves an rpath: $ cc -shared -Wl,-flat_namespace -Wl,-undefined,dynamic_lookup \
Re: FIPS Openssl for Mac OSX 32 bit
On Thu, Feb 27, 2014, Raghav Varadan wrote: Hi All, I'm trying to build an application that used fips capable openssl which I built for Mac osx 32 bit. Now I would like to embed the checksum into the application binary. I checked the fips user guide and I don't see any specific for OSX. I
Re: FIPS Openssl for Mac OSX 32 bit
that using msincore is safe and it doesn't violate any fips process requirements building an application. Also for ios I see that there is a utility called incore_macho. Will that work for mac osx application? The name tells me that it should work with mach-o executable but it is only mentioned in the ios
FIPS Openssl for Mac OSX 32 bit
Hi All, I'm trying to build an application that used fips capable openssl which I built for Mac osx 32 bit. Now I would like to embed the checksum into the application binary. I checked the fips user guide and I don't see any specific for OSX. I know for windows there are two ways to embed
RE: bac record mac alert with openssl 1.0.1e
2014-02-03
Thread
Sairam Rangaswamy -X (sairanga - ARICENT TECHNOLOGIES MAURIITIUS LIMITED at Cisco)
-users@openssl.org' Subject: bac record mac alert with openssl 1.0.1e Hi, I am using openssl 1.0.1e based statically linked libraries on a Vxworks based platform. We recently upgraded to fom 4.1 from fom 3.0 along with openssl 1.0.1e. The embedded node is running this vxworks based library and has
bac record mac alert with openssl 1.0.1e
2014-02-02
Thread
Sairam Rangaswamy -X (sairanga - ARICENT TECHNOLOGIES MAURIITIUS LIMITED at Cisco)
the node. We get random bad record mac errors (both in wire shark capture and reported by the browser or java console) In any of the stages. I went through the bugs and mailing list archieves and found couple of issues and applied those patches. But it is still giving random bad record MAC errors
1.0.0e decryption failed or bad record mac
Recently (within last month or so but can't pinpoint it to a specific change of ours in the OpenSSL version), we started getting this error: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac We haven't changed our application in a way that changes the utilization
Re: 1.0.0e decryption failed or bad record mac
...@yahoo.com To: openssl-users@openssl.org openssl-users@openssl.org Cc: Sent: Thursday, August 15, 2013 1:45 PM Subject: 1.0.0e decryption failed or bad record mac Recently (within last month or so but can't pinpoint it to a specific change of ours in the OpenSSL version), we started getting
FIPS capable openssl build failed in Mac OSX
Hello All, I having some problem building FIPS capable openssl static library in OS X. My System configuration: Darwin 12.3.0 Darwin Kernel Version 12.3.0: Sun Jan 6 22:37:10 PST 2013; root:xnu-2050.22.13~1/RELEASE_X86_64 x86_64 fipscanister build is successful. Following are steps I did: 1)
Openssl Fips build for Mac-OSX 64 bit
Hi, I'm trying to build fips capable openssl for Mac OS X 64 bit platform. The config script ./config automatically builds the libraries for 32 bit OS X and it displays the warning asking for manual configuration. openssl-fips-2.0.3 Raghav$ ./config no-asm Operating system: i686-apple
Re: Openssl Fips build for Mac-OSX 64 bit
On 04/08/2013 10:12 PM, Raghav Varadan wrote: Hi, I'm trying to build fips capable openssl for Mac OS X 64 bit platform. The config script ./config automatically builds the libraries for 32 bit OS X and it displays the warning asking for manual configuration. openssl-fips-2.0.3 Raghav
Re: ENGINE_load_rdrand() fails (1.0.1e, Mac OS X/Core i7)
On Mon, Mar 4, 2013 at 11:19 PM, Jeffrey Walton noloa...@gmail.com wrote: Hi All, OpenSSL 1.0.1e is not loading Intel's hardware random number generator. ENGINE_load_rdrand() silently fails: /*** eng_rand.c ***/ void ENGINE_load_rdrand (void) { extern unsigned int OPENSSL_ia32cap_P[];
ENGINE_load_rdrand() fails (1.0.1e, Mac OS X/Core i7)
Hi All, OpenSSL 1.0.1e is not loading Intel's hardware random number generator. ENGINE_load_rdrand() silently fails: /*** eng_rand.c ***/ void ENGINE_load_rdrand (void) { extern unsigned int OPENSSL_ia32cap_P[]; if (OPENSSL_ia32cap_P[1] (1(62-32))) { ENGINE *toadd =
Re: EVP_aes_256_gcm - Retrieving the MAC value
Can anybody help me out with this one? - Roar -- View this message in context: http://openssl.6102.n7.nabble.com/EVP-aes-256-gcm-Retrieving-the-MAC-value-tp43070p43347.html Sent from the OpenSSL - User mailing list archive at Nabble.com
Re: OpenSSL 1.0.1c, Mac OS X, -no-XXX, and [missing] make depend
in makefiles Ah, thanks Ben. I did not think to try MacPorts. BTW, commit a6bbbf2ff5580addb917a8b4f1160f90af91d268, when I push it, fixes this to use clang instead of makdepend (in master, I may update other branches, too). Thanks Ben. Let me know if you would like me to test it on modern Mac
Re: OpenSSL 1.0.1c, Mac OS X, -no-XXX, and [missing] make depend
). Thanks Ben. Let me know if you would like me to test it on modern Mac OS X, including iOS cross compile environment before you commit. I didn't make the corresponding change for cross compiles since I don't do those, though it should be trivial, I guess - do they also use cc? My eventual
Re: OpenSSL 1.0.1c, Mac OS X, -no-XXX, and [missing] make depend
On 26 December 2012 20:07, Jeffrey Walton noloa...@gmail.com wrote: On Wed, Dec 26, 2012 at 9:57 AM, Ben Laurie b...@links.org wrote: On Tue, Dec 25, 2012 at 1:35 PM, Jeffrey Walton noloa...@gmail.com wrote: I fetched `makedepend` from FreeDesktop.org
Re: OpenSSL 1.0.1c, Mac OS X, -no-XXX, and [missing] make depend
, commit a6bbbf2ff5580addb917a8b4f1160f90af91d268, when I push it, fixes this to use clang instead of makdepend (in master, I may update other branches, too). Thanks Ben. Let me know if you would like me to test it on modern Mac OS X, including iOS cross compile environment before you commit. My
EVP_aes_256_gcm - Retrieving the MAC value
Hi, This is an API question on using OpenSSL and AES GCM. I am successfully able to perform encryption / decryption and I am also able to detect errors in the mac value. The code I am using for this is below. I want to retrieve the mac value to my own buffer, in addition to just doing
OpenSSL 1.0.1c, Mac OS X, -no-XXX, and [missing] make depend
Hi All, I'm having problem building on Mac OS X (2012 MBP, OS X 10.8, Xcode 4.5). The target is iOS, but this appears to be a host problem. Apple lacks DTLS, STCP, and friends, so I needed to ./config with -no-dtls. That required a `make depend` cycle. `makedepend` is missing, so that resulted
Re: OpenSSL 1.0.1c, Mac OS X, -no-XXX, and [missing] make depend
On Tue, Dec 25, 2012 at 8:35 AM, Jeffrey Walton noloa...@gmail.com wrote: Hi All, I'm having problem building on Mac OS X (2012 MBP, OS X 10.8, Xcode 4.5). The target is iOS, but this appears to be a host problem. Apple lacks DTLS, STCP, and friends, so I needed to ./config with -no-dtls
Re: OpenSSL 1.0.1c, Mac OS X, -no-XXX, and [missing] make depend
On Tue, Dec 25, 2012 at 1:35 PM, Jeffrey Walton noloa...@gmail.com wrote: I fetched `makedepend` from FreeDesktop.org (http://xorg.freedesktop.org/releases/individual/util/). It would not build due to missing dependencies. Ad infinitum. $ port search makedepend makedepend @1.0.4 (x11, devel)
Re: OpenSSL 1.0.1c, Mac OS X, -no-XXX, and [missing] make depend
On Wed, Dec 26, 2012 at 9:57 AM, Ben Laurie b...@links.org wrote: On Tue, Dec 25, 2012 at 1:35 PM, Jeffrey Walton noloa...@gmail.com wrote: I fetched `makedepend` from FreeDesktop.org (http://xorg.freedesktop.org/releases/individual/util/). It would not build due to missing dependencies. Ad
Re: Mac OS X and SSL Client Certitficates [UPDATE]
or Firefox on Mac OS X. When I try on Mac/Safari I get the error: The server did not accept the certificate. (NSURLErrorDomain:-1205) When I try on Mac/Firefox I get the error: Firefox does work fine. I had let the server CA cert that signed client certs expire. Chrome also works on mac OS X
Mac OS X and SSL Client Certitficates
I have successfully generated SSL client certs (generated with openssl 1.0.1c) used by Safari, Firefox, and Chrome on Linux and Windows plus IE 9 on Windows, but I cannot get successful access with either Safari or Firefox on Mac OS X. When I try on Mac/Safari I get the error: The server did
Re: Mac OS X and SSL Client Certitficates
on Mac OS X. When I try on Mac/Safari I get the error: The server did not accept the certificate. (NSURLErrorDomain:-1205) When I try on Mac/Firefox I get the error: SSL peer has rejected your certificate as expired. (Error code: ssl_error_expired_cert_alert) When I view the cert
Re: Mac OS X and SSL Client Certitficates
on Windows, but I cannot get successful access with either Safari or Firefox on Mac OS X. When I try on Mac/Safari I get the error: The server did not accept the certificate. (NSURLErrorDomain:-1205) When I try on Mac/Firefox I get the error: SSL peer has rejected your certificate as expired
SSLv3 bad record mac with Ruby OpenSSL
initiate and secure an SSL connection, and then the SMTP session is considered secure The code was working during testing, but in production where it is taking heavy load, I will see the message SSLv3 bad record mac appearing as an SSLError exception about 1 in every 10 requests. I have cobbled
Build OpenSSL on Mac OS X
I downloaded OpenSSL 0.9.8t and tried to build it under Mac OS X 10.6.8. I want to build a dynamic library with both 32-bit and 64-bit (Universal binary). I tried various flag with the Configure script but failed. Here are the parameters I feed to 'Configure': ./Configure threads shared no-hw
Problem compilation Mac Os
or openssl 1.0.0g(static). The program don't find a bad certificat. I'm looking for running this program on static with openssl 1.0.0g. How I compile openssl correctly on Mac Os (leopard)? There are a special option ? In fact, I would like compile openssl 1.0.0g on static with a Qt program. Program
Record MAC Generation Confusion
Hi, I am currently writing my own TLS socket handshake and have all of it working besides the record's mac generation. I am using the TLS_RSA_WITH_AES_256_CBC_SHA cipher suite which I expect the mac generation to be done with a HMAC_SHA function as specified in the TLS 1.0 rfc specification. I
Re: we have an issue: bad mac
Dave Thompson dthompson@... writes: From: owner-openssl-users@... On Behalf Of Johnson, Chris E (OGA) Sent: Wednesday, 10 August, 2011 11:45 I typed in a term window in a linux machine the following command. $ openssl s_client -connect rsa6.fema.gov:7004
SSH login failed on Mac OS X with gentoo-prefix
I use gentoo-prefix on my Mac OS. My default shell is /Users/frank/.gentoo/bin/bash. When I try to use remote ssh login, it failed. But if I change my default shell to /bin/bash , I can login normally. Here're some debug info: Server Debug Info: Aug 14 22:49:58 kata-kenmatoMacBook-Pro sshd[9482
RE: SSH login failed on Mac OS X with gentoo-prefix
From: owner-openssl-us...@openssl.org On Behalf Of FrankFang Sent: Sunday, 14 August, 2011 11:27 (apparently held by listserv until Thu Aug 18, I don't know why) I use gentoo-prefix on my Mac OS. My default shell is /Users/frank/.gentoo/bin/bash. When I try to use remote ssh login, it failed
RE: we have an issue: bad mac
there are two lines that show an error. 47661220128736:error:140943FC: SSL routines: SSL3_READ_BYTES: sslv3 alert bad record mac:s3_pkt.c:1193:SSL alert number 20 47661220128736:error:140790E5:SSL routines:SSL23_WRITE: ssl handshake failure: s23_lib.c:177: 'bad-mac' shouldn't
RE: Fatal Error: Bad Record MAC
Alert Bad Record Mac. Can someone explain this error more clearly and what are the possible causes along with some tips on how to debug/troubleshoot this issue? I have also traces available if anyone wants them. Please refer to frame 7 below for the error. (trimmed) Frame 5 (192
Fatal Error: Bad Record MAC
with a F5 LTM (load balancer). After the client and server hellos, i get a Fatal Alert Bad Record Mac. Can someone explain this error more clearly and what are the possible causes along with some tips on how to debug/troubleshoot this issue? I have also traces available if anyone wants them. Please
Re: Fatal Error: Bad Record MAC
Well, textbook explanation of SSL is not short, but once the connection is established, each party will have a set keys composed of a MAC key (message authentication code) and an encryption key. Within the SSL record, the payload is encrypted, and the MAC is basically a hash of the MAC Key
Re: Building a 64-bit version of the FIPS-capable OpenSSL on Mac OS X 10.6.7
On 05/24/2011 08:58 PM, Bill Durant wrote: ... Ah that explains it. There is no darwin64-x86_64-cc target for the validated tarball so it isn't supported. It is possible to add new platforms via a change letter but so far no one has been interested in including that one. What is the
Re: Building a 64-bit version of the FIPS-capable OpenSSL on Mac OS X 10.6.7
On Mon, May 23, 2011, ciphertexto wrote: On May 23, 2011, at 7:20 PM, Dr. Stephen Henson wrote: On Sun, May 22, 2011, Bill Durant wrote: Hello, Has anyone been able to build a working 64-bit version of the FIPS-capable OpenSSL on Mac OS X 10.6.7 (SnowLeopard)? I have built
Re: Building a 64-bit version of the FIPS-capable OpenSSL on Mac OS X 10.6.7
on Mac OS X 10.6.7 (SnowLeopard)? I have built a 64-bit version of the fipscanister from openssl-fips-1.2.3 on Mac OS X 10.6.7. But fips_shatest and the openssl command are core dumping when I do a 'make test' For example: ./config fipscanisterbuild make make test (fips_shatest
Re: Building a 64-bit version of the FIPS-capable OpenSSL on Mac OS X 10.6.7
On Tue, May 24, 2011, ciphertexto wrote: On May 24, 2011, at 4:18 AM, Dr. Stephen Henson wrote: It can take a long time to execute sometimes as it performs two slow DH parameter generation operations. Retry it a few times. If it still doesn't complete try: OPENSSL_FIPS=1
Re: Building a 64-bit version of the FIPS-capable OpenSSL on Mac OS X 10.6.7
thinking that it should configure for darwin64-x86_64-cc instead. And my system details are: $ sw_vers ProductName:Mac OS X ProductVersion: 10.6.7 BuildVersion: 10J869 $ sysctl hw | grep 64bit hw.cpu64bit_capable: 1 $ ioreg -l -p IODeviceTree | grep firmware-abi | | firmware-abi = EFI64
Re: Building a 64-bit version of the FIPS-capable OpenSSL on Mac OS X 10.6.7
On Tue, May 24, 2011, Bill Durant wrote: On May 24, 2011, at 3:58 PM, Dr. Stephen Henson wrote: On Tue, May 24, 2011, ciphertexto wrote: On May 24, 2011, at 4:18 AM, Dr. Stephen Henson wrote: It can take a long time to execute sometimes as it performs two slow DH parameter
Re: Building a 64-bit version of the FIPS-capable OpenSSL on Mac OS X 10.6.7
On May 24, 2011, at 5:42 PM, Dr. Stephen Henson wrote: On Tue, May 24, 2011, Bill Durant wrote: On May 24, 2011, at 3:58 PM, Dr. Stephen Henson wrote: On Tue, May 24, 2011, ciphertexto wrote: On May 24, 2011, at 4:18 AM, Dr. Stephen Henson wrote: It can take a long time to execute
Re: Building a 64-bit version of the FIPS-capable OpenSSL on Mac OS X 10.6.7
On Sun, May 22, 2011, Bill Durant wrote: Hello, Has anyone been able to build a working 64-bit version of the FIPS-capable OpenSSL on Mac OS X 10.6.7 (SnowLeopard)? I have built a 64-bit version of the fipscanister from openssl-fips-1.2.3 on Mac OS X 10.6.7. But fips_shatest
Re: Building a 64-bit version of the FIPS-capable OpenSSL on Mac OS X 10.6.7
On May 23, 2011, at 7:20 PM, Dr. Stephen Henson wrote: On Sun, May 22, 2011, Bill Durant wrote: Hello, Has anyone been able to build a working 64-bit version of the FIPS-capable OpenSSL on Mac OS X 10.6.7 (SnowLeopard)? I have built a 64-bit version of the fipscanister from openssl
Re: Building a 64-bit version of the FIPS-capable OpenSSL on Mac OS X 10.6.7
On Tue, May 24, 2011 at 12:05 AM, ciphertexto cipherte...@gmail.com wrote: On May 23, 2011, at 7:20 PM, Dr. Stephen Henson wrote: On Sun, May 22, 2011, Bill Durant wrote: Hello, Has anyone been able to build a working 64-bit version of the FIPS-capable OpenSSL on Mac OS X 10.6.7
Building a 64-bit version of the FIPS-capable OpenSSL on Mac OS X 10.6.7
Hello, Has anyone been able to build a working 64-bit version of the FIPS-capable OpenSSL on Mac OS X 10.6.7 (SnowLeopard)? I have built a 64-bit version of the fipscanister from openssl-fips-1.2.3 on Mac OS X 10.6.7. But fips_shatest and the openssl command are core dumping when I do
Re: Create cert with SHA1: really MAC error on openldap
hash. Have you got any suggestion about how to create the cert, or why are listed those 3 Ciphers with sha=256, or how to solve this??? openssl ciphers -v DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1 DHE-DSS-AES256-SHA SSLv3
RE: Create cert with SHA1: really MAC error on openldap
SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1 DHE-DSS-AES256-SHA SSLv3 Kx=DH Au=DSS Enc=AES(256) Mac=SHA1 AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 (were bold in HTML) These are SHA1 NOT sha=256; read what you posted. There are some new
Problems building openssl-1.0.0d on Mac OS X 10.6.7 with Xcode 4 installed: ranlib: file has no symbols
Hi everyone! I have problems building openssl-1.0.0d on my iMac8,1 running Mac OS X 10.6.7 with Xcode 4.0 (it is the only Xcode installed on my machine). Here is how I tried to build: 1. Downloaded source code from http://www.openssl.org/source/openssl-1.0.0d.tar.gz 2. Unpacked it 3. Configured
Re: Problems building openssl-1.0.0d on Mac OS X 10.6.7 with Xcode 4 installed: ranlib: file has no symbols
Update: Tried tips left in PROBLEMS file with no luck -- Roman Busyghin __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated
Re: Link errors when building openssl 0.9.8e on Mac OS
I am also having the same problem. Nobody has replied??? -- View this message in context: http://old.nabble.com/Link-errors-when-building-openssl-0.9.8e-on-Mac-OS-tp27151830p30948006.html Sent from the OpenSSL - User mailing list archive at Nabble.com
certificate signing using CA application - 0.9.8l (Mac OS X) vs 1.0.0 (RHEL6)
= UTF8STRING:California countryName = PRINTABLESTRING:US However, I had no problems running that code on Mac OS X (and hopefully all other OpenSSL versions 1.0.0): Certificate is to be certified until Dec 6 21:32:09 2011 GMT (365 days) Write out database with 1 new entries Data Base Updated
Re: Building FIPS-capable OpenSSL as a universal binary on Mac OS X
On 10/13/2010 3:31 PM, Bill Durant wrote: I am interested in building the static version of the FIPS-capable OpenSSL as an universal binary. Three builds, per spec, of the FIPS canister. No tweaks, no exceptions to the security policy. Then it's possible but non-trivial to integrate these
