Re: [openssl-users] cipher suite list

2016-09-28 Thread Salz, Rich 
Some places to look include:
https://wiki.mozilla.org/Security/Server_Side_TLS
https://bettercrypto.org/static/applied-crypto-hardening.pdf
ssllabs.com
observatory.mozilla.org

And, by the way, the silly huge email disclaimer is obnoxious.
--
Senior Architect, Akamai Technologies
Member, OpenSSL Dev Team
IM: richs...@jabber.at Twitter: RichSalz

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] cipher suite list

2016-09-28 Thread Carl Heyendal 
Thanks Michael.

From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of 
Michael Wojcik
Sent: September-28-16 2:58 PM
To: openssl-users@openssl.org
Subject: [Newsletter] Re: [openssl-users] cipher suite list

Ivan Ristic's free OpenSSL Cookbook has a long section on cipher suite 
selection. It's available on 
feistyduck.


Michael Wojcik
Distinguished Engineer, Micro Focus



From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of 
Salz, Rich
Sent: Wednesday, September 28, 2016 13:29
To: openssl-users@openssl.org
Subject: Re: [openssl-users] cipher suite list

Some places to look include:
https://wiki.mozilla.org/Security/Server_Side_TLS
https://bettercrypto.org/static/applied-crypto-hardening.pdf
ssllabs.com
observatory.mozilla.org

And, by the way, the silly huge email disclaimer is obnoxious.
--
Senior Architect, Akamai Technologies
Member, OpenSSL Dev Team
IM: richs...@jabber.at Twitter: RichSalz



***  Please note that this message and any attachments may contain confidential 
and proprietary material and information and are intended only for the use of 
the intended recipient(s). If you are not the intended recipient, you are 
hereby notified that any review, use, disclosure, dissemination, distribution 
or copying of this message and any attachments is strictly prohibited. If you 
have received this email in error, please immediately notify the sender and 
destroy this e-mail and any attachments and all copies, whether electronic or 
printed. Please also note that any views, opinions, conclusions or commitments 
expressed in this message are those of the individual sender and do not 
necessarily reflect the views of Fortinet, Inc., its affiliates, and emails are 
not binding on Fortinet and only a writing manually signed by Fortinet's 
General Counsel can be a binding commitment of Fortinet to Fortinet's customers 
or partners. Thank you. ***

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] cipher suite list

2016-09-28 Thread Salz, Rich 

> As for the silly disclaimer I have no control over adding it or not. My 
> company must append it to the email when it sends it. ?

Please tell the folks at your company it is annoying.  And consider posting 
from a non-company address, then.


-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] cipher suite list

2016-09-28 Thread Michael Wojcik 
Ivan Ristic's free OpenSSL Cookbook has a long section on cipher suite 
selection. It's available on 
feistyduck.


Michael Wojcik
Distinguished Engineer, Micro Focus



From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of 
Salz, Rich
Sent: Wednesday, September 28, 2016 13:29
To: openssl-users@openssl.org
Subject: Re: [openssl-users] cipher suite list

Some places to look include:
https://wiki.mozilla.org/Security/Server_Side_TLS
https://bettercrypto.org/static/applied-crypto-hardening.pdf
ssllabs.com
observatory.mozilla.org

And, by the way, the silly huge email disclaimer is obnoxious.
--
Senior Architect, Akamai Technologies
Member, OpenSSL Dev Team
IM: richs...@jabber.at Twitter: RichSalz
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Libeay32.dll

2016-09-28 Thread jose . campos . romero 
Hi

Thanks for your answer. I didn´t know about change of libraries names.

I downloaded Win32 OpenSSL v1.1.0b from
https://slproweb.com/products/Win32OpenSSL.html

Thanks again


> In message <1670.10.231.228.17.1475042817.squir...@correo.andaluciajunta.es>
> on Wed, 28 Sep 2016 08:06:57 +0200 (CEST),
> jose.campos.rom...@andaluciajunta.es said:
>
> jose.campos.romero> I have downloaded OpenSSL-Win32. i don´t find this dll.
> Can anybody help me?
>
> From where?  Considering there are a number of places where this can
> be found, it would be good to know which one, and what OpenSSL version
> we're talking about.
>
> Something to be aware of is that with OpenSSL 1.1.0 and on, the
> library names have changed.  For any 1.1.x, the library names are
> libcrypto-1_1.dll and libssl-1_1.dll on Win32.
>
> Cheers,
> Richard
>
> --
> Richard Levitte levi...@openssl.org
> OpenSSL Project http://www.openssl.org/~levitte/
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>


-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] cipher suite list

2016-09-28 Thread Carl Heyendal 
Thanks for the pointers.

As for the silly disclaimer I have no control over adding it or not. My company 
must append it to the email when it sends it. :)


From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of 
Salz, Rich
Sent: September-28-16 1:29 PM
To: openssl-users@openssl.org
Subject: [Newsletter] Re: [openssl-users] cipher suite list

Some places to look include:
https://wiki.mozilla.org/Security/Server_Side_TLS
https://bettercrypto.org/static/applied-crypto-hardening.pdf
ssllabs.com
observatory.mozilla.org

And, by the way, the silly huge email disclaimer is obnoxious.
--
Senior Architect, Akamai Technologies
Member, OpenSSL Dev Team
IM: richs...@jabber.at Twitter: RichSalz




***  Please note that this message and any attachments may contain confidential 
and proprietary material and information and are intended only for the use of 
the intended recipient(s). If you are not the intended recipient, you are 
hereby notified that any review, use, disclosure, dissemination, distribution 
or copying of this message and any attachments is strictly prohibited. If you 
have received this email in error, please immediately notify the sender and 
destroy this e-mail and any attachments and all copies, whether electronic or 
printed. Please also note that any views, opinions, conclusions or commitments 
expressed in this message are those of the individual sender and do not 
necessarily reflect the views of Fortinet, Inc., its affiliates, and emails are 
not binding on Fortinet and only a writing manually signed by Fortinet's 
General Counsel can be a binding commitment of Fortinet to Fortinet's customers 
or partners. Thank you. ***

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Libeay32.dll

2016-09-28 Thread jose . campos . romero 
Hi

I have downloaded OpenSSL-Win32. i don´t find this dll. Can anybody help me?

It should come with the download? How i can obtain or generate?

An approach to concept and functions of this library?

Thanks for your attention and sorry for my ignorance in this issue



-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] how to generate test8192 input data for d2i_RSAPrivateKey(....) ?

2016-09-28 Thread Gupta, Saurabh 
How to generate **inp for d2i_RSAPrivateKey?

RSA *d2i_RSAPrivateKey(RSA **out, const uint8_t **inp, long len)


We are having test512 to test4096 modulus data. How can I generate for test8192 
modulus data?



Regards,
Saurabh
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] cipher suite list

2016-09-28 Thread Carl Heyendal 
Hi, being somewhat of a newb to the security I thought I would ask the security 
community about the current best practices/guidelines for configuring the list 
of cipher suites that I should use in my client app. It seems like some cipher 
suites fall out of favour over time and I would like to use the most safe and 
reliable cipher suites that are currently known as of today.

Appreciate any advice.

/carl h.




***  Please note that this message and any attachments may contain confidential 
and proprietary material and information and are intended only for the use of 
the intended recipient(s). If you are not the intended recipient, you are 
hereby notified that any review, use, disclosure, dissemination, distribution 
or copying of this message and any attachments is strictly prohibited. If you 
have received this email in error, please immediately notify the sender and 
destroy this e-mail and any attachments and all copies, whether electronic or 
printed. Please also note that any views, opinions, conclusions or commitments 
expressed in this message are those of the individual sender and do not 
necessarily reflect the views of Fortinet, Inc., its affiliates, and emails are 
not binding on Fortinet and only a writing manually signed by Fortinet's 
General Counsel can be a binding commitment of Fortinet to Fortinet's customers 
or partners. Thank you. ***

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] new FIPS module

2016-09-28 Thread Steve Marquess 
On 09/27/2016 10:57 AM, Zeke Evans wrote:
>> ...
> 
> The fixed base address requirement causes problems for large Windows
> x86 applications and there isn't a great work around.  It isn't clear
> to me if item 2 " Support compilation in various forms" will address
> this or not.  An option to compile the fips module as a dll instead
> of a static lib would be nice or at least allow the fips capable
> module to be rebased.

As I understand it (not being a Windows person), we don't have any
options good across the Windows ecosystem. Apparently PIC isn't possible
on Win32, for instance.

Hopefully Andy will weigh in. If there is a graceful way to accommodate
Windows we'd gladly do it.

As for DLLs, the fipscanister.o code can always be embedded within a DLL
or shared library. It's the rebasing that's the problem.

-Steve M.

-- 
Steve Marquess
OpenSSL Validation Services, Inc.
1829 Mount Ephraim Road
Adamstown, MD  21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marqu...@openssl.com
gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Libeay32.dll

2016-09-28 Thread Richard Levitte 
In message <1670.10.231.228.17.1475042817.squir...@correo.andaluciajunta.es> on 
Wed, 28 Sep 2016 08:06:57 +0200 (CEST), jose.campos.rom...@andaluciajunta.es 
said:

jose.campos.romero> I have downloaded OpenSSL-Win32. i don´t find this dll. Can 
anybody help me?

>From where?  Considering there are a number of places where this can
be found, it would be good to know which one, and what OpenSSL version
we're talking about.

Something to be aware of is that with OpenSSL 1.1.0 and on, the
library names have changed.  For any 1.1.x, the library names are
libcrypto-1_1.dll and libssl-1_1.dll on Win32.

Cheers,
Richard

-- 
Richard Levitte levi...@openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Libeay32.dll

2016-09-28 Thread Ken Goldman 

1 - Where did you download it from?
2 - What did you download?
3 - Where did you look?

On 9/28/2016 2:06 AM, 
jose.campos.rom...@andaluciajunta.es wrote:

Hi

I have downloaded OpenSSL-Win32. i don´t find this dll. Can anybody help me?

It should come with the download? How i can obtain or generate?




--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users