> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
> Dipak Gaigole
> Sent: Thursday, April 13, 2017 15:12
> I will try with disabling FIPS.
Opinions differ, but many people - including myself - recommend not enabling
FIPS mode unless it is explicitly required
> On 13. Apr 2017, at 19:26, Martin Brejcha wrote:
>
>
>
> Matt Caswell wrote on 04/13/2017 03:45 PM:
>>
>>
>> On 13/04/17 10:11, mahesh gs wrote:
>>> Hi,
>>>
>>> We are running SCTP connections with DTLS enabled in our application. We
>>> have adapted openssl
On 13/04/17 18:26, Martin Brejcha wrote:
>
>
> Matt Caswell wrote on 04/13/2017 03:45 PM:
>>
>>
>> On 13/04/17 10:11, mahesh gs wrote:
>>> Hi,
>>>
>>> We are running SCTP connections with DTLS enabled in our application. We
>>> have adapted openssl version (openssl-1.1.0e) to achieve the same.
The OpenSSL PRNG story is currently not so great, yes. But maybe
you should try without FIPS, and also with a different cipher? AES256-SHA
is both CBC and SHA1, neither of which is really a current best practice.
-BenThanks Ben. I will try with disabling FIPS. Where can i find current best
On 13/04/17 10:11, mahesh gs wrote:
> Hi,
>
> We are running SCTP connections with DTLS enabled in our application. We
> have adapted openssl version (openssl-1.1.0e) to achieve the same.
>
> We have generated the self signed root and node certificates for
> testing. We have a strange problem
Hi,
We are running SCTP connections with DTLS enabled in our application. We
have adapted openssl version (openssl-1.1.0e) to achieve the same.
We have generated the self signed root and node certificates for testing.
We have a strange problem with the incomplete DTLS handshake if we run the
Added a define in include/openssl/ssl.h:
# define SSL_TXT_MYCIPHER "MYCIPHER"
Integrated into ssl/s3_lib.c:
static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_ECDHE_ECDSA_WITH_MYCIPHER_SHA384,
TLS1_CK_ECDHE_ECDSA_WITH_MYCIPHER_SHA384,
SSL_kECDHE,
SSL_aECDSA,
> On 13. Apr 2017, at 11:11, mahesh gs wrote:
>
> Hi,
>
> We are running SCTP connections with DTLS enabled in our application. We have
> adapted openssl version (openssl-1.1.0e) to achieve the same.
>
> We have generated the self signed root and node certificates for
Matt Caswell wrote on 04/13/2017 03:45 PM:
>
>
> On 13/04/17 10:11, mahesh gs wrote:
>> Hi,
>>
>> We are running SCTP connections with DTLS enabled in our application. We
>> have adapted openssl version (openssl-1.1.0e) to achieve the same.
>>
>> We have generated the self signed root and node