Re: [openssl-users] Multithreading: Global locks causing bottleneck in parallel SSL_write calls

2017-04-13 Thread Michael Wojcik
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of > Dipak Gaigole > Sent: Thursday, April 13, 2017 15:12 > I will try with disabling FIPS. Opinions differ, but many people - including myself - recommend not enabling FIPS mode unless it is explicitly required

Re: [openssl-users] Query regarding DTLS handshake

2017-04-13 Thread Michael Tuexen
> On 13. Apr 2017, at 19:26, Martin Brejcha wrote: > > > > Matt Caswell wrote on 04/13/2017 03:45 PM: >> >> >> On 13/04/17 10:11, mahesh gs wrote: >>> Hi, >>> >>> We are running SCTP connections with DTLS enabled in our application. We >>> have adapted openssl

Re: [openssl-users] Query regarding DTLS handshake

2017-04-13 Thread Matt Caswell
On 13/04/17 18:26, Martin Brejcha wrote: > > > Matt Caswell wrote on 04/13/2017 03:45 PM: >> >> >> On 13/04/17 10:11, mahesh gs wrote: >>> Hi, >>> >>> We are running SCTP connections with DTLS enabled in our application. We >>> have adapted openssl version (openssl-1.1.0e) to achieve the same.

Re: [openssl-users] Multithreading: Global locks causing bottleneck in parallel SSL_write calls

2017-04-13 Thread Dipak Gaigole
The OpenSSL PRNG story is currently not so great, yes. But maybe you should try without FIPS, and also with a different cipher? AES256-SHA is both CBC and SHA1, neither of which is really a current best practice. -BenThanks Ben. I will try with disabling FIPS. Where can i find current best

Re: [openssl-users] Query regarding DTLS handshake

2017-04-13 Thread Matt Caswell
On 13/04/17 10:11, mahesh gs wrote: > Hi, > > We are running SCTP connections with DTLS enabled in our application. We > have adapted openssl version (openssl-1.1.0e) to achieve the same. > > We have generated the self signed root and node certificates for > testing. We have a strange problem

[openssl-users] Query regarding DTLS handshake

2017-04-13 Thread mahesh gs
Hi, We are running SCTP connections with DTLS enabled in our application. We have adapted openssl version (openssl-1.1.0e) to achieve the same. We have generated the self signed root and node certificates for testing. We have a strange problem with the incomplete DTLS handshake if we run the

Re: [openssl-users] Integrating New Cipher Suite

2017-04-13 Thread Schmicker, Robert
Added a define in include/openssl/ssl.h: # define SSL_TXT_MYCIPHER "MYCIPHER" Integrated into ssl/s3_lib.c: static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_ECDHE_ECDSA_WITH_MYCIPHER_SHA384, TLS1_CK_ECDHE_ECDSA_WITH_MYCIPHER_SHA384, SSL_kECDHE, SSL_aECDSA,

Re: [openssl-users] Query regarding DTLS handshake

2017-04-13 Thread Michael Tuexen
> On 13. Apr 2017, at 11:11, mahesh gs wrote: > > Hi, > > We are running SCTP connections with DTLS enabled in our application. We have > adapted openssl version (openssl-1.1.0e) to achieve the same. > > We have generated the self signed root and node certificates for

Re: [openssl-users] Query regarding DTLS handshake

2017-04-13 Thread Martin Brejcha
Matt Caswell wrote on 04/13/2017 03:45 PM: > > > On 13/04/17 10:11, mahesh gs wrote: >> Hi, >> >> We are running SCTP connections with DTLS enabled in our application. We >> have adapted openssl version (openssl-1.1.0e) to achieve the same. >> >> We have generated the self signed root and node