[openssl-users] OpenSSL version 1.0.2m published

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 OpenSSL version 1.0.2m released === OpenSSL - The Open Source toolkit for SSL/TLS https://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 1.0.2m of our open

Re: [openssl-users] Wanted details on ./config or Configure options

Hi Rich, I am using OpenSSL 1.0.2h. And I am trying to strip off unused hardware support. I tried using the options mentioned for 1.0.1e which I have explained in the previous mail. They dont seems to work for 1.0.2h. Hence I wanted to know what would be the best way to remove the unsupported

[openssl-users] OpenSSL Security Advisory

. Those versions are no longer receiving security updates. References == URL for this Security Advisory: https://www.openssl.org/news/secadv/20171102.txt Note: the online version of the advisory may be updated with additional details over time. For details of OpenSSL severity

[openssl-users] OpenSSL version 1.1.0g published

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 OpenSSL version 1.1.0g released === OpenSSL - The Open Source toolkit for SSL/TLS https://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 1.1.0g of our open

Re: [openssl-users] Troubleshooting SSL connections

Yes. I've made captures on both - the production client that I manage and the test client I have at home. On the production client, the conversation lasts only 8 packets - the initial 3 way handshake, my client sends a PUSH packet, gets an ACK from the upstream, and then the upstream sends a FIN

Re: [openssl-users] Troubleshooting SSL connections

What kind of stateful packet inspection are the NATs doing? Can you run packet captures on each network that's being translated? -Kyle H On Thu, Nov 2, 2017 at 4:23 PM, Paul Greene wrote: > Yes. I've made captures on both - the production client that I manage and >

Re: [openssl-users] Wanted details on ./config or Configure options

Hi Matt, Thanks a lot for the response. Sorry for the delayed reply. I was out of office for a while. This helped me. However I am not seeing option to remove unwanted engine files to go away from compilation. OpenSSL 1.01x method (no-hw no-hw-4758-cca no-hw-aep no-hw-atalla no-hw-chil

Re: [openssl-users] Wanted details on ./config or Configure options

Hi Matt, Thanks for the reply. We dont want to turn off the engine fully. We have TPM chip, that is part of OpenSSL. I just want to turn off default available hardware using no-hw-4758-cca no-hw-aep no-hw-atalla no-hw-chil no-hw-cswift no-hw-ibmca no-hw-ncipher no-hw-nuron no-hw- padlock

[openssl-users] TLS 1.3 handshake: Limit signature algorithm?

Hi, I'm one of the maintainers of Python's ssl module. A couple of days ago Hanno Böck opened an issue [1] against ssl.get_server_certificate() function [2][3]. It's a helper function to retrieve the end-entity certificate from a remote TLS/SSL server over an unverified connection. The

Re: [openssl-users] TLS 1.3 handshake: Limit signature algorithm?

On 02/11/17 10:32, Christian Heimes wrote: > However this trick will not work with TLS 1.3. The new TLS 1.3 cipher > suites no longer specify authentication algorithm or key > agreement/exchange. TLS 1.3 RFC specifies a signature_algorithms > extension [5]. I could not find any API call in

[openssl-users] SSL_write & SSL_read speed optimization on embedded platform

Dear friends, I am looking for optimizing the SSL_write() and SSL_read() operation on an embedded platform. Below is the setup currently I have 1. Hardware OpenSSL engine library for the platform is present for carrying out any HW AES encryption and AES decryption

[openssl-users] SSL_write & SSL_read speed optimization on embedded platform

Dear friends, I am looking for optimizing the SSL_write() and SSL_read() operation on an embedded platform. Below is the setup currently I have 1. Hardware OpenSSL engine library for the platform is present for carrying out any HW AES encryption and AES decryption

Re: [openssl-users] Wanted details on ./config or Configure options

On 02/11/17 07:07, Jayalakshmi bhat wrote: > Hi Matt, > > Thanks a lot for the response. Sorry for the delayed reply. I was out of > office for a while. This helped me.  However I am not seeing option to > remove unwanted engine files to go away from compilation. OpenSSL 1.01x > method > (no-hw 

[openssl-users] Troubleshooting SSL connections

Hello All, I've got two servers that need to communicate with each other using SSL. The applications that are supposed to talk to each other are custom in house applications. When I try to connect to the upstream server, you can see the initial connection established - "Connecting to

Re: [openssl-users] OCSP_BASICRESP_verify() in 1.1.0

On 31-10-17 17:47, Matt Caswell wrote: > > > On 31/10/17 16:42, Wouter Verhelst wrote: >> On 31-10-17 17:26, Matt Caswell wrote: >>> I agree its not a great name for it. Unfortunately we are stuck with it >>> for compatibility reasons. If we renamed it we would break any code that >>> is

Re: [openssl-users] Wanted details on ./config or Configure options

> remove unwanted engine files to go away from compilation. OpenSSL 1.01x 1.0.1 or 1.1.0 release? I’m guessing 1.0.1, since many of those engines are removed from 1.1.0 -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Troubleshooting SSL connections

Have you thought of putting a packet-capture on, say, the client side and then viewing it? -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users