> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
> Of FooCrypt
> Sent: Wednesday, May 30, 2018 10:46
> To: openssl-users@openssl.org
> Subject: Re: [openssl-users] PRNG is not seeded
>
> > On 30 May 2018, at 11:55 PM, Michael Wojcik
> wrote:
> >
> > Where would openssl
> Either way, trying to use OpenSSL's PRNGD to seed OpenSSL's PRNGD is an
> exercise in futility.
Oh, I agree on that.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>>> I’m using PRNGD to seed my random numbers (I’m on a system without
>>> /dev/random and /dev/urandom). I occasionally get the dreaded “PRNG is
>>> not seeded” error.
>>
>> I don’t know your OS or environment, have you tried the ‘openssl rand’
>> functionality as a random source to seed your
On 05/29/2018 01:48 AM, Viktor Dukhovni wrote:
> I am rather puzzled as to why you chose to eliminate
> not just fixed DH, but also the ephemeral finite-field
> DH key exchange. What's wrong with the DHE ciphers?
Mostly precomputation attacks: https://weakdh.org/logjam.html
Those parameters are
In message
on Wed, 30 May 2018 15:37:47 +, Scott Neugroschl said:
scott_n> The platform in question is an HPE NonStop.
NonStop isn't the only platform with this sort of problem... I'd
suggest asking in places dedicated to NonStop if they know of good
enough ways to gather enough entropy,
On 5/30/2018 1:16 AM, Walter H. wrote:
> On 30.05.2018 08:45, Mark Shnaider via openssl-users wrote:
>> [...]
>>
>> openssl s_client -connect 10.65.48.108:443
>>
>> [...]
> very probable, that the client doesn't have the root ca certificate of
> the ca certificate that signed server.pem
>
> you
> On May 30, 2018, at 4:06 PM, Jordan Brown
> wrote:
>
> And also: the certificate is unlikely to list an IP address, so it should
> fail hostname verification. You need to use a host name in your client
> connection request, not an IP address.
>
> (Pretty much, you don't ever want to
> On 31 May 2018, at 1:35 AM, Michael Wojcik
> wrote:
>
>> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
>> Of FooCrypt
>> Sent: Wednesday, May 30, 2018 10:46
>> To: openssl-users@openssl.org
>> Subject: Re: [openssl-users] PRNG is not seeded
>>
>>> On 30 May 2018,
> On May 30, 2018, at 12:54 PM, Michał Trojnara
> wrote:
>
>> I am rather puzzled as to why you chose to eliminate
>> not just fixed DH, but also the ephemeral finite-field
>> DH key exchange. What's wrong with the DHE ciphers?
>
> Mostly precomputation attacks:
On 30.05.2018 19:12, Viktor Dukhovni wrote:
> So I would disable only kDH, but not DHE. Keep in mind that
> some remote systems will not support EECDH, and by disabling
> DHE, you get only kRSA, which is worse. So I think that
> '!DH' is unwise.
I respectfully disagree. The only practical
> On May 31, 2018, at 12:09 AM, Michal Trojnara
> wrote:
>
> I respectfully disagree. The only practical disadvantage of kRSA is
> that it doesn't provide PFS. Losing PFS is bad, but it's not a huge
> price for ensuring secure key exchange.
There's an assumption here that DHE key exchange
Hello,
I use OpenSSL version is openssl-1.1.0h(Windows) and
I run following command from apps directory
openssl s_server -accept 443 -www
The server in this case use certificate "server.pem"
On client computer I run command
openssl s_client -connect 10.65.48.108:443
On client computer I get
On 30.05.2018 08:45, Mark Shnaider via openssl-users wrote:
Hello,
I use OpenSSL version is openssl-1.1.0h(Windows) and
I run following command from apps directory
|openssl s_server -accept 443 -www|
The server in this case use certificate "server.pem"
On client computer I run command
After some RTFM, I found space_ec .. which confirms that this change was
intentional.
Thanks
On 29/05/18 16:27, tincanteksup wrote:
Hi,
Certificate included here is only for testing.
I use EasyRSA to build my PKI -- This all works well.
So, now I have a client cert but, depending on which
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
> Of FooCrypt
> Sent: Tuesday, May 29, 2018 21:41
> To: openssl-users@openssl.org
> Subject: Re: [openssl-users] PRNG is not seeded
>
> > On 30 May 2018, at 8:58 AM, Scott Neugroschl
> wrote:
> >
> > I’m using PRNGD to
> On 30 May 2018, at 11:55 PM, Michael Wojcik
> wrote:
>
>> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
>> Of FooCrypt
>> Sent: Tuesday, May 29, 2018 21:41
>> To: openssl-users@openssl.org
>> Subject: Re: [openssl-users] PRNG is not seeded
>>
>>> On 30 May 2018,
16 matches
Mail list logo
