Re: [openssl-users] CBC ciphers + TLS 1.0 protocol does not work in OpenSSL 1.0.2d

Hi Matt, Thanks a lot for the response. Is your application a client or a server? Are both ends using OpenSSL 1.0.2d? If not, what is the other end using? >>Our device has both TLS client,server apps. As client, device communicates with radius server, LDAP server etc.As server device is accessed

Re: [openssl-users] CBC ciphers + TLS 1.0 protocol does not work in OpenSSL 1.0.2d

Hello Jaya We're going to need some more information. There isn't a generic problem with CBC ciphers and TLS1.0 in 1.0.2d (it's working fine for me) - so there is something specific about your environment that is causing the issue. Comments inserted below. On 04/12/15 06:53, Jayalakshmi bhat

[openssl-users] Openssl Compilation Error

Hi all I am compiling Openssl 1.0.h version in SLES 11 SP1 ,in make command I am facing some errors.I have the instructions properly as given. The error was: /usr/lib64/gcc/x86_64-suse-linux/4.3/../../../../x86_64-suse-linux/bin/ld: libcrypto.a(x86_64-gcc.o): relocation R_X86_64_32 against

Re: [openssl-users] CBC ciphers + TLS 1.0 protocol does not work in OpenSSL 1.0.2d

For clarity, which version of WinCE, and which CPU (Arm, MIPS,PPC, x86, SH3, SH4, ...)? Which Microsoft Compiler version (EVC3, EVC4, one of the Visual Studio projects, 3rd party compiler) and which exact compiler version (reported by running the compiler executable (named according to CPU) with

Re: [openssl-users] CBC ciphers + TLS 1.0 protocol does not work in OpenSSL 1.0.2d

On 04/12/15 11:31, Jayalakshmi bhat wrote: > Hi Matt, > > Thanks a lot for the response. > > Is your application a client or a server? Are both ends using > OpenSSL 1.0.2d? If not, what is the other end using? >>>Our device has both TLS client,server apps. As client, device communicates

[openssl-users] Updated OpenSSL Security Advisory

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenSSL Security Advisory [3 Dec 2015] - Updated [4 Dec 2015] = [Updated 4 Dec 2015]: This advisory has been updated to include the details of CVE-2015-1794, a Low severity issue affecting

Re: [openssl-users] [openssl-dev] [openssl.org #4166] Bug: OpenSSL 1.0.1l fails to verify SOME root CAs: error:num=20:unable to get local issuer certificate

[ Redirecting to openssl-users ] On Fri, Dec 04, 2015 at 03:25:35PM +, Oliver Schonrock via RT wrote: > To Reproduce: > $ openssl s_client -connect api.textmarketer.co.uk:443 > depth=2 C = US, O = "thawte, Inc.", OU = Certification Services > Division, OU = "(c) 2006 thawte, Inc. - For

Re: [openssl-users] CBC ciphers + TLS 1.0 protocol does not work in OpenSSL 1.0.2d

Just coincidentally we may have an issue in a pending release that looks much like this scenario as well; In our case, the server is 1.0.2d and the client is not. I'll update details as I get them .. N Nou Dadoun Senior Firmware Developer, Security Specialist Office: 604.629.5182 ext 2632

Re: [openssl-users] CBC ciphers + TLS 1.0 protocol does not work in OpenSSL 1.0.2d

Hi Matt, I replaced constant_time_eq_8 usage in s3_cbc.c with the implementation available in OpenSSL 1.0.1e. Things worked fine. Regards Jaya On Fri, Dec 4, 2015 at 7:04 PM, Matt Caswell wrote: > > > On 04/12/15 11:31, Jayalakshmi bhat wrote: > > Hi Matt, > > > > Thanks a

Re: [openssl-users] CBC ciphers + TLS 1.0 protocol does not work in OpenSSL 1.0.2d

Hi Matt, s3_cbc.c uses the function constant_time_eq_8. I pulled only this function definition from OpenSSL 1.0.1e into OpenSSL 1.0.2d. I renamed this function as constant_time_eq_8_local and used it in s3_cbc.c instead of constant_time_eq_8. This renaming was just to avoid multiple definitions.

Re: [openssl-users] CBC ciphers + TLS 1.0 protocol does not work in OpenSSL 1.0.2d

Hi Jakob CPU is ARMARCH4. WinCE version is 6.0. I will get the compiler details shortly. Regards Jaya On Fri, Dec 4, 2015 at 6:05 PM, Jakob Bohm wrote: > For clarity, which version of WinCE, and which CPU (Arm, > MIPS, PPC, x86, SH3, SH4, ...)? > > Which Microsoft