[openssl-users] Get effective OPENSSLDIR path at runtime?

2016-05-04 Thread Jeffrey Walton
Hi Everyone, opensslconf.h has a macro for the configured OpenSSL directory. We can find the configured location of opendssl.cnf by using OPENSSLDIR. However, the path can be influenced by `-config` options (for openssl apps) and the `OPENSSL_CONF` environmental variable at runtime. How can we

Re: [openssl-users] Problems with ""sequencing" of FakeBasicAuth vs. Require using client certs for Authentication

2016-05-04 Thread o haya
Hi, Ok, thanks! Jim On Wed, 5/4/16, Salz, Rich wrote: Subject: RE: [openssl-users] Problems with ""sequencing" of FakeBasicAuth vs. Require using client certs for Authentication To: "o haya" ,

Re: [openssl-users] Problems with ""sequencing" of FakeBasicAuth vs. Require using client certs for Authentication

2016-05-04 Thread Salz, Rich
> [My apologies for this cross-post, but I think that I realized after I posted > this > on the Apache mailing list that it might be more appropriate here, as > "SSLOptions +FakeBasicAuth" is under mod_ssl...] The apache mailing list(s) are probably a better forum -- Senior Architect, Akamai

Re: [openssl-users] Problems with OpenSSL 1.0.2 h

2016-05-04 Thread Short, Todd
Have you tried to configure this cipher at the top of your cipher list initially with SSL_OP_SERVER_CIPHER_PREFERENCE? -- -Todd Short // tsh...@akamai.com // "One if by land, two if by sea, three if by the Internet." On May 4, 2016, at 12:04 PM, Benjamin Kaduk

Re: [openssl-users] Problems with OpenSSL 1.0.2 h

2016-05-04 Thread Benjamin Kaduk
Hello, On 05/04/2016 05:21 AM, Dirk Menstermann wrote: > Hi, > > I've trouble with the newest OpenSSL as I'm operating a webserver application > that answers with HTTP1.x and HTTP2. > > I registered the ALPN callback and in this the cipher list was adjusted > "SSL_set_cipher_list (ssl,

[openssl-users] Problems with OpenSSL 1.0.2 h

2016-05-04 Thread Dirk Menstermann
Hi, I've trouble with the newest OpenSSL as I'm operating a webserver application that answers with HTTP1.x and HTTP2. I registered the ALPN callback and in this the cipher list was adjusted "SSL_set_cipher_list (ssl, "ECDHE-RSA-AES128-GCM-SHA256")" if H2 was negotiated. With versions < OpenSSL

Re: [openssl-users] While ssl handshake happens, getting error Operation not allowed in fips mode

2016-05-04 Thread Jakob Bohm
On 04/05/2016 08:15, mani kanta wrote: Hello, While the SSL handshake is happening,I am getting the error as below SSL_connect error:0408E09E:rsa routines:PKEY_RSA_SIGN:operation not allowed in fips mode. ssl handshake went well up to client sending key exchange to server and failing in

[openssl-users] While ssl handshake happens, getting error Operation not allowed in fips mode

2016-05-04 Thread mani kanta
Hello, While the SSL handshake is happening,I am getting the error as below SSL_connect error:0408E09E:rsa routines:PKEY_RSA_SIGN:operation not allowed in fips mode. ssl handshake went well up to client sending key exchange to server and failing in the process of send client verify. Why this