On Tue, May 24, 2011 at 12:05 AM, ciphertexto cipherte...@gmail.com wrote:
On May 23, 2011, at 7:20 PM, Dr. Stephen Henson wrote:
On Sun, May 22, 2011, Bill Durant wrote:
Hello,
Has anyone been able to build a working 64-bit version of the
FIPS-capable OpenSSL on Mac OS X 10.6.7
On Thu, May 26, 2011 at 6:01 PM, Matt Thompson thompson...@gmail.com wrote:
I get an error when I try the following:
PS C:\bin\OpenSSL-Win32\bin gc .\secrets.m.text
U2FsdGVkX1+21O5RB08bavFTq7Yq/gChmXrO3f00tvJaT55A5pPvqw0zFVnHSW1o
PS C:\bin\OpenSSL-Win32\bin .\openssl aes-256-cbc -d -a -in
On Tue, Jun 7, 2011 at 3:21 PM, Eric S. Eberhard fl...@vicsmba.com wrote:
I would point out in that last approach -- encrypting and sending un secure
(which is a good idea in many cases) does have a few considerations. If the
data is sensitive (like magnetic strip data from a credit card) this
Hi mp3geek,
On Wed, Jun 22, 2011 at 6:05 PM, Ryan B mp3g...@gmail.com wrote:
Is this supported in OpenSSL trunk? Do I need any additional patches
or updated patches?
It is supported in OpenSSL 1.0.0, but you will need to patch (IIRC).
Jeff
2011/7/1 yyy y...@inbox.lv:
Hello!
s_server (and probably other TLS servers), requires ECDH parameters, if
using ECDH ciphersuites. (probably similarily as for DH parameters with DH
ciphersuites).
It seems, that these are supposed to be generated using:
ecparam -name 'name_of_named_curve',
On Fri, Jul 1, 2011 at 1:14 PM, Vladimir Belov ml.vladimbe...@gmail.com wrote:
Hello.
I'll collect entropy(random bytes) myself on Windows. How many random
bytes I must give for function RAND_seed to seed PRNG properly in two cases:
Why not allow OpenSSL to auto seed itself? If you have an
On Fri, Jul 1, 2011 at 8:58 AM, Daniel Wambold wambo...@gmail.com wrote:
Hello list. Sorry for what is likely a simple question but I'm running out of
time and could use a quick hand. I have a program that encrypts data using
AES256 CBC mode and a 256 bit (obviously) key provided directly to
On Thu, Jul 7, 2011 at 11:56 AM, Gene Kligerman
gene_kliger...@ca.ibm.com wrote:
Hi SSLers!
I am seeing an intermittent problem using EVP_md5 function to hash
user-specified passwords.
The application works fine most of the time except when I run a stress
test: 3 user applications
On Tue, Jul 12, 2011 at 9:03 AM, rick freitag quizzki...@gmail.com wrote:
Questions include:
Why do I need ActivePerl not plain Perl?
I am only using the Cryptolibrary functions from Visual C++.
Sorry to go offlist - I don't know the answer. But on Windows, I found
the easiest way to go is
On Thu, Jul 14, 2011 at 6:22 PM, Kyle Hamilton aerow...@gmail.com wrote:
ECDSA is the elliptical curve (discrete-logarithm-based) variant of DSA, the
Digital Signature Algorithm. DSA was developed by the US National Security
Agency as a means of creating prime-factorization-based signatures
On Fri, Jul 15, 2011 at 5:36 PM, Kyle Hamilton aerow...@gmail.com wrote:
On Fri, Jul 15, 2011 at 10:32 AM, Gaglia san...@paranoici.org wrote:
On 07/15/2011 08:23 AM, Kyle Hamilton wrote:
...
Excuse me, I got lost somewhere... Does this mean that it is not
possible to use EC crypto with
On Sat, Jul 16, 2011 at 2:39 AM, brandon...@aol.com wrote:
Hi.
I am writing some C++ on Linux with g++. When I try to link statically to
libcrypto, by using the libcrypto.a library, it complains that
RSA_generate_key and DH_generate_parameters are undefined references.
Actually, I believe
On Wed, Jul 20, 2011 at 8:48 AM, brandon...@aol.com wrote:
It didn't fix it. In the end, I cannot link statically without libsasl2.a,
which I am having difficulty obtaining, but which must be somehow
obtainable.
http://asg.web.cmu.edu/sasl/sasl-library.html
In the meantime, I am including
On Wed, Aug 17, 2011 at 1:51 PM, Kchitiz Saxena
kchitiz.sax...@gmail.com wrote:
Hi Wim
Thanks for the response. Actually, I am trying to compile openssl for WinCE
5.0. That's why I was trying to figure out whether I should define this
macro while compiling or not. However, if this macro is
On Tue, Sep 13, 2011 at 5:53 AM, Mrunal Nerpawar p.mru...@gmail.com wrote:
I have a use case for one of the product that I work on. I need to know if
the passwords on the unix machines are weak.
The passwords are hashed using blowfish algorithm. I shall be doing
dictionary encryption using
On Tue, Sep 13, 2011 at 6:49 AM, Jeffrey Walton noloa...@gmail.com wrote:
On Tue, Sep 13, 2011 at 5:53 AM, Mrunal Nerpawar p.mru...@gmail.com wrote:
I have a use case for one of the product that I work on. I need to know if
the passwords on the unix machines are weak.
The passwords are hashed
On Fri, Sep 23, 2011 at 4:59 AM, alok sharma alokonm...@gmail.com wrote:
So is there any method on Windows to generate non-predictable
randomnumbers. I think mostly FileSytem time is used to seed randomness
which is failing in my case.
One typically uses CryptGenRandom.
Jeff
On Mon, Sep
On Tue, Oct 4, 2011 at 10:58 AM, brajan balamurugan@gmail.com wrote:
hi
can any one tell me why the signature verification in openssl fail when the
message is signed bu java IBM fips compliant.i am using openssl 0.9.8g in
power Pc. i am getting error in
if (((unsigned
On Wed, Oct 5, 2011 at 12:59 AM, William A. Rowe Jr.
wr...@rowe-clan.net wrote:
On 10/4/2011 10:45 PM, Bill Durant wrote:
Does anyone know how to produce a FIPS-capable OpenSSL that works on Windows
NT?
It's likely not possible...
But when I run it under Windows NT, I get the following
On Fri, Oct 7, 2011 at 1:55 PM, Diffenderfer, Randy
randy.diffender...@hp.com wrote:
How worried should I be about the contents of this?
http://www.kb.cert.org/vuls/id/864643 (published 2011-9-27)
Is this the topic that flitted across the board a week or so ago?
SSL_OP_ALL includes
On Tue, Oct 18, 2011 at 6:47 AM, Nico Flink fl...@coolux.de wrote:
I have a question concerning the size of the out buffer filled by
EVP_CipherUpdate() and EVP_CipherFinal().
The evp man page gives the following description:
EVP_EncryptUpdate() encrypts inl bytes from the buffer in and
On Thu, Oct 27, 2011 at 8:09 AM, Matthias Meixner
matthias.meix...@verifone.com wrote:
Hello!
When upgrading to version 0.9.8r my system stopped supporting session
resumption.
It looks like session tickets are the reason for this.
I was using some external session cache to support session
On Mon, Oct 31, 2011 at 4:15 PM, dave.mclel...@emc.com wrote:
I’m looking into the use of SSL_get_shutdown to possibly avoid unnecessary
calls to SSL_shutdown. I noticed that SSL_get_shutdown() returns a 3
sometimes, but I can’t find a symbol that tells what that means. In ssl.h I
see:
On Mon, Oct 31, 2011 at 3:01 PM, Guilherme G. Rafare graf...@in3.com.br wrote:
Hi, how can I unsubscribe to the list and stop receiving emails?
http://www.openssl.org/support/community.html
Check your SPAM folder for the confirmation emails. I recently noticed
Google swallowed nine separate
On Fri, Nov 4, 2011 at 6:05 AM, Shashidhar RP shashidhar...@hcl.com wrote:
HI
I disabled SSLv2 on the server. When the client which is capable of SSLV2
and SSLV3 sends the hand shake, client sends first V2 hello rt So the
server is not capable of handling V2 packet as SSLV2 is
Hi Maurice,
On Mon, Nov 7, 2011 at 8:01 AM, Maurice Mahieu mauri...@chello.nl wrote:
I mean the first case, to verify the signature.
As I understand the signature is the encyrpted digest of the certificate, I
was wondering if it is possible to decrypt the digest using the public key
of the
On Fri, Dec 2, 2011 at 1:55 PM, hamid.sha...@sungard.com wrote:
Hi,
I am trying to make a simple C++ (64-bit) client program that can establish
a SSL connection with a remote server using OpenSSL on windows-7. I can
successfully execute the followings to create a new context block;
On Mon, Dec 5, 2011 at 7:35 AM, hamid.sha...@sungard.com wrote:
Hi,
I am trying to make a simple C++ (64-bit) client program that can establish
a SSL connection with a remote server using OpenSSL on windows-7. I can
successfully execute the followings to create a new context block;
On Thu, Dec 8, 2011 at 8:45 AM, John Emmas john...@tiscali.co.uk wrote:
Please ignore my previous email for the moment. It seems we're not sure
whether out binaries are official, pre-built ones or if they were built
elsewhere.
Presumably there are some official Windows DLLs and libs
2011/12/16 Yang Chun-Kai waitmefore...@hotmail.com:
1. If I use openssl genrsa -out my_private_key.key 2048 this command then
I will get the encrypted private key or not encrypted key ?
because I want to use python ssl module and heard python ssl lib not support
encrypted private key for
2011/12/17 Yang Chun-Kai waitmefore...@hotmail.com:
Date: Fri, 16 Dec 2011 14:52:27 -0500
Subject: Re: Generate private key problems
From: noloa...@gmail.com
To: openssl-users@openssl.org
2011/12/16 Yang Chun-Kai waitmefore...@hotmail.com:
1. If I use openssl genrsa -out
2011/12/17 Yang Chun-Kai waitmefore...@hotmail.com:
Hello~everyone~
As titled, genpkey command not found in 0.9.8, so is this new in latest
version?
RSA (112 bits of security):
$ openssl genrsa -out rsa-openssl.pem 2048
$ openssl pkcs8 -nocrypt -in rsa-openssl.pem -inform PEM -topk8
-outform
On Sun, Dec 18, 2011 at 10:57 AM, Helegurbann abdullahaydi...@gmail.com wrote:
Hi.I tried int his example code.But it doesn't runs:
[code]
#include stdio.h
#include string.h
#include curl.h
/* This is a simple example showing how to send mail using libcurl's SMTP
* capabilities. It
On Wed, Dec 21, 2011 at 1:26 PM, nandan shantharaj iamnand...@gmail.com wrote:
Hi All,
SSL_CTX_load_verify_locations() is causing memory leak in my
application. Folowing is the function trace.
262 1072 bytes leaked in 4 blocks (2.25% of all bytes leaked)
263 These range in size
On Tue, Jan 17, 2012 at 1:32 PM, Magosányi Árpád m...@magwas.rulez.org wrote:
My application uses openssl-fips for random number generation, where the
seeding have to have at least 100 bits of entropy coming from a hardware
random generator which is certified either to FIPS or CC EAL4. Due to
Hi All,
Is anyone interested in implementing FHMQV in OpenSSL?
I recently implemented FHMQV in Crypto++ (hopefully the patch will be
submitted soon). But I don't have a reference implementation to test
it against (or interoperate with). If interested, I can provide a
Crypto++ reference for
On Tue, Jan 24, 2012 at 4:09 AM, Jakob Bohm jb-open...@wisemo.com wrote:
Informational note to others, as this information used to
be hard to obtain:
On Linux (for comparison):
/dev/urandom produces as many random bytes as you want (with
multiple calls if necessary), but if you read more
On Tue, Feb 14, 2012 at 3:22 PM, Timothy Kay tim...@not.com wrote:
Thanks for the pointer. It's very helpful.
HOWEVER, I can give you dozens of different sites that do it wrong, yet they
all work in the browsers. Clearly that particular part of the spec is no
longer relevant, and openssl
On Tue, Feb 14, 2012 at 4:42 PM, Johan Samyn johan.sa...@gmail.com wrote:
Hi,
I just compiled openssl-1.0.0g on a Win7 box using MingW. All went well,
except I got a virus alert from Avira for 'TR/Graftor.10418.101' found
in the file .../openssl-1.0.0g/test/asn1test.exe. That virus was added
On Tue, Feb 14, 2012 at 7:53 PM, anthony berglas anth...@berglas.org wrote:
Hello All,
I want to set up a simple system in which the private key is derived
entirely from a pass phrase.
I.e. the pass phrase provides all the Entropy that is used. This means
that the private key can be
On Tue, Feb 21, 2012 at 3:51 PM, Andy Polyakov ap...@openssl.org wrote:
Another option (but shoot it down if its bogus :-): I noticed that if I
compile
fipscanister.o without -fPIC, then the const variables do get placed in
the (really readonly) .rodata section as desired. I thought maybe if
On Thu, Feb 23, 2012 at 2:12 PM, burtbick l...@burtbicksler.com wrote:
Hi, I'm working on a project where I need to interact with a hardware device
that is using Triple DES-ECB for encrypting keys.
One of the first things that I'm trying to do is to generate a 16 byte key
to be uploaded to
On Fri, Feb 24, 2012 at 4:08 PM, Jakob Bohm jb-open...@wisemo.com wrote:
On 2/24/2012 2:14 PM, sandeep kiran p wrote:
You mentioned that OpenSSL is holding a snapshot lock in rand_win.c. I
couldn't find anything like that in that file. Can you specifically point me
to the code that you are
On Thu, Mar 8, 2012 at 1:40 PM, aram_baghom...@hushmail.com wrote:
Hi,
I use this commands for compile it on a FreeBsd 8.2.
# ./Configure
# ./config
# make
Try gmake.
__
OpenSSL Project
On Tue, Mar 27, 2012 at 4:26 PM, Ken Goldman kgold...@us.ibm.com wrote:
On 3/27/2012 3:51 PM, Jakob Bohm wrote:
On 3/27/2012 9:37 PM, Dr. Stephen Henson wrote:
You should really be using EVP instead of the low level routines.
They are well documented with examples.
Where, precisely?
I
On Tue, Mar 27, 2012 at 5:19 PM, Jakob Bohm jb-open...@wisemo.com wrote:
On 3/27/2012 10:42 PM, Jeffrey Walton wrote:
On Tue, Mar 27, 2012 at 4:26 PM, Ken Goldmankgold...@us.ibm.com wrote:
On 3/27/2012 3:51 PM, Jakob Bohm wrote:
On 3/27/2012 9:37 PM, Dr. Stephen Henson wrote:
You should
On Tue, Mar 27, 2012 at 4:26 PM, Ken Goldman kgold...@us.ibm.com wrote:
On 3/27/2012 3:51 PM, Jakob Bohm wrote:
On 3/27/2012 9:37 PM, Dr. Stephen Henson wrote:
You should really be using EVP instead of the low level routines.
They are well documented with examples.
Where, precisely?
I
On Mon, Mar 26, 2012 at 11:28 AM, anu anujc...@gmail.com wrote:
When I am using AES_ecb_encrypt(const unsigned char *in, unsigned char *out,
const AES_KEY *key, const int enc);
then there is no linking error in my code
but when i use
AES_cbc_encrypt(const unsigned char *in, unsigned char
On Mon, Mar 26, 2012 at 1:49 AM, Prashanth kumar N
prashanth.kuma...@gmail.com wrote:
[SNIP]
: In my case, i would be storing the wrapped key and
not the original
key. So when user tries to decrypt the wrapped key, he would get the
original key but how do i make sure that is the
On Sun, Mar 25, 2012 at 7:31 PM, jeremy hunt jere...@optimation.com.au wrote:
Thomas J. Hruska wrote:
On 3/23/2012 12:53 AM, jeremy hunt wrote:
This posting is to help people to build OpenSSL 1.0.1 with Microsoft
Visual Studio. It may also indicate a required change to the build
On Wed, Mar 28, 2012 at 6:15 AM, Jeffrey Walton noloa...@gmail.com wrote:
On Tue, Mar 27, 2012 at 4:26 PM, Ken Goldman kgold...@us.ibm.com wrote:
On 3/27/2012 3:51 PM, Jakob Bohm wrote:
On 3/27/2012 9:37 PM, Dr. Stephen Henson wrote:
You should really be using EVP instead of the low level
On Wed, Apr 4, 2012 at 5:41 AM, pkumarn prashanth.kuma...@gmail.com wrote:
Hi,
I had earlier posted query on AES_Keywrap() usage and had good response on
the same and got lot of things clarified. Now i am successful in using
AES_wrap_key() API but i am running into a new problem.
I need to
On Thu, Apr 5, 2012 at 12:18 PM, sandeep kiran p
sandeepkir...@gmail.com wrote:
Jakob,
The last time we had this discussions, I mentioned when 0 is passed as the
second argument to CreateToolhelp32Snapshot, it takes a snapshot of all the
heaps for all the processes in the system. I was wrong.
On Thu, Apr 5, 2012 at 12:07 AM, Prashanth kumar N
prashanth.kuma...@gmail.com wrote:
You can use the below API's
RAND_bytes()
RAND_pseudo_bytes()
Sorry to nitpick. Its gets old auditing high integrity code where the
damn programmers ignore return values as if every succeeds.
#include
On Thu, Apr 5, 2012 at 6:06 PM, Jakob Bohm jb-open...@wisemo.com wrote:
On 4/5/2012 9:01 PM, Jeffrey Walton wrote:
On Thu, Apr 5, 2012 at 12:18 PM, sandeep kiran p
sandeepkir...@gmail.com wrote:
Jakob,
The last time we had this discussions, I mentioned when 0 is passed as
the
second
On Thu, Apr 5, 2012 at 6:58 PM, Jeffrey Walton noloa...@gmail.com wrote:
On Thu, Apr 5, 2012 at 6:06 PM, Jakob Bohm jb-open...@wisemo.com wrote:
On 4/5/2012 9:01 PM, Jeffrey Walton wrote:
[SNIP]
The following list of permission bits are most (not all) of those that
may appear in the DACL
On Fri, Apr 6, 2012 at 1:42 PM, crk c...@crook.de wrote:
Hi,
unfortunately this didn't help.
Besides, I am using SSL_library_init. The manual says
OpenSSL_add_ssl_algorithms() and SSLeay_add_ssl_algorithms() are
synonyms for SSL_library_init().
The client and server each call a different
On Sat, Apr 14, 2012 at 7:20 PM, Nathan Smyth naf...@ymail.com wrote:
Hi there,
I have a dumb question. How can I tell whether SSL is actually protecting a
tcp connection - is there anyway from outside the application. I assume I
should look for something in Netstat?
I have quite a
On Sun, Apr 15, 2012 at 12:01 PM, toredhiddenu...@tormail.net wrote:
Hello guyz and cryptobrains! :P
One of the main disadvantages of EC on openssl seems to be the inability
to create arbitrary-sized keys and advantage for RSA: you can create 32768
bit RSA key but... not greater than 521
On Tue, Apr 17, 2012 at 7:59 AM, Edward Ned Harvey
open...@nedharvey.com wrote:
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
us...@openssl.org] On Behalf Of Edward Ned Harvey
attacker doesn't know is your key and your plaintext. There is only one
solution. You must use a
On Tue, Apr 17, 2012 at 9:47 PM, Edward Ned Harvey
open...@nedharvey.com wrote:
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
us...@openssl.org] On Behalf Of Ken Goldman
The standard answer: If this is a real security project, hire an
expert. If you design your own crypto
Hi Paul,
On Wed, Apr 18, 2012 at 2:01 PM, Muschick, Paul paul.musch...@itron.com wrote:
So, it’s ironic that only after I post to the mailing list, I solve my first
problem. For visitors from the future, to fully add a new cipher suite, you
can’t forget to add your cipher’s EVP_CIPHER*
On Wed, Apr 18, 2012 at 9:04 AM, Edward Ned Harvey
open...@nedharvey.com wrote:
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
us...@openssl.org] On Behalf Of Jeffrey Walton
On Tue, Apr 17, 2012 at 9:47 PM, Edward Ned Harvey
open...@nedharvey.com wrote:
From: owner-openssl-us
On Sun, Apr 29, 2012 at 5:40 PM, Mike Hoy mho...@gmail.com wrote:
We use McAfee to scan our website for vulnerabilities. They claim the
following:
Configure SSL/TLS servers to only use TLS 1.1 or TLS 1.2 if supported.
Configure SSL/TLS servers to only support cipher suites that do not use
On Tue, May 8, 2012 at 9:13 AM, Edward Ned Harvey open...@nedharvey.com wrote:
Suppose you have a single resource to be encrypted, and it should be
accessible by multiple users. Is there a way to encrypt something such that
multiple keys would work? I can't seem to find any such solution...
On Tue, May 8, 2012 at 4:33 PM, Dave Thompson dthomp...@prinpay.com wrote:
From: owner-openssl-us...@openssl.org On Behalf Of Adrian Manuel Vázquez
Betancourt
Sent: Tuesday, 08 May, 2012 15:21
I have a p12 certificate file and I would like to extract the private
key from it and export it as a
On Sun, May 13, 2012 at 1:55 PM, Thomas Anderson zeln...@gmail.com wrote:
openssl probably just doesn't recognize that OID. Here's what
phpseclib (the latest SVN) shows for that particular extension:
[8] = Array
(
[extnId] = id-ce-subjectAltName
[critical] =
On Sun, May 13, 2012 at 4:31 PM, Thomas Anderson zeln...@gmail.com wrote:
On Sun, May 13, 2012 at 2:00 PM, Jeffrey Walton noloa...@gmail.com wrote:
On Sun, May 13, 2012 at 1:55 PM, Thomas Anderson zeln...@gmail.com wrote:
openssl probably just doesn't recognize that OID. Here's what
phpseclib
On Fri, May 25, 2012 at 7:25 AM, Sudarshan Raghavan
sudarshan.t.ragha...@gmail.com wrote:
Ok, I can fix the custom free to take care of this. But, why is this
happening in openssl 1.0.1 and not in 1.0.0 or 0.9.8?
I think the question to ask is why your code or library routines are
not validating
On Thu, May 24, 2012 at 8:16 AM, Sudarshan Raghavan
sudarshan.t.ragha...@gmail.com wrote:
Hi,
I am using CRYPTO_set_mem_functions to use our own custom memory
routines in a non blocking proxy implementation. This was working fine
in 0.9.8 and 1.0.0 but with 1.0.1c I can see that the custom
On Fri, May 25, 2012 at 11:25 AM, Ken Goldman kgold...@us.ibm.com wrote:
On 5/25/2012 11:03 AM, Steffen DETTMER wrote:
I think crashing with NULL is quite good: a must-not-happen situation
leads to a defined dead of SIGSEGVs, at least for platforms supporting
that, typically with good aid for
On Mon, May 21, 2012 at 2:04 PM, Felix von Leitner
felix-open...@fefe.de wrote:
Hi!
Has someone with domain knowledge of how OpenSSL works looked at the
UEFI implementation of AuthentiCode?
I am currently looking at this file in particular:
On Mon, Jun 11, 2012 at 4:32 PM, Garrison, Jim (ETW)
jim.garri...@nike.com wrote:
I am trying to connect to a subversion server that requires https, and for
some reason, is configured to require SSL3 or TLS1. It refuses to respond
to SSL or SSL2.
You are lucky its responds to SSLv3. I would
Subject: RE: Configure OpenSSL to skip SSL1 SSL2?
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
us...@openssl.org] On Behalf Of Jeffrey Walton
Sent: Monday, June 11, 2012 8:38 PM
To: openssl-users@openssl.org
Subject: Re: Configure OpenSSL
On Wed, Jun 13, 2012 at 12:57 PM, Vladimir Belov
ml.vladimbe...@gmail.com wrote:
Hello.
Many public CAs suggest Extended Validation for certificates of web servers.
These certificates cost much more expensive but in browser we can only see
green address bar instead of yellow or blank.
Race to
Hi Mike,
From the Change Log (http://www.openssl.org/news/changelog.html):
Changes between 1.0.0h and 1.0.1 [14 Mar 2012]
* Initial TLS v1.2 support
* Add TLS v1.2 server support for client authentication.
* Add server support for TLS v1.2 signature algorithms extension.
* Initial TLS
On Thu, Jun 28, 2012 at 3:43 PM, John A. Wallace jw72...@verizon.net wrote:
I do appreciate the excellent support I have gotten with this program. Thank
you.
Shining Light and Thomas do a great job with the pre-built binaries.
The foundation might consider incorporating some of his work since
On Fri, Apr 11, 2014 at 2:20 PM, Ted Byers r.ted.by...@gmail.com wrote:
On Fri, Apr 11, 2014 at 1:23 PM, Steve Marquess
marqu...@opensslfoundation.com wrote:
...
Have you checked out Google and Amazon's payment services? I have
heard they exist, but haven't checked them out for cost (I may
On Sun, Apr 13, 2014 at 7:49 AM, Hanno Böck ha...@hboeck.de wrote:
On Sun, 13 Apr 2014 13:12:41 +0200
Graham Leggett minf...@sharp.fm wrote:
On 13 Apr 2014, at 12:25 PM, Hanno Böck ha...@hboeck.de wrote:
Is there any software out there that doees anything with heatbeat?
And more
Just to clarify any possible confusion, whether or not a piece of software
actively uses the heartbeat makes no difference to the bug, you are still
vulnerable simply by virtue of the feature being there. Make sure that if
you are using an effected version of openssl, you patch openssl.
I
On Fri, Apr 18, 2014 at 12:24 PM, Floodeenjr, Thomas
thomas_floodee...@mentor.com wrote:
Klocwork seems to have caught it:
RSA_print_fp eventually calls ASN1_bn_print (multiple times) with each
of the RSA parameters. ASN1_bn_print is shown below.
A couple of questions:
(1) why is the buffer 'buf' required for the function? What is its
size supposed to be? (I know 'BN_num_bytes(num)' is too small from a
seg fault,
Are there any functions to determine the size of the preimage (i.e.,
plain text) that can be encrypted under RSA using various schemes
(e.g., no padding, PKCS#1.5, OAEP, etc)?
I know there's a RSA_size, but its not really helpful size it only
provides the size of the modulus in bytes.
Thanks in
On Thu, Apr 24, 2014 at 1:49 PM, Bin Lu b...@juniper.net wrote:
Thanks!
Ben Laurire checked it in recently (within the last week or so).
Until it makes it way into the the tar balls, I believe you should
try: https://rt.openssl.org/Ticket/Display.html?id=2167user=guestpass=guest.
Jeff
According to
http://googleonlinesecurity.blogspot.com/2014/04/speeding-up-and-strengthening-https.html:
To make this happen, [we] began implementing new algorithms --
ChaCha 20 for symmetric encryption and Poly1305 for
authentication -- in OpenSSL and NSS in March 2013.
But I have
On Sat, Apr 26, 2014 at 3:18 PM, Anant Rao a...@noknok.com wrote:
I'm doing password encryption (and decryption) in Java. I need to port this
to C.
In Java, I'm doing this:
PBEKeySpec (somepassphrase, some_salt, some iterations, 128
/*key_length*/);
Algorithm is PBKDF2WithHmacSHA1
If I
On Sat, Apr 26, 2014 at 5:12 PM, Matt Caswell fr...@baggins.org wrote:
On 26 April 2014 20:38, Jeffrey Walton noloa...@gmail.com wrote:
...
There are no docs on it, but a patch is sitting in RT at
https://rt.openssl.org/Ticket/Display.html?id=3293user=guestpass=guest.
Download the POD file
On Wed, Apr 30, 2014 at 3:04 AM, zyf01...@gmail.com zyf01...@gmail.comwrote:
This time the client hello and server hello is done,but when client key
exchange the server reply Alert (Level: Fatal, Description: Protocol
Version).Shows bellow, what wrong with this? And I kown this alert means
On Fri, May 2, 2014 at 7:05 AM, krinalishah krinali.s...@einfochips.comwrote:
...
I have created two seperate certificates for my server and client (here
client is a web browser).
Now my question is, when I create .crt certificate signed by CA, via
openSSL, it asks me for Common Name.
What
So, if that's the case, what would be the downside of making the
default_crl_days equal to the validity of the CA itself, for example?
[e.g. If the CA cert is valid for 100 years, why not set the
default_crl_days to 36500+/- days too?]
Because some clients won't check back for 100 years...
On Tue, May 13, 2014 at 6:45 AM, Gayathri Manoj
gayathri.an...@gmail.com wrote:
Hi All,
I am planning to upgrade my tls connection from 1.0 to 1.2. I have made
changes from the client side and am able to see the client hello with tls
version 1.2. The server supports only 1.0 and the client
Hi All/Steve,
Tech giants, chastened by Heartbleed, finally agree to fund OpenSSL,
http://arstechnica.com/information-technology/2014/04/tech-giants-chastened-by-heartbleed-finally-agree-to-fund-openssl/.
Its been a few weeks since the article was written. According to the
article, the Linux
On Tue, May 13, 2014 at 12:06 PM, Tom stone stone...@gmail.com wrote:
Using openssl-1.0.1g command line for simple file encryption/decryption,
when I issue the commands
openssl enc -aes-256-cbc -k secret -in file.txt -out file.ssl
openssl enc -d -aes-256-cbc -k secret -in file.ssl
The
On Thu, May 15, 2014 at 2:37 PM, Matt Caswell m...@openssl.org wrote:
On 15 May 2014 10:39, Jeffrey Walton noloa...@gmail.com wrote:
On Tue, May 13, 2014 at 12:06 PM, Tom stone stone...@gmail.com wrote:
Am I missing something or is there a bug in the openssl gcm implementation?
If its any
On Sat, May 17, 2014 at 6:31 AM, AlfaOmega08 alfaomeg...@gmail.com wrote:
I had a hard time trying to make a simple HTTPS server with OpenSSL.
However I managed to build it with TLSv1.2 support using the 1.0.2
beta version.
The code I use to initialize the context is the following:
...
sip_trp_ssl_ctx = SSL_CTX_new( TLSv1_method() );
if ( sip_trp_ssl_ctx == NULL ) {
ERROR(FI_init_ssl_context: SSL_CTX_new with TLSv1_method failed);
return SSL_INIT_ERROR;
}
Well, EC support was added to SSL/TLS at TLS 1.2.
You did not include the error you are
On Sun, May 25, 2014 at 11:39 AM, Viktor Dukhovni
openssl-us...@dukhovni.org wrote:
On Sun, May 25, 2014 at 11:28:04AM -0400, Jeffrey Walton wrote:
sip_trp_ssl_ctx = SSL_CTX_new( TLSv1_method() );
if ( sip_trp_ssl_ctx == NULL ) {
ERROR(FI_init_ssl_context: SSL_CTX_new
but let's say it's the government of North
Korea... Even if no strings, it would damage the perception people have of
OpenSSL just being associated with that entity. So, just be mindful of
people's perceptions when accepting anything.
That cuts both ways... Privacy is a human right in many
Dennis Rodman goes to North Korea and says its just basketball, not
political. Everyone except him knows he was used. OpenSSL cannot
metaphorically go to North Korea without damage to its brand -- especially
now that real financial support is forthcoming.
Its a slippery slope. You can't
On Thu, May 29, 2014 at 4:51 PM, Frans de Boer fr...@fransdb.nl wrote:
...
Ok, I accept the above apologies as I just want to express my worries. Yes,
it was cynical - I used one line from Huwai, which triggered my response.
The initial comment from the OpenSSL spokesperson about the focused
301 - 400 of 744 matches
Mail list logo