Just wondering if Apple OS is compatible with OPenssl 3 .
--
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising!
Look at Psalms 14 and 53 on Atheism https://www.empire.kred/ROOT
s said about CA certificates with SHA1 signatures and some
> implementations will now reject these as non-compliant even if they were
> issued before 2013.
>
> On Thu, 2022-05-12 at 17:40 +0200, egoitz--- via openssl-users wrote:
>
> Please ignore the line below I said regards in
= DEFAULT@SECLEVEL=1_
But this last way, does not convince me... so I have started debugging
what exactly was causing the the problem. I saw, that sha1 is not
allowed as a signing valid algorithm for SECLEVEL 2. So, I tried moving
the CA to a more recent testing machine (with a newer OpenSSL
1.1.1l
is last way, does not convince me... so I have started debugging what
> exactly was causing the the problem. I saw, that sha1 is not allowed as a
> signing valid algorithm for SECLEVEL 2. So, I tried moving the CA to a more
> recent testing machine (with a newer OpenSSL 1.1.1l-freebsd),
Trying to compile OpenSSL using Bootlin tool chains for ARMv5 UCLIBC found at
https://toolchains.bootlin.com/
Does anyone have recent experience compiling OpenSSL 1.1.1 specifying alternate
tool-chains?
What commands did you use?
Thanks
;
}
else
{
// error
}
Martin
From: Kory Hamzeh
Sent: Monday, October 24, 2022 7:22 PM
To: amar...@xtec.com
Cc: openssl-users@openssl.org
Subject: Re: Setting a group to an existing EVP_PKEY in OpenSSL 3
I haven’t done exactly what you are trying, but something similar
Hi,
How can I set a GROUP to an existing EC type EVP_PKEY in OpenSSL 3?
In 1.0.2 I was using this code having the EC_KEY:
EC_KEY_set_group(eckey, EC_GROUP_new_by_curve_name(nid));
In OpenSSL 3 still EC_GROUP_new_by_curve_name(nid) can be used, but I don't
know how to go from
Hi,
How can I get the nid from the curve name for a EC key in OpenSSL 3? I'm
porting code from OpenSSL 1.0.2.
I'm converting this:
ecc_curve_type = EC_GROUP_get_curve_name(EC_KEY_get0_group((const EC_KEY
*)eckey));
if(ecc_curve_type == NID_undef
这是一封自动回复邮件。已经收到您的来信,我会尽快回复。
这是一封自动回复邮件。已经收到您的来信,我会尽快回复。
No snapshots since 2022-10-19.
--
Member - Liberal International This is doc...@nk.ca Ici doc...@nk.ca
Yahweh, King & country!Never Satan President Republic!Beware AntiChrist rising!
Look at Psalms 14 and 53 on Atheism https://www.empire.kred/ROOTNK?t=94a1f39b
How can one be prejudiced and
这是一封自动回复邮件。已经收到您的来信,我会尽快回复。
Hi All,
A few weeks ago I sent this e-mail to the group:
https://mta.openssl.org/pipermail/openssl-users/2022-November/015613.html I
received a couple of replies, but sadly I have been too busy to respond to
them. Regardless, I need a bit more information please.
In one of the replies, Viktor
their own OpenSSL build, possibly linked
> statically or linked into one of their own shared objects or with the OpenSSL
> shared objects renamed. Linux distributions have not magically solved the
> problem of keeping all software on the system current.
That's disheartening
, Job Cacka wrote:
> Michael's point should be asked and answered first for your environment.
>
> To find all of the OpenSSL bits used on a windows system you would use
> Powershell or a tool that flexes its use like PDQ Inventory. There is a
> steep learning curve and it is pro
On Wed, Nov 02, 2022 at 06:29:45PM +, Michael Wojcik via openssl-users
wrote:
> > From: openssl-users On Behalf Of Phillip
> > Susi
> > Sent: Wednesday, 2 November, 2022 11:45
> >
> > The only thing to fix is don't put your compiler in strict C90 mode.
>
On Sat, Nov 05, 2022 at 02:22:55PM +, Michael Wojcik
wrote:
> > From: openssl-users On Behalf Of raf
> > via
> > openssl-users
> > Sent: Friday, 4 November, 2022 18:54
> >
> > On Wed, Nov 02, 2022 at 06:29:45PM +, Michael Wojcik via openssl-us
:
"WuJinze"
<294843...@qq.com;
Date:Sat, Nov 12, 2022 06:17 PM
To:"openssl-users"
Dear OpenSSL Group,
Greetings. I was working on writing simple aes encrypt/decrypt wrapper
function in c++ and running into a strange problem. The minimal reproducible
examples in gist seems working fine but when i uncomment lines 90-92, it will
fail to decrypt randomly. Can someone help me
Hi All,
I'm really worried about the vulnerabilities recently found in OpenSSL versions
3.0.0 - 3.0.6. If I understand things correctly (and please do correct me if
I'm wrong), it doesn't matter which version of OpenSSL clients are running,
only which version of OpenSSL *servers* are running
这是一封自动回复邮件。已经收到您的来信,我会尽快回复。
这是一封自动回复邮件。已经收到您的来信,我会尽快回复。
On Mon, May 06, 2024 at 11:34:59PM -0600, The Doctor via openssl-users wrote:
> Using clang versino 18
>
> and it is spewing at goto out
>
Line 417 and 434 of test/threadstest.c
in openssl-3.3 daily
--
Member - Liberal International This is doc...@nk.ca Ici doc...@nk.ca
Using clang versino 18
and it is spewing at goto out
--
Member - Liberal International This is doc...@nk.ca Ici doc...@nk.ca
Yahweh, King & country!Never Satan President Republic!Beware AntiChrist rising!
Look at Psalms 14 and 53 on Atheism ;
Just to let you know, we found a tool to migrate RT to GitHub issues and will
be doing that shortly. This will just about double the number of open issues
we have and, unfortunately, push the existing (active ones) down a few pages.
--
openssl-users mailing list
To unsubscribe: https
> My application links to OpenSSL 1.1.0 dynamically, and I would like to be able
> to determine if the CPU supports the AES-NI instruction set.
> Is there an OpenSSL API that can do this?
Look at man3/OPENSSL_ia32cap.pod ?
--
openssl-users mailing list
To unsubscribe: https://mta.op
>Am trying to upgrade openssl 1.0.1p to 1.0.2k and the compilation breaks with
>the below error and am using Ubuntu 10.04.1
>In file included from req.c:84:
>comp.h:28: error: redefinition of typedef 'COMP_METHOD'
>../../Build/target/usr/include/openssl/ossl_typ.h:181:
The text says Broadwell-specific
So it only affects *some* x86_64 platforms.
--
Senior Architect, Akamai Technologies
Member, OpenSSL Dev Team
IM: richs...@jabber.at Twitter: RichSalz
From: Sandeep Umesh [mailto:sanum...@in.ibm.com]
Sent: Monday, January 30, 2017 2:14 AM
To: openssl-users
> It's cargo-cult programming, most often by people who can't be bothered to
> learn the language they're using.
There are also sometimes portability issues, vendors get things wrong.
But at any rate, for this project, OpenSSL style says parens after sizeof and
says nothing at all abo
> Have you considered using GMP as a big integer backed for openssl? It has
> support for several arm variants using handwritten assembly code and the
> developers go to great lengths to find optimize runtime on all supported
> platforms.
It might be interesting if we could fi
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Hello,
openssl s_client -connect mailhost:25 -starttls smtp
displays this:
CONNECTED(0003)
depth=0 OU = Domain Control Validated, CN = ...
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 OU = Domain Control Validated, CN = ...
verify error:num=27
On 02/04/2017 04:00 PM, Schmicker, Robert wrote:
>
> Hello,
>
>
> Thanks to everyones help here I was able to insert a new cipher into
> OpenSSL.
>
> However, for performance reasons I'd like to begin testing the speed
> of my cipher and
>
> compare to other alr
> Licensing issues are indeed thorny. Why can't openssl perform a dynamic link?
> The soversion should handle any ABI issues introduced in later versions of
> GMP.
Anything is possible; it is just code.
I don't think this is a priority for the team. A pull request ...
--
open
e configured
for that purpose. But, (1) I thought you were looking at the client
side, and (2) how to configure the server depends on what software is
used on the server, so there's not much more to say right now.
-Ben
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
rieve and save certificate chain from server
> c) determine OCSP URL or CRL list URL
> d1) verify cert against OCSP source OR
> d2) download CRL; then verify cert against CRL
>
> Up to c), everything is straightforward. We use openssl 1.0.1e-60.el7 from
> current CentOS 7.
try this
What version of openssl? I'm guessing 1.0.2.
Put this line inyour code
ERR_load_ERR_strings();
And youll get a more informative message.
My main guess is that your allocation for the PEM buffer is too small -- is
key/key_len pointing to a static buffer?
--
openssl-users
"ls path2 file" from error message and got error "not found error". I
change slashes and vise versa.
How can tell configure to generate makefile with backslashes? May be another
solutions exists?
Fiodar Stryzhniou
--
openssl-users mailing list
To unsubscribe: https://mt
I need in autogenerated files headers, asm, others. Project will migrate to
Symbian build system then.
Fiodar Stryzhniou
исходное сбщ
Тема: Re: [openssl-users] Msys doesn't handle forward slashes in makefile
От: Jakob Bohm <jb-open...@wisemo.com>
Дата: 28.11.2016 23.29
On 28/11/2016
Hi! This directory should build when each dir in crypto/ builded as separate
dll, isn't it? This directory contain module loader, right?
I googled with "crypto/dso purpose" without luck.
Fiodar Stryzhniou
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailma
On 18.12.2016 17:21, sahorwitz wrote:
I am obviosly a newbie and missing something. How then do I encrypt the file
on one machine (little endian), transmit it to another machine (big endian)
and decrypt it there?
similar to this:
encrypt
openssl enc -e -in file -out encryptfile -aes-256-gcm
ing FAQ lists, should be found on
this system using "man perl" or "perldoc perl". If you have access to the
Internet, point your browser at http://www.perl.org/, the Perl Home Page.
Jeremy Farrell>> Jeremy Farrell>> perl -e 'print $^X,"\n";'
C:\msys64\mingw
or
./Configure options. This is the output of ./Configure after setting only the
CFLAGS env var:
$ export "CFLAGS=-03"$ ./Configure mingw64 --prefix=/usr/local zlib shared
Configuring OpenSSL version 1.1.0c (0x1010003fL)
no-asan [default] OPENSSL_NO_ASAN
no-crypto-mdebu
From: Jeffrey Walton <noloa...@gmail.com>
via openssl-users <openssl-users@openssl.org> wrote:
> http://stackoverflow.com/q/40948353/608639
In my original note, I explained that I'd done something similar to what the
above stackoverflow.com entry suggested:
>> I did ed
ild 0.4212-1 [installed]
Build, test, and install Perl modules
msys/perl-Net-HTTP 6.09-1 (perl-modules) [installed]
Low-level HTTP connection (client)
msys/perl-Net-SMTP-SSL 1.02-1 (perl-modules) [installed]
SSL support for Net::SMTP
msys/perl-Net-SSLeay 1.72-1 (perl-modules) [installed]
Pe
> After commented out the line "EVP_PKEY_CTX_set_rsa_padding(ctx,
> RSA_NO_PADDING)",? it worked well.
You need to do some reading about basic RSA cryptography. Signatures are
padded out to the keysize.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/
Dear friends,
Someone can tell me what function is called for retrieve public key from x509
cert? in the case of EC public key?
Best regards.
Il Lunedì 27 Marzo 2017 10:26, "openssl-users-requ...@openssl.org"
<openssl-users-requ...@openssl.org> ha scritto:
Send opens
Those are curl functions, not openssl
--
Senior Architect, Akamai Technologies
Member, OpenSSL Dev Team
IM: richs...@jabber.at Twitter: RichSalz
From: ghanashyam satpathy [mailto:ghanashyam.satpa...@gmail.com]
Sent: Saturday, March 25, 2017 10:05 AM
To: openssl-users@openssl.org
Subject
() or X509_get0_pubkey().
If IEEE certs differ in format, you must first know the exact byte
content, where the public key is in there, make sure it's encoded in
DER, and use d2i_EC_PUBKEY() to make a EC_KEY from those bytes.
Cheers,
Richard
--
Richard Levitte levi...@openssl.org
OpenS
Mercoledì 22 Marzo 2017 18:48, "openssl-users-requ...@openssl.org"
<openssl-users-requ...@openssl.org> ha scritto:
Send openssl-users mailing list submissions to
openssl-users@openssl.org
To subscribe or unsubscribe via the World Wide Web, visit
https://mta.openssl.org/
Mercoledì 15 Marzo 2017 22:23, "openssl-users-requ...@openssl.org"
<openssl-users-requ...@openssl.org> ha scritto:
Send openssl-users mailing list submissions to
openssl-users@openssl.org
To subscribe or unsubscribe via the World Wide Web, visit
https://mta.openssl.org/
Il Mercoledì 22 Marzo 2017 19:01, Ethan Rahn <ethan.r...@gmail.com> ha
scritto:
Couldn't you just use EVP_PKEY_get1_EC_KEY?
https://www.openssl.org/docs/man1.0.2/crypto/EVP_PKEY_get1_EC_KEY.html
Cheers,
Ethan
On Wed, Mar 22, 2017 at 10:48 AM, Christian Adja via openssl-users
> For encrypting user data such as user's password, could I use PKCS#1 or OAEP
> padding mode?
If you do not know what you are doing, use the defaults.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
> Say someone would be able to gather several clear text AES keys and their
> respective asymmetrically encrypted RSA blocks. Would it weakens the security
> of the RSA key pair ? I mean could it be easier for someone using that
> information to brute force an RSA key pair ?
No
> However, is crypto library thread-safe?
Check out this blog entry:
https://www.openssl.org/blog/blog/2017/02/21/threads/
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Hi everyone,
Someone can help for adding the ciphersuite " ECDHE_ECDSA_WITH_AES_128_CCM "
and "ECDHE_ECDSA_WITH_AES_256_CCM " in openssl?
I tried adding in the file tls1.h # define
TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM 0x0300C0AC
# define TLS1_CK_ECDHE_EC
> It takes a long time. Is there some way to have it use all available cores
> instead of just the one?
You'll have to write the code to do that parallelism yourself.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
> Are you suggesting that I should modify openssl myself to expose that
> functionality or are suggesting that there is a way to do that given the
> already
> exposed functionality? If it is the latter could you point me in the right
> direction?
OpenSSL code does not do what yo
to be a potentially
significant behavioral change. We want to understand it better.
--
-Todd Short
// tsh...@akamai.com<mailto:tsh...@akamai.com>
// "One if by land, two if by sea, three if by the Internet."
On Apr 3, 2017, at 4:43 PM, Viktor Dukhovni
<openssl-us...@dukhovni.or
On 04/04/2017 10:39 AM, Viktor Dukhovni wrote:
>> On Apr 4, 2017, at 10:41 AM, Short, Todd via openssl-users
>> <openssl-users@openssl.org> wrote:
>>
>> Ben Kaduk:
>>
>> Do we know the values that are being passed to SSL_CTX_set_verify_depth()
No, the functions you want aren’t provided right now. What are you trying to
do? Why are you modifying the session, outside of the TLS protocol?
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>>in my case, i need to initialize the SSL , and set parameters as same
as client and server (depending on direction ) and call OpenSSL to decrypt the
data.
>>before openSSL 1.1.0 as all member variables could be set, it was easy
task,
>> now i do face issue
> I thought about escaping regarding DN itself (LDAP DN).
Look up the -nameopt flag in, say, x509.pod Then if you need C code, trace
through what apps/x509.c does.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
You need to learn what CBC mode is. Block ‘n’ feeds into block ‘n+1’ The
behavior you describe is not wrong.
Blocks are padded, so only read outlen bytes.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
has to read a file from local filesystem and send the
> content to the client.
> Server configurations:
> FIPS: Enabled
> SSL Protocol: TLSv1.2
> Cipher: AES256-SHA
The OpenSSL PRNG story is currently not so great, yes.
But maybe you
No, you must have a chain up to a local trust anchor.
You can install the intermediate in your trust store.
--
Senior Architect, Akamai Technologies
Member, OpenSSL Dev Team
IM: richs...@jabber.at Twitter: RichSalz
From: Lei Kong [mailto:leik...@msn.com]
Sent: Thursday, April 20, 2017 9:38 PM
> The OpenSSL documentation makes it clear
> that you must keep calling the same asynchronous function with the same
> parameters until the async job has completed.
Is there a way we can (relatively cheaply) check for that type of programming
error and return an "in progress
Don't call the init
function, call the new function. And then that has rippling changes in your
code.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
. Thanks for all
your participation, folks!
--
Senior Architect, Akamai Technologies
Member, OpenSSL Dev Team
IM: richs...@jabber.at Twitter: RichSalz
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-- find me in Chicago and I can answer questions, Robert :)
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Already fixed.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
No, it does not do this automatically.
if the nounce _explicit overflows or overlaps , then does openssl code
handles it (atleast by initiating renegotiation )?
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
> If so, would it be possible in principle to decrypt an encrypted PKCS#7
> envelope only knowing which AES key was used ?
Yes. But maybe not with the openssl api's :)
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
> Is there a way in openssl we can extract the protocol(TLS/DTLS ) handshake
> information, like in clienthello, the protocol version, ciphersuites
> offered, Random, session id etc.
Look at the code in apps/s_client and apps/s_server and see what it prints in
various de
. Please post your code here. It should be something
like
char key[2048];
int keylen = sizeof key;
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
On 04/02/2017 07:42 PM, Jeffrey Walton wrote:
> I was looking at Kurt Roeckx 's patches for OpenSSH at
> https://github.com/openssh/openssh-portable/pull/48/files. See
> libcrypto-compat.h and libcrypto-compat.c.
>
> Are the source files distributed by OpenSSL? If so, where
er versions if
needed in order to interoperate with the peer. It's not entirely clear
whether your question was about restricting to specifically the highest
version, to the exclusion of older versions.
-Ben
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
]
gost = gost_section
[gost_section]
default_algorithms=ALL
engine_id=gost
openssl ciphers | tr ":" "\n" | grep GOST
GOST2001-GOST89-GOST89
GOST94-GOST89-GOST89
openssl list-message-digest-algorithms | grep gost
gost-mac
md_gost94
gost-mac
md_gost94
openssl shows me GOST.
-
crypto.num
# Found 1724 missing from util/libcrypto.num
# Found 464 in util/libssl.num
# Found 64 missing from util/libssl.num
# Checking macros (approximate)
# Found 246 macros missing (not all should be documnted)
Thanks for all your help in improving OpenSSL!
--
openssl-users mailing list
To u
> It would be nice if the OpenSSL devs ate their own dogfood and suffered
> that inefficient crap. I would wager that crap would change.
There is a price to be paid with opaque structures. In most cases the benefits
are worth it.
I'm curious why you want that. A small PR with doc and fu
➢ So, in summary, do I need to ensure cert serial numbers are unique for my CA?
Why would you not? The specifications require it, but those specifications are
for interoperability. If nobody is ever going to see your certs, then who cares
what’s in them?
--
openssl-users mailing list
Thanks for the help,
DSA *pDSA = d2i_DSA_PUBKEY(NULL, (const unsigned char **) , dwKeySize);
bool bRet = false;
if (pDSA)
{
bRet = DSA_verify(0, signature, 20, (BYTE *) pFile, dwSize, (DSA *) pDSA)
== 1 ? true : false;
DSA_free(pDSA);
}
Jason
--
openssl-users mailing list
To unsubscribe: https
Key = data
and then use in your call
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
➢ Is there anyway to display the basic ASN.1 structure here so I can see
what was stored in the cert?
openssl asn1parse
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
On 08/14/2017 11:30 PM, Vakul Garg wrote:
>
> Hi
>
>
>
> I am using openssl s_server and s_client with ‘-msg’ option to track
> tls1.2 records being exchanged.
>
> I notice that while transmitted change_cipher_spec record gets printed.
>
> But the recep
What OpenSSL does is not necessarily obvious. The INSTALL document talks about
the no-asm configuration option. Details about what the assembler code does in
terms of optimization are only available by reading the source code comments in
the various Perl files that generate the assembler
> May be my email subject is a little confusing. I'll put my question directly.
>
> If I configure my server with the string "HIGH+TLSv1.2:!MD5:!SHA1", will it
> support 3DES?
No, as I showed.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
a
> and then use in your call
>
>
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Please read what I wrote.
The d2i functions *modify the pointer they are given.* You have to give them a
temporary copy.
--
Senior Architect, Akamai Technologies
Member, OpenSSL Dev Team
IM: richs...@jabber.at Twitter: RichSalz
From: Jason Qian [mailto:jq...@tibco.com]
Sent: Friday, August 11
;
> And further it seems you are saying there is no support for HMN at all.
Right.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Though I am assuming from a prior comment that even if it were added
> today, it would not be available until the 1.1.1 release?
Right. But someone could always backport the changes to their own 1.1.0
release.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/list
> My challenge comes to subjectAltName and its subfield
> hardwareModuleName
> per RFC 4108. I guess I am not 'getting' the subjectAltName section of
> 'man x509v3_config'.
Not all forms of SAN names are supported. If you look in
include/openssl/x509v3.h you see the followi
➢ I'd just like to quickly reach out to let you know that we released a new
(open source) network engine in which we also utilize the OpenSSL library and
want to thank you for the work you put into OpenSSL.
Congratulations. Please post a link, especially since it is open source
X25519 does not use DH parameters.
If you don’t set the parameters with a callback, or generate them and tell
openssl to use them, then EDH will not be used. Not that EDH is *not* the same
as ECDHE.
Don’t use DH, use X25519, for a number of reasons. Search “25519” to find more.
--
openssl
I will check with OpenSSH team on this. Thanks for the info.
Regards,
Sravani
On Mon, Jul 10, 2017 at 12:05 PM, Jeffrey Walton <noloa...@gmail.com> wrote:
> On Mon, Jul 10, 2017 at 2:01 AM, Sravani Maddukuri via openssl-users
> <openssl-users@openssl.org> wrote:
> >
In TLS 1.3 the “time” field went away.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Dear Concern,
Can you please update me on my below query?
Does openssl 1.1.0f version support building Openssh7.2p2 and
above versions?
Regards,
Sravani
On Fri, Jul 7, 2017 at 2:33 PM, Sravani Maddukuri <
sravani.madduk...@broadcom.com> wrote:
> Dear Concern,
>
> I am usin
Thanks for the update Jeff.
Is there any plans in the future to get the support of OpenSSL 1.1.0 for
OpenSSH?
Regards,
Sravani
On Mon, Jul 10, 2017 at 9:18 AM, Jeffrey Walton <noloa...@gmail.com> wrote:
> On Sun, Jul 9, 2017 at 11:31 PM, Sravani Maddukuri via openssl-users
> &l
.2. So no, we
should not recommend TLS 1.2 resumption on the LAN -- we should
recommend the more secure option! If you continue to believe that
latency trumps everything else, you could experiment with
SSL_OP_ALLOW_NO_DHE_KEX to cut out some of the heavier-weight asymmetric
crypto, though it looks like you'd want to patch
ssl/statem/extensions_clnt.c to not send TLSEXT_KEX_MODE_KE_DHE, as I
don't see a way to configure the server to prefer the non-DHE PSK key
exchange.
-Ben
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
If you want to use those ciphers, you need to set SECLEVEL=0 when you specify
the ciphers.
I have no idea how to do that for the OpoenSSL C# binding. Maybe post an issue
on openssl-net?
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
401 - 500 of 1635 matches
Mail list logo