Re: [openssl-users] Getting error 'SSLv2_client_method': identifier not found

On 29/06/16 01:03, Jeffrey Walton wrote: > On Mon, Jun 27, 2016 at 3:49 PM, Michael Wojcik > wrote: >> SSLv2 is no longer supported, and neither are the SSLv2_*_method calls. (And >> yes, this causes build problems when updating to newer OpenSSL builds; and >>

[openssl-users] Using SSL with wokring sockets and events

I have a running program, the program is written in C I want to convert it from connecting to an HTTP to HTTPS (SSL) I have an event for write/read/timeout/error and such How do I continue and use the current sockets FD I have, but using openSSL over it? the most easy and simple way? I have

[openssl-users] OpenSSL s_time output meaning

Using the `$ openssl s_time -connect localhost:443 -new -time 30` command gives this output: No CIPHER specified Collecting connection statistics for 30 seconds ** etc. 8102 connections in 12.65s; 640.47 connections/user sec, bytes read 0 8102 connections in 31 real seconds, 0 bytes read

Re: [openssl-users] Using SSL with wokring sockets and events

On 29/06/2016 10:46, Oz wrote: I have a running program, the program is written in C I want to convert it from connecting to an HTTP to HTTPS (SSL) I have an event for write/read/timeout/error and such How do I continue and use the current sockets FD I have, but using openSSL over it? the most

[openssl-users] Creating an X25519-based Certificate

Hello, How do I do this? Using the OpenSSL command line tool, a certificate request must be self-signed, but the X25519 elliptic curve (newly supported in version 1.1.0), doesn't do signature, it can only be used for key exchange. (Of course the X25519 Montgomery curve is birationally

Re: [openssl-users] Creating an X25519-based Certificate

> How do I do this? Using the OpenSSL command line tool, a certificate request > must be self-signed, but the X25519 elliptic curve (newly supported in > version 1.1.0), doesn't do signature, it can only be used for key exchange. You cannot do it. You should look at the CFRG documents on

Re: [openssl-users] Creating an X25519-based Certificate

On 29/06/2016 16:53, Salz, Rich wrote: How do I do this? Using the OpenSSL command line tool, a certificate request must be self-signed, but the X25519 elliptic curve (newly supported in version 1.1.0), doesn't do signature, it can only be used for key exchange. You cannot do it. You should

Re: [openssl-users] Creating an X25519-based Certificate

WellI can help with CFRG - its Crypto Forum Research Group. Mike On Wed, Jun 29, 2016 at 4:10 PM, Jakob Bohm wrote: > On 29/06/2016 16:53, Salz, Rich wrote: > >> How do I do this? Using the OpenSSL command line tool, a certificate >>> request must be self-signed, but

Re: [openssl-users] Creating an X25519-based Certificate

> 1. What is CFRG, I don't remember that acronym. Crypto Forum Research Group, part of the IETF's affiliated research group. Co-chair is Kenny Paterson of lucky-13 (etc). Useful documents here as well as pointers to the mailing list https://datatracker.ietf.org/rg/cfrg/documents/ > 2.

Re: [openssl-users] Creating an X25519-based Certificate

Bonjour, You may have a classic certificate containing your {X,Ed}{25519,448,whatever} public key once: * an OID is allocated to identify this type of public key (it will go into tbs.subjectPublicKeyInfo.algorithm.algorithm) * a set of associated optional parameters are defined for

Re: [openssl-users] Creating an X25519-based Certificate

Thanks Erwann, but that's not an answer to my question. To get the CA to sign (using RSA or anything) a certificate that contains an X25519 public key, that certificate must first submit to the CA something called a "Certificate request". This takes the form of the supplicant certificate, which

Re: [openssl-users] Creating an X25519-based Certificate

>as it objects that X25519 does not support signature.   To repeat: X25519 only supports key exchange. The 25519 signing mechanism is not yet defined. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Creating an X25519-based Certificate

> To repeat: X25519 only supports key exchange. The 25519 signing > mechanism is not yet defined. And see also: https://datatracker.ietf.org/doc/draft-ietf-curdle-pkix/ -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Creating an X25519-based Certificate

On Wed, Jun 29, 2016 at 6:21 PM, Salz, Rich wrote: > > > To repeat: X25519 only supports key exchange. The 25519 signing > > mechanism is not yet defined. > Which I don't have a problem with. But surely the openssl command line tool should provide a mechanism for allowing an

Re: [openssl-users] Creating an X25519-based Certificate

> But surely the openssl command line tool should provide a mechanism for > allowing an X25519-based certificate to be signed by a CA.  > Its seems that the "certificate request" protocol, which requires > self-signing, prevents this in this case. Yes, that is exactly the point. --

Re: [openssl-users] Creating an X25519-based Certificate

290620161352 On 6/29/16, Salz, Rich wrote: > >> But surely the openssl command line tool should provide a mechanism for >> allowing an X25519-based certificate to be signed by a CA. > >> Its seems that the "certificate request" protocol, which requires >> self-signing, prevents

Re: [openssl-users] Creating an X25519-based Certificate

tsets On 6/29/16, Abe Racioppo wrote: > 290620161352 > > On 6/29/16, Salz, Rich wrote: >> >>> But surely the openssl command line tool should provide a mechanism for >>> allowing an X25519-based certificate to be signed by a CA. >> >>> Its seems that

Re: [openssl-users] Creating multi-valued RDN with config (still not working)

Just following up... Sean On 6/18/2016 10:43 AM, Sean Leonard wrote: I am trying to create a multi-valued RDN with OpenSSL using a config file and the openssl req -x509 command, without success. According to the 2006 thread "Multi-value RDNs and openssl.cnf format"

Re: [openssl-users] Regarding FIPS capable openssl (I want to combine libcrypto.a and libssl.a)

Hi Steve, Thanks for the reply. Regards, Sahil On Wed, Jun 29, 2016 at 6:25 PM, Steve Marquess wrote: > On 06/29/2016 07:09 AM, Sahil Gandhi wrote: > > Hi Ken, > > > > Sorry for the late reply. I really appreciate your suggestion but I some > > how need to have static

Re: [openssl-users] Using SSL with wokring sockets and events

If you are intending to use asynchronous event based NIO library libuv, then you might like to use BIO pair. I have done some abstraction on top of openSSL so that it becomes easy for callback based async lib. May be you can have a look at it On Wed, Jun

Re: [openssl-users] Getting error 'SSLv2_client_method': identifier not found

> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf > Of Jeffrey Walton > Sent: Tuesday, June 28, 2016 18:04 > To: OpenSSL Users > Subject: Re: [openssl-users] Getting error 'SSLv2_client_method': identifier > not found > > On Mon, Jun 27, 2016 at 3:49 PM, Michael Wojcik >

Re: [openssl-users] Regarding FIPS capable openssl (I want to combine libcrypto.a and libssl.a)

On 06/29/2016 07:09 AM, Sahil Gandhi wrote: > Hi Ken, > > Sorry for the late reply. I really appreciate your suggestion but I some > how need to have static library not the dynamic one. You can statically link an application with the FIPS module, using the special "fipsld" link process, but you

Re: [openssl-users] Regarding FIPS capable openssl (I want to combine libcrypto.a and libssl.a)

Hi Ken, Sorry for the late reply. I really appreciate your suggestion but I some how need to have static library not the dynamic one. Thanks & Regards, -Sahil On Mon, Jun 27, 2016 at 2:43 PM, Ken Chow wrote: > I think you should refer the way of building Android