[openssl-users] Cipher preference, openssl vs browsers

2016-07-19 Thread Bogdan Harjoc
When connecting to a TLS1.2 webserver that uses a weak 512 bit DH key, I noticed that browsers select TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (chrome, firefox) and openssl due to the ciphers list selects TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA openssl s_client -connect 112.175.90.160:443

Re: [openssl-users] Cipher preference, openssl vs browsers

2016-07-19 Thread Jakob Bohm
On 19/07/2016 11:16, Bogdan Harjoc wrote: When connecting to a TLS1.2 webserver that uses a weak 512 bit DH key, I noticed that browsers select TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (chrome, firefox) and openssl due to the ciphers list selects TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA

[openssl-users] Help finding replacement for ASN1_seq_unpack_X509

2016-07-19 Thread Jim Carroll
OpenSSL 1.1.0 has upgraded the safestack.h macro system, but I'm having difficulty understanding the changes. I'm porting a piece of code from OpenSSL 0.9.8 that uses ASN1_seq_unpack_X509. In 0.9.8, safestack.h had this definition. #define ASN1_seq_unpack_X509(buf, len, d2i_func, free_func) \

Re: [openssl-users] Regarding Signature Algorithm: ecdsa-with-SHA512

2016-07-19 Thread Abhilash K.V
Hi Steve, This worked now. Thanks Thanks, Abhilash. On Mon, Jul 18, 2016 at 7:34 AM, Abhilash K.V wrote: > Hi Steve, > > Thanks for the information I was not aware of that. > > Yes, did that modification and now I am getting it as following (I passed > EVP_sha512()). > >

[openssl-users] Regarding OpenSSL_add_all_algorithms function

2016-07-19 Thread Abhilash K.V
Hi, Is there any issue in calling "OpenSSL_add_all_algorithms" multiple times in a program ? code is like this: constructor: OpenSSL_add_all_algorithms destructor: EVP_Cleanup I read some where that even if "OpenSSL_add_all_algorithms" called multiple times only the first call

Re: [openssl-users] Help finding replacement for ASN1_seq_unpack_X509

2016-07-19 Thread Dr. Stephen Henson
On Tue, Jul 19, 2016, Jim Carroll wrote: > OpenSSL 1.1.0 has upgraded the safestack.h macro system, but I'm having > difficulty understanding the changes. I'm porting a piece of code from > OpenSSL 0.9.8 that uses ASN1_seq_unpack_X509. In 0.9.8, safestack.h had this > definition. > > #define

[openssl-users] RSA sign message

2016-07-19 Thread Gabriel Ivașcu
Hi, I need to RSA sign a message using SHA256 as hash and PKCS1 v1.5 as padding. I am however confused about the *type* parameter of RSA_sign function [0] What is the value that I should use for *type* in my particular case? Thanks, Gabriel [0]

Re: [openssl-users] RSA sign message

2016-07-19 Thread Dr. Stephen Henson
On Tue, Jul 19, 2016, Gabriel Iva??cu wrote: > Hi, > > I need to RSA sign a message using SHA256 as hash and PKCS1 v1.5 as padding. > > I am however confused about the *type* parameter of RSA_sign function [0] > > What is the value that I should use for *type* in my particular case? > If you