[openssl-users] free certs: bad idea wosign/startcom/startssl/startencrypt; good alt's

this is a re-worked report i prepared that some might find useful.* CAUTION:* there are several seriously troubling events surrounding WoSign *^1 * (AKA startcom, AKA startssl, and AKA startencrypt) and any of their affiliated/subsidiary businesses: 1. wosign purchased

Re: [openssl-users] free certs: bad idea wosign/startcom/startssl/startencrypt; good alt's

Folks might find this article, *and the things it links to* as useful starting points. https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-startcom-certificates/ I am not sure if general discussion of CA trust issues is appropriate for openssl-users. -- Senior Architect,

Re: [openssl-users] 1.1.0b fails to negotiate with an old OpenSSL client

The old version is probably using DH keys that are too small. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Enabling FIPS on an custom embedded system.

Hi all, I have built the FIPS module into our Platform but I am stuck at the point to enable it. We need FIPS to be enabled « Platform wide » not just for one application. I have read the documentation and search on the web for answer but it seem that I would have to modify a package or

[openssl-users] 1.1.0b fails to negotiate with an old OpenSSL client

1.1.0b fails to negotiate from an old program that uses OpenSSL. The same old program can connect to 1.0.2h without any problem. Here is the debug log of the server. Maybe someone can point me in the right direction what the problem might be. openssl s_server -debug -state -bugs -serverpref

[openssl-users] Different size of openssl libraries

Hi, I am trying to build openssl 1.0.2j. for windows. Everytime I different size of libraries. Is it depends on path ? Best Regards Devang -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Enabling FIPS on an custom embedded system.

On 10/26/2016 04:37 PM, Eric Tremblay wrote: > Hi all, > > __ __ > > I have built the FIPS module into our Platform but I am stuck at the > point to enable it. > > __ __ > > We need FIPS to be enabled « Platform wide » not just for one > application. > > __ __ > > I have read the

Re: [openssl-users] Enabling FIPS on an custom embedded system.

Hi Steve, Thanks for the quick reply. That is what I had understand from my reading but wasn't sure. My next question is about OpenSSH. There is no official support in OpenSSH for FIPS at the moment right ? Thanks Eric On Wed, Oct 26, 2016 at 5:04 PM, Steve Marquess

Re: [openssl-users] Enabling FIPS on an custom embedded system.

No. You can check with the OpenSSH mailing list, but I’m pretty darned sure the answer is no. --- Scott Neugroschl | XYPRO Technology Corporation 4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 | From: openssl-users

Re: [openssl-users] 1.1.0b fails to negotiate with an old OpenSSL client

On 26/10/16 21:06, Michael Kocum wrote: > 1.1.0b fails to negotiate from an old program that uses OpenSSL. > The same old program can connect to 1.0.2h without any problem. > > Here is the debug log of the server. Maybe someone can point me in the right > direction what the problem might be. >