1: I didn't get it, Why this behaviour is not coming for other ciphers while
doing the server/client handshake?
It should fail for other ciphers also.
Ciphers: working
DHE-RSA-AES128-SHA
ECDHE-RSA-AES256-GCM-SHA384
.. etc
Ciphers: Not working
AES128-SHA
AES256-SHA
.. etc
This issue, I'm facing for openssl-1.0.2e/g/h version.
Run openssl server: Used 16K Certificate and Key
./openssl s_server -cert sercert16384.pem -key server16384
Run openssl client:
./openssl s_client -connect :port_number -cipher AES128-SHA -tls1
ERROR
139812135450280:error:1408E098:SSL
> By raising the limit, you don't suddenly put every application at risk of a
> DoS,
> because these applications won't suddenly use a 16k RSA key.
Instead of raising the limit of client key exchange message length more than
2048, why can't we add the
"ssl3_check_client_hello" functionality
> The DoS issue is still there. How can you prevent the "other side" from
> consuming all your CPU with a large key?
> Who needs 16K RSA keys, such that openssl by default should support that for
> everyone?
We have cryptographic accelerators on cavium platforms which minimize CPU
usage. So
Commands Used:
x86_server:
openssl s_server -cert sercert8192.pem -key serverkey8192 -Verify CAcert.pem
x86_client:
openssl s_client -cert clientcert8192.pem -key clientkey8192 -connect
: -cipher AES128-SHA -
Error log:
x86( Server):
verify error:unable to verify the first certificate
x86
How to generate **inp for d2i_RSAPrivateKey?
RSA *d2i_RSAPrivateKey(RSA **out, const uint8_t **inp, long len)
We are having test512 to test4096 modulus data. How can I generate for test8192
modulus data?
Regards,
Saurabh
--
openssl-users mailing list
To unsubscribe:
Can you please suggest any technical name for changing sources from
openssl-1.0.2 to openssl-1.1.0 because we are supporting both openssl versions
and To maintain these sources we are using #ifdef and #else preprocessor
statement.
We are looking some technical to make the difference between
Facing issue while using -engine flag for rsa/dsa speed test in openssl-1.1.0b
but It's working for digest or symmetric apis.
Commands Used: Not Working
./openssl speed rsa -engine ../engines/dasync.so
Error:
speed: Unknown algorithm -engine
Commands Used: Working
./openssl speed -evp md5
I tried to execute ./openssl s_server command in the latest Openssl Version
1.1.0c after doing Openssl compilation steps:
./config
make
make test
make install
and It's throwing this error below:
./openssl: error while loading shared libraries: libssl.so.1.1: cannot open
shared object file: No
I tried to dynamically load e_capi.so engine example on openssl version 1.1.0b
present in the openssl engine directory but not able to offload RSA methods.
Commands Used:
(i)
./openssl speed rsa -engine ../engines/capi.so
Error:
speed: Unknown algorithm -engine
(ii)
./openssl s_server -engine
10 matches
Mail list logo