Re: [openssl-users] Openssl software failure for RSA 16K modulus

1: I didn't get it, Why this behaviour is not coming for other ciphers while doing the server/client handshake? It should fail for other ciphers also. Ciphers: working DHE-RSA-AES128-SHA ECDHE-RSA-AES256-GCM-SHA384 .. etc Ciphers: Not working AES128-SHA AES256-SHA .. etc

[openssl-users] Openssl software failure for RSA 16K modulus

This issue, I'm facing for openssl-1.0.2e/g/h version. Run openssl server: Used 16K Certificate and Key ./openssl s_server -cert sercert16384.pem -key server16384 Run openssl client: ./openssl s_client -connect :port_number -cipher AES128-SHA -tls1 ERROR 139812135450280:error:1408E098:SSL

Re: [openssl-users] Openssl software failure for RSA 16K modulus

> By raising the limit, you don't suddenly put every application at risk of a > DoS, > because these applications won't suddenly use a 16k RSA key. Instead of raising the limit of client key exchange message length more than 2048, why can't we add the "ssl3_check_client_hello" functionality

Re: [openssl-users] Openssl software failure for RSA 16K modulus

> The DoS issue is still there. How can you prevent the "other side" from > consuming all your CPU with a large key? > Who needs 16K RSA keys, such that openssl by default should support that for > everyone? We have cryptographic accelerators on cavium platforms which minimize CPU usage. So

[openssl-users] Openssl-1.0.1e RSA 8k is getting fail for client authentication while doing Normal Handshake

Commands Used: x86_server: openssl s_server -cert sercert8192.pem -key serverkey8192 -Verify CAcert.pem x86_client: openssl s_client -cert clientcert8192.pem -key clientkey8192 -connect : -cipher AES128-SHA - Error log: x86( Server): verify error:unable to verify the first certificate x86

[openssl-users] how to generate test8192 input data for d2i_RSAPrivateKey(....) ?

How to generate **inp for d2i_RSAPrivateKey? RSA *d2i_RSAPrivateKey(RSA **out, const uint8_t **inp, long len) We are having test512 to test4096 modulus data. How can I generate for test8192 modulus data? Regards, Saurabh -- openssl-users mailing list To unsubscribe:

[openssl-users] Can you suggest any technical name for changing sources from openssl-1.0.2 to openssl-1.1.0?

Can you please suggest any technical name for changing sources from openssl-1.0.2 to openssl-1.1.0 because we are supporting both openssl versions and To maintain these sources we are using #ifdef and #else preprocessor statement. We are looking some technical to make the difference between

[openssl-users] Facing issue while using -engine flag for rsa/dsa speed test in openssl-1.1.0b

Facing issue while using -engine flag for rsa/dsa speed test in openssl-1.1.0b but It's working for digest or symmetric apis. Commands Used: Not Working ./openssl speed rsa -engine ../engines/dasync.so Error: speed: Unknown algorithm -engine Commands Used: Working ./openssl speed -evp md5

[openssl-users] Failed to load libssl.so.1.1 while execuitng openssl comand

I tried to execute ./openssl s_server command in the latest Openssl Version 1.1.0c after doing Openssl compilation steps: ./config make make test make install and It's throwing this error below: ./openssl: error while loading shared libraries: libssl.so.1.1: cannot open shared object file: No

[openssl-users] Facing issues with dynamic loading engine RSA methods using e_capi.so library in openssl-1.1.0b.

I tried to dynamically load e_capi.so engine example on openssl version 1.1.0b present in the openssl engine directory but not able to offload RSA methods. Commands Used: (i) ./openssl speed rsa -engine ../engines/capi.so Error: speed: Unknown algorithm -engine (ii) ./openssl s_server -engine