be happy with pointers to any other tool
beside openssl that is capable of doing so (preferrably free,
commandline and linux-compatible).
cu,
--
Hanno Böck
http://hboeck.de/
mail/jabber: ha...@hboeck.de
GPG: BBB51E42
signature.asc
Description: PGP signature
This patch allows the Configure script to detect the ar and cc command via
environment variables. Taken from Gentoo package.
Please apply.
--
Hanno Böck Blog: http://www.hboeck.de/
GPG: 3DBD3B20 Jabber/Mail:[EMAIL PROTECTED]
--- Configure
+++ Configure
Taken from Gentoo Linux, please apply.
--
Hanno Böck Blog: http://www.hboeck.de/
GPG: 3DBD3B20 Jabber/Mail:[EMAIL PROTECTED]
respect $MAKE if it is set in the environment so we don't get a mix
of the host `make` and whatever $MAKE is set to when recursing
- cryptographically - aware what that means -
perfect forward secrecy and such).
What is ECDHE, is it better than just ECDH and what's the difference?
Yours,
--
Hanno Böck mail/jabber: ha...@hboeck.de
GPG: BBB51E42 http://www.hboeck.de/
signature.asc
Description: PGP
domainpart. For example, *.env does not
match abc.abc.env - you'd need *.*.env then
--
Hanno Böck mail/jabber: ha...@hboeck.de
GPG: BBB51E42 http://www.hboeck.de/
signature.asc
Description: PGP signature
there is no sha2-algorithm. sha2 is an
(afaik inofficial) name for a whole number of functions - sha256,
sha384, sha512 and sha224.
--
Hanno Böck mail/jabber: ha...@hboeck.de
GPG: BBB51E42 http://www.hboeck.de/
signature.asc
Description: PGP signature
be more complex,
but you won't find any of them in the wild.
You'll also rarely find anything else than sha1 today - md5 and
earlier are (luckily) almost distinct and for strange reasons CAs seem
to resist the idea of replacing sha1 with the more secure
sha256/sha512-algorithms.
--
Hanno Böck
.
Is there any software out there that doees anything with heatbeat? And
more specifically: If there is, is it using TCP or UDP?
cu,
--
Hanno Böck
http://hboeck.de/
mail/jabber: ha...@hboeck.de
GPG: BBB51E42
signature.asc
Description: PGP signature
On Sun, 13 Apr 2014 13:12:41 +0200
Graham Leggett minf...@sharp.fm wrote:
On 13 Apr 2014, at 12:25 PM, Hanno Böck ha...@hboeck.de wrote:
Is there any software out there that doees anything with heatbeat?
And more specifically: If there is, is it using TCP or UDP?
The RFC answers
a new signature, but I'm not sure. Others may
know more.
--
Hanno Böck
http://hboeck.de/
mail/jabber: ha...@hboeck.de
GPG: BBB51E42
signature.asc
Description: PGP signature
On Wed, 16 Apr 2014 05:25:58 -0500
Tom Browder tom.brow...@gmail.com wrote:
Is OpenSSL participating in the Coverity free scanning program for
open source software?
Don't know.
If not, it might have caught the Heartbleed
bug.
No.
http://blog.regehr.org/archives/1128
--
Hanno Böck
http
software out there capable of creating such PSS-only-keys
was the IAIK java library.
[1] http://rsapss.hboeck.de/
--
Hanno Böck
http://hboeck.de/
mail/jabber: ha...@hboeck.de
GPG: BBB51E42
signature.asc
Description: PGP signature
two things here:
a) you can create RSASSA-PSS signatures with normal RSA key type.
Openssl supports that.
b) You can have specific RSASSA-PSS-only-keys that are not allowed to do
anything else. No support in OpenSSL as far as I know.
--
Hanno Böck
http://hboeck.de/
mail/jabber: ha...@hboeck.de
GPG
fallbacks that in fact
can invalidate all improvements of later tls versions.
These fallbacks also can happen by accident (e.g. bad connections) and
sometimes disable features like SNI.
That's why I recommend to everyone that we need at least to deprecate
SSLv3.
--
Hanno Böck
http://hboeck.de
cking bio (but that was totally
confusing) etc.
Any help apprechiated.
--
Hanno Böck
https://hboeck.de/
mail/jabber: ha...@hboeck.de
GPG: BBB51E42
#include
int main()
{
SSL_CTX *ctx;
BIO *bio;
SSL *ssl;
char *buf[1024];
int r, i;
char *request = "GET / HTTP/1.1\r\nHost: x\r\n\r\n"
like compression.
Thanks, that was it. if I look at the data coming that's exactly how it
looks like. (I still wonder why apache does that - for a 404 error
page - but at least now I know what's going on)
--
Hanno Böck
https://hboeck.de/
mail/jabber: ha...@hboeck.de
GPG: BBB51E42
pgpxK76e7wkm
far away from openssl, so I hope nobody is
annoyed by offtopic discussion (and I think we can close it here), just
as people were speculating and it seemed to have generated quite
some interest I wanted to give a final answer what the cause was.
--
Hanno Böck
https://hboeck.de/
mail/jabber
on the protocol level? Are these TLS records? TCP
packets? Is there something horribly wrong with my server config
because it splits them up in so many small parts?
--
Hanno Böck
https://hboeck.de/
mail/jabber: ha...@hboeck.de
GPG: BBB51E42
pgpRMVHUyuZPY.pgp
Description: OpenPGP digital signature
long expired.
So my (and I think most others) impression is that DSA in TLS is as
dead as it can be and probably the most sane move for OpenSSL would be
to just remove it. Given that I'd like to know why you seem to have
chosen to still use DSA.
--
Hanno Böck
https://hboeck.de/
mail/jabber: h
5/262.pdf
--
Hanno Böck
https://hboeck.de/
mail/jabber: ha...@hboeck.de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
pgpWNUILUIlJK.pgp
Description: OpenPGP digital signature
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
long the IV is for that particular cipher mode. For
GCM using random IVs is not exactly recommended, better use a counter
if you can keep state. But if you only encrypt small amounts of data
per key a random IV is doable.
--
Hanno Böck
https://hboeck.de/
mail/jabber: ha...@h
you will
plausibly keep this secure. Bleichenbacher attacks may be the least of
your worries.
--
Hanno Böck
https://hboeck.de/
mail/jabber: ha...@hboeck.de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
version with a client that uses the final TLS 1.3
version. This obviously fails.
Long story short: If you happen to use such an OpenSSL pre version
you'll likely have connection issues as more and more software will
support TLS 1.3. So please update as soon as possible.
--
Hanno Böck
https
her modes (cbc, cfb, ofb, ecb) and has
exactly the malleability vulnerability the original poster was asking
about (including a wide variety of obscure and some insecure ciphers). I
don't think this should be recommended.
--
Hanno Böck
https://hboeck.de/
mail/jabber: ha...@hboeck.de
an authenticated encryption mode, but it comes close.
--
Hanno Böck
https://hboeck.de/
mail/jabber: ha...@hboeck.de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
25 matches
Mail list logo
