RE: UAC related errors on windows 7 64-bit with Application Verifier

build. -- Michael Wojcik Technology Specialist, Micro Focus This message has been scanned for malware by Websense. www.websense.com __ OpenSSL Project http://www.openssl.org User Support Mailing

RE: Server ECDSA certificate requirements for 1.0.1f?

://wiki.wireshark.org/SSL to start; the wireshark.org search function finds a lot more information about SSL/TLS dissection. -- Michael Wojcik Technology Specialist, Micro Focus This message has been scanned for malware by Websense. www.websense.com

RE: Certificate chain verification in-memory using X509's?

-ctx http://www.openssl.org/docs/ssl/SSL_CTX_set_cert_store.html This may also be useful: http://stackoverflow.com/questions/16291809/openssl-programatically-verify-certificate-chain-in-c-in-memory-certs -- Michael Wojcik Technology Specialist, Micro Focus This message has been scanned

RE: Openssl 1.01f installs broken headers using VC++ 2013

. -- Michael Wojcik Technology Specialist, Micro Focus This message has been scanned for malware by Websense. www.websense.com __ OpenSSL Project http://www.openssl.org User Support Mailing List

RE: OpenSSL PKI Tutorial updated

in certificate signature algorithms. -- Michael Wojcik Technology Specialist, Micro Focus This message has been scanned for malware by Websense. www.websense.com :��IϮ��r�m (Z+�K�+1���x��h[�z�(Z+���f�y���f���h��)z{,���

RE: where are key usages checked?

, but it appears to be what you're looking for. -- Michael Wojcik Technology Specialist, Micro Focus This message has been scanned for malware by Websense. www.websense.com __ OpenSSL Project http

RE: using ssl in http protocol

SHOULD use "HTTP/1.1" as its HTTP-Version, and MUST use "HTTP/1.1" if it uses any features not compatible with HTTP/1.0 - such as persistent connections. Michael Wojcik [EMAIL PROTECTED] MERANT Department of English, Miami University __

RE: HELP NEEDED: Persist connection

se if the client did not include a valid Keep-alive header requesting a persistent connection. (The server MAY close the connection after returning the response even if the client did request a persistent connection; it's not bound by the client's request.) This isn't a OpenSSL problem. Mic

RE: Question on PRNG's and entropy

o vet your application. Michael Wojcik [EMAIL PROTECTED] MERANT Department of English, Miami University __ OpenSSL Project http://www.openssl.org User Support Mailing List

RE: Timeout problems?

amespace. It's probably too late to fix OpenSSL now, though.) Michael Wojcik [EMAIL PROTECTED] MERANT Department of English, Miami University __ OpenSSL Project http://w

RE: Message status - undeliverable remedy ?

(or by me to someone else). Michael Wojcik [EMAIL PROTECTED] MERANT Department of English, Miami University __ OpenSSL Project http://www.openssl.org User Support Mailing List

RE: threads and ssl structures question

arget* is a DLL.) I believe people have reported running into this in the past on openssl-users. Michael Wojcik [EMAIL PROTECTED] MERANT Department of English, Miami University __ OpenSSL Project

RE: threads and ssl structures question

DLL hygiene, like the grown-up operating systems do.) Michael Wojcik [EMAIL PROTECTED] MERANT Department of English, Miami University __ OpenSSL Project http://www.openssl.org User Support

RE: [Gathering Entropy quickly for openSSL]

submit arbitrary SQL queries against web front-ended databases. That's a hell of a lot easier than breaking an SSL session by trying to predict the PRNG.) Gather ye entropy while ye may, but don't make it an obsession. You may overlook something else. Michael Wojcik [EMAIL PROTEC

RE: random state, openssl.cnf and RAND_edg(/var/run/egd-pool)

ontrol whether slow system calls restart (rather than failing with EINTR) when particular signals are raised, using flags to sigaction. I don't recall offhand whether UW is one. Personally, I prefer the EINTR loop, since it's more portable than relying on slow call restart. Michael Wojcik

RE: security in small signatures

But note in general that small signatures aren't going to be very secure. Michael Wojcik [EMAIL PROTECTED] MERANT Department of English, Miami University __ OpenSSL Project http://www.op

RE: Secure Telnet

that lack it. Michael Wojcik [EMAIL PROTECTED] MERANT Department of English, Miami University __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL

RE: Secure Telnet

secure session from any Java-equipped browser, SSH, and Kermit, and the infrastructure necessary to support public authentication. Give the users some options and gradually transition them away from the unsafe ones. Michael Wojcik [EMAIL PROTECTED] MERANT Department of Engli

RE: Ocotillo PRNG

. The Unix Programming FAQ from comp.unix.programmer documents using O_RDWR with no special cautions. Michael Wojcik [EMAIL PROTECTED] MERANT Department of English, Miami University __ OpenSSL Project

RE: OpenSSL AIX Shared Libraries

import/export files.) Try dump -nv *.a | awk '/ EXP / {print $NF}' to see a list of symbols exported by shared objects in your archives. Michael Wojcik Principal Software Systems Developer, Micro Focus Department of English, Miami University -Original Message- From: Jason Jesso

RE: OpenSSL AIX Shared Libraries

information one way or another. (By the way, first and second are already adverbs. No need to suffix them with ly.) Michael Wojcik Principal Software Systems Developer, Micro Focus Department of English, Miami University -Original Message- From: Jason Jesso [mailto:[EMAIL PROTECTED

RE: Tru64 4.0f BN_sqr test fail

. However, typically ld's -L option appends the specified directory to the search path, which means .. is the *last* directory to be searched for libcrypto.a. Does your system have another libcrypto.a, or shared object equivalent, that ld might be finding? Michael Wojcik Principal Software Systems

RE: Q about the darkspell gadgets

of course, a good HTTP/1.1 application should be paying attention to the Content-length header if present, or the Transfer Encoding, or whatever's applicable to that particular flow. (Content-length isn't present if the "chunked" Transfer Encoding is being used. See RFC 26

RE: BN functions and Solaris 7 'bc' disagree

lementation sufficient to pass all the BN tests? I don't know. Michael Wojcik [EMAIL PROTECTED] MERANT Department of English, Miami University __ OpenSSL Project http://www.openssl

RE: BN functions and Solaris 7 'bc' disagree

pto is Schneier's _Applied Cryptography_. Michael Wojcik [EMAIL PROTECTED] MERANT Department of English, Miami University __ OpenSSL Project http://www.openssl.org User Support Mailing

RE: setting random seed generator under Windows NT

ed attacker in the right place. With crypto PRNGs, you have two choices: use a complete implementation (from seeding on up) designed for the purpose from a source you trust, or study the subject in some depth before putting any trust in it whatsoever. Michael Wojcik [EMAIL PROTECTED] MERAN

RE: Certificate Authority

not a significant risk under my threat model.) A CA oversight or governing body might marginally increase safety, but there are much bigger risks that ought to be addressed first. Michael Wojcik [EMAIL PROTECTED] MERANT Department of English, Miami University

RE: Help with Blowfish decryption... please... can this be done?

t be taken from the output of a cryptographically strong PRNG, for example.) (By the way, DES doesn't have a 24-byte key. It has a nominal 64-bit key with 56 effective bits. 3DES with three distinct keys has a nominal key length of 192 bits or 24 bytes, but its effective key length is 168 bits.

RE: Certificate Authority

candidate - but on-line businesses typically aren't interested in taking that chance. If you are, fine. Michael Wojcik [EMAIL PROTECTED] MERANT Department of English, Miami University __ OpenS

RE: segfault when using crypto library inside netscape plugin (Solaris 2.6/Sparc/openssl-0.9.5a)

oader work.) Michael Wojcik [EMAIL PROTECTED] MERANT Department of English, Miami University __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL

RE: Cipher question...

ompression functions used to reduce bias in seed material, etc. Should be easy to find from one of the online RFC sources. Michael Wojcik [EMAIL PROTECTED] MERANT Department of English, Miami University __ OpenSSL Proj

RE: HTTPS Post

to me whether Scott was looking for HTTP protocol information, though, or OpenSSL API help. Scott? Michael Wojcik Principal Software Systems Developer, Micro Focus Department of English, Miami University -Original Message- From: Neff Robert A [mailto:[EMAIL PROTECTED]] Sent: Thursday

RE: OffTopic: Base64 over HTTPS

? Michael Wojcik402 438-7842 Software Systems DeveloperMicro Focus From: Mohan Atreya [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 30, 2002 8:03 AM I am having trouble sending Base64 data over HTTPS POST. Does anybody have any sample code that can encode the Base64

RE: OpenSSL 0.9.7-stable-SNAP-20020310

/ #endif is unnecessary and clutters the source. As of at least C90 #undef with a name that is not currently defined is ignored. See ISO 9899-1990 6.8.3.5. [And wouldn't openssl-dev be the more appropriate forum?] Michael Wojcik Principal Software Systems Developer, Micro Focus Department

RE: Duplicate Posts

standard, unfortunately) and it's too much effort. Michael Wojcik Principal Software Systems Developer, Micro Focus Department of English, Miami University -Original Message- From: Andrew T. Finnell [mailto:[EMAIL PROTECTED]] Sent: Monday, March 18, 2002 7:51 AM To: [EMAIL PROTECTED

RE: Who uses heartbeat?

everyone has good intentions. -- Michael Wojcik Technology Specialist, Micro Focus This message has been scanned for malware by Websense. www.websense.com __ OpenSSL Project http

RE: Could openssl foundation give itself rules not to accept money from intelligence agencies?

two quite different languages apart. -- Michael Wojcik Technology Specialist, Micro Focus This message has been scanned for malware by Websense. www.websense.com

RE: Getting error for libcrypto.a file in openssl-1.0.1g when making php

compiler options list. Michael Wojcik Technology Specialist Micro Focus michael.woj...@microfocus.commailto:michael.woj...@microfocus.com 519 West Ash Street Mason, MI 48854-1553 Direct:+1 517 639 0892 Mobile : +1 517 862 9464 From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us

RE: Distributing newly generated certificates via socket?

declared: // string certificate (pp, length); BIO_free (memoryBio); (Untested.) -- Michael Wojcik Technology Specialist, Micro Focus This message has been scanned for malware by Websense. www.websense.com :��IϮ��r�m (Z+�K�+1���x��h[�z�(Z+���f�y���f���h

RE: ASN1_bn_print

implementation, and the OpenSSL developers have, so that's hardly a compelling critique. They do the work; they get to make the decisions. -- Michael Wojcik Technology Specialist, Micro Focus This message has been scanned for malware by Websense. www.websense.com

RE: SSL Root CA and Intermediate CA Certs.

it, under your threat model. SSL/TLS raises that cost over unencrypted communications. But it doesn't raise it nearly as much as it ought to, thanks to broken protocols, broken implementations, broken PKI, mismanagement, and user error. -- Michael Wojcik Technology Specialist, Micro Focus

RE: Increment certificate serial numbers randomly

, incrementing serials. Whether that's a risk depends on your threat model. -- Michael Wojcik Technology Specialist, Micro Focus This message has been scanned for malware by Websense. www.websense.com

RE: slowness of _ssl.sslwrap() on first call

and does not carry hidden data around) thus cannot know about any sockets? -- Michael Wojcik Technology Specialist, Micro Focus This message has been scanned for malware by Websense. www.websense.com __ OpenSSL Project

RE: Increment certificate serial numbers randomly

. On Linux, UNIX, and iOS, use uuidgen (you may have to grab the source and build it). uuidgen is also available for Windows, e.g. as part of Cygwin. -- Michael Wojcik Technology Specialist, Micro Focus This message has been scanned for malware by Websense. www.websense.com

RE: Increment certificate serial numbers randomly

of the other proposals. Michael Wojcik Technology Specialist, Micro Focus From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Tim Hudson Sent: Tuesday, 29 April, 2014 16:32 To: openssl-users@openssl.org Subject: Re: Increment certificate serial numbers randomly

RE: whichever certificate loading first wins

certificate - why isn't it v3? I admit I don't understand the problem description from the original note, but it doesn't seem to match what we have with these three certificates. -- Michael Wojcik Technology Specialist, Micro Focus This message has been scanned for malware by Websense

RE: whichever certificate loading first wins

. Are you using a client certificate in the browser? Is it configured to send the certificate automatically, or to prompt you? Where did the client certificate come from? -- Michael Wojcik Technology Specialist, Micro Focus This message has been scanned for malware by Websense

RE: OpenSSL / GnuTLS / Certificate Installation HowTo

, a better approach would probably be a generic SSL/TLS tunnel utility like STunnel, or a VPN. -- Michael Wojcik Technology Specialist, Micro Focus This message has been scanned for malware by Websense. www.websense.com :��IϮ��r�m (Z+�K�+1���x��h[�z�(Z+���f�y���f���h

RE: SSL_read() and dropped (half-open) connections

and hairstyles that aren't identical to my hairstyle... -- Michael Wojcik Technology Specialist, Micro Focus This message has been scanned for malware by Websense. www.websense.com __ OpenSSL Project http

RE: CRL default_crl_days

any later than the indicated date. So yes, you can issue a new CRL before the date in the Next Update field. -- Michael Wojcik Technology Specialist, Micro Focus This message has been scanned for malware by Websense. www.websense.com

RE: SSL_read() and dropped (half-open) connections

From: owner-openssl-us...@openssl.org [mailto:owner-openssl- us...@openssl.org] On Behalf Of Tilman Sauerbeck Sent: Friday, 09 May, 2014 18:57 Michael Wojcik [2014-05-09 21:12]: From: owner-openssl-us...@openssl.org [mailto:owner-openssl- us...@openssl.org] On Behalf Of Tilman

RE: test/heartbleed_test.c

the reserved names elsewhere in the source. I suppose it's a bit quixotic to talk about the proper use of C in an OpenSSL forum, but trying to follow the rules (even in code that's not part of the library itself) would be a step in the right direction. -- Michael Wojcik Technology Specialist, Micro

RE: test/heartbleed_test.c

. So do what you like. -- Michael Wojcik Technology Specialist, Micro Focus This message has been scanned for malware by Websense. www.websense.com __ OpenSSL Project http://www.openssl.org User

RE: How to make a secure tcp connection without using certificate

to your technical question is use cipher suites that support anonymous key exchange. This is quite likely the Wrong Thing for most real-world applications that have some perceived need for communications security. Michael Wojcik Technology Specialist, Micro Focus From: owner-openssl-us

RE: Possibility to cache ca-bundle and reuse it between SSL sessions?

(conn, get_index(), my_data_ptr); ... /* In the verify callback, or wherever */ my_data_ptr = SSL_get_ex_data(conn, get_index()); But if all you need in the callback is the SSL object, you needn't worry about all that. -- Michael Wojcik Technology Specialist, Micro Focus

RE: Possibility to cache ca-bundle and reuse it between SSL sessions?

From: owner-openssl-us...@openssl.org [mailto:owner-openssl- us...@openssl.org] On Behalf Of Jens Maus Sent: Wednesday, 25 June, 2014 14:07 Am 25.06.2014 um 18:22 schrieb Michael Wojcik michael.woj...@microfocus.com: [...] Now, if you need additional application-specific information

RE: OpenSSL roadmap

others. It is not an unalloyed Good Thing. -- Michael Wojcik Technology Specialist, Micro Focus This message has been scanned for malware by Websense. www.websense.com

RE: help with error

with sub-allocators. In this case, the first two are probably the most likely. -- Michael Wojcik Technology Specialist, Micro Focus This message has been scanned for malware by Websense. www.websense.com __ OpenSSL Project

RE: solaris-x86-cc or solaris-x86-gcc via MACHINE and SYSTEM exports

infrequently enough that we're unlikely to forget it - it's part of our documented process for updating to a new release. We've found that to be simpler than trying to override aspects of the existing configurations when none of them match our build settings. -- Michael Wojcik Technology

RE: Adding client peer verification to my server

is SSL_CTX_load_client_CA_file: SSL_CTX_set_client_CA_list(CTX, SSL_CTX_load_client_CA_file(/path/to/CAcerts.pem)); (or with, you know, error handling, if you want to be fancy). See http://www.openssl.org/docs/ssl/SSL_load_client_CA_file.html. Michael Wojcik Technology Specialist

RE: Adding client peer verification to my server

server certificate signed directly by the root, if you don't need an intermediate for some reason. Michael Wojcik Technology Specialist, Micro Focus From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Marco Bambini Sent: Saturday, 26 July, 2014 04:26

RE: RST after close_notify

] This assumes the application, if it's running in a POSIX environment, has set the disposition of the SIGPIPE signal to ignore. SIGPIPE is a kluge for applications that don't check the result of the write/send family of system calls. Any well-written application should ignore it. -- Michael

RE: RST after close_notify

to my last command. I don't remember off the top of my head whether there's a straightforward FTP API on zOS. -- Michael Wojcik Technology Specialist, Micro Focus -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl- us...@openssl.org] On Behalf Of Donald J

RE: RST after close_notify

with the Reset. When we receive the Reset, we clean up the connection without any further communication. -- Donald J. dona...@4email.net On Sat, Aug 9, 2014, at 09:44 AM, Michael Wojcik wrote: Well, it sounds like someone needs to modify the client, then, if you want to use SSL/TLS

RE: Error Handling in a Multithreaded Environment, Failures effecting non-associated connections

, but I'd say yes, it's probably good to drain the error queue each time a thread picks up a new piece of work. This hadn't occurred to me before your note - I'll have to investigate whether any of my code needs to do this as well. Michael Wojcik Technology Specialist, Micro Focus From: owner

RE: Case-sensitive cipher names are a bad idea

; if (l2 l1) return 1; us1++, us2++; } return 0; } (Untested, but copied with some modifications from an existing implementation.) That said, I agree that case-insensitive comparison would be a good idea here. -- Michael Wojcik Technology Specialist, Micro Focus

RE: Client Key Exchange Message

Reading the OpenSSL source code in an effort to learn how the SSL and TLS protocols work is not a good idea. OpenSSL is an implementation, not a tutorial. I suggest you get an actual description of how SSL/TLS works, such as Eric Rescorla's book SSL and TLS. (I believe Rich already suggested

RE: Certificate pass phrase brute force...

, or an application developer did something wrong, or a system administrator did something wrong. I'm not in the business of issuing certificates and keys myself, so I don't have any policies to share, I'm afraid. Michael Wojcik Technology Specialist, Micro Focus From: owner-openssl-us...@openssl.org

RE: Certificate pass phrase brute force...

password-rest requests and the like). Michael Wojcik Technology Specialist, Micro Focus From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of dave paxton Sent: Friday, 05 September, 2014 15:34 To: openssl-users@openssl.org Subject: Re: Certificate pass

RE: Why does OpenSSL own all the prefixes in the world?

, of OpenSSL's public functionality directly anyway. Michael Wojcik Technology Specialist, Micro Focus From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Kyle Hamilton Sent: Sunday, 07 September, 2014 18:04 To: openssl-users@openssl.org; Iñaki Baz Castillo Subject

RE: Certificate pass phrase brute force...

any of those figures. Does that help? Michael Wojcik Technology Specialist, Micro Focus From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Gregory Sloop Sent: Friday, 05 September, 2014 16:32 To: Salz, Rich Subject: Re: Certificate pass phrase brute force

RE: Why does OpenSSL own all the prefixes in the world?

declaration. -- Michael Wojcik Technology Specialist, Micro Focus This message has been scanned for malware by Websense. www.websense.com __ OpenSSL Project http://www.openssl.org User Support Mailing List

RE: Value of DEFAULT cipher suite

chance that an OpenSSL-based application using the default suite list will encounter a peer that only supports RC4. -- Michael Wojcik Technology Specialist, Micro Focus This message has been scanned for malware by Websense. www.websense.com

RE: Certificate pass phrase brute force...

one. You can also do what you describe below, but not encrypt the private key the first time, by using the -nodes option with openssl req; that saves decrypting it before encrypting it with your preferred cipher. Michael Wojcik Technology Specialist, Micro Focus From: owner-openssl-us

RE: Why does OpenSSL own all the prefixes in the world?

From: owner-openssl-us...@openssl.org [mailto:owner-openssl- us...@openssl.org] On Behalf Of Iñaki Baz Castillo Sent: Tuesday, 09 September, 2014 09:10 To: openssl-users@openssl.org Subject: Re: Why does OpenSSL own all the prefixes in the world? 2014-09-09 13:14 GMT+02:00 Michael Wojcik

RE: Value of DEFAULT cipher suite

, which are NOT standards. -- Michael Wojcik Technology Specialist, Micro Focus This message has been scanned for malware by Websense. www.websense.com __ OpenSSL Project http://www.openssl.org User

RE: Why does OpenSSL own all the prefixes in the world?

by openssl_c_hdrs.h will preempt their inclusion within the namespace by the OpenSSL headers. Of course, for C++ code you normally wouldn't include the C standard headers; you'd use their C++ versions (cstdlib, etc). But this sort of thing is a special case. -- Michael Wojcik Technology Specialist

RE: Certificate pass phrase brute force...

to submit a patch. Michael Wojcik Technology Specialist, Micro Focus From: Kyle Hamilton [mailto:aerow...@gmail.com] Sent: Tuesday, 09 September, 2014 13:43 To: openssl-users@openssl.org; Michael Wojcik Subject: RE: Certificate pass phrase brute force... At least 3DES is *some* encryption

RE: Why does OpenSSL own all the prefixes in the world?

. It has different semantics for void* pointers. It has different rules for numeric-parameter promotions. And so on. People who think C++ is a superset of C are sadly mistaken, and programmers who act on that assumption are dangerous. Michael Wojcik Technology Specialist, Micro Focus

RE: Why does OpenSSL own all the prefixes in the world?

actually understand the C language. -- Michael Wojcik Technology Specialist, Micro Focus This message has been scanned for malware by Websense. www.websense.com

RE: cannot read PEM key file - no start line

does a good job of covering both design and implementation details. And he knows his stuff - he's one of the authors of the TLS RFCs. -- Michael Wojcik Technology Specialist, Micro Focus This message has been scanned for malware by Websense. www.websense.com

RE: Thread Safety of ssl_write()

releasing the conversation. Michael Wojcik Technology Specialist, Micro Focus From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of S P, Swaroop (NSN - IN/Bangalore) Sent: Tuesday, 30 September, 2014 09:46 To: openssl-users@openssl.org Subject: Thread Safety

RE: Order of certs returned by SSL_get_peer_cert_chain()

returns preverifyOk. -- Michael Wojcik Technology Specialist, Micro Focus This message has been scanned for malware by Websense. www.websense.com __ OpenSSL Project http://www.openssl.org User

RE: OpenSSL 1.0.1j - HP

existing platforms that aren't fully C99-compliant) for a possible small performance improvement. The OpenSSL sources hadn't previously used any C99-only keywords, as far as I know. Michael Wojcik Technology Specialist, Micro Focus From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us

RE: openssl SSL3 vulnerability

You have SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv2 there. I assume v2 ... v2 is a typo, but if that's what your code actually has, then that's the problem. (Assuming there isn't some other problem, of course.) Michael Wojcik Technology Specialist, Micro Focus From: owner-openssl-us...@openssl.org

RE: openssl SSL3 vulnerability

From: owner-openssl-us...@openssl.org [mailto:owner-openssl- us...@openssl.org] On Behalf Of Jeffrey Walton Sent: Friday, 24 October, 2014 09:42 To: OpenSSL Users List Subject: Re: openssl SSL3 vulnerability On Fri, Oct 24, 2014 at 9:30 AM, Michael Wojcik michael.woj...@microfocus.com

RE: openssl SSL3 vulnerability

From: owner-openssl-us...@openssl.org [mailto:owner-openssl- us...@openssl.org] On Behalf Of Jeffrey Walton Sent: Friday, 24 October, 2014 10:26 To: OpenSSL Users List Subject: Re: openssl SSL3 vulnerability On Fri, Oct 24, 2014 at 9:53 AM, Michael Wojcik michael.woj...@microfocus.com

RE: Is FTP impacted by POODLE

are, if your threat model requires SSL-style communications security, it now requires TLS. The application protocol is largely irrelevant; even if there's no published attack now, there may be one tomorrow. -- Michael Wojcik Technology Specialist, Micro Focus This message has been scanned

RE: CRYPTO_malloc_init()

process. I've also seen this happen with the OpenLDAP client library, for example. -- Michael Wojcik Technology Specialist, Micro Focus This message has been scanned for malware by Websense. www.websense.com __ OpenSSL

RE: Compile 1.0.1j on Win8.1 with capi

). Michael Wojcik Technology Specialist, Micro Focus From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Derek Cole Sent: Friday, 14 November, 2014 17:39 To: openssl-users@openssl.org Subject: Re: Compile 1.0.1j on Win8.1 with capi Just to add some more

RE: SSL_CTX_use_certificate_chain_file() can return zero on success

CRYPTO_set_id_callback, I'm not sure off the top of my head what OpenSSL uses for the thread ID. -- Michael Wojcik Technology Specialist, Micro Focus This message has been scanned for malware by Websense. www.websense.com __ OpenSSL Project

Re: [openssl-users] Strange SSL_read behavior: 1/N-1

to the application protocol, and that is often quite a complicated process. -- Michael Wojcik Technology Specialist, Micro Focus This message has been scanned for malware by Websense. www.websense.com ___ openssl-users mailing list openssl-users

Re: [openssl-users] Using s_client under z/OS installation

A quick look at apps/s_client.c in the 1.0.1j sources suggests that it does EBCDIC-ASCII translation if it was compiled with CHARSET_EBCDIC. What version are you using? Was it built with CHARSET_EBCDIC defined? Michael Wojcik Technology Specialist, Micro Focus From: openssl-users

Re: [openssl-users] CVE-2011-1473 fixed version

, and so on). Protocol-specific DoS attacks are more sophisticated and in general more difficult to defend against, so they merit separate discussion. -- Michael Wojcik Technology Specialist, Micro Focus This message has been scanned for malware by Websense. www.websense.com

Re: [openssl-users] OpenSSL performance issue

/Diffie_Hellman https://wiki.openssl.org/index.php/Diffie-Hellman_parameters -- Michael Wojcik Technology Specialist, Micro Focus This message has been scanned for malware by Websense. www.websense.com ___ openssl-users mailing list openssl-users@openssl.org

Re: [openssl-users] OpenSSL performance issue

On Behalf Of Michael Wojcik Sent: Thursday, December 18, 2014 21:27 And if DH parameters have not been set, OpenSSL will have to generate them on the fly, which can be *very* slow (relative to normal conversation establishment). I think this is new in trunk; in all released

Re: [openssl-users] READ error during tape restore via OpenSSL on AIX

command, which also has a mode (tctl write') that reads from standard input and writes complete blocks to a tape device. I'm sure there are plenty of examples online. -- Michael Wojcik Technology Specialist, Micro Focus This message has been scanned for malware by Websense. www.websense.com

Re: [openssl-users] i2d_ d2i_ b2i_ i2b_ functions and EVP_PKEY

that it contains all the RSA parameters, so it implicitly contains both the public and private key. Michael Wojcik Technology Specialist, Micro Focus From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Serj Sent: Tuesday, February 03, 2015 06:22 To: openssl-users@openssl.org

Re: [openssl-users] missing default /usr/local/ssl/openssl.cnf causes failure on AIX, warning on all others

and was empty) and should trundle along happily. -- Michael Wojcik Technology Specialist, Micro Focus This message has been scanned for malware by Websense. www.websense.com ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org

Re: [openssl-users] missing default /usr/local/ssl/openssl.cnf causes failure on AIX, warning on all others

(Apologies for the top-post; Outlook does not deal properly with HTML email.) If open, called by fopen, actually is setting EPERM, then one of the following should be true: - /usr/local/ssl/openssl.cnf exists but the user does not have read permission on it - Either /usr/local or

  1   2   3   4   5   6   >