Re: RAND_bytes() returns zero in pre-boot environment

Issue is fixed. So long as it's OK to generate the same random bytes at each power-on. This is quite a common problem with embedded devices: even after boot it can be hard to find entropy with which to seed the PRNG. The usual sources which are used in a PC environment (keystrokes, ethernet

Re: How to determine when data is finished on an SSL socket

Regards Chris Gray On 11 January 2014 19:46, M. V. bored_to_deat...@yahoo.com wrote: Hi everybody, I'm writing an application that creates multiple non-blocking SSL connections to an https server, in each one I send a request and read the server's response. my problem is, whatever I do, I can't

Re: SSL attack scenario

- What this article says is this: if you *received* data from TCP connection it will be without duplication or losing data. It doesn't say: if you *send* data it will be received correctly by other host. It's impossible to garantee. -- Andrey Koltsov With TCP you basically don't know

Authorisation/attribute certs

Hi all, Anyone have experience of using ACs, or know where practical examples can be found? I've been reading RFC 3281, but it would be nice to look at some real-world code ... Thanks, -- Chris Gray/k/ Embedded Java Solutions BE0503765045 Embedded Mobile Java, OSGihttp

Java bindings

? The web page mentions a serious problem with SHA-1 which will be fixed in the next version ... BTW what is GSS-API (RFC 2853), which also turned up in my searches? I know it stands for Generic Security Service, but where does it fit into the puzzle? TIA, Chris -- Chris Gray/k/ Embedded

Re: Java bindings

, but creating a new one would be a Bad Thing. Thanks, Chris -- Chris Gray/k/ Embedded Java Solutions BE0503765045 Embedded Mobile Java, OSGihttp://www.kiffer.be/k/ [EMAIL PROTECTED] +32 3 216 0369

Using an external PRNG

could have a different PRNG). Any ideas, documentation pointers, etc.? Best wishes -- Chris Gray /k/ Embedded Java Solutions Embedded Mobile Java, OSGihttp://www.kiffer.be/k/ [EMAIL PROTECTED] +32 3 216 0369

Re: Small memory leak on multithreaded server

As the maintainer of an alternative JavaVM I can confirm that we absolutely had to support library unloading because one customer was using it heavily - and that was quite a few years ago. Early Sun VMs didn't support library unloading, but then those VMs also did not garbage-collect obsolete

Re: [openssl-users] Delete a post to openssl-user mailing list

What is the security risk? Management ? :) There could be a perceived problem that the world now knows that company X has problems with OpenSSL, and a competitor could even try to make mischievous use of this information - it happened to me once (with another technology). Death of developer

Re: [openssl-users] Guidance on proper usage of OpenSSL_add_all_digests

> On Wed, Mar 2, 2016 at 12:27 PM, Neptune wrote: > [...] > You can perform initialization in a static C++ ctor, but it can be > tricky because the C++ committee has never addressed the problem of > initialization order across translation units. Also see What's the > "static

[openssl-users] X.509 Attribute Certificate status

we and our customers use (which includes OpenSSL). Thanks for any indications Chris Gray -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] How do I connect to this server

You should be able to do this using stunnel: see for example https://www.elastic.co/guide/en/cloud/current/tunneling-ssl.html where your telnet commands would be the "client which supports only http". But you can also learn a lot by playing with curl ... > I know that this is a TLS related

[openssl-users] ENGINE API and a compromised client or server

? Note that we are not only talking about servers here, rather we currently have only one internet-facing server (HTTPS) and a growing number of XXX-over-TLS clients, so if anything these are a greater source of concern. Any pointers are very welcome! Chris Gray -- openssl-users mailing list

Re: [openssl-users] PRNG is not seeded

> Of course people have been harvesting entropy, or trying to, from network > sources for decades. There's a famous paragraph regarding it in RFC 4086, > which is an expanded version of a similar statement from RFC 1750 (1994): > > Other external events, such as network packet arrival times

Re: [openssl-users] PRNG is not seeded

I've also encountered this quite often, and I have a feeling that on today's connected devices there may be a lot of entropy "in the air" (quite literally) which is not being captured. Does any one know of research in this area? > Hi Scott > > I don’t know your OS or environment, have you

Re: [openssl-users] PRNG is not seeded

As it happens I am the proud owner of a made-in-UK Mathmos Lava Lamp and a couple of their Space Projectors : however I don't use them as a RNG. I am thinking more about the fact that there are a lot of devices which * have no hardware TRNG on board * do have one or more connections to wired or

Re: [openssl-users] Subject CN and SANs

A bit off-topic but is it also a good idea to follow these guidelines in non-browser use cases, for example for a client certificate which is used to autenticate on a TLS connection which will be used for another protocol such as MQTT? In this case the SubjectCN looks like a "natural" place to put