[openssl-project] Looking for Christophe Renou
Hi all As many of you know we are looking to change the licence for OpenSSL to the Apache Licence. To do that we are trying to trace all previous committers. We have a small number of people left to find. See: https://license.openssl.org/trying-to-find Of these one stands out as being a particularly large commit. We are very keen to track down one of the authors of this commit: 57 +5105 -602 edc032b5 2011-03-12 Add SRP support. https://github.com/openssl/openssl/commit/edc032b5 If anyone can help us find Christophe that would be much appreciated. Please send any information you might have on how we can contact Christophe (or any of the other people in the above trying-to-find list) to lice...@openssl.org (please don't reply to this list). Thanks Matt ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project
[openssl-project] Monthly Status Report (February)
As well as normal reviews, responding to user queries, wiki user requests, OMC business, handling security reports, etc., key activities this month: - Performed both the alpha1 and alpha2 1.1.1 releases - Completed work on the primitives, EVP layer and TLS implementation for X448 and Ed448. - Updated the TLSv1.3 blog post on the latest information - Implemented a PR for solving the issue where legacy ciphersuite configuration can end up disabling all TLSV1.3 ciphersuites leading to connection failures. - Fixed some documentation issues with Middlebox compat mode - Enabled TLSv1.3 by default - Fixed various no- options (no-nextprotoneg, no-chacha, no-poly1305, no-tls1_2) - Resolved an issue where the Finished MAC was being calculated twice - Fixed an interoperability issue due to overestimating the ticket age by up to 1s - Reviewed a lot of the outstanding Coverity issues and implemented fixes for a number of them - Updates for TLSv1.3 draft-24 - Investigated and fixed an issue in TLSProxy where a spurious additional byte was being sent - Investigated issues associated with a crash in the ca app (there is some ongoing work associated with this issue). - Currently working on improving the EVP API for curves 25519 and 448. - Performed some interoperability testing (mainly focused on X448/Ed448) with a few other implementations and fixed some issues as a result Matt ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project
Re: [openssl-project] Next release is beta1
On 04/03/18 16:30, Kurt Roeckx wrote: > On Sun, Mar 04, 2018 at 02:44:01PM +, Salz, Rich wrote: >> I also intend to merge the config file .include PR (5351), and I want us to >> decide about 4848. > > I have to agree that I want to resolv 4848 (reading config file to > select things like supported ciphers.) > > An other important change is related to cipher selection and TLS > 1.3, not sure what the status there is. Yes, this is a good point. That does need to go in before beta. https://github.com/openssl/openssl/pull/5392 The status is that, although there has been some discussion on the PR, no one has started to review it yet. Hint hint! Anyone? Matt ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project
Re: [openssl-project] Next release is beta1
Am 04.03.2018 um 17:30 schrieb Kurt Roeckx: > There is also still work going on related to the DRBG API. Kurt convinced me that the DRBG backend (the reseeding) needs some adjustments in order to comply to NIST SP 800-90C. This applies in particular to the prediction_resistance feature. And there might be more changes required in the course of the future FIPS evaluation. Since these questions affect only the FIPS certification, my suggestion is to postpone major adjustments for NIST SP 800-90C compliance to post-1.1.1 and not start overhauling the DRBG shortly before the code freeze. The new CSPRNG implentation is already much better than the one we had in 1.1.0, even if it is not fully compliant yet. The recommendation for postponing changes does not apply to the following pull requests which are already en queue. In particular it is reasonable to have the change of the get_entropy callback signature (#5402) merged before the freeze. https://github.com/openssl/openssl/pull/5402 https://github.com/openssl/openssl/pull/5503 https://github.com/openssl/openssl/pull/5506 In view of the above said, I will refrain from publishing (and documenting) the RAND_POOL API and will only publish the RAND_DRBG API (TBD). https://github.com/openssl/openssl/pull/5461 https://github.com/openssl/openssl/pull/5462 Matthias ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project