Which ECC curve is being used?
Can I determine which of the built-in ECC curves are being used, just by looking at the SSL structure? Tnx. /r$ -- Principal Security Engineer Akamai Technology Cambridge, MA
RE: OpenSSL OCSP Responder used in a CGI Skript - I found the bug
neither /dev/null nor 21 file nor 21 /dev/null, let this line disappear Redirections happen left-to-right. So do this: /dev/null 21 Or the simpler 2/dev/null -- Principal Security Engineer Akamai Technology Cambridge, MA __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: genrsa question how secure is the random creation
Until someone breaks the website, spoofs it, buys out the owner, etc.
Q2.4: Are the numbers available in a secure fashion?
Yes, since April 2007 you can access the server via https://www.random.org/
I should probably note that while fetching the numbers via secure HTTP would
protect them from being observed while in transit, anyone genuinely concerned
with security should not trust anyone else (including RANDOM.ORG) to generate
their cryptographic keys.
--
Principal Security Engineer
Akamai Technology
Cambridge, MA
:��IϮ��r�m
(Z+�K
�+1���x
��h[�z�(Z+�
��f�y��
�f���h��)z{,���
RE: Which ECC curve is being used?
Can you be a bit more specific about what you mean by being used? By default OpenSSL can use any built in ECC curve though it can be limited in range by those of the peer. Support for retrieving the curves used is very limited in released versions of OpenSSL. This has been addressed in HEAD where ctrls exist to determine most details. I suppose that's the information I'm interested in. -- Principal Security Engineer Akamai Technology Cambridge, MA __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Which ECC curve is being used?
Thanks for the detailed response, Dave. As the authenticator you know your own cert already. As the verifier you can get the cert and look at it. ... You should be able to know what you configured. In general, yes. But in the context of a large proxy server fronting hundreds of servers and millions of clients, it's way much easier to pull stuff out of the SSL structure than to rummage back through configuration. /r$ -- Principal Security Engineer Akamai Technology Cambridge, MA __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Which ECC curve is being used?
If you haven't wrapped the OpenSSL struct(s) with your own and you want to
remember something(s) about an SSL connection, that's what
SSL_{set,get}_ex_data are for.
Yes, thanks. I might do that if there's no other option, but a EC_get_NID
seems a reasonable thing to want and, if I read Stephen's post correctly, might
be there on HEAD.
While I've been away for some time, and therefore our paths haven't crossed,
I'm not a newbie. I generally know what I'm doing. (BTW, the original
multi-thread support, and the MIME v3 support were contributed by previous
projects of mine.)
/r$
--
Principal Security Engineer
Akamai Technology
Cambridge, MA
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
RE: EVP_get_digestbyname and 'standard' signature algorithm names
There are a few places these things are specified -- in the names given to the OID arcs, which means looking in SSL, TLS, CMS, S/MIME, etc. OpenSSL has a pretty complete list of those. Another source is in the URI's for things like XMLDSig and XMLEncryption. Your approach of having an 'alias table' is probably the best way to go. /r$ -- Principal Security Engineer Akamai Technology Cambridge, MA __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: RSA_private_decrypt function takes longer time.
True. But HSM claims performance, correctness and security. Jeffrey's point is that you need whole-system security, not just faster crypto. (And your original note didn't say HSM, but implied just an accelerator card.) For example, how do you make sure that only authentic and authorized software can connect to the HSM? /r$ -- Principal Security Engineer Akamai Technology Cambridge, MA
RE: How to link openssl FIPS 140-2 object module with openssl binary
I have one question in this. What did you mean by Suite B Algorithms ? Google crypto suite b Or heck, even just suite b /r$ -- Principal Security Engineer Akamai Technology Cambridge, MA __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Clarifying OpenSSL 0.9.8L Concurrency Support - Can SSL Instances Be Used By Multiple Threads If Done Non-Concurrently?
Reading (writing) over an SSL connection may result in the transport writing (reading). Concurrent use of the same SSL structure will cause things to break. /r$ -- Principal Security Engineer Akamai Technology Cambridge, MA
RE: Is it possible to pass an SSL connection to another process?
Is it possible to serialize/deserialize the current SSL state so that the receiver can continue to handle the connection without the other side noticing? Yes it's possible. Two places to look are the session ticket code within OpenSSL, and the serialize function in Apache module modssl. You'll have to rummage through the source. /r$ -- Principal Security Engineer Akamai Technology Cambridge, MA __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Is ordering of distinguished names for subject and issuer in OpenSSl 0.9.8 certificates important?
I think either you mis-read the web page, or the author is confused.
Looking at RFC 2253, it quotes X.501 which says:
DistinguishedName ::= RDNSequence
RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
RelativeDistinguishedName ::= SET SIZE (1..MAX) OF
AttributeTypeAndValue
AttributeTypeAndValue ::= SEQUENCE {
type AttributeType,
value AttributeValue }
Note that a DN is defined as a SEQUENCE OF not a SET OF. This means that in a
DN the order is important. Within an RDN, which is defined as SET OF, the
order is not important. Unfortunately, given the standard output formats for
DN, it is hard to tell if you are seeing one RDN or multiple. In order to
know, you have to look at the schema for the directory, if you can find it. :(
Or hope that people read and follow the RFC very carefully (such as the
examples in section 5).
Shor t answer: order counts.
/r$
--
Principal Security Engineer
Akamai Technology
Cambridge, MA
RE: eNULL/NULL ciphers -- actually a cipher?
I realise that the eNULL/NULL ciphers add no encryption, but do they just
transmit the data as is, or is there some steganography used?
If you truly realized they add no encryption, you'd realize the answer to your
question. :)
/r$
--
Principal Security Engineer
Akamai Technology
Cambridge, MA
:��IϮ��r�m
(Z+�K
�+1���x
��h[�z�(Z+�
��f�y��
�f���h��)z{,���
RE: Failed SSL/HTTP connections via Apache(2.4.3)SSL when going from 1.0.1c to 1.0.1e
Since my goal is a running system with no known security vulnerabilities ... I have a habit of wanting to use the 'latest everything' as I check versions of software on my server once every few weeks. These two items contradict each other. If you want a secure system, you should only upgrade (a) if vulnerabilities come out that require it; or (b) there are new features that you absolutely must have. And you also might want to think about why static libraries are (at least theoretically) more secure than shared libraries. /r$ -- Principal Security Engineer Akamai Technology Cambridge, MA __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Parsing ocsp response data to locate the correct one
I need to locate the response that is relevant for the certificate of interest Is the usual method to parse each response and match the cert serial number to find the index to the correct ocsp response? Yes. -- Principal Security Engineer Akamai Technology Cambridge, MA __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Does CSR need to be signed with matching private key?
Ø Hypothetically, what if i have TWO key pairs (PubKey1, PrivKey1, PubKey2, PrivKey2). First thing Ø i do is move PrivKey1 to another place. Is there a way where I can use PubKey1 to make the CSR Ø (Without access to PrivKey1), but sign it with PrivKey2 to preserve integrity? If you can convince the CA that you possess PrivKey1. How you do that is a matter between you and the CA. Without being convinced - proof of possession - the CA should not issue any statement/certificate about the corresponding public key. -- Principal Security Engineer Akamai Technology Cambridge, MA
RE: openssl-user - UTF8 characters in configuration file
Hi John! Looking at apps/req.c, it seems you want to use the -utf8 flag (or put utf8: yes in your conf file [req] section) and not prefix the string with an identifier. -- Principal Security Engineer Akamai Technology Cambridge, MA
RE: Help me understand how this should work:
Ø I guess I need to know what to research to make all of these guys sort of use the same cert. is this what chaining could do for me? Not sure why you need or want a single cert, but if you do then one cert with multiple subjectAltName extensions should do it. /r$ -- Principal Security Engineer Akamai Technology Cambridge, MA
RE: how to STORE encrypted string in database
Encrypted data is not a text string, it is an array of binary octets. You will have to do something like base64 encode/decode when treating it as a text string. /r$ -- Principal Security Engineer Akamai Technology Cambridge, MA
RE: Store generated keys for later use on windows
Ø what is the best way to store keys that will be used by openssl You will find a great many examples of how to do things by reading and understanding the code in the apps directory. -- Principal Security Engineer Akamai Technology Cambridge, MA
RE: Using libcrypto's RSA code
1) Put a base64-encoded key (the normal one generated by openssl command line
tools) into a header file
Avoid a step. Base64 decode and using something like od put a binary
bytestream into your source. Like
unsigned char der_key[] = { 3, 12, 253, }
2) Compile code with this key which will public-key encrypt a message.
Convert it into an RSA structure using d2i_XXX routines.
/r$
--
Principal Security Engineer
Akamai Technology
Cambridge, MA
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
RE: how to STORE encrypted string in database
Ø PLZ can someone provide a solution -- to store encrypted text in a database - SQLite?? You might have gotten all the help that the volunteers who read this list are going to give you. If you look through the archives, you might see that people here generally do not post complete source code solutions. Code fragments, and suggestions of techniques and where to look are far more common. The comment “base 64 doesn’t work” means you are doing something wrong. If the OpenSSL API is giving you problems, perhaps http://base64.sourceforge.net/b64.c will be more useful to you. /r$ -- Principal Security Engineer Akamai Technology Cambridge, MA
RE: How to specify the encryption key without it being visible by ps command?
read -sp Enter path to key: key read -sp Enter IV: iv openssl enc -e -aes256 -K $key -iv $iv -in ... -out ... That doesn't help; the key is STILL in the argv list and can be seen by doing a ps. /r$ -- Principal Security Engineer Akamai Technology Cambridge, MA __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: testprogram results in undefined reference to x
Wow, that's a lot of output :) First of all, you need -lssl and -lcrypto. Where did you install the OpenSSL libraries, are they in a common place that your compiler can find? If not, you'll need to add -L/ where is the path to the place where the libraries (libssl.a for example) can be found. /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern C #endif char SSL_accept (); Interesting and well-meaning, but wrong. The right thing to do is #include openssl/ssl.h And you might need to add -I flags on your compile line. /r$ -- Principal Security Engineer Akamai Technology Cambridge, MA __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
change in x509 -CA in 1.0.1?
One of our developers here has noticed a change in behavior. This pair of commands used to work as expected, but in 1.0.0 and later the resulting cert is self-signed, and not signed by the CA key. openssl req -x509 -days 999 -keyout req.key -out req.pem \ -subj /CN=testme -nodes -new -newkey rsa:2048 openssl x509 -in req.pem -CA cacert.pem \ -CAkey cakey.pem -set_serial 1234 -out cert.pem Any thoughts? /r$ -- Principal Security Engineer Akamai Technology Cambridge, MA
RE: Using libcrypto's RSA code
No sane Base64 decoder should care. But the code in crypto/evp/bio_b64.c seems to be stupidly line oriented with small line buffers in an overcomplicated state, when a streaming Base64 encoder/decoder should be able to get away with a few unsigned ints and a state machine. The current behavior and implementation is not great and nobody has gotten around to fixing it yet. Love to see a patch. /r$ -- Principal Security Engineer Akamai Technology Cambridge, MA __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: handling of expired certificates
OpenSSL does nothing about this. It's an interesting question. As for as TLS/SSL is concerned, it is only using the certificate at the time the connection is initially established, and therefore expiration (or revocation) during the application's use of the certificate is up to the application. The only practical use that I can imagine is using something in the cert (DN or an extension) for authorization decisions... /r$ -- Principal Security Engineer Akamai Technology Cambridge, MA
RE: MD5 in openSSL internals
First poster: We are currently analyzing and understanding the security strength of the openSSL internal implementation to certify the products. In version 0.9.8d, TLSv1.0 alone is supported. Can you please answer the following or provide me with the documentation reference 1. Does openSSL library use MD5 internally for any operation? 2. Can we have SHA256 in the ciphersuite with TLSv1.0? Well-known respondent: You're not qualified to perform this analysis. Second respondent: OpenSSL is not open to such analysis if a documentation reference cannot be given. Me: Actually, the first poster did not describe what kind of certification is being done, and therefore we have no idea whether or not such documentation is required. We do have one proof point, the FIPS certification, that shows this documentation is not required. On the basis of that, and the fact that this is free open source software, it is not unreasonable for experienced folks to say we gave you the source, everything else is up to you. Taken by themselves, the questions are too vague to really answer. Is using MD5 as part of the connection setup internally? I would interpret question 1 to mean things like power-on selftest, etc, but it's not clear. As for the second question, I can't even understand it: do they want to know if SHA256 is in the protocol, the OpenSSL library, the OpenSSL implementation of the protocol, enabled or disabled by default, or what? My guess is that English is not the native language, and I would have been more lenient with the first poster, but based on what was written, the first respondent seems accurate to me. /r$ -- Principal Security Engineer Akamai Technology Cambridge, MA __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: extended x509 custom, Attributes and BEGIN Certificate size
The base64 encoding within the PEM lines is the entire certificate not just the signature. /r$ -- Principal Security Engineer Akamai Technology Cambridge, MA __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Key usage at openssl
It should not be surprising that both keypairs worked. Unless you're doing mutual authentication, the SSL server will never see the client certificate, and so it will not be able to see the keyUsage attribute, or the extendedKeyUsage attribute. Those two attributes specify how a keypair is supposed to be used. If you're very very picky, you want keyUsage to have digitialSignature and keyEncipherment turned on, and extendedKeyUsage to include serverAuth or clientAuth. If you're not very picky, use your signing keypair, not your encryption keypair. For a bit more info on the attributes, see the x509v3_config manpage (http://www.openssl.org/docs/apps/x509v3_config.html#Extended_Key_Usage_) and/or google it. /r$ -- Principal Security Engineer Akamai Technology Cambridge, MA
FW: Bug(?) in x509 app
I have a self-signed certificate (new.crt) that I want to sign with the x509 app and the keypair that is in ca.pem. I can send those files if desired; if sent as attachments the openssl.org server complains. In an older openssl, what I expect happens: ; openssl version OpenSSL 0.9.8k 25 Mar 2009 ; openssl x509 -in /tmp/new.crt -CA /tmp/ca.pem -clrext | openssl x509 -issuer Getting CA Private Key issuer= /C=us/O=ibm/OU=SSL PKI -BEGIN CERTIFICATE- MIICPzCCASegAwIBAgIJAIJYg8vsmXyRMA0GCSqGSIb3DQEBBQUAMC0xCzAJBgNV BAYTAnVzMQwwCgYDVQQKEwNpYm0xEDAOBgNVBAsTB1NTTCBQS0kwHhcNMTMwNDMw MjAwNDE4WhcNMTMwNTMwMjAwNDE4WjARMQ8wDQYDVQQDEwZ0ZXN0bWUwgZ8wDQYJ KoZIhvcNAQEBBQADgY0AMIGJAoGBAM6IWQi/WinRaw01CFLU6owgzYa9HoX2Hk5t kzuq5at2Umy9uuwa9GAt2mz6qOYuSzF6T16UKrGR5CsPC8M117mgofYHhGvTbx/o 4dnOTnr0zntkyRzNycOzqZ+dNhQwnQgf/jUWS1t43aewlIo7yM4CkgLvOJQIWLo+ yBULUROTAgMBAAGjAjAAMA0GCSqGSIb3DQEBBQUAA4IBAQBX1AKm88aGyKNnIOVI 7DlHJBOG/WbVer5uENIVhakAMxrsrYQRmSEaceZI6ngeKysMnV+Uw7xAJstRsY46 0bIbn/JTkqlwxKuPKhlpoPUub8A0Gp7OsxVJIHDxvMYXbOI9VCLUAJvchNE9x1sB zTW4R1RiHfLonM4qK3kSlsXBk/KeXfWxyrO86IhKtPBzIHNR8Yc+kLzIVrdRD97Q eraZYC8sBIPCnWo9BLClc0FGOfmzMmCYceKo6viAa2eh+z6NI+SNVB1j1yJsg2NL qJ+XzDqw7XFwBX7zqfT1qiJkPlSTx/14gm0n01W7lCuhLcuuMBCmGpATa6/Xmoh4 Jg9X -END CERTIFICATE- With the latest, it looks like the only thing output is the new signature :( ; ./openssl version OpenSSL 1.0.1e 11 Feb 2013 ; ./openssl x509 -in /tmp/new.crt -CA /tmp/ca.pem -clrext | openssl x509 -issuer Getting CA Private Key issuer= /CN=testme -BEGIN CERTIFICATE- MIICkzCCAXugAwIBAgIJAM1h8iG9zMXHMA0GCSqGSIb3DQEBBQUAMBExDzANBgNV BAMTBnRlc3RtZTAeFw0xMzA0MjkyMDUyMjJaFw0xNjAxMjMyMDUyMjJaMBExDzAN BgNVBAMTBnRlc3RtZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAzohZCL9a KdFrDTUIUtTqjCDNhr0ehfYeTm2TO6rlq3ZSbL267Br0YC3abPqo5i5LMXpPXpQq sZHkKw8LwzXXuaCh9geEa9NvH+jh2c5OevTOe2TJHM3Jw7Opn502FDCdCB/+NRZL W3jdp7CUijvIzgKSAu84lAhYuj7IFQtRE5MCAwEAAaNyMHAwHQYDVR0OBBYEFJn5 UnX9Uh/qLr2PuiwN8sJ1bCE6MEEGA1UdIwQ6MDiAFJn5UnX9Uh/qLr2PuiwN8sJ1 bCE6oRWkEzARMQ8wDQYDVQQDEwZ0ZXN0bWWCCQDNYfIhvczFxzAMBgNVHRMEBTAD AQH/MA0GCSqGSIb3DQEBBQUAA4IBAQBd/kGRzuM1dBjMRAz2hDQT2rNs+dMorm1b cnhYpm04tPUQmy+0uIXToN8Hix8IBflOKRz/sE2XaF/d2Edk5o/9n2XAQLrdvU75 C+uIhLBMt1PzpIc93z8esxhrjpEjwd9Xztm35U7SJ4A5UhE6m1a6RAM3vmDwn4w+ ssZ1xRAkG3ZYJ2Xc1pwty6df8vV3hYmBONoyuLOzJRKJC35UKHNqAwgZ0AjgGol6 hukZ0p0JQxh2DhfQMD65SqXYPkrDgGS2InC802LEJqslZkDAzwDUvrzqbZYhYFMF ucAE3513wCzs4n7o3JchzZ8O7nkivcBvUXJzUBk3rmPS4LQrx5gG -END CERTIFICATE- Not only is the issuer wrong, but the cert extensions aren't removed. Any thoughts? I stepped through the x590_main, and it looked reasonable, until I got lost in the PEM/ASN1 macros. -- Principal Security Engineer Akamai Technology Cambridge, MA
RE: Bug(?) in x509 app
Your suspicion in that old thread was right. Adding this fixed it: --- //projects/shared/openssl-6.101.5.1/akamai/openssl/apps/x509.c 2013-03-01 23:14:34.0 +++ /home/rsalz/p4/misc/openssl/apps/x509.c 2013-03-01 23:14:34.0 @@ -1217,6 +1217,7 @@ if (!X509V3_EXT_add_nconf(conf, ctx2, section, x)) goto end; } +x-cert_info-enc.modified = 1; if (!do_X509_sign(bio_err, x, pkey, digest, sigopts)) goto end; ret=1; -- Principal Security Engineer Akamai Technology Cambridge, MA -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dave Thompson Sent: Wednesday, May 01, 2013 4:48 PM To: openssl-users@openssl.org; r...@openssl.org Subject: RE: Bug(?) in x509 app From: owner-openssl-us...@openssl.org On Behalf Of Salz, Rich Sent: Wednesday, 01 May, 2013 15:11 To: openssl-users@openssl.org; r...@openssl.org I have a self-signed certificate (new.crt) that I want to sign with the x509 app and the keypair that is in ca.pem. snip With the latest, it looks like the only thing output is the new signature L snip Not only is the issuer wrong, but the cert extensions aren't removed. See thread change in x509 -CA in 1.0.1? 4/09-4/11. Any thoughts? I stepped through the x590_main, and it looked reasonable, until I got lost in the PEM/ASN1 macros. me2. (Actually x509_certify in x509.c, but close enough.) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Bug(?) in x509 app
The bug was in X509_sign_ctx which didn't set the modified flag while the regular X509_sign did. Thanks! -- Principal Security Engineer Akamai Technology Cambridge, MA __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Bug(?) in x509 app
Same fix needed in X509CRL_sign_ctx? -- Principal Security Engineer Akamai Technology Cambridge, MA __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: verify self signed x.509
How can this individual verify the x.509? I certainly do not want the receiving site to have private key; they are not the creator of such documents but simply the receiver for data. An excerpt of code would be most beneficial. The certificate is signed with the PRIVATE key and verified using the PUBLIC key. There is nothing in a self-signed certificate that changes this. So they verify it the same as any other certificate. /r$ -- Principal Security Engineer Akamai Technology Cambridge, MA __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: verify self signed x.509
4) But the life of me cannot find how to set the public and verify? Look for one of the openssl command-line programs that does what you want, and then look at that code. In this case apps/verify.c might be useful. /r$ -- Principal Security Engineer Akamai Technology Cambridge, MA __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
SSL_CTX_set{_preferred)_cipher_list?
What is the difference between SSL_CTX_SET_cipher_list and SSL_CTX_set_preferred_cipher_list ? When and why would I use the preferred version? I promise to turn any answers I got into a POD manpage for future inclusion :) And why is there an SSL_set_cipher_list function, but the (misnamed?) SSL_set_pref_cipher is a #define'd synonym? /r$ -- Principal Security Engineer Akamai Technology Cambridge, MA
Remove SSLv2 via #ifdef
Would there be any interest (and support) from the dev team for patches that completely remove SSLv2 API's? /r$ -- Principal Security Engineer Akamai Technology Cambridge, MA
RE: Remove SSLv2 via #ifdef
I guess I was confused, expecting to see the ssl23 stuff removed as well, but I guess it's okay to leave it. -- Principal Security Engineer Akamai Technology Cambridge, MA __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: SSL_CTX_set{_preferred)_cipher_list?
What is the difference between SSL_CTX_SET_cipher_list and SSL_CTX_set_preferred_cipher_list? Which version of OpenSSL has the preferred version? I don't see this in master. Gaak. Sorry for the confusion. Looking at some decade-old local patches. :( /r$ -- Principal Security Engineer Akamai Technology Cambridge, MA __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: connection encrypted (a question)
Many people find the four-letter word at the start of your domain name offensive. I'm assuming you know English well enough to know that, and chose it deliberately. That's reading beyond the cover. /r$ -- Principal Security Engineer Akamai Technology Cambridge, MA __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: FIPS Capable Ciphers List
Viktor gave some excellent advice. I'd tweak it by removing 'export' as something to support. And perhaps use weak, good, strong -- whatever, keep the number of choices very small. I'd suggest to not use default since folks will get upset if it changes. They are more accepting if the definition of 'strong cipher' changes with time. It's curious, but it's the way humans seem to work. The openssl cipher spec is pretty darn subtle and it is far too easy to get wrong. /r$ -- Principal Security Engineer Akamai Technology Cambridge, MA __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: FIPS Capable Ciphers List
So the Postfix team finds SMTP servers that support EXPORT and nothing stronger? Wow, I am very surprised. For those who don't know, export strength crypto was a creation of the US government in the early 1990's, and the rules were removed in 2000. It's been more than a dozen years, it's time to stop supporting it. /r$ -- Principal Security Engineer Akamai Technology Cambridge, MA -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Viktor Dukhovni Sent: Tuesday, May 14, 2013 10:51 PM To: openssl-users@openssl.org Subject: Re: FIPS Capable Ciphers List On Tue, May 14, 2013 at 09:42:08PM -0500, Salz, Rich wrote: Viktor gave some excellent advice. I'd tweak it by removing 'export' as something to support. And perhaps use weak, good, strong -- whatever, keep the number of choices very small. I'd suggest to not use default since folks will get upset if it changes. They are more accepting if the definition of 'strong cipher' changes with time. It's curious, but it's the way humans seem to work. The reason Postfix supports export is because it supports an opportunistic TLS mode, where we fall back to plain-text if the remote server does not offer TLS, or the handshake fails. So the export grade is default for opportunistic connections, since even export is somewhat better than plain-text. With mandatory TLS destinations the default cipher grade is medium. The actual design has to match the constraints and requirements of the particular application as well as usability considerations. The openssl cipher spec is pretty darn subtle and it is far too easy to get wrong. Excellent one sentence summary. -- VIktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: FIPS Capable Ciphers List
As a knowledgeable user, I despise user interfaces like that As a knowledgeable user, you are in the minority and it is certainly your right to complain if your choices are restricted. and tend to recommend against such products even for novices. I firmly believe this is wrong. A good user interface would provide a strength-sorted list of check Strength isn't absolute and unchanging. Which is stronger -- RC4 or AES? (See http://threatpost.com/attack-exploits-weakness-rc4-cipher-decrypt-user-sessions-031413/ and http://www.openssl.org/news/secadv_20130205.txt ) The key non-experimental benefit of such fine grained control is that it allows an administrator to work around new threats without having to wait for OpenSSL to release an updated library This can also be done by having crypto profiles in the application, and just changing those profiles values. FWIW, we are doing something like this at Akamai. Our info-sec team will create and own a handful of crypto profiles, and we will be pushing customers to just use those profiles, rather than enter raw OpenSSL strings themselves. One of the driving forces for this was my review of a couple of thousand of cipher-suite specifications created by customers and Akamai staff. Not a pretty sight. :) /r$ -- Principal Security Engineer Akamai Technology Cambridge, MA __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: FIPS Capable Ciphers List
I was talking about a user interface to specify settings without requiring a rebuild of the applications. And on this, we completely agree :) -- Principal Security Engineer Akamai Technology Cambridge, MA __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: simple https server using openssl
The s_server program reads stdin and sends is to the client; it reads from the client and sends it to stdout. It doesn't implement any protocol. But you can use that code as a basis for your homework :) /r$ -- Principal Security Engineer Akamai Technology Cambridge, MA
RE: How to create CSR with SN attribute
Is there a way with openssl to create a key/csr with SN attribute? As I can see, only CN, O, OU etc are available. If not with openssl, does anyone know another tool to create this with? You can do it. The 'trick' is that you have to have a default value, so put SN=unknown in the global section of your config file. Then in the [dn_req] for your request, you can do something like SN=$ENV::SN to get it from the $SN environment variable. There's lots of flexibility in the openssl config file; many levels of indirection, etc., possible with variables and $ENV constructs. Hope this helps. /r$ -- Principal Security Engineer Akamai Technology Cambridge, MA __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Assigning pre-defined bufs to OpenSSL lib bufs for AES calculation
Ø I would like to know if it is possible to assign pre-defines bufs(addresses) to OpenSSL which it can use to store plaintext/cipher text during AES computation. You mean force all AES encryptions during a TLS session to use fixed buffers? No, that is not possible without code changes. /r$ -- Principal Security Engineer Akamai Technology Cambridge, MA
RE: Pipe command not working
The | command don't work for me in OpenSSL. Is it a shell thing? Not enough details (heck not any) to answer. But yes, pipes are implemented by the shell. -- Principal Security Engineer Akamai Technology Cambridge, MA __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Pipe command not working
Windows doesn't do pipes; you have to use temp files. -- Principal Security Engineer Akamai Technology Cambridge, MA
RE: OpenSSL compatibility between releases
➢ If there is compatibility issue, then it seems we have to recompile our
application with latest openssl library. Please suggest if you have any other
or better solutions.
There is no other solution.
0.9.8 and 1.xxx aren’t binary compatible. For more details, see the FAQ,
http://www.openssl.org/support/faq.html#MISC8
/r$
--
Principal Security Engineer
Akamai Technology
Cambridge, MA
:��IϮ��r�m
(Z+�K
�+1���x
��h[�z�(Z+�
��f�y��
�f���h��)z{,���
RE: signing data
The printf command appends a newline to the data so it's different from what your program has. /r$ -- Principal Security Engineer Akamai Technology Cambridge, MA __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: signing data
Ø No new line added. As I already suggested, it's an implicit NULL terminator in the C string literal in the C program. Of rats, of course you're right. The proper thing to do is sizeof ... -1 /r$ -- Principal Security Engineer Akamai Technology Cambridge, MA
RE: Is it possible to grab CA certificate?
Ø By the way, I would NOT recommend add a in-house probably unprotected CA as a trusted one. The exception is much better to deal with such cases. If it's a work machine, then absolutely trust the in-house CA, no matter how it is managed and protected. /r$ -- Principal Security Engineer Akamai Technology Cambridge, MA
RE: Is it possible to grab CA certificate?
Ø because from a workstation people may access external websites too. Like banks And perhaps they shouldn't. Have you seen the size of the built-in browser CA trust lists recently? And really, which is more likely: an in-house CA leads you astray, or you bring some external malware from the Internet into the company? /r$ -- Principal Security Engineer Akamai Technology Cambridge, MA
RE: Understanding PKI
Ø I want to really understand certificates, pki, etc; so forgive me if these questions are elementary. Google around for PKI introductions. /r$ -- Principal Security Engineer Akamai Technology Cambridge, MA
RE: openssl s_client takes over 30 seconds to complete on Windows
echo foo | openssl s_client -connect uri.com:443 cert.txt Or perhaps simpler openssl s_client -connect uri.com:443 cert.txt /dev/null -- Principal Security Engineer Akamai Technology Cambridge, MA __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: OSCP request
There are no examples other than openssl commands, I have a program on a device and need to programmatically check x509 periodically. That is generally true of most openssl-based applications You'll have to start by reading and learning apps/ocsp.c /r$ -- Principal Security Engineer Akamai Technology Cambridge, MA __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: OSCP server does not update status
Is there a standard to revoke a cert with a request to an OCSP. Nothing part of OCSP. There are various other standards around (e.g., XKMS from W3C, KMIP from OASIS) but they're nowhere near as widely used. /r$ -- Principal Security Engineer Akamai Technology Cambridge, MA __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: OCSP and self signed
This is not possible according to PKIX. RFC5280 states The trust anchor for the certification path [of the crl] MUST be the same as the trust anchor used to validate the target certificate. The root certificate creates a crl-signing cert. The root certificate includes a cRLDistributionPoint that names that crl-signing cert, and has cACompromise in its ReasonFlags. The crl-signing cert immediately issues an empty CRL. Whenever you give someone the CA cert, you give them the crl cert, and the empty CRL as well. The relying party now has the key that will sign the CRL, and a signed piece of data using that key. This is more theory than practice -- how many angels can dance on the head of a pin? -- but it does securely give you a way to be sure that you only trust a proper root revocation. Whether or not that is something to do (as opposed to playing it safe and not worry about whether or not someone has compromised the root to sign its own CRL death warrant) is for others to argue. /r$ -- Principal Security Engineer Akamai Technology Cambridge, MA
RE: OCSP and self signed
Wouldn't it be just as good to have a cRLDistributionPoint which does not restrict the available ReasonFlags and then put cACompromise in the CRL if/when that disaster happens? No because with my idea you are a priori restrict the crlDP to be only CA revocation. Wouldn't it be equally good to use the same crl-signing cert already used for the regular CRL of revoked next-level certs? Operational decision -- do you trust the people who revoke your certs exactly like you trust the people who revoke you ? Would it be possible to use the same CRL and cRLDistributionPoint for both child certs and self-revocation (abdication)? I think so, since they would be the same issuer and would have unique serial numbers. But in theory I'd want those jobs separate. I like the term abdication although it doesn't handle the regicide case; suppose others know the root is bad, but the king doesn't know it's dead :) But as I said, this is more about pedanticsm than practical real-world practice. (I used to work at a company that was perhaps the apotheosis of that) /r$ -- Principal Security Engineer Akamai Technology Cambridge, MA
Using both PSK and classic RSA
From my initial reading of the spec (RFC 4279) and review of the code, it appears that both PSK and RSA-style key exchanges can exist in both server and client. That is: - A server can register the PSK callbacks, identities, and keypair and talk to clients using the PSK and RSA key exchange. - A client can talk register the PSK callbacks and identities, and will be able to connect to both PSK and RSA servers And of course a client or server that registers only one set can only talk to a server or client with the right algorithm. Anyone doing this? Anyone aware of any special gotcha's or concerns? Tnx. /r$ -- Principal Security Engineer Akamai Technology Cambridge, MA
RE: BREACH vuln and ciphers
Ø This attack is compression at the application layer not ssl compression. TLS fails to protect the application layer data. SSL also fails to protect application layer data when the application decides to include key material. There are limits to what can be done. /r$ -- Principal Security Engineer Akamai Technology Cambridge, MA
RE: Thread safe callbacks never actually called
But I think the structures should be thread safe as the functions Then where and how do you propose to store the state of any ongoing computation? -- Principal Security Engineer Akamai Technology Cambridge, MA __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Thread safe callbacks never actually called
There should be a way. There isn't. There are syncronization method to keep the same structure used by many threads at the same time, and ussually this is transaparent to developers. Are you new to multi-threaded C programming? -- Principal Security Engineer Akamai Technology Cambridge, MA __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Thread safe callbacks never actually called
I don't mean the type, I mean the data By putting EVERYTHING with __declspec(thread)? That's not right either, as it completely prevents sharing. And the Windows DLL malloc model isn't the same Unix/Linux. Enough pedanticism. Most objects aren't safe to be used by multiple threads at the same time; they're not designed for that kind of simultaneous use model. Almost anything that has context in it is generally intended to hold the state for something and be uniquely used. (SSL and SSL_CTX are notable counter-examples.) /r$ -- Principal Security Engineer Akamai Technology Cambridge, MA __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: weird bug
Ø Some serious bug? Yes, but in your code: Ø char new_filename[strlen( filename + 5 )]; char new_filename[strlen( filename) + 5]; -- Principal Security Engineer Akamai Technology Cambridge, MA
RE: weird bug
Ø Seriously - if i just use des instead of des_ede3 in works. that simple. has got to be a bug Run your code through something like valgrind -- Principal Security Engineer Akamai Technology Cambridge, MA
RE: How to securely encrypt identical files to identical ciphertext?
I have a requirement to encrypt files, in such a way identical files should generate identical ciphertexts. Identical salts(ivs) should work. No salt works as well. This would have the effect that two files which were identical at the beginning for the first x number of blocks (but different afterwards) would encrypt to the same first x number of blocks. Derive the IV from a digest of the file. Or encrypt the digest as the first block /r$ -- Principal Security Engineer Akamai Technology Cambridge, MA __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: weird bug
Ø I have no idea wtf is up with all these bugs but i'm surprised openssl is this glitchy It is not. The problem is almost definitely in your code. It is also hard to help when the code you post isn't the code you're trying to debug. Get and run valgrind and see what it says. Compile with many -W flags. /r$ -- Principal Security Engineer Akamai Technology Cambridge, MA
RE: CA hierarchy / pathlen:0
You misunderstand how it's supposed to work. OpenSSL does not prevent you from signing anything. It can't; for example, you could use other software and generate the signature. Instead, when the recipient gets a certificate, and verifies the chain, it should reject the chain because the signing CA was not legitimate (pathlen exceeded). /r$ -- Principal Security Engineer Akamai Technology Cambridge, MA
RE: CA hierarchy / pathlen:0
certificate.) A pathLenConstraint of zero indicates that no non- self-issued intermediate CA certificates may follow in a valid certification path. Validation of the certification path is the responsibility of the relying party -- the recipient of data. It is not safe to rely on the proper behavior of the signing parties. It never was. OpenSSL is doing the right thing. /r$ -- Principal Security Engineer Akamai Technology Cambridge, MA -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Peter1234 Sent: Thursday, August 22, 2013 9:00 AM To: openssl-users@openssl.org Subject: RE: CA hierarchy / pathlen:0 You misunderstand how it’s supposed to work. OpenSSL does not prevent you from signing anything. It can’t; for example, you could use other software and generate the signature. Instead, when the recipient gets a certificate, and verifies the chain, it should reject the chain because the signing CA was not legitimate (pathlen exceeded). Hi Rich, following lines are copied from RFC 5280: The pathLenConstraint field is meaningful only if the cA boolean is asserted and the key usage extension, if present, asserts the keyCertSign bit (Section 4.2.1.3). In this case, it gives the maximum number of non-self-issued intermediate certificates that may follow this certificate in a valid certification path. (Note: The last certificate in the certification path is not an intermediate certificate, and is not included in this limit. Usually, the last certificate is an end entity certificate, but it can be a CA I assumed openssl would conform to RFC standards and therefore I supposed that it takes care of pathlengths specified in CA certificates. -- View this message in context: http://openssl.6102.n7.nabble.com/CA-hierarchy-pathlen-0-tp46248p46288.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Using X509_verify with various chains.
Suppose I have a three-length chain: rootCA, interCA, userCert. If I call X509_verify with depth 1 and only interCA in the trusted list, will that pass? Suppose it's a four-length chain: rootCA, parentCA, childCA, userCert. Again, I assume depth=1 and childCA in the trust list, it will oass. If I have parentCA and depth 2? Suppose I don't know which intermediate I have, can I make it pass? Thanks. -- Principal Security Engineer Akamai Technology Cambridge, MA
RE: Is it Possible to revoke cert by Serial
Is it possible to revoke a cert by serial number? Using the ca command? The answer is no. I searched the form and this question is not answered. Use the source, Luke :) I can't see a good reason why the crl txt_db needs the subject name. It should be reasonable to modify ca.c to take the serial# instead of the cert (and perhaps a dummy subjectDN) /r$ -- Principal Security Engineer Akamai Technology Cambridge, MA __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Add SubjAltName to openssl command line?
You can use the $ENV:xxx construct. It's a bit of a hack, but you only need one config file and change the env var each time... -- Principal Security Engineer Akamai Technology Cambridge, MA __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: TLS authentication for ldap
I can use the showcerts command on port 636 and see the certs but wheh I try to do this on port 389 to use TLS I get the following error. 389 is the plaintext LDAP port; 636 is for LDAP over SSL/TLS so your system is doing the right thing. If you want to force SSL/TLS, then you'll have to configure your directory to not listen on 389. /r$ -- Principal Security Engineer Akamai Technology Cambridge, MA __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: TLS authentication for ldap
Another option is to use LDAP's STARTTLS support on port 389. It seems the config to require it is a bit obscure; http://www.openldap.org/lists/openldap-technical/201202/msg00414.html might be useful. /r$ -- Principal Security Engineer Akamai Technology Cambridge, MA __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: TLS authentication for ldap
Note, the above is for enforcing STARTTLS on the server. If the decision is left to the client, the configuration is less opaque. And less secure. :) If policy is to use SSL/TLS, then the server must enforce it; trusting the clients to do the right thing is bad. /r$ -- Principal Security Engineer Akamai Technology Cambridge, MA __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: redirected input to s_client on Windows: Any trick to avoid the keypress?
When you run it interactively, does it work right away or do you need to hit TWO returns? -- Principal Security Engineer Akamai Technology Cambridge, MA
RE: openSSL performance
Are you sure that the key exchange is not a factor? Have you measured SSL setup times compared to post-setup transfer times? 4K RSA is computationally expensive. Are you sure that the rest of your system is secure enough to justify that instead of 2K RSA? /r$ -- Principal Security Engineer Akamai Technology Cambridge, MA
RE: openSSL performance
Ø (sorry for duplicating the thread, I did'nt receive any answer in my mailbox as I expected, I only saw them through the mail archive...?) It’s common (and many would say, the correct behavior) for mailing list replies to go to the mailing list. Ø I've started with a 1K key and later on switched on 4K but I didn't do any profiling with 1K key (unlike 4K one). It doesn’t sound like you did profile, but rather a stop-watch at start and stop. That’s more coarse-grained than I think you need to do. For example, you need to measure time to do the key exchange, time to do the encryption, time to put the traffic over the network. For example, try with aNULL and eNULL and see what numbers you get. Then turn each on, separately, and see what you get. Ø I'm sending hundreds of megabytes of data and it takes more than a minute to get it done, so I doubt that the initial handshake will have any influence on it, what do you think ? I have no idea, that’s why you have to do measurements. ☺ About your last question, I believe my system could live with a 2K RSA for now, I'm not sure this will still be the case in five years or so... As a general design principle, the crypto algorithm is not the weak spot. For example, how hard is it to break into the client device? /r$ -- Principal Security Engineer Akamai Technology Cambridge, MA
RE: Implementing msCRLNextPublish extension
The synatx of the extension is needed too. Do you know of any specs giving details? Googling the OID found this which seems to imply that it's the same syntax as NextUpdate: http://www.imc.org/ietf-pkix/old-archive-04/msg01798.html -- Principal Security Engineer Akamai Technology Cambridge, MA __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: openssl function equivalent to openssl x509 -in test.crt -text -noout
Ø What is openssl function equivalent to openssl x509 -in test.crt -text -noout Look in apps/x509.c -- Principal Security Engineer Akamai Technology Cambridge, MA
RE: i2d_ASN1_BIT_STRING() and 0x00-terminated string
You are comparing the native form to the DER encoding. You need to d2i back and see that the data is preserved. Not only is “the 0x00 trimmed” but those bytes at the front 03 81 80 01 are also a clue. ☺ /r$ -- Principal Security Engineer Akamai Technology Cambridge, MA
RE: connecting to (openssl-) server in SSL or clear text
The common practice is for clients to connect in the clear, then issue a command to turn on TLS, such as the SMTP STARTTLS command. -- Principal Security Engineer Akamai Technology Cambridge, MA __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: connecting to (openssl-) server in SSL or clear text
I was thinking more in a solution where the client reads the first 8 bytes from the socket and checks if the beginning of the GoodMorning message is there in clear text (like 220 SLNP) and if not it should handover this buffer and the socket fd for further SSL handshake... Is this possible? Yes it's possible. It's a hack and should be avoided when possible. -- Principal Security Engineer Akamai Technology Cambridge, MA __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Need to send CN attribute in TeletexString/T61String format for ASN1DN Id and certificate
Ø We need to send CN attribute in TeletexString format for ASN1DN Id and certificate. 'grep -I t61 apps/*.c' might be useful. /r$ -- Principal Security Engineer Akamai Technology Cambridge, MA
Problem with specifying the CIPHER list
Is there a way to see something like AES128-SHA is okay with TLSv1.2, but not with SSLv3? -- Principal Security Engineer Akamai Technology Cambridge, MA
RE: Problem with specifying the CIPHER list
Server side at least it would be theoretically possible: i.e. only choose a ciphersuite if TLS v1.2 is negotiated. OpenSSL doesn't support this though. I didn't think so, thanks. One possibility is to add a construct like proto?cipher to the colon-separated list. Any interest in a patch? -- Principal Security Engineer Akamai Technology Cambridge, MA __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Verification of a x509 certificate signature
NID is an internal openssl implementation detail; X509 data structures have OID's. Post the PEM of the cert. /r$ -- Principal Security Engineer Akamai Technology Cambridge, MA
RE: Verification of a x509 certificate signature
The point of posting PEM is that people can cut and paste from a mail message and decode it to get the DER or whatever. (That's why PEM format was invented, to survive intact through email:) You are generating a certificate, self-signing it, and your recipient cannot verify it. Right? Please post the PEM and maybe someone will find something wrong with the way you have used openssl's tools. If not that type of user error, then it is most likely an error or limitation of the recipient software. Openssl doesn't get these types of things wrong nowadays. /r$ -- Principal Security Engineer Akamai Technology Cambridge, MA
RE: DH_generate_key() segmentation fault
As two other people have already said, you cannot use strlen() on binary data. BN_bin2bn(parmp,strlen(parmp), dhPar2-p); BN_bin2bn(parmg,strlen(parmg), dhPar2-g); /r$ -- Principal Security Engineer Akamai Technology Cambridge, MA
RE: DH_generate_key() segmentation fault
Ø These built-in functions do not return the size of the binary data, so how can I get the length of the binary data? BN_num_bytes() which you already used in your initial posting? -- Principal Security Engineer Akamai Technology Cambridge, MA
RE: Regarding certificate type
Those aren't certificate types, they are encodings. (You can almost think of them like character sets; uincode utf-8 utf-16 for example). I'm not aware of any tests in openssl, but I could be wrong. If the file is ascii, or has a line that starts with five - characters, or the filename ends with .pem then it is probably a PEM file. You can try to decode it using each format and see what works. -- Principal Security Engineer Akamai Technology Cambridge, MA From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of sharad tekale Sent: Wednesday, February 05, 2014 4:57 AM To: openssl-users@openssl.org Subject: Regarding certificate type Dear folks, I was wondering if openssl library has support(function) to distinguish types of certificates? I'm looking for some time is_pem(certificate_path) or is_der(certificate_path) functions.? Kindly let me know where i can get this info. Thanks Sharad.
What if I don't call SSL_{CTX}_set_cipher_list?
What happens if I never set the cipher list (in either SSL or SSL_CTX). Do I get the value of DEFAULT? Or a zero list and failure? Thanks. -- Principal Security Engineer Akamai Technology Cambridge, MA
RE: Passing packets (vs file descriptor) to OpenSSL...
Ø Is there a good way to pass the packets to/from openssl instead of using a FD for handshakes/etc? BIO is the openssl IO abstraction; see SSL_set_bio, for example. /r$ -- Principal Security Engineer Akamai Technology Cambridge, MA
RE: Question regarding offloading fundamental ECC operations on a hardware
So if i go on and change the openssl code to offload ECC operations, will i be breaking any license? If you are buying off-the-shelf hardware, then the vendor probably has the necessary licenses. If you are building your own hardware, purely for your exploration and discovery, then it is probably okay. But not, for example, if you are using your hardware in a commercial venture. I am not a lawyer, this is not legal advice. You will not get any legal advice on this mailing list. /r$ -- Principal Security Engineer Akamai Technology Cambridge, MA __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: OpenSSL Security Advisory
Ø How do I determine whether or not the web servers I run are affected? Here's a simple way: echo B | openssl s_client -connect $HOST:$PORT if you see heartbeating at the end, then $HOST is vulnerable. How can you tell if private keys have been taken? You can't, really. You can estimate the likelihood by looking closely at how OpenSSL_Malloc() return values are used and layed out. The risk is that an allocated ssl-record buffer is right up against a private key being stored. /r$ -- Principal Security Engineer Akamai Technology Cambridge, MA
RE: OpenSSL Security Advisory
Ø I get the heartbeating message on both unpatched and patched servers. Should that make me worry about the patched machines? Not necessarily. If they updated to the 'g' release, then they are doing buffer-overrun checking and you're safe. You can probably find out by connecting to your server (via s_client again) and seeing what it says in the server line, as in echo HEAD / HTTP/1.0 | openssl s_client -connect $HOST:$PORT The server usually says things like apache/2.0 openssl/1.0.1g ... and other modules that are bundled in. To be safest, heartbeats should just be disabled. Nobody really uses them. /r$ -- Principal Security Engineer Akamai Technology Cambridge, MA
RE: OpenSSL Security Advisory
Can you please post a good and a bad server example. I have tested a lot of servers, including 'akamai.com', and they all show HEARTBEATING at the end: Look at Victor's recent post about how to patch openssl/s_client to make your own test. That's the simplest. My example tests only for those who have disabled TLs heartbeats, which is the safest thing, but not necessarily the only thing, to do. -- Principal Security Engineer Akamai Technology Cambridge, MA __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
