On Thu, 19 May 2022 10:34:09 +0200
wrote:
> And this is looks like when shorewall doesn't work and as I see
> whorewall died, I start it yesterday on terminal
Take a look at Poldi's solution (#3) in :
https://bugs.launchpad.net/ubuntu/+source/shorewall/+bug/1511869
The other comments in the
This is what it looks like on a healthy system when managed using
systemd :
% cat /usr/lib/systemd/system/shorewall.service
#
# The Shoreline Firewall (Shorewall) Packet Filtering Firewall
#
# Copyright 2011 Jonathan Underwood
#
[Unit]
Description=Shorewall IPv4 firewall
On Wed, 18 May 2022 19:04:54 +0200
wrote:
> So you are saying there is not possible to run shorewall at boot. It
> is only possible to start it with cmd/terminal
What I am saying is always go back to a reliable way.
You are saying the same when you say that it works fine on previous
Centos
On Wed, 18 May 2022 18:12:08 +0200
wrote:
> I am soure I am not the only one with this problem, but I am also
> soure other guys switched to some other firewall.
>From years of using shorewall on various devices, it always starts from
the command line.
In any problem like this I immediately
Hello.
I searched for a few hours and did not find any solid technical (not
belief based) in having systemd's journald in the logging path. So I
decided to remove it and use only rsyslog. I appreciate the effort
made by the rsyslog team to support journald, but simply did not find
any reason
On Fri, 1 Apr 2022 13:42:00 -0400
Andrea Bolognani wrote:
> Try passing --no-reboot to virt-install.
Thanks, this works very well.
... And it reminded me to look at the manual ! :)
Cheers.
Hello everyone,
I create kvm machines using a bash script. As expected from the
script, the resulting virtual machines are performing as they should
be. The aspect that I do not get is at the end of the creation, when
issuing a 'shutdown now' in the guest and expecting that it will shut
down.
On Thu, 7 Nov 2019 16:44:45 +0200 (EET)
Timo Lindfors wrote:
> At least the following works on Debian 10:
Thanks. That's quite a few options to read about. One question: what
is the pressed.cfg about ? Is it to seed the rng early in the install
process ?
On Thu, 7 Nov 2019 17:52:32 +0100
Pavel Hrdina wrote:
> The issue is that you are using the virt-install --disk option
> incorrectly. If you look into man page of virt-install you can see
> some examples. The options for each parameter needs to be separated
> by comma. The command line that
Hello,
I've created several VMs using virt-manager and am using them. This
time around though, I'd like to use the CLI approach. The problem
resides in defining a storage space. This is using virt-install 1.5.1
on Xubuntu 18.04.
For the occasion I created a new directory to store images. So
On Sun, 3 Nov 2019 20:51:43 -0800
Jerry Scharf wrote:
> I am starting on a go/zmq/protobuf project with multiple pieces. I
> was wondering if anyone has done significant work with go and zmq
> that I can talk to off list. Want to wrap my head around how to
> structure to comms part of the
On Sun, 16 Jun 2019 15:05:40 +0300
Doron Somech wrote:
> I'm working on a new website for zeromq, you can check it out here:
>
> https://new.zeromq.org/
As an aside, is The Guide available as PDF ?
Cheers.
___
zeromq-dev mailing list
On Mon, 1 Apr 2019 20:00:20 +0200
Michal Vyskocil wrote:
Hi,
> However libzmq equals to zeromq for you. See release page
> https://github.com/zeromq/libzmq/releases tarballs are named zeromq.
> That's more the historical coincidence.
>
> Nowadays zeromq is the project umbrella and libzmq is
Hello,
New to zeromq. I would like to incorporate zeromq in C++
developments. From the main page, 'Download' I got to the github page
and downloaded zeromq-4.3.1.tar.gz. I built it and installed at the
default location (Linux, /usr/local/lib/). Looking for a C++
interface, the cppzmq
Hello,
Thanks for the previous reply about glibc errors.
Is it possible to 'automate' the tzselect portion of building glibc ?
By 'automating' I mean to get rid of the user interaction. I did some
searches although what I've seen so far was related to the Debian
system.
Is there a config file
Hello,
Although it's expected that the glibc 'make check' can have errors, I'd
like to just list the ones I got here just in case there's something
really serious. Some are listed in the book, some are not.
The computer is an Intel Core i5-3570 CPU. Would that be considered a
relatively not
On Fri, 18 Jan 2019 18:53:03 +0100
Pierre Labastie wrote:
> I agree the error message is misleading... "gcc" is a wrapper, as
> explained above. It tries to launch sequentially "cpp", "cc1", "as",
> and "collect2" (which in turn launches "ld"). If it does not find one
> of those files, it just
On Fri, 18 Jan 2019 09:23:38 +0100
Pierre Labastie wrote:
> The missing asm-goto issue could come from a similar error (not using
> \ continuation) in binutils pass 2...
Yes, that was the case !
--
http://lists.linuxfromscratch.org/listinfo/lfs-support
FAQ:
On Fri, 18 Jan 2019 08:54:54 +0100
Thomas Seeling wrote:
> you could solve that by exporting the variables. only exported
> variables are visible in sub shells, or variables listed on the same
> command line in front of the command invoked.
>
> "CC=... make" would make the CC variable visible
On Fri, 18 Jan 2019 09:23:38 +0100
Pierre Labastie wrote:
> But I haven't asked you to run "./gcc", but to run "./gcc -v". That
> makes a big difference: gcc is just a wrapper which calls other
> programs sequentially (normal sequence: cpp, cc1 (compiler), as, and
> collect2 (itself a wrapper to
On Fri, 18 Jan 2019 02:26:24 +
Ken Moffat wrote:
> This is also why, no matter how well somebody knows how to script,
> we recommend a manual build until you have successfully booted LFS.
> Of course, doing that would have not highlighted the problem in
> quite the same way. But technically
On Thu, 17 Jan 2019 10:36:33 -0500
jonetsu wrote:
> make: gcc: Command not found
Confirmed. It now works. Two modifications were made since last
time. One is about a gcc directory that did not get erased when
supposed to. The other is about the gcc 2nd pass configure command
that
On Thu, 17 Jan 2019 14:46:33 -0600
Bruce Dubbs wrote:
> Typically the solution for errors like you describe is to start over
> and be more careful following the commands in the book.
Yes. This is why it's all scripted.
Doing some searches I found this quote in the mailing list, perhaps by
On Thu, 17 Jan 2019 14:20:19 -0600
Bruce Dubbs wrote:
> In my experience, these types of errors result from not building
> Chapter 5 as user lfs or that the lfs user environment is wrong. One
> mistake is that the change to user lfs is done with 'su lfs' and not
> 'su - lfs'.
Do you know in
On Thu, 17 Jan 2019 10:36:33 -0500
jonetsu wrote:
> make: gcc: Command not found
I should add that ldd (as chroot) gives:
lfs chroot) root:/tools/bin# ldd gcc
linux-vdso.so.1 (0x7ffeed749000)
libc.so.6 => /tools/lib/libc.so.6 (0x7f75b5b98000)
/lib64/ld
Hello,
I have rebuilt ch5 twice now. The 2nd time around I have scripted all
build commands so that there's a firm reliable base to work with. Each
package has its own build file. The build instructions can be compared
with the book and adjusted if necessary. Less guess work. And each
Hello,
We are using FOM 2.0.9 for an embedded product that will go for FIPS
validation. Validation of the full product, that is. All development so far
is with 2.0.9. What would be the reasons, if any, to update to 2.0.12 before
going to the lab ?
Thanks - comments much appreciated.
--
Hello,
Is there an example or two around on how to handle intermediate CAs using
GnuTLS ?
Thanks.
___
Gnutls-help mailing list
Gnutls-help@lists.gnutls.org
http://lists.gnupg.org/mailman/listinfo/gnutls-help
Hello,
When using the FIPS module (version 2.0.9 if it matters, with OpenSSL
1.0.1e) the source code of both the regular openssl and the openssl-fips
have a certain number of files named the same. For instance,
crypto/bn/bn_rand.c. The FIPS version of this file has an additional check
for
Thanks for the explanation.
> Just link against the library produced by the FIPS capable
> OpenSSL build. If, for some reason, that only produced
> libcrypto.a, then you need to investigate why — perhaps you
> passed “no-shared” when running the config script?
The confusion came from trying to
FIPS: Need to use FIPS versions of (EVP) methods ?
In FIPS mode, is there a need to use the FIPS_* methods instead of the
regular ones once FIPS_mode_set(1) was successfully executed ? For
instance, is there a need to use FIPS_evp_sha1() instead of EVP_sha1()
? Wouldn't the FIPS version of
The current FIPS User Guide mentions:
"3.3 Creation of Shared Libraries
The FIPS Object Module is not directly usable as a shared
library, but it can be linked into an application that is a
shared library. A “FIPS compatible” OpenSSL distribution will
automatically incorporate an
Hello,
Is it normal to get a 'linker imput file unused because linking
not done' warning when compiling C code that uses OpenSSL in FIPS
mode, hence using fipsld ?
The object file is actually generated,a s well as the executable,
and it does execute in a meaningful manner.
The warning:
[...]
Hello,
Is there explicit Intermediate CA support in libreswan itself, or is it
exclusively handled by NSS ?
Thanks.
___
Swan mailing list
Swan@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan
Hello,
Some time ago I did a user interface for DSCP marking, taking the documentation
from the tcrules of that time, in which it was mentioned that the DSCP mark can
be follwoed by either F (forward chain) or T (postrouting - default). The
current mangle documentation page does not have
Hello,
Is it possible to simulate FIPS failure at run-time, at any given time ? Or
does OpenSSL have to start in failure simulation mode ? Also, is failure
simulation a standard part of a normal, non-debug, build ?
Thanks.
--
View this message in context:
Hello,
Does the current stable GnuPG release have the 186-4 support mentioned in
Issue1736 'FIPS 186-4 compliance patches' ?
Thanks.
--
View this message in context:
http://gnupg.10057.n7.nabble.com/186-4-RSA-support-tp47978.html
Sent from the GnuPG - User mailing list archive at
Hello,
Does 2.0.12 support 186-4 ? Specifically, does it support the RSA requirements
?
Thanks.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Hello,
I am looking for the selftests, the KAT tests, for AES CTR and CBC in
openssl_fips 2.0.9.
Although many tests are directly defined, such as:
FIPS_selftest_aes_gcm(void) in aes/fips_aes_selftest.c
gcmtest(FILE *in, FILE *out, int encrypt) in ../aes/fips_gcmtest.c
And for CBC:
Hello,
Is libreswan's OCSP periodically doing checks to see of the certificate in use
is still valid ? If so, at which frequency ?
Thanks.
___
Swan mailing list
Swan@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan
Hello,
Is there anything new regarding the prime number requirement handling for
FIPS 186-4, as far as supporting it ? I asked some time ago. Just want to
see if anything has changed, if there's anything planned. - thanks !
--
View this message in context:
Hello,
Is there a run-time option to disable all and every uses of elliptical
curves ?
If not, is there a compile option ?
Thanks.
--
View this message in context:
http://mozilla.6506.n7.nabble.com/Disabling-all-uses-of-elliptical-curves-tp354147.html
Sent from the Mozilla - Cryptography
Hello,
It was suggested previously to compile with the '--disable-ecdhe' option to
disable the use of elliptical curves. Will this compile option effectively get
rid of all and every uses of elliptical curves or will there still be some uses
allowed ?
Thanks.
> From: "David Lang"
> Date: 04/04/16 14:56
> rsyslog just uses whatever gnutls does by default. It doesn't try to be
> fancy,
> it just does a minimal wrapper around it's normal communications.
The background to this is the observance of the NSA NIAP requirements when
Hello,
In using certificates for secure remote syslogging, does rsyslog take into
account the certificates's Extended Key Usage ?
For instance, in this case rsyslog is a client. The certificate used would
have the Extended Key usage field set to serverAuth. If the certificate does
not have
Hello,
Does OpenSSL allows TLS 1.0 when running in FIPS mode ?
Thanks.
--
View this message in context:
http://openssl.6102.n7.nabble.com/TLS-1-0-in-FIPS-mode-tp65343.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
--
openssl-users mailing list
To unsubscribe:
Hello,
Is there any provision within Shorewall to provide traffic control inside
L2TPv3 ?
Thanks.
--
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics
Hello,
Subject line basically says it. Is it possible to disable the use of elliptic
curves at compile time ?
Thanks.
___
Gnutls-help mailing list
Gnutls-help@lists.gnutls.org
http://lists.gnupg.org/mailman/listinfo/gnutls-help
Hello,
When setting up for encrypting syslog traffic, is there any option within
rsyslog to restrict any crypto parameter ? For instance, is it possible to
disable the use of curves CURVE-SECP224R1 and CURVE-SECP192R1 in GnuTLS ?
Thanks.
___
Hello,
Is it possible to disable the use of CURVE-SECP224R1 and CURVE-SECP192R1 at
runtime (by a parameter or programmatically) ?
Thanks.
___
Gnutls-help mailing list
Gnutls-help@lists.gnutls.org
http://lists.gnupg.org/mailman/listinfo/gnutls-help
Hello,
Which key sizes are available for DSA signature generation and verification ?
Thanks.
___
Gnutls-help mailing list
Gnutls-help@lists.gnutls.org
http://lists.gnupg.org/mailman/listinfo/gnutls-help
Paul Wouters wrote:
> Why would that be the right choice?
Because this is the FIPS/CC way. Moreover, our FIPS/CC consultant have made
it clear.
This being said, a difference must be established between a unit, a hardware
unit, and software components running inside. It might very well be that
Paul Wouters wrote:
> How is a library in FIPS mode when it hasn't yet initialised because
> the application has not kicked of yet? Do you actually initialise
> them using a test program?
Yes. This is the case for OpenSSL and GnuTLS. For NSS, as we have seen,
the FIPS initialisation is done
Robert Relyea wrote:
> The call PK11_IsFIPS() returns true if softoken is in FIPS mode. The
> dance to programatically is to call SECMOD_DeleteInternalModule(),
> which toggles the module between FIPS and non-FIPS modes.
Thanks. I will try it.
When are the self-tests run, from an application
Paul Wouters wrote:
> Oh, I did not know about this one. I guess once we (the application)
> detect the system is in FIPS mode, we could verify that NSS is as
> well.
>> Finally, is there any example code out there that uses NSS in FIPS
>> mode ?
> libreswan uses NSS and supports a FIPS mode.
Paul Wouters wrote:
> So while I just added a check, it should be completely redundant.
Depends. I'd be wary of a system that proclaims itself FIPS enabled without
'seeing it with my own eyes'. So I am not convinced this is redundant.
> Those are done within the libraries and applications.
Hello,
Please let me know if this is not the right place to ask about the
following...
I am new to NSS and would like to use it in FIPS mode. I do know
about OpenSSL and GnuTLS, both of them having explicit calls to
enabled FIPS mode. With NSS, so far I have seen that the modutil
Hello,
Using 1.0.1e running FIPS module 2.0.9, the following two
commands for querying the ciphers do not yield the same results.
There are more ciphers declared in the 'string' version.
The 'environment variable' version:
% OPENSSL_FIPS=1 openssl ciphers -v |
The 'string' version:
% openssl
> Does FIPS mode prevent use of MD5: Yes.
> Does FIPS mode prevent insecure uses of SHA-1 (a FIPS
> algorithm): No.
> Does FIPS mode prevent the SSL/TLS handshake from using 96 bit
> truncated HMAC values: Probably not.
> Does FIPS mode prevent use of the insecurely designed
> 'tls-unique'
Does this mean that running 1.01e in FIPS mode is protected regarding this
SLOTH attack ?
--
View this message in context:
http://openssl.6102.n7.nabble.com/openSSL-and-SLOTH-attack-tp62055p62074.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
Is there any current solution to have RSA 186-4 in OpenSSL FIPS (now, even if
this means an upgrade ?)
Thanks.
--
View this message in context:
http://openssl.6102.n7.nabble.com/RSA-and-FIPS-186-4-in-OpenSSL-1-0-1e-fips-2-0-9-tp61753p61769.html
Sent from the OpenSSL - User mailing list
Sorry, I forgot: What about the code itself, if we do not mind the validation
? Is the 185-4 RSA compatible code present in any OpenSSL/FIPS module ?
--
View this message in context:
http://openssl.6102.n7.nabble.com/RSA-and-FIPS-186-4-in-OpenSSL-1-0-1e-fips-2-0-9-tp61753p61774.html
Sent
What would then be the permitting conditions to pursue a new validation ? If
you don't mind me asking. I have read several notes you have on the subject
and I agree that the whole thing is of Dedalus proportions. In a nutshell
what would be these conditions ?
Thanks, much appreciated.
--
Fair enough (in this context). But what about the code itself, is it ready
to be RSA 186-4 compliant ?
And, if we go through a validation, can OpenSSL benefit from it ?
--
View this message in context:
Hello,
I have read about the use of FIPS_rsa_x931_generate_key_ex() for 186-4
compliance. We are using OpenSSL 1.0.1e with the fips-2.0.9 module. Would
it make functional sense using those versions to patch RSA_generate_key_ex()
(../crypto/rsa/rsa_gen.c) to have:
#ifdef OPENSSL_FIPS
Hello,
Are any FIPS self-checks done when executing gnutls_global_init(); and
gnutls_init(); when GnuTLS runs in FIPS mode (as reported by the return value
of '1' to gnutls_fips140_mode_enabled()) ? If not, is it possible to have
these tests made explicitly ?
Thanks.
Wish you all the best !!
-Original Message-
> From: "Tom Eastep"
> To: "Shorewall Users" , "Shorewall
> Development"
> Date: 11/17/15 11:13
> Subject: [Shorewall-users] I'll be off
Hello,
I would like to see the bug fix for RT3515 'Use 3DES in pkcs12 if built with
no-rc2' although the opnssl tree I got recently does not show it:
% git status
On branch master
Your branch is up-to-date with 'origin/master'.
% git show 92830dc1ca0bb2d12bf05a12ebb798709595fa5a
fatal: bad
Hello,
There is a thread in 2013 (30 May 03:15) in which Steve writes that OpenSSL
1.0.1 has a bug regarding the use of PKCS12 in FIPS mode since it tries to
handle a certificate using a non-FIPS component. I think I found the commit
that fixes this, although it is part of a quite huge
In the NSA page referred above, the p-384 curves are specifically mentioned
for DH. These would be the ones covered by the Suite B NSA license
sub-licensed to OpenSSL, are they ? Is it possible to build OpenSSL in FIPS
in such a way that only these curves will be used ?
Regards.
--
View this
Sorry if this is answered elsewhere ...
Is the version control repository as well as the bug tracker of public read
access ?
Is it possible to find a specific commit in the OpenSSL repository that would
hopefully fix a single discovered/reported bug ?
We have hit the
In 1.0.1e the following is observed when using OpenSSL in FIPS mode:
% OPENSSL_FIPS=1 openssl pkcs12 -export -in
/tmp/ipsec.d/certs/192.168.11.1 -inkey
/tmp/ipsec.d/private/192.168.11.1 -name 192.168.11.1 -out
/tmp/ipsec.d/192.168.11.1.p12 -password pass:""
Hello,
Sorry if this is a bit beside OpenSSL per se, the idea behind this post is to
perhaps have some information form the OpenSSL experience with FIPS validation.
There was so much effort put into FIPS compliance that it would not be
far-fetched to consider that there is also knowledge
> From: "Steve Marquess"
> Date: 10/21/15 14:18
> See Appendix B of the OpenSSL FIPS User Guide:
> https://openssl.org/docs/fips/UserGuide-2.0.pdf
Thanks.
> The specific algorithm tests have changed quite a bit since then
> (constant change is part of the fun), but
> From: "Tom Eastep"
> Date: 10/09/15 12:59
> > When having a complex TC configuration for both IPv4 and IPv6,
> > setting TC_ENABLED=Internal in both Shorewall .conf files seems
> > natural. Is this the way to proceed ?
> You want TC_ENABLED=Internal in one
> From: "Tom Eastep"
> Date: 10/09/15 12:59
> Also note the warnings about the settings for CLEAR_TC in both files.
It works using files instead of symlinks. I was simply wondering if Shorewall
would take into account the nature of the symlinks themselves in its
> From: jonetsu <jone...@teksavvy.com>
> Date: 10/09/15 14:42
> I have another question regarding Shorewall6 conf: why isn't there a Simple
> option for TC_ENABLED ?
The above question stemmed from the online shorewall6.conf in which the Simple
option for TC_ENABLE
Hello,
When having a complex TC configuration for both IPv4 and IPv6, setting
TC_ENABLED=Internal in both Shorewall .conf files seems natural. Is this the
way to proceed ?
Thanks.
--
Hello,
Following on the recent thread, I would like to know how to run the tests after
a successful compile while in FIPS mode. Currently there are over 80 failures
when running 'make check' so something is wrong.
Thanks.
___
Gnutls-help
> From: "Nikos Mavrogiannopoulos"
> Date: 09/23/15 07:06
> They are run on the gnutls global initializer. There is no
> documentation for the FIPS140 operations. It affects too few people to
> make sense writing it. Unless there is someone contributing that
> documentation I
> From: "Nikos Mavrogiannopoulos"
> Date: 09/22/15 02:24
> In FIPS140-2 mode the library must have integrity tests, and if these
> are not present it will fail to load. You may use the environment
> variable GNUTLS_SKIP_FIPS_INTEGRITY_CHECKS (set to 1), to skip these
>
> From: "Salz, Rich"
> Date: 09/14/15 16:07
> Are you talking about the command-line?
Yes.
> It would be great if someone sent in a patch that standardized
> and documented exit codes, like 0 for got a "good"
> response, "1" for got a "bad" response, and 10 for got an
>
Hello,
The documentation does not seem too clear about what the behaviour exactly is
when OpenSSL deals with a broken OCSP responder. For instance, one that would
send an OK without any contents. We call openssl from an application and would
like to know what is returned in such a case, or
Thanks for your comments - much appreciated. What is exactly the poodle
patch and how doe sit come into providing some form of protection against
the BEAST attack ?
--
View this message in context:
Does this mean, since the 'no insert fragments' is part of SSL_OP_ALL, that
OpenSSL is BEAST-proof since some time regarding it's use of TLS 1.0 and SSL
3.0 ?
Thanks.
--
View this message in context:
OK. So this means that the SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS is not the
solution for the BEAST attack. Is there a solution while keeping TLS 1.0
and SSL v3.0 ?
Thanks.
--
View this message in context:
Hello,
Having an undefined zone along with disabling explicitly the routeback option
generates an error as if the '0' value of the
routeback option (which i assume is disabling the option) is not taken into
account:
Shorewall 4.6.4.3.
interfaces
- eth2 -
@lists.sourceforge.net
Date: 08/06/15 12:32
Subject: Re: [Shorewall-users] Error output has changed
On 08/04/2015 12:33 PM, jonetsu wrote:
From: Robert K Coffman Jr. -Info From Data Corp.
bcoff...@infofromdata.com
Date: 08/04/15 15:18
The TC files were changed - the error
Hello,
The examples shown in the mangle documentation are the same as for tcrules.
I ran:
(config files, including shorewall.conf, are stored in /tmp/shorewall/)
% cd /tmp/shorewall/
% shorewall update -t .
And from a tcrules that is:
#MARK SOURCE DEST PROTO DPORT(S)
Shorewall 4.6.4.3
Still using tcrules, so I ran 'shorewall update -t .' and it created a mangle
file, and modified the shorewall.conf file.
The configuration is missing a default tcclass. Shorewall 4.5.5.3 will report:
% shorewall check .
[...]
Checking Martian Logging...
Checking
Hello,
This is basically the same as the previous post about no error output when a
default tcclass is missing. This time around the out bandwidth is exceed.
Shorewall 4.5.5.3 has a warning output:
Checking Martian Logging...
Checking /tmp/shorewall/tcdevices...
Checking
Hello,
I have noticed that between versions 4.5.5.3 and 4.6.4.3 that the
error output concerning a missing TC default class is missing in
the latter, for a same configuration:
4.5.5.3:
Checking /tmp/shorewall/tcdevices...
Checking /tmp/shorewall/tcclasses...
ERROR: No default class
From: Robert K Coffman Jr. -Info From Data Corp. bcoff...@infofromdata.com
Date: 08/04/15 15:18
The TC files were changed - the error message on the newer version
telling you how to update your files.
Hmmm... The 'shorewall update -t' command ... That is quite a lot. The system
relies so
Hello,
On Wed Jan 14 08:13:47 a patch was given re.: 'Compiling with the FIPS option'.
Today with version 3.3.16 I see that the patch was not applied upstream. Is
it still needed at all ?
Thanks.
___
Gnutls-help mailing list
Hello,
Our Nessus version 6.4.1 is detecting a BEAST vulnerability against OpenSSL
1.0.1e. The source code defines SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS as
0x0800L and several tests are made for this value in the code. The CHANGES
mentions though that this had some side effects, the
The validation is on the ARM platform using Linux 2.4. I am one of those
'unlucky' having to deal with FIPS so please pardon any silly questions.
Would this validation be limited to these two aspects ? And, is there any
money-saving advantage at using an already validated OpenSSL when the whole
Hello,
When specifying a rpfilter option for an interface, we can see after applying
the firewall configuration that there is a rpfilter being added for that
interface, as well as a rpfilter chain. OTOH, no rp_filter option is set in
/proc/sys/net/ipv4/conf/interface|all/rp_filter.
What
GnuTLS supports TLS v1.1 although none TLS1.1 is shown in the cipher list. But
it is shown as protocol. Does this mean that there were no ciphers added at
the TLS 1.1 stage (only protocol changes) and, the ciphers supported by 1.1 are
already listed using a previous version ?
Regards.
Even a small convenience is still a convenience.
And eventually they add up.
Thanks for the comments - it's appreciated.
--
View this message in context:
http://openssl.6102.n7.nabble.com/SHA256-to-EVP-tp57774p57826.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
Hello,
The context is migrating an application to use EVP only methods.
AES_set_encrypt_key(...)
AES_cfb128_encrypt(...)
The AES_cfb128_encrypt() is pretty clear to migrate to EVP_*,
what about the AES_set_encrypt_key() ? I haven't found yet any
correlation to the EVP methods, let alone an
1 - 100 of 181 matches
Mail list logo