...and don't intend to fix their broken ECDSA support in Safari.
It is therefore suggested that I pull this patch:
https://github.com/agl/openssl/commit/0d26cc5b32c23682244685975c1e9392244c0a4d
What do people think?
__
OpenSSL
Hi,
Attached the Patch for the OpenSSL with ALPN implementation.
-Original Message-
From: Parashuram Narasimhan (MS OPEN TECH)
Sent: Thursday, June 13, 2013 5:57 AM
To: 'openssl-dev@openssl.org'
Subject: [Patch] ALPN Implementation for OpenSSL
Hi,
I work for Microsoft Open
Hi,
I work for Microsoft Open Technologies, a wholly owned subsidiary of Microsoft
Corp. My team is currently working on a patch to OpenSSL to allow for early
testing and interoperability.
More background is available at
http://tools.ietf.org/html/draft-ietf-httpbis-http2-03#section-2.3.
On Thu, Jun 13, 2013 at 6:39 PM, Ben Laurie b...@links.org wrote:
It is therefore suggested that I pull this patch:
https://github.com/agl/openssl/commit/0d26cc5b32c23682244685975c1e9392244c0a4d
The behavior change applies only if new option
SSL_OP_SAFARI_ECDHE_ECDSA_BUG is used (part of
Hi,
I am using openssl 1.0.1e to create a CA and generate certificates.
I am facing an issue while generating the device certificates.
After creating the ca certificate using below command
# openssl req -x509 -new -newkey rsa:1024 -keyout private/cakey.pem -days 3650
-out cacert.pem
when we
On 13/06/13 17:39, Ben Laurie wrote:
...and don't intend to fix their broken ECDSA support in Safari.
Ben, you've got your wires a bit crossed there.
The ECDHE-ECDSA ciphersuites are indeed broken in Safari on OSX 10.8 to
10.8.3, but they are _fixed_ in OSX 10.8.4 (released last week).
It
On 14 June 2013 09:39, Rob Stradling rob.stradl...@comodo.com wrote:
On 13/06/13 17:39, Ben Laurie wrote:
...and don't intend to fix their broken ECDSA support in Safari.
Ben, you've got your wires a bit crossed there.
The ECDHE-ECDSA ciphersuites are indeed broken in Safari on OSX 10.8 to
On 14/06/13 10:20, Ben Laurie wrote:
On 14 June 2013 09:39, Rob Stradling rob.stradl...@comodo.com wrote:
On 13/06/13 17:39, Ben Laurie wrote:
...and don't intend to fix their broken ECDSA support in Safari.
Ben, you've got your wires a bit crossed there.
The ECDHE-ECDSA ciphersuites are
On 14 June 2013 12:25, Rob Stradling rob.stradl...@comodo.com wrote:
On 14/06/13 10:20, Ben Laurie wrote:
On 14 June 2013 09:39, Rob Stradling rob.stradl...@comodo.com wrote:
On 13/06/13 17:39, Ben Laurie wrote:
...and don't intend to fix their broken ECDSA support in Safari.
Ben,
On 14/06/13 12:31, Ben Laurie wrote:
On 14 June 2013 12:25, Rob Stradling rob.stradl...@comodo.com wrote:
snip
Ah, so you're criticizing Apple for not being willing to force all OSX
10.8.x users to update to 10.8.4.
No.
If OSX 10.8.x has a mechanism that allows Apple to force updates to be
On 14 June 2013 13:57, Rob Stradling rob.stradl...@comodo.com wrote:
On 14/06/13 12:31, Ben Laurie wrote:
On 14 June 2013 12:25, Rob Stradling rob.stradl...@comodo.com wrote:
snip
Ah, so you're criticizing Apple for not being willing to force all OSX
10.8.x users to update to 10.8.4.
On Thu, Jun 13, 2013 at 05:39:36PM +0100, Ben Laurie wrote:
...and don't intend to fix their broken ECDSA support in Safari.
It is therefore suggested that I pull this patch:
https://github.com/agl/openssl/commit/0d26cc5b32c23682244685975c1e9392244c0a4d
What do people think?
No keep the
On Fri, Jun 14, 2013, Bodo Moeller wrote:
On Thu, Jun 13, 2013 at 6:39 PM, Ben Laurie b...@links.org wrote:
It is therefore suggested that I pull this patch:
https://github.com/agl/openssl/commit/0d26cc5b32c23682244685975c1e9392244c0a4d
The behavior change applies only if new
On 06/14/2013 03:31 PM, Dr. Stephen Henson wrote:
Note that the patch changes the value of SSL_OP_ALL so if OpenSSL shared
libraries are updated to include the patch existing applications wont set it:
they'd all need to be recompiled.
That's a valid point.
Possibly alternative is to reuse
Note that the patch changes the value of SSL_OP_ALL so if OpenSSL shared
libraries are updated to include the patch existing applications wont set
it:
they'd all need to be recompiled.
That's a valid point.
This is true, unfortunately.
Possibly alternative is to reuse one of the
Ø Hm, without any SSL_OP_... settings, the expectation generally is that we
kind of sort of follow the specs
Ø and don't do any weird stuff like this for interoperability's sake. If we
switch semantics around for certain
Ø options, the resulting inconsistencies would make all that even
On 14/06/13 13:58, Ben Laurie wrote:
On 14 June 2013 13:57, Rob Stradling rob.stradl...@comodo.com wrote:
snip
Safari's User-Agent string reveals the OSX version that it is running on. A
few weeks ago I analyzed some webserver logs to get an idea of historical
OSX update rates. Based on that
On 14 June 2013 13:54, The Doctor doc...@doctor.nl2k.ab.ca wrote:
On Thu, Jun 13, 2013 at 05:39:36PM +0100, Ben Laurie wrote:
...and don't intend to fix their broken ECDSA support in Safari.
It is therefore suggested that I pull this patch:
On 14 June 2013 14:08, Rob Stradling rob.stradl...@comodo.com wrote:
On 14/06/13 13:58, Ben Laurie wrote:
On 14 June 2013 13:57, Rob Stradling rob.stradl...@comodo.com wrote:
snip
Safari's User-Agent string reveals the OSX version that it is running on.
A
few weeks ago I analyzed some
On 14/06/13 13:54, The Doctor wrote:
On Thu, Jun 13, 2013 at 05:39:36PM +0100, Ben Laurie wrote:
...and don't intend to fix their broken ECDSA support in Safari.
It is therefore suggested that I pull this patch:
https://github.com/agl/openssl/commit/0d26cc5b32c23682244685975c1e9392244c0a4d
On 14/06/13 14:31, Dr. Stephen Henson wrote:
snip
The behavior change applies only if new option
SSL_OP_SAFARI_ECDHE_ECDSA_BUG is used (part of SSL_OP_ALL), as is standard
for interoperability bug workarounds, so while it is very unfortunate that
we'd need to do this, I'm in favor of accepting
On 14 June 2013 16:10, Bodo Moeller bmoel...@acm.org wrote:
Note that the patch changes the value of SSL_OP_ALL so if OpenSSL shared
libraries are updated to include the patch existing applications wont set
it:
they'd all need to be recompiled.
That's a valid point.
This is true,
On Wed, 07 Dec 2011 m.tr...@gmx.de wrote:
Hi,
I have added support for the 'HTTP CONNECT' command to s_client.
Maybe it's useful for someone else.
Regards
Michael
Hello Michael.
I was doing some SSL diagnostics through a series of
proxy tunnels and was about to hack HTTP CONNECT support
for
From: owner-openssl-...@openssl.org On Behalf Of Kurt Roeckx
Sent: Thursday, 13 June, 2013 03:13
When talking to an exchange server I get some weird behaviour when
using the 1.0.1e version. I get a TLS 1.0 connection, but the
problems go away when using -no_tls1_2
If you got an agreed
Hi,
adding multiple CRL distribution points I stumbled upon a problem that could be
solved by finding a seven years old bug report:
http://www.mail-archive.com/openssl-dev@openssl.org/msg21907.html
The Bug is still there:
http://www.openssl.org/docs/apps/x509v3_config.html
at the bottom of
25 matches
Mail list logo