Hello. We got openssl assert on header len... sorry i can't send it to you
becouse i delete screen log :(
2014-12-14 4:07 GMT+03:00 Вячеслав Бадалян v.badal...@open-bs.ru:
We got openssl assert.
13 дек. 2014 г. 17:49 пользователь Вячеслав Бадалян
v.badal...@open-bs.ru написал:
Thanks!
I
On vagrind we got this
==48882== Thread 40:
==48882== Invalid write of size 8
==48882==at 0x4A0B4BC: memset (vg_replace_strmem.c:1094)
==48882==by 0x34354DAB63: BUF_MEM_grow_clean (buffer.c:152)
==48882==by 0x34354DC512: mem_write (bss_mem.c:189)
==48882==by 0x34354DB746:
Got assert
d1_both.c(296): OpenSSL internal error, assertion failed: s-init_num ==
(int)s-d1-w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH
2014-12-15 15:19 GMT+03:00 Вячеслав Бадалян v.badal...@open-bs.ru:
On vagrind we got this
==48882== Thread 40:
==48882== Invalid write of size 8
==48882==
On Friday 05 December 2014 15:18:30 you wrote:
When discussing this issue, my colleague Hubert Kario made me aware of a
flag offered by e.g. the openssl s_client utility: -trusted_first.
When using -trusted_first, the server verification works successfully in
the above scenario.
Given that
For what it's worth, I have tested the Alexa top 1 million servers with the -
trusted_first option and haven't found a single server that looses its trusted
status, on the other hand, good few percent of servers do gain it.
It's worth a great deal. Thanks! I love fact-based analysis. :)
For what it's worth, I have tested the Alexa top 1 million servers with the -
trusted_first option and haven't found a single server that looses its trusted
status, on the other hand, good few percent of servers do gain it.
It's worth a great deal. Thanks! I love fact-based analysis. :)
On Mon, Dec 15, 2014 at 09:23:26AM -0500, Salz, Rich wrote:
For what it's worth, I have tested the Alexa top 1 million servers with the
-
trusted_first option and haven't found a single server that looses its
trusted
status, on the other hand, good few percent of servers do gain it.
On Po, 2014-12-15 at 14:48 +, Viktor Dukhovni wrote:
On Mon, Dec 15, 2014 at 09:23:26AM -0500, Salz, Rich wrote:
For what it's worth, I have tested the Alexa top 1 million servers with
the -
trusted_first option and haven't found a single server that looses its
trusted
On Mon, Dec 15, 2014 at 05:24:03PM +0100, Tomas Mraz wrote:
This can break DANE TLSA verification, because the site's designated
trust anchor might no longer be in the shorter constructed chain.
[Postfix not affected]
Please enlighten me how this case could be broken by this change of
Great, thanks.
-Original Message-
From: Kurt Roeckx via RT [mailto:r...@openssl.org]
Sent: Thursday, December 11, 2014 1:24 PM
To: lawre...@codeaurora.org
Cc: openssl-dev@openssl.org
Subject: Re: [openssl-dev] [openssl.org #3629] Bug report: run in speed.c
should be declared as volatile
I'm having a look at this (going through all xxx_DEBUG, might as well while I'm
at it)
On Fri Dec 12 20:06:48 2014, st...@stecksoft.com wrote:
Hi,
I'm trying to build 1.0.2-beta3 on Fedora 20 x86_64. I've configured
with some xxx_DEBUG
flags, which results in a compile failure in
Thanks!
-- Paul
On Mon, Dec 15, 2014 at 2:09 PM, Richard Levitte via RT r...@openssl.org
wrote:
I'm having a look at this (going through all xxx_DEBUG, might as well while
I'm
at it)
On Fri Dec 12 20:06:48 2014, st...@stecksoft.com wrote:
Hi,
I'm trying to build 1.0.2-beta3 on Fedora
On Thu, Dec 11, 2014 at 3:30 PM, Adam Langley a...@google.com wrote:
Thanks. So far that version is good to ~1B random tests. I'll leave it
going until Monday.
It's good for ~6B random tests.
Of course, that's not as compelling for 64-bit code as it would be for
32-bit, but I think we can
Hi,
Sorry for crossposting this to three lists but I feel this is a
multi-software-issue and I feel all software involved need to find a
way to resolve this.
I feel the current software setting of tls server configs and browsers
leads to the unoptimal result that often CBC modes are preferred
Is this a theoretical issue, or have you seen it in widespread use?
I thought most servers these days picked what they wanted, and used the client
ordering as a suggestion, at best.
--
Principal Security Engineer, Akamai Technologies
IM: rs...@jabber.me Twitter: RichSalz
On Mon, 15 Dec 2014 20:31:53 -0500
Salz, Rich rs...@akamai.com wrote:
Is this a theoretical issue, or have you seen it in widespread use?
www.openssl.org would be an example where you can see it live and
real :-)
--
Hanno Böck
http://hboeck.de/
mail/jabber: ha...@hboeck.de
GPG: BBB51E42
On Mon, 15 Dec 2014 17:36:40 -0800
Ryan Sleevi rsle...@chromium.org wrote:
* Server operator uses apache+openssl wiht cipher string
HIGH:!MEDIUM:!LOW:!aNULL@STRENGTH. This seems reasonable.
Only HIGH security ciphers and sort them by strength.
* Browser (Chrome or Firefox) will take
On Mon, 15 Dec 2014 18:07:15 -0800
Ryan Sleevi rsle...@chromium.org wrote:
I fear you may have misread again.
SSLHonorCipherOrder is on by default, and respects the client
preferences. The mainstream clients generally prefer GCM over CBC,
ergo, honoring the cipher order is the right thing.
On Tue, Dec 16, 2014 at 02:18:40AM +0100, Hanno B?ck wrote:
Firefox and Chrome support authenticated encryption via TLS 1.2 and GCM
these days. However they have for some reason decided not to support
AES-256 but only AES-128.
In which case, they will never use AES-256, and yet:
This is in
On Tue, 16 Dec 2014 03:09:53 +
Viktor Dukhovni openssl-us...@dukhovni.org wrote:
On Tue, Dec 16, 2014 at 02:18:40AM +0100, Hanno B?ck wrote:
Firefox and Chrome support authenticated encryption via TLS 1.2 and
GCM these days. However they have for some reason decided not to
support
On Tue, Dec 16, 2014 at 04:23:24AM +0100, Hanno B?ck wrote:
On Tue, Dec 16, 2014 at 02:18:40AM +0100, Hanno B?ck wrote:
Firefox and Chrome support authenticated encryption via TLS 1.2 and
GCM these days. However they have for some reason decided not to
support AES-256 but only
Is there an easy way to get at the parameter ‘y’ (DSA-pub_key, which is a
BIGNUM *) in ASN.1 format? (See (2) below…)
Better yet, how to take that and pass it to ASN_item_digest()?
Also, there’s some confusion (at least for me) about what constitutes
DSAPublicKey. According to RFC-5912 you
22 matches
Mail list logo