I don’t disagree, but I’m looking for independent confirmation that the changes
are not correct. They do not appear to specifically have been made for any
vulnerabilities.
In looking at RFC 5077 (the generic non-EAP-FAST scenario) section 3.1 shows
that the server may send a certificate
Hello Tigran!
I was using:
https://github.com/indutny/bud/compare/master...feature/async-key-ex
For quite a long time now. It seems that you have your own solution, but
anyway posted it here in case you are interested.
Cheers!
On Tue, Mar 17, 2015 at 8:44 AM, Tigran Gyonjyan (BLOOMBERG/ 731
I would be very careful about this code. When we ran our tests on OpenSSL
(www.smacktls.com), we found a bunch of issues that were narrowly prevented by
a combination of flags (s-hit, SSL3_FLAGS_OK, s-s3-change_cipher_spec).
Let’s carefully test any change here, so we do not re-enable
In upgrading from 1.0.1i to 1.0.1l I found an issue in the behaviour of a
non-resumed EAP-FAST session.
RFC 4851 indicates that the server can go straight from the serverHello to
changeCipherSpec to resume a session but can also fall back to a full
handshake. With 1.0.1l the client ends up
On Tue, 2015-03-17 at 22:22 +, Tigran Gyonjyan (BLOOMBERG/ 731 LEX)
wrote:
Thank you for your responses, PKCS#11 could be the right way to go. I
am hoping there is flexibility as per what functionality I want to
delegate (just need the decrypt piece).
If I had to implement a fully fledged
On 3/17/2015 10:44 AM, Tigran Gyonjyan (BLOOMBERG/ 731 LEX) wrote:
Hi there!
Recently I had to work on an openssl project where due to security requirements
I had to place the private key for the server certificate on another machine.
In order to be able to make openssl ignore
the fake
On Tue, 2015-03-17 at 15:44 +, Tigran Gyonjyan (BLOOMBERG/ 731 LEX)
wrote:
Recently I had to work on an openssl project where due to security
requirements I had to place the private key for the server certificate
on another machine. In order to be able to make openssl ignore the
fake
My mistake, it looks like my memory was wrong on two accounts. First,
it was AES, not SHA, where I observed the no-asm was faster. Second, it
was on the PowerPC cross-compiled target, not ARM. The results from
openssl speed aes-128-cbc are:
type 16 bytes 64 bytes256
Hi,
Thanks for the answers to my questions - here come some more.
Apple assembler uses a little bit different syntax and you can't
assemble current modules as they are.
... as I found out myself just after asking the original question, but
of course, the following is good to know:
Hi,
I run
./Configure threads zlib-dynamic linux-x86_64:gcc -O3 -flto -Wl,-S
This thing, config-line:command-line, doesn't work as you expect. In the
nutshell you're expected to provide *whole* config line with all those
fields delimited by colons (see linux-x86_64 line in Configure). And
Hi,
There is perlasm/arm-xlate.pl that enables assembly for 64-bit
iOS, and it's being modified to cover even 32-bit iOS.
Is that something that can/will be backported to 1.0.2- (or even 1.0.1-)
branch, once it's working?
Well, it would have to be *your* responsibility, because 1.0.2, as
Hi there!
Recently I had to work on an openssl project where due to security requirements
I had to place the private key for the server certificate on another machine.
In order to be able to make openssl ignore the fake private key in the
certificate I had to hack some data structures to
12 matches
Mail list logo