Hi!
I would like to close this since it's not a bug.
Best regards,
Fredrik Jansson
On Mon, Oct 28, 2013 at 9:33 AM, The default queue via RT
r...@openssl.orgwrote:
Greetings,
This message has been automatically generated in response to the
creation of a trouble ticket regarding:
We noticed the same thing and would also recommend that the openssl client
reject small DH groups.
This would complement the strong validity checks that openssl already by e.g.
checking primality and rejecting invalid public keys.
On the precise number of minimum bits, please note that IIS
Somehow, both SSL_R_NO_PEM_EXTENSIONS and
SSL_R_INVALID_SERVERINFO_DATA were assigned reason code 389.
This patch uses the next available number (393) for
SSL_R_NO_PEM_EXTENSIONS to disambiguate the two reason codes.
---
ssl/ssl.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git
Without these changes, running util/mkerr.pl on modern perl (5.18.1)
produces the following deprecation warnings:
defined(@array) is deprecated at util/mkerr.pl line 792.
(Maybe you should just omit the defined()?)
defined(@array) is deprecated at util/mkerr.pl line 800.
(Maybe
Hi!
I would like to request the following algorithms to be available in FIPS
mode:
TLS1_TXT_PSK_WITH_AES_128_CBC_SHA
TLS1_TXT_PSK_WITH_AES_256_CBC_SHA
Please see the DTLS PSK in FIPS mode discussion on then openssl-users
list.
Attached is a patch for s3_lib.c that makes the said algorithms
These 2 #defines exist for SSL_CTX-extra_certs:
SSL_CTX_add_extra_chain_cert
SSL_CTX_get_extra_chain_certs
SSL_CTX_clear_extra_chain_certs
In 1.0.2-dev, the #defines such as SSL_CTX_add0_chain_cert allow me to
specify different chains for different certificate types, but AFAICT
there are
On Wed, Nov 06, 2013, Rob Stradling wrote:
These 2 #defines exist for SSL_CTX-extra_certs:
SSL_CTX_add_extra_chain_cert
SSL_CTX_get_extra_chain_certs
SSL_CTX_clear_extra_chain_certs
In 1.0.2-dev, the #defines such as SSL_CTX_add0_chain_cert allow me
to specify different chains for
On Thu Mar 29 21:17:31 2012, steve wrote:
A temporary workaround for this is to apply these two patches to OpenSSL
1.0.1:
http://cvs.openssl.org/chngview?cn=22286
http://cvs.openssl.org/chngview?cn=22306
And recompile OpenSSL with -DOPENSSL_NO_TLS1_2_CLIENT (e.g. supplied as
a command line
On 11/06/2013 05:08 AM, Karthikeyan Bhargavan wrote:
On the precise number of minimum bits, please note that IIS uses a static
768-bit Diffie Hellman prime, specifically Group 1 from IKEv2 (rfc5996,
appendix B.1)/
I suspect a number of other servers may do the same; hence the numbers you see