On 11/07/2013 09:15 AM, Kurt Roeckx wrote:
I filed a ticket about this ealier (#3120)
You can see the discussion about that here:
http://openssl.6102.n7.nabble.com/openssl-org-3120-Minimum-size-of-DH-td46401.html
ah, thanks. It's too bad that discussion isn't mirrored on
https://rt.openssl
[slass@jenkins01 ~]$ openssl version
OpenSSL 1.0.0-fips 29 Mar 2010
[slass@jenkins01 ~]$ uname -a
Linux jenkins01 2.6.32-358.18.1.el6.x86_64 #1 SMP Wed Aug 28 17:19:38
UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
[slass@jenkins01 ~]$
According to the docs:
http://www.openssl.org/docs/apps/pkcs8.html
=
On 06/11/13 17:27, Dr. Stephen Henson wrote:
On Wed, Nov 06, 2013, Rob Stradling wrote:
These 2 #defines exist for SSL_CTX->extra_certs:
SSL_CTX_add_extra_chain_cert
SSL_CTX_get_extra_chain_certs
SSL_CTX_clear_extra_chain_certs
In 1.0.2-dev, the #defines such as SSL_CTX_add0_chain_cer
On Thu, Nov 07, 2013, Salz, Rich wrote:
> I think a better way to do this would be to have a config param that set the
> minimum acceptable size. I.e., a #define
>
I think the best option is to have a compile time default with a runtime
override for this and other related issues. The idea being
I think a better way to do this would be to have a config param that set the
minimum acceptable size. I.e., a #define
--
Principal Security Engineer
Akamai Technology
Cambridge, MA
-Original Message-
From: owner-openssl-...@openssl.org [mailto:owner-openssl-...@openssl.org] On
Behal
On Tue, Nov 05, 2013 at 11:43:54PM -0500, Daniel Kahn Gillmor wrote:
> I noticed recently that OpenSSL as a client is happy to connect to a
> server that offers a trivially-crackable DH group.
>
> You can try it out at https://demo.cmrg.net/
>
> Other modern TLS implementations will refuse to con
On Thu, Nov 07, 2013, Marcelo Cerri wrote:
> Hi, any news on that?
>
> On Tue, Oct 29, 2013 at 05:01:03PM -0200, Marcelo Cerri wrote:
> > In some platforms, such as POWER, char is defined as unsigned. This
> > patch fix a problem when comparing a char to -1.
> >
> > Signed-off-by: Marcelo Cerri
Part of the problem reported here was resolved, namely the reference
count increment/decrement.
However, there is still a problem but I have a simple patch that fixes
it.
The problem is that the SSL may have the bbio in place when the pop
happens. If that is the case, then rbio != wbio and the
BI
I encountered a number of unusual (but mostly minor) errors in building
1.0.1e on Tru64 V4.0G, configuration tru64-alpha-cc. I've addressed the
majority of these in the 20131106 snapshot, and the changes are in the
attached patch. Here is a walk-through:
crypto/Makefile,
crypto/bn/Makefile,
crypto
Reject connections to TLS servers that select DH key exchange but
offer a weak DH group.
---
ssl/s3_clnt.c | 6 ++
ssl/ssl.h | 1 +
ssl/ssl_err.c | 1 +
3 files changed, 8 insertions(+)
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index bf1ef47..ef638c4 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/
Hi, any news on that?
On Tue, Oct 29, 2013 at 05:01:03PM -0200, Marcelo Cerri wrote:
> In some platforms, such as POWER, char is defined as unsigned. This
> patch fix a problem when comparing a char to -1.
>
> Signed-off-by: Marcelo Cerri
> ---
> crypto/ec/ec_pmeth.c | 2 +-
> 1 file changed, 1
11 matches
Mail list logo