On 02/07/2014 06:27 AM, Trebilcock, Richard wrote:
Good Morning,
I am an ILS Engineer working for CGI IT UK Limited. At the present
time I am looking at software obsolescence issues that relate to the
CGI project I am working on. On this project we use the OpenSSL
products as tabulated
(These are really -users questions.)
Server Key Exchange is used only for ephemeral and anonymous DH and ECDH
(and PSK) suites.
Anonymous suites aren't enabled by default In openssl, or most clients I
know of,
and I hope you wouldn't be using PSK without saying so, so that leaves
ephemeral.
DSA_generate_parameters_ex is newer/current and also accepts seed, but
EVP_PKEY_paramgen* does not.
If you use EVP_PKEY with an engine it appears to be up to the engine.
Otherwise dsa_builtin_paramgen
when seed is NULL/0, which it always is for EVP_PKEY, uses a pseudorandom
seed and AFAICS you
Dear OpenSSL team!
I've found a bug when use TLS/1.2+RSA512+DHE cipher
Imagine that TLS/1.2 Client requests the following two Signature/Hash pairs
in its signature_algorithms(13) TLS extension of the ClientHello:
(RSA+SHA512) and (RSA+SHA256)
Imagine also that RSA512 certificate is selected by
I'm not a dev or even a real FIPSian, but I'll take a stab:
The commit itself says branch_0_9_8_stable, and see it in 0.9.8 v and later.
But I don't think it does any good
there, because you don't want to build a FIPS module from a normal tarball.
(It's not validated, so it's no better
and