Re: [openssl.org #2626] ENHANCEMENT: please update default_bits to 2048 in default openssl.cnf

2011-10-20 Thread Rob Stradling
Duplicate of ticket #2354. On Wednesday 19 Oct 2011 16:58:28 Daniel Kahn Gillmor via RT wrote: The current default openssl.cnf appears to have default_bits = 1024: http://cvs.openssl.org/fileview?f=openssl/apps/openssl.cnfv=1.23.4.6 however, NIST has recommended avoiding reliance on

[openssl.org #2628] [PATCH] ServerKeyExchange signature broken if ECC key is used with DTLS

2011-10-20 Thread Robin Seggelmann via RT
The signature in the ServerKeyExchange is created with wrong parameters with ECC keys, because the TLS header length is used instead of the DTLS header length. Thanks to Erwin Himawan for providing hints! Best regards Robin --- ssl/d1_srvr.c 5 Sep 2011 10:25:21 - 1.20.2.21

[openssl.org #2629] finalize MD2 removal

2011-10-20 Thread Vladimir Kotal via RT
After the removal of MD2 from OpenSSL_add_all_digests() it is no longer possible to use it from the 'dgst' command: $ openssl version OpenSSL 1.0.0e 6 Sep 2011 $ openssl -h 21 | ggrep -A 3 'Message Digest' Message Digest commands (see the `dgst' command for more details) md2 md4

[openssl.org #1261] [PATCH] - binary S/MIME handling in openssl smime 1.0.0e

2011-10-20 Thread John Hughes via RT
This is an update of the patch made by Antti Tapio for 0.9.8a - ticket #1261 Index: apps/smime.c === RCS file: /home/john/cvsroot/openssl/apps/smime.c,v retrieving revision 1.1.1.1 retrieving revision 1.1.1.1.2.1 diff -u -p