I am writing to advertise three performance related openssl patches:
handshake_cutthrough.patch
Enables SSL3+ clients to send application data immediately following the
Finished message even when negotiating full-handshakes. With this
patch, clients can negotiate SSL connections in 1-RTT even
He told me that this patch must be in the upstream openssl cvs.
Why is this patch not an official release or directly applied to the cvs?
Manuel, you're right. This patch missed the last release.
I'm in the process of submitting some patches to openssl-cvs and will
include this patch. I'll
diff -u -r1.5 pqueue.c
--- crypto/pqueue/pqueue.c 7 Jun 2005 22:21:14 - 1.5
+++ crypto/pqueue/pqueue.c 20 Dec 2005 01:48:27 -
@@ -184,7 +184,7 @@
}
/* check the one last node */
- if ( memcpy(next-priority, prio64be,8) ==0)
+ if (
With OpenSSL 0.9.8a:
$ openssl version
OpenSSL 0.9.8a 11 Oct 2005
$ openssl ciphers 'RSA+DSS+AES+3DES+SHA1'
Error in cipher list
15676:error:144020B9:SSL routines:SSL_CTX_set_cipher_list:no cipher
match:ssl_lib.c:1176:
With OpenSSL 0.9.7d:
$ openssl version
It turns out that the Version field was omitted from the
HelloVerify message in the internet draft. The document
will be corrected.
nagendra
* nagendra modadugu [EMAIL PROTECTED] [2005-06-08 17:09:40 -0700]:
I think you might have found a bug in the draft document. I'll get back
to you
Apologies for the delayed joining of the discussion.
I chose to use BN to implement 64-bit numbers because (1) it was
little code, (2) the abstraction was clean, (3) BN works on all
supported platforms, (4) the places where emulated 64-bit numbers are
used are not performance critical, and
I think you might have found a bug in the draft document. I'll get back
to you soon. Thanks,
nagendra
* Tigran Gevorgyan via RT [EMAIL PROTECTED] [2005-06-08 22:00:58 +0200]:
Hello,
I apologize if this message appears multiple times.
This is a proposed patch for openssl-0.9.8-beta
,
Prashant Kumar.
nagendra modadugu [EMAIL PROTECTED] wrote:
Datagram TLS (DTLS) source is now part of the OpenSSL
repository (CVS main branch). Also, I have seperately released
patches against openssl-0.9.7g.
This is the link to the main DTLS page (including links
to further information
Ah, I see. The reason pqueue uses 64-bit integers as the priority
type is that record sequence numbers are 64-bits. I can easily change
the code to make use of a pair of 32-bit integers (given that this
really isn't performance critical code).
nagendra
* Richard Levitte - VMS Whacker [EMAIL
* Prashant Kumar [EMAIL PROTECTED] [2005-04-28 06:11:38 -0700]:
I had one question on the timer management and retransmission. I see that
there is a new BIO type in the file bss_dgram.c. My question is if the
application does not use the dgram BIO type and use the memory BIO instead,
does
Datagram TLS (DTLS) source is now part of the OpenSSL
repository (CVS main branch). Also, I have seperately released
patches against openssl-0.9.7g.
This is the link to the main DTLS page (including links
to further information about the protocol, and patches):
Please try again now. It should be available again.
Thanks for looking into it, works now.
nagendra
__
OpenSSL Project http://www.openssl.org
Development Mailing List
I've been trying to access the OpenSSL CVS repository for the
past couple of days (including odd hours), with no success:
$ rsync rsync://dev.openssl.org/openssl-cvs
@ERROR: max connections (20) reached - try again later
rsync: connection unexpectedly closed (0 bytes received so far) [receiver]
Is rsync access to the OpenSSL repository unavailable?
$ rsync://dev.openssl.org/
rsync: failed to connect to dev.openssl.org: Connection refused
rsync error: error in socket IO (code 10) at
/SourceCache/rsync/rsync-14/rsync/clientserver.c(93)
In function ssl3_send_certificate_request(), the state
is never switched to SSL3_ST_SW_CERT_REQ_B after
the handshake message is serialized.
It's a fairly minor bug, with a simple fix:
#ifdef NETSCAPE_HANG_BUG
p=(unsigned char *)s-init_buf-data + s-init_num;
/*
Ian Goldberg did some work as part of TopGun
(this is a rather outdated port though):
http://www.isaac.cs.berkeley.edu/pilot/
Also, Palm OS 5.0 is supposed to ship with an
SSL library.
nagendra
* mohanraj venkatesh kumar [EMAIL PROTECTED] [2002-11-27 16:27:54 +]:
Dear Sir,
Iam
-=-=-=-=-=-=-=-=-=-=-=-=
Nagendra Modadugu
nagendra @ cs.stanford.edu
__
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager
.
Apache sends all the CA's listed in ca-bundle.crt, which exceeds the 8K
limit and causes the client to barf:
28537:error:1408E098:SSL routines:SSL3_GET_MESSAGE:excessive message
size:s3_both.c:418:
Nagendra Modadugu
[EMAIL PROTECTED
18 matches
Mail list logo