Hello,
I have some doubts regarding OpenSSL cipher algorithms and I was
wondering if someone
could help me with that.
1) If my understanding is correct, the client sends the list of
supported cipher
algorithms and the server will choose one algorithm of such list in
order to
Thanks Marek!
One last question, can an algorithm or cipher suite be enabled or disabled on
OpenSSL by an user (I mean, without needing to recompile and redistribute
OpenSSL binaries)?
Regards,
Mateus
-Original Message-
From: [EMAIL PROTECTED] [mailto:owner-openssl-
[EMAIL
Hello everybody,I have a doubt about how to use the AES_ctr128_encrypt()
function.
If i want to use this function to decrypt, how should be iniziled the *num
argument? Has the result the same size as the input (length,third argument)?
Thanks for your help!
Thanks Marek!
One last question, can an algorithm or cipher suite be enabled or
disabled on OpenSSL by an user (I mean, without needing to
recompile and redistribute OpenSSL binaries)?
You can definitively disable an algorithm by not including it in the
libraries. Most programs that use
Yes, I know you can enable/disable the algorithms at build time. However, my
question is if a user could enable/disable an algorithm when the library is
already built (even by the application using OpenSSL or some generic
configuration of OpenSSL).
I thought there was actually no way to do
Surely http://www.openssl.org/docs/ssl/SSL_CTX_set_cipher_list.html.
G.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Baur, Mateus
(Brazil RD-CL)
Sent: 05 March 2008 12:25
To: openssl-users@openssl.org
Subject: RE: cipher algorithms
Yes, I know
I'm new to using openssl and I need to change the cipher that is currently
being used. I'm using a product called ssl_proxy that doesn't have a config
file for changing/limiting any of these attributes. The current cipher is
aes-256 and I need to change it to something stronger with a key
Architecture question:
Do certificate serial numbers within a multi-trier certificate authority
chain need be globally unique?
A Thunderbird user recently received the following error because his
cert serial number, as signed by one CA, matched the serial number of
the server, both of which
Hi,
I'm writing some code where I'm using the EVP encryption routines
described here:
http://www.openssl.org/docs/crypto/EVP_EncryptInit.html
I'm trying to use AES. Is AES supported through this interface? It's
not listed in the documentation as a supported cipher.
-JP
Is it appropriate to call the sequence
EVP_CipherInit_ex()
EVP_CipherUpdate_ex()
EVP_CipherFinal_ex()
*multiple* times between init and cleanup?
In other words, should I do this:
EVP_CIPHER_CTX_init()
EVP_CipherInit_ex()
EVP_CipherUpdate_ex()
EVP_CipherFinal_ex()
EVP_CIPHER_CTX_cleanup()
...
In message [EMAIL PROTECTED] on Wed, 05 Mar 2008 10:07:18 -0500, Brian A.
Seklecki [EMAIL PROTECTED] said:
lavalamp Architecture question:
lavalamp
lavalamp Do certificate serial numbers within a multi-trier
lavalamp certificate authority chain need be globally unique?
Depends on what you mean
The ciphers are all found in evp.h, EVP_aes_128_cbc, for example.
Is there a reason why this is undocumented?
-JP
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
Hello,
One last question, can an algorithm or cipher suite be enabled or
disabled on OpenSSL by
an user (I mean, without needing to recompile and redistribute OpenSSL
binaries)?
Yes, from server or client point of view you can control this with
SSL_CTX_set_cipher_list() function call.
Best
We are using only the OpenSSL cryptographic functionality, the EVP and
HMAC functions, in a multi-threaded application. Do we need to do
anything to ensure thread safety ? The documentation mentions
CRYPTO_set_locking_callback() and CRYPTO_set_id_callback() but we are
not calling these
Hi!
We are using only the OpenSSL cryptographic functionality, the EVP and HMAC
functions, in a multi-threaded application. Do we need to do anything to
ensure thread safety ? The documentation mentions
CRYPTO_set_locking_callback() and CRYPTO_set_id_callback() but we are not
calling
dear all,
does openssl supports TLS v1.1?
if yes, from which version onwards?
Thanks in advance
San
--
Hi Steve,
Thanks for your response... I've now managed to 'work around' the
cross-compilation by using the fips_standalone_sha1.exe from a win32 build
to generate the sha1 values used during the build and then disabling the
'self' tests.
The resulting libraries seem to work well for me, but do
Greetings.
I wonder if session-id generator really provide uniqueness.
The def_generate_session_id check uniqueness by calling
SSL_has_matching_session_id. (ssl_sess.c)
SSL_has_matching_session_id check uniqueness by calling
lh_retrieve(ssl-ctx-sessions, r). (ssl_lib.c)
So, if
18 matches
Mail list logo
