More specifically:
(and before anyone berates me: I apologize for the snarkiness of the
rest of this post, I'm only trying to make a point with a bit of
humor.)
Delete the current FIPS source tree you've got. It's not viable, and
it can never create any module that can claim FIPS validation. Ju
If you're on Windows, you MUST use either "ms\do_fips" or "ms\do_fips no-asm".
-Kyle H
On Wed, Mar 25, 2009 at 8:40 PM, Uma G. Nayak wrote:
> Hi,
>
> 1) Where should the no-asm option be given? With the Configure command or the
> do_fips command? I have used no-asm with Configure command.
>
> I
Hi,
1) Where should the no-asm option be given? With the Configure command or the
do_fips command? I have used no-asm with Configure command.
I have built as follows:
perl Configure VC-WIN32 no-asm
vcvars32.bat
ms\do_fips
2) out32dll\fips_test_suite gives the following:
FIPS-mode test applica
Is this new release openssl 9.8k supports fips capability
Thanks
Rajan
On Thu, Mar 26, 2009 at 1:37 AM, Kyle Hamilton wrote:
> Umm... the CHANGES file linked refers to "changes from 0.9.8k to
> 0.9.9", and I have to scroll down 752 lines to get to:
>
> Changes between 0.9.8j and 0.9.8k [xx XXX
Umm... the CHANGES file linked refers to "changes from 0.9.8k to
0.9.9", and I have to scroll down 752 lines to get to:
Changes between 0.9.8j and 0.9.8k [xx XXX ]
*) Add 2.5.4.* OIDs
[Ilya O. ]
I assume that the xx XXX should refer to 25 Mar 2009?
Thanks for your time,
-Kyle
On Thu, Mar 26, 2009, Uma G. Nayak wrote:
> Still no luck :(. Is it that FIPS mode doesnt work on AMD processors? In the
> Security Policy pdf at
> https://www.openssl.org/docs/fips/SecurityPolicy-1.2.pdf 8 platforms on
> which the Module was tested are listed:
>
> U1 Linux x86 no-asm Linux.2.6.1
Still no luck :(. Is it that FIPS mode doesnt work on AMD processors? In the
Security Policy pdf at https://www.openssl.org/docs/fips/SecurityPolicy-1.2.pdf
8 platforms on which the Module was tested are listed:
U1 Linux x86 no-asm Linux.2.6.18_i686_gcc-4.1.2 (OpenSuSE 10.2) no-asm
U2 Linux x86-
The problem was related to my virtualisation environnement (virtualbox).
No problem with OpenSSL...
No problem with OpenBSD...
Cyanure wrote:
>
> Hi, I am trying to compile openssl sources on OpenBSD4.3.
>
> I got the following error:
>
> encode.c: In function `EVP_DecodeUpdate`:
> encode.c
Hi, I am trying to compile openssl sources on OpenBSD4.3.
I got the following error:
encode.c: In function `EVP_DecodeUpdate`:
encode.c:357: internal compiler error: Segmentation fault.
I have a complete fresh installation of OpenBSD. I don't know if the problem
is related to OpenSSL or OpenBSD
That would be something in the code along the lines of:
SSL_CTX_set_cipher_list(ctx, "HIGH");
(See also the SSL_CTX_set_cipher_list/SSL_set_cipher_list man page.
In the code, there's defines for most groupings as SSL_TXT_* #defines;
see for the internals: ssl.h / ssl_ciph.c / s3_lib.c)
On Wed
I used no-asm while building Openssl in the steps I mentioned earlier. But the
server still gives the 'unsupported platform' error.
Is it that AMD processors don't support FIPS at all?
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On B
On Wed March 25 2009, Uma G. Nayak wrote:
> Hi,
>
> Ok. I ran the fips_test_suite.exe and checked for the system information. I
> have 2 situations.
>
You have had a reply for your #1 case - you should be able to make progress on
that one.
Your #2 case - you are correct, a P-IV does SSE2 very
Oh!! But it did not throw any errors. Will try with no-asm option.
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Dr. Stephen Henson
Sent: Wednesday, March 25, 2009 6:37 PM
To: openssl-users@openssl.org
Subject: Re: Server cr
On Wed, Mar 25, 2009, Uma G. Nayak wrote:
> Hi,
>
> Ok. I ran the fips_test_suite.exe and checked for the system information. I
> have 2 situations.
>
> 1. One of the system does not support FIPS mode operation. It's an AMD Athlon
> XP which does not support SSE2. Hence I built Openssl dlls us
Hi,
Ok. I ran the fips_test_suite.exe and checked for the system information. I
have 2 situations.
1. One of the system does not support FIPS mode operation. It's an AMD Athlon
XP which does not support SSE2. Hence I built Openssl dlls using no-sse2 flag.
Even after using these new dlls I am n
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL version 0.9.8k released
===
OpenSSL - The Open Source toolkit for SSL/TLS
http://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 0.9.8k of our open source
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL version 0.9.8k released
===
OpenSSL - The Open Source toolkit for SSL/TLS
http://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 0.9.8k of our open source
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL Security Advisory [25-Mar-2009]
Three moderate severity security flaws have been fixed in OpenSSL 0.9.8k.
ASN1 printing crash
===
The function ASN1_STRING_print_ex() when used to print a BMPString or
UniversalString will cras
Hi!
In my centos5.2 system, I have already installed
openssl_0.9.8b-10.el5_2.1.rpm package.
But when I try to make a CA server, the crl.pem could no be made by me,
prompted like below:
[r...@cncips ~]# openssl ca -gencrl -out crl.pem
Using configuration from /etc/pki/tls/openssl.cnf
Hello, when I use the Openssl 0.9.8 i, I use the command ec,but it’s
tell me that ec is an invalid command.
I don’t know why?
I use the commands “./config ”,”make ””make test” “make install” to install the
openssl ,but I find the “no-ec” is a default option, so I can’t use the ec
comma
I need some help in knowing how can I modify the openssl so that
openssl commands like openssl s_client/s_server which I am using to
test the ssl server/clients will start using a modified values for max
record size, session id etc e.g. session id limit currently is 32 if I
want to try out for
Hello !
I have a problem with SAFARI 3+4 under windows connecting to a website using
SSL (self signed and trial cert from rapdissl). If i connect i get SSL
Failure error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad
record mac in my log files.
Now it seems this error belongs to
Forwarded to openssl-users for public discussion.
Best regards,
Lutz
- Forwarded message from Victor Yepez -
Date: Tue, 24 Mar 2009 17:31:55 -0430
From: Victor Yepez
Subject: How to disable SSL
To: r...@openssl.org
User-Agent: Thunderbird 2.0.0.21 (Windows/20090302)
Hello guys,
23 matches
Mail list logo