This is a problem for us with FIPS module 1.2.0.
wolfoftheair wrote:
Is this still present in FIPS module 1.2.0?
-Kyle H
On Mon, Aug 24, 2009 at 11:55 AM, Mike Trentmichael.tr...@xerox.com
wrote:
Mike Trent wrote:
It seems that after setting FIPS mode off one cannot set it back
Hello.
In my shared library project I utilize during linking some complied .o
files, some static .a libraries and some shared .so libraries. One of
utilized libraries is openssl.
When I use openssl as shared library, my result library has not TEXTREL
section and that is what I want.
When I use
On Wed, Sep 23, 2009, Pankaj Aggarwal wrote:
Ok !!
Stephen, Could you tell me which RSA Sign Verfiy functions are available in
fips mode. The FIPS 140-2 Annexure A states that RSASSA-PKCS1-v1_5 and
RSASSA-PSS contained within PKCS#1 v2.1 can be used for sign/verify. What
are the
On Wednesday 23 September 2009 13:25:09 Victor Duchovni wrote:
On Wed, Sep 23, 2009 at 11:03:55AM +1000, Daniel Black wrote:
Should SSL_set_tlsext_host_name convert the domain name to ACE as per
RFC4366 3.1 where it talks about IDNA (RFC 3490)?
On the wire, domain names are always of the
On Thu, Sep 24, 2009 at 01:00:34AM +1000, Daniel Black wrote:
On Wednesday 23 September 2009 13:25:09 Victor Duchovni wrote:
On Wed, Sep 23, 2009 at 11:03:55AM +1000, Daniel Black wrote:
Should SSL_set_tlsext_host_name convert the domain name to ACE as per
RFC4366 3.1 where it talks
Dear OpenSSL group,
I have a somewhat curious setting (without CAs) about routing information
along several nodes:
[1] first an unkown client establishes a connection to a known server
thus I set
SSL_CTX_set_verify(this-ctx, SSL_VERIFY_NONE, NULL);
and let the client verify the servers
On Wed, Sep 23, 2009 at 10:04:48PM +0200, Michael Prinzinger wrote:
and let the client verify the servers certificate, like this
X509* x509 = SSL_get_peer_certificate(s);
CHECK(x509 != NULL);
//check certificate
long certVerifyResults = SSL_get_verify_result(s);
I set the following for the global context which is used to create the
connection:
// Set the SSL certificate verify mode
SSL_CTX_set_verify(_globalContext, SSL_VERIFY_PEER, NULL);
Then the server requests the peer (i.e. the client) for a certificate during
the handshake, which
Thank you for your answer Victor,
I am trying to establish a routing path for an anonymity protocol (
http://en.wikipedia.org/wiki/Phantom_Anonymity_Protocol).
This is a one way procedure: the node that wants to be anonymized selects a
couple of other nodes and sends an array with setup packages
Thank You Ashish for your answer!
On Wed, Sep 23, 2009 at 10:30 PM, Ashish Thapliyal
ashish.thapli...@citrix.com wrote:
I set the following for the global context which is used to create the
connection:
// Set the SSL certificate verify mode
On Wed, Sep 23, 2009 at 10:43:11PM +0200, Michael Prinzinger wrote:
I am trying to establish a routing path for an anonymity protocol (
http://en.wikipedia.org/wiki/Phantom_Anonymity_Protocol).
This is a one way procedure: the node that wants to be anonymized selects a
couple of other nodes
I noted that when generating a RSA public key pair using a non-standard
public exponent (particularly, 65538, or 0x01, 0x00,0x02), the
RSA_generate_key never returns, and the program keeps using 100% CPU
until I kill it.
My question is: Is this behavior expected? If some non-standard publ.
Dear Victor,
On Wed, Sep 23, 2009 at 11:33 PM, Victor Duchovni
victor.ducho...@morganstanley.com wrote:
On Wed, Sep 23, 2009 at 10:43:11PM +0200, Michael Prinzinger wrote:
Certificates are useless without corresponding signed messages. What
messages are signed by the private key of the
From: owner-openssl-us...@openssl.org On Behalf Of Klaus Heinrich Kiwi
Sent: Wednesday, 23 September, 2009 15:59
I noted that when generating a RSA public key pair using a
non-standard public exponent (particularly, 65538, or 0x01,
0x00,0x02), the RSA_generate_key never returns, and the
Hi Michael,
I have not implemented a rehandshake but as I understand, it can be pretty
complicated. Searching for OpenSSL rehandshake on google pointed me to this
article (http://www.rtfm.com/openssl-examples/part2.pdf) by Eric Rescorla,
describing the rehandshake in detail. Hope this
Hello,
I am receiving a 0200274D error when attempting to connect to a linux server.
274D=10061 ECONNREFUSED.
Not sure what the reason is 1869? could somebody please tell me.
Much appreciated in adavance.
Thanks,
Garyc
__
16 matches
Mail list logo