Thanks for the reply. Using a lower version of TLS solved it for us.
//Toland (^_^x)
On May 30, 2013, at 10:29 PM, Dave Thompson dthomp...@prinpay.com wrote:
From: owner-openssl-us...@openssl.org On Behalf Of Toland Hon
Sent: Thursday, 30 May, 2013 22:22
I'm on Mac running OS X 10.8.3 and
According to a server testing service I have tried, OpenSSL 0.9.8
fails to reject degenerate ephemeral DH keys, while OpenSSL 1.0.0
does this rejection. They do not provide a CVE number for this
issue, and I cannot find it in the OpenSSL CHANGES file for 1.0.0
(as that is the version they
Hello Dave,
Thanks for this info.
I compiled my own openssl lib with debug support and started debugging.
The problem seems indeed to be located in the call to
X509_STORE_CTX_get1_issuer. In this function, the function
X509_STORE_get_by_subject returns an error. When digging into this
code, the
On 31 May 2013 10:58, Jakob Bohm jb-open...@wisemo.com wrote:
According to a server testing service I have tried, OpenSSL 0.9.8
fails to reject degenerate ephemeral DH keys, while OpenSSL 1.0.0
does this rejection. They do not provide a CVE number for this
issue, and I cannot find it in the
On 5/31/2013 3:41 PM, Matt Caswell wrote:
On 31 May 2013 10:58, Jakob Bohm jb-open...@wisemo.com wrote:
According to a server testing service I have tried, OpenSSL 0.9.8
fails to reject degenerate ephemeral DH keys, while OpenSSL 1.0.0
does this rejection. They do not provide a CVE number for
Hi,
I'm on Mac running OS X 10.8.3 and have 2 versions of openssl installed:
Default: OpenSSL 0.9.8r 8 Feb 2011
Homebrew: OpenSSL 1.0.1e 11 Feb 2013
My most recent version of ruby (1.9.3-p429) is linked with Homebrew's openssl
and that's when I noticed I began having connection problems to a
hi Kshirsagar,
I am into the same scenario, can you tell me at which end you are setting
the cipher list? Do we have to make changes on client application end ?
The parameters you mentioned, SSL_DEFAULT_CIPHER_LIST, can be seen on server
end , into openssl ssl.h file. Could you describe what
On 31 May 2013 16:42, Jakob Bohm jb-open...@wisemo.com wrote:
Interesting, I don't seem to be able to find code that calls dh_check
or equivalent on received DH group parameters, but then the check in
that function is too strict in its criteria (for instance, some
standards (such as X9.42 and
From: owner-openssl-us...@openssl.org On Behalf Of Brice André
Sent: Friday, 31 May, 2013 06:00
snip
The problem seems indeed to be located in the call to
X509_STORE_CTX_get1_issuer. In this function, the function
X509_STORE_get_by_subject returns an error. When digging into this
code, the
On 31 May 2013 21:07, Matt Caswell fr...@baggins.org wrote:
On 31 May 2013 16:42, Jakob Bohm jb-open...@wisemo.com wrote:
Interesting, I don't seem to be able to find code that calls dh_check
or equivalent on received DH group parameters, but then the check in
that function is too strict in
10 matches
Mail list logo
