Built-in standard sets of Diffie-Hellman parameters

The OpenSSL wiki states that there is support for built-in standard sets of Diffie-Hellman parameters (http://wiki.openssl.org/index.php/Diffie_Hellman#Working_with_Parameters_and_Generating_Keys). However, I was unable to find any documentation about which sets of parameters those actually

CAPI and Private keys

I'm using the capi API to access certificates in the Windows Cert Store. I'm using the following to get access to the private key EVP_PKEY *key = ENGINE_load_private_key(e, subject, 0, 0); This seems to work as far as I can tell. Even if the certificate requires a password the OS prompts the

RENEGOTIATION DOS

Hello Openssl Team, I would like to understand how Renegotation DOS impacts our current TLS session and its issues. How we can avoid Renegotation initialized by client during the TLS/SSL session at openssl0.9.8q version. Please provide documents if any describes about Renegotiation DOS. And

List of available digest algorithms

OBJ_sn2nid() doesn't contain the full list of supported digest methods. How can I find this list using the library? I cannot fork/exec 'openssl list-digest-algorithms' and crack the output as a solution. -- Harlan Stenn st...@ntp.org http://networktimefoundation.org - be a member!

d2i_X509 structure reuse

Hello, I think the documentation for d2i_X509 is insufficiently clear about the reuse behaviour. The DESCRIPTION has the following: https://www.openssl.org/docs/crypto/d2i_X509.html If *px is not NULL then it is assumed that *px contains a valid X509 structure and an attempt is made to

Re: using TRNG via /dev/random

On 9/24/2013 11:58 AM, Roberto Spadim wrote: There's space to create a new random device at /dev if you want too =) /dev/nbrandom ? no block random? :) 2013/9/24 Richard Könning richard.koenn...@ts.fujitsu.com: Am 24.09.2013 02:05, schrieb starlight.201...@binnacle.cx: At 12:59 9/23/2013

Re: using TRNG via /dev/random

hi david! do you have a patch about this hack? 2013/9/25 David Johnston d...@deadhat.com On 9/24/2013 11:58 AM, Roberto Spadim wrote: There's space to create a new random device at /dev if you want too =) /dev/nbrandom ? no block random? :) 2013/9/24 Richard Könning

Reason for design change of ssl3_get_client_certificate()

Hello Openssl dev team, Currently we are using openssl 0.9.8q version. Earlier we have used openssl 0.9.8k. We have seen change in the return value handling of ssl_verify_cert_chain() at function ssl3_get_client_certificate(). At openssl 0.9.8k, ssl_verify_cert_chain() is handled like this

possible SSL_connect/accept bug?

Using OpenSSL libraries to provide basic encryption between client and server. Using non-blocking sockets, and client can connect to multiple servers. I have an intermittent issue where server reports 'SSL3_GET_RECORD:wrong version number' during client hello. I have added trace statements to

Re: using TRNG via /dev/random

On 9/25/2013 2:19 PM, Roberto Spadim wrote: hi david! do you have a patch about this hack? Actually Fedora 18 fixes the primary problems. It has an update to rngd so that it uses RdRand and it gets invoked properly. I passed information on to RedHat about the problems and they fixed it in