Re: 0.9.8 RSA 2048, was Re: Need understanding on certutil output.

2014-03-16 Thread Kyle Hamilton
What is your platform? When were each of 0.9.8 (unpatched, it appears) and 1.0.0d compiled? What toolchains were used to compile them? -Kyle H On Sun, Mar 16, 2014 at 8:42 PM, Mithun Kumar wrote: > > Hello Dave, > > When client gets server certificate(SQLServer) and tries to validate it we >

Re: 0.9.8 RSA 2048, was Re: Need understanding on certutil output.

2014-03-16 Thread Mithun Kumar
Hello Dave, When client gets server certificate(SQLServer) and tries to validate it we get "ASN1_F_ASN1_CHECK_TLEN" "ASN1_R_WRONG_TAG" error. i could parse the cert successfully and also dump the asn.1. I cant connect using s_client as it hangs. When i add logs to the openssl code i see that Fi

Re: OPENSSL FIPS 140-2

2014-03-16 Thread Jeffrey Walton
On Sun, Mar 16, 2014 at 5:49 AM, srikanth wrote: > Hi, > > We are working on making our application FIPS 140-2 Compliant. There's no such thing as FIPS Compliant. You use validated cryptography, or you don't use validated cryptography. If your marketing department calls your product FIPS {Complia

Sha256

2014-03-16 Thread Aya Montasser
Greetings I am using latest openssl version 1.x Please I want to get self signed certificate with signature algorithm and signature hash algorithm with sha256 but I can't find appropriate commands To do it , it is always sha1 Although I change default_md = sha256 in openssl.cnf file b

OPENSSL FIPS 140-2

2014-03-16 Thread srikanth
Hi, We are working on making our application FIPS 140-2 Compliant. We use Cent OS 6.4, does the OPENSSL bundled with the CENT OS 6.4 is already a FIPS Compliant?. What all we need to do to make our application running on CENT OS 6.4 to make it FIPS Compliant. I see some posts which talks about ena

Problem in installation of openssl

2014-03-16 Thread V. Mayilan
Dear Sir/Madam I am using Sun System (Solaris 10) with intel process. the current version of apache is 2.0.3 i want to upgrade it to 2.4.7, for upgradation of apache it is required to upgrade openssl above 0.98a. I am trying to install openssl1.0.01 in 32bit it is seems to be installed successful

AES_cbc_encrypt - core dump in decryption.

2014-03-16 Thread Tayade, Nilesh
Hi, I am facing a core dump in AES_cbc_encrypt() while decrypting the data with OpenSSL 1.0.1e library. I made sure, the encrypted data length is multiple of AES_BLOCK_SIZE (16bytes) and also there is sufficient amount of buffer available for decryption. The encrypted buffer pointer is also vali