Re: `openssl pkcs8` and -iter option?

Seems "-iter" option is added to master only in the below commit. By date, it is later than 1.0.1g and probably 1.0.1h too. commit 8a6c6bbf21cc11ea0fed69a106250af0d734d786 Author: Naftuli Tzvi Kay Date: Tue Jun 3 12:48:06 2014 -0700 Added custom PBKDF2 iteration count to PKCS8 tool. On

`openssl pkcs8` and -iter option?

I'm having trouble getting `openssl pkcs8` to complete. openssl genrsa -out rsa-priv.pem 1024 openssl pkcs8 -in rsa-priv.pem -inform PEM -topk8 -v1 PBE-SHA1-RC4-128 -iter 1000 \ -out rsa-enc-priv-v1.pem -passout pass:test When the second command runs, the help is dumped. I noticed the ma

Re: Open SSL version with FIPS Certified code and TLS 1.2 Support

On 07/22/2014 01:12 PM, Arun Kumar wrote: > Hi, > > We are currently using below version: > > openssl-fips-1.2.tar.gz > > > We need to upgrade to OPENSSL Version with FIPS certification and It should > support TLS 1.2. > > Please recomm

Re: DTLS aborts

On 22/07/14 22:21, Salz, Rich wrote: >> My guess (and its purely speculation) is the report is being held because of >> security considerations. > > I don't believe so; there's no filter on email sent to rt. Interestingly, > there are a few bugs created a day ago, and then a few created four d

RE: DTLS aborts

Just got a reply on the RT about 10 minutes ago :) Looks like things are just slow. -Brian -Original Message- From: Salz, Rich [mailto:rs...@akamai.com] Sent: Tuesday, July 22, 2014 5:22 PM To: openssl-users@openssl.org Subject: RE: DTLS aborts > My guess (and its purely speculation) i

Open SSL version with FIPS Certified code and TLS 1.2 Support

Hi, We are currently using below version: openssl-fips-1.2.tar.gz We need to upgrade to OPENSSL Version with FIPS certification and It should support TLS 1.2. Please recommend us the Version which we can use. it is little urgent and I ap

RE: DTLS aborts

> My guess (and its purely speculation) is the report is being held because of > security considerations. I don't believe so; there's no filter on email sent to rt. Interestingly, there are a few bugs created a day ago, and then a few created four days ago. Looks like mail got lost or is in-tra

Re: DTLS aborts

>> However, the devs actively monitor the queue. See >> https://www.openssl.org/about/roadmap.html and >> https://groups.google.com/forum/#!msg/mailing.openssl.users/mDrMrd3zOuQ/BRS_VLZB_mYJ. > > That's only useful if a new report finds its way onto the queue. > Lack of email suggests that this one

OpenSSL version 1.0.2 beta 2 released

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenSSL version 1.0.2 beta 2 = OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ OpenSSL 1.0.2 is currently in beta. OpenSSL 1.0.2 beta 2 has now been released. For details of changes

RE: DTLS aborts

> From: Jeffrey Walton [mailto:noloa...@gmail.com] > Sent: Tuesday, July 22, 2014 3:03 PM > > On Tue, Jul 22, 2014 at 9:42 AM, Brian Hassink > wrote: > > ... > > I sent an email to r...@openssl.org yesterday, shortly after > > receiving the reply below, but received nothing in return > > and did

Re: Do I need CRYPTO_set_locking_callback if each thread owns a single CTX with SSL_SESS_CACHE_OFF?

On Tue, Jul 22, 2014, Iaki Baz Castillo wrote: > Hi, > > In case each thread manages a separate SSL_CTX and > SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF) is set, do I > still need to set CRYPTO_set_locking_callback and > CRYPTO_THREADID_set_callback? > > I've read a lot about this, a

Re: Do I need CRYPTO_set_locking_callback if each thread owns a single CTX with SSL_SESS_CACHE_OFF?

2014-07-22 16:10 GMT+02:00 Dr. Stephen Henson : > In a multithreaded application you should *always* set the callbacks. > > Among other things the error queue uses the locking callback: without that > you'd get race conditions and bad things will happen. 100% clear. Thanks a lot. -- Iñaki Baz C

Do I need CRYPTO_set_locking_callback if each thread owns a single CTX with SSL_SESS_CACHE_OFF?

Hi, In case each thread manages a separate SSL_CTX and SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF) is set, do I still need to set CRYPTO_set_locking_callback and CRYPTO_THREADID_set_callback? I've read a lot about this, and I'm aware that locking is needed in case two threads use the

Re: DTLS aborts

On Tue, Jul 22, 2014 at 9:42 AM, Brian Hassink wrote: > ... > I sent an email to r...@openssl.org yesterday, shortly after receiving the > reply below, but received nothing in return and did not see a forward on > openssl-...@openssl.org. I'm not sure if the bug report is forwarded to the devs. Ho

RE: DTLS aborts

Hi, I sent an email to HYPERLINK "mailto:r...@openssl.org"r...@openssl.org yesterday, shortly after receiving the reply below, but received nothing in return and did not see a forward on HYPERLINK "mailto:openssl-...@openssl.org"openssl-...@openssl.org. I sent another email to HYPERLINK

Within on_ssl_info callback SSL_RECEIVED_SHUTDOWN flag is not set

Hi, A server running DTLS in non-blocking accept mode. * The handshake is properly done. * The client then sends a close alert. * When I call SSL_read the on_ssl_info callback is called with where & SSL_CB_ALERT. * Within the on_ssl_info callback, SSL_get_shutdown(ssl) & SSL_RECEIVED_SHUTDOWN ret

Re: Openssl SSL3_GET_RECORD:block cipher pad is wrong

Hello Dave, Thank you for your response, yes I am using Ubuntu 12.0 and recently did a ubuntu openssl page upgrade and got ubuntu 1.0.1-4ubuntu5.14 installed OpenSSL 1.0.1 14 Mar 2012 built on: Fri Jun 20 18:54:15 UTC 2014 platform: debian-amd64 As you pointed yes the server preference is set on