Help diagnosing SSL connection problem needed

I have Perl code, which uses a library that in turn uses openssl for HTTPS connections. I have been trying to use Wireshark to diagnose this, but I have yet to find a way to have it tell me what steps in the SSL handshaking are happening at a given time (client hello, server hello, c.). Thus, I

Unable to generate key using ecdsa

Hi All, I have installed openssl-0.9.8za with -no-ec option. But after this i am not able to generate ecdsa keys . # ssh-keygen -t ecdsa -b 1024 unknown key type ecdsa # Earlier I am able to do the same with openssl-0.9.8y version. Please let me know how can I solve this issue. Thanks,

how to compile openssl with -bindist option

Hi All, Please let me know how to compile openssl with -bindist option. Thanks, Gayathri

Re: how to compile openssl with -bindist option

On 6 August 2014 11:27, Gayathri Manoj gayathri.an...@gmail.com wrote: Hi All, Please let me know how to compile openssl with -bindist option. I suspect you are asking this on the wrong forum as I think this is a gentoo thing not an openssl thing. With the caveat that I know nothing about

Re: how to compile openssl with -bindist option

Hi Matt, Thanks Matt. My actual issue is that I am not able to generate ecdsa keys after upgrading openssl version from 0.9.8y to 0.9.8za. For making our openssl fips compliant we complied the same with -no-ec option that is recommended by openssl fourm. For this issueIi goggled and got this

Re: how to compile openssl with -bindist option

On 6 August 2014 14:12, Gayathri Manoj gayathri.an...@gmail.com wrote: Hi Matt, Thanks Matt. My actual issue is that I am not able to generate ecdsa keys after upgrading openssl version from 0.9.8y to 0.9.8za. For making our openssl fips compliant we complied the same with -no-ec option

Re: how to compile openssl with -bindist option

Hi Matt, Is there any solution to compile openssl-0.9.8za without -no-ec option. Or do we have any patch available to fix the fips breakage issue. *Known issues in OpenSSL 0.9.8za:* - FIPS capable link failure with missing symbol BN_consttime_swap. Fixed in 0.9.8zb-dev. Workaround is to

Re: how to compile openssl with -bindist option

On 6 August 2014 14:35, Gayathri Manoj gayathri.an...@gmail.com wrote: Hi Matt, Is there any solution to compile openssl-0.9.8za without -no-ec option. Or do we have any patch available to fix the fips breakage issue. Known issues in OpenSSL 0.9.8za: FIPS capable link failure with missing

Re: how to compile openssl with -bindist option

Hi, Thanks for your update. We tried to compile without -no-ec . but its got failed. Thanks, Gayathri On Wed, Aug 6, 2014 at 7:16 PM, Matt Caswell m...@openssl.org wrote: On 6 August 2014 14:35, Gayathri Manoj gayathri.an...@gmail.com wrote: Hi Matt, Is there any solution to compile

Support for AES-GCM on OpenSSL-0.9.8

Hi, AES_GCM is supported on OpenSSL-1.0.1 Regarding support on OpenSSL-0.9.8, have found patch on link below. http://rt.openssl.org/Ticket/Display.html?id=2092user=guestpass=guest From various opensource discussion, it seems it cleanly apply to old version. Is it ok for this patch to be used on

OpenSSL version 1.0.1i released

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenSSL version 1.0.1i released === OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 1.0.1i of our open source

OpenSSL version 1.0.0n released

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenSSL version 1.0.0n released === OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 1.0.0n of our open source

OpenSSL version 0.9.8zb released

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenSSL version 0.9.8zb released === OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 0.9.8zb of our open

Re: Support for AES-GCM on OpenSSL-0.9.8

On 06/08/14 19:32, Mukesh Yadav wrote: Hi, AES_GCM is supported on OpenSSL-1.0.1 Regarding support on OpenSSL-0.9.8, have found patch on link below. http://rt.openssl.org/Ticket/Display.html?id=2092user=guestpass=guest From various opensource discussion, it seems it cleanly apply to

Build problem with FIPS-enabled 1.0.1i, Linux 32 and 64-bit

The make test step for FIPS-enabled 1.0.1i is failing for me in the ectest (elliptic curves) section with: SEC2 curve secp160r1 -- Generator: x = 0x4A96B5688EF573284664698968C38BB913CBFC82 y = 0x23A628553168947D59DCC912042351377AC5FB32 verify degree ... ok verify group order ok

SSL_OP_NO_TLSv1, SSL_OP_NO_TLSv1_1 and SSL_OP_NO_TLSv1_2 option flags

I assume SSL_OP_NO_TLSv1 affect TLS v1.0 only but not TLS v1.x in general? Alex

Re: SSL_OP_NO_TLSv1, SSL_OP_NO_TLSv1_1 and SSL_OP_NO_TLSv1_2 option flags

On Wed, Aug 06, 2014 at 05:32:08PM -0700, Alex Chen wrote: I assume SSL_OP_NO_TLSv1 affect TLS v1.0 only but not TLS v1.x in general? Correct. -- Viktor. __ OpenSSL Project

Re: Build problem with FIPS-enabled 1.0.1i, Linux 32 and 64-bit

On Wed, Aug 06, 2014, Porter, Andrew wrote: The make test step for FIPS-enabled 1.0.1i is failing for me in the ectest (elliptic curves) section with: SEC2 curve secp160r1 -- Generator: x = 0x4A96B5688EF573284664698968C38BB913CBFC82 y = 0x23A628553168947D59DCC912042351377AC5FB32

Re: how to compile openssl with -bindist option

Hi Matt, One more doubt. Please let me know if I compiled my openssl 0.9.8za without -no-ec option and I am not using this alogorithm in any of my application then shall I can say my application is fips complaint? Thanks, Gayathri On Wed, Aug 6, 2014 at 7:22 PM, Gayathri Manoj