Hello,
at startup after SSL_library_init I correctly call SSL_load_error_strings and
every time I have an SSL error I try to log useful data using
ERR_error_string_n.
The problem is that the output never contains error messages but only numeric
code like:
Hello All,
I have a set up which runs Apache http-2.4.10 and Openssl-1.0.1i, when I
try to start the http server with FIPS mode i get the following error.
[Mon Aug 11 14:39:24.407781 2014] [suexec:notice] [pid 380] AH01232:
suEXEC mechanism enabled (wrapper: /apps/apache/2.4.10/bin/suexec)
Hi All,
We are using OpenSSL version 0.9.8h. We take the security vulnerability
fixes from latest release of OpenSSL 0.9.8 series and patch our internally
used 0.9.8h.
From the OpenSSL release 0.9.8za, we took CVE-2014-0224 and merged it our
OpenSSL code. But in latest release 0.9.8za, I see
Hi,
I have two questions about how openssl handles session caching.
1.
If I want session caching on the client side, I have to store the
session manually, to be able to retrieve it when the client connects
to a server and use SSL_set_session() with the stored session.
The question is, how
Hello,
I'm a bit confused about the behavior of EVP_DigestInit_ex :
int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
{
if (type)
{
else
if(!ctx-digest)
{
On Mon, Aug 11, 2014 at 01:48:34PM +0200, DEXTER wrote:
1. If I want session caching on the client side, I have to store the
session manually, to be able to retrieve it when the client connects
to a server and use SSL_set_session() with the stored session.
Correct so far.
The question is,
Hello,
sorry for the first incomplete message :-/
I'm a bit confused about the behavior of EVP_DigestInit_ex when no md is given :
int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
{
#ifndef OPENSSL_NO_ENGINE
(...)
if (type)
{
err = SSL_get_error(client-ssl, r2);
if (err != 0) {
char str[2048];
ERR_error_string_n(err, str, sizeof(str));
printf(%s, str);
ERR_print_errors_fp (stdout);
}
The first function produces:
What's the value of err (%ul)?
--
Principal Security Engineer
Akamai Technologies, Cambridge MA
IM: rs...@jabber.memailto:rs...@jabber.me Twitter: RichSalz
It is 1.
--
Marco Bambini
http://www.sqlabs.com
http://twitter.com/sqlabs
http://instagram.com/sqlabs
On 11 Aug 2014, at 16:24, Salz, Rich rs...@akamai.com wrote:
What’s the value of err (“%ul”)?
--
Principal Security Engineer
Akamai Technologies, Cambridge MA
IM: rs...@jabber.me
Try printing r2 in your original code. SSL_get_error isn't doing what you
think it does; see the docs.
--
Principal Security Engineer
Akamai Technologies, Cambridge MA
IM: rs...@jabber.memailto:rs...@jabber.me Twitter: RichSalz
How to send empty certificate-message in response to certificate request
from server ?
I have a TLS Server and TLS Client which is running on the top of *Edge
Triggered EPOLL* and *Non Blocking Sockets.*
Client and server is doing following operations
1. Client - Connect to TLS Server. (SSL_CTX_new - SSL_new -
SSL_set_fd)
2. Client - Set modes
I have a TLS Server and TLS Client which is running on the top of *Edge
Triggered EPOLL* and *Non Blocking Sockets.*
Client and server is doing following operations
1. Client - Connect to TLS Server. (SSL_CTX_new - SSL_new -
SSL_set_fd)
2. Client - Set modes
On Mon, Aug 11, 2014 at 4:09 PM, Viktor Dukhovni
openssl-us...@dukhovni.org wrote:
Salt the session lookup key with all destination-specific and
security-relevant parameters. The Postfix SMTP client uses:
ip, port, destination domain, mx hostname, server helo name,
protocol mask
On Mon, Aug 11, 2014 at 05:13:00PM +0200, DEXTER wrote:
Sesssion tickets should NOT be stored on the server side, only the
encryption keys are stored, these should be rotated from time to
time. Postfix rotates the encryption keys once an hour, but stores
two sets of keys, the previous
The server end appears to be GlobalScape EFT running on a windows
server.
I will summarize the IBM response:
When SSL is not involved, TCP will normally go through a graceful
connection teardown sequence where one side initiates the connection
closure by sending out a FIN. The other
When trying to configure 1.0.1h with no-ec, I am getting an error out of
Configure. When it's configuring the engines subdirectory:
make[1]: Leaving directory `/users/scottn/testssl/openssl-1.0.1h/ssl'
making links in engines...
make[1]: Entering directory
If you did not use, SSL_CTX_use_certificate(), SSL_use_certificate() and
set the certificate
SSL client responds with no_cert if cert request comes from the server.
-Jayadev.
On Mon, Aug 11, 2014 at 6:24 PM, Sanju Gurung sanju.gur...@gmail.com
wrote:
How to send empty certificate-message
The IBM response is still significantly oversimplified, where it isn't simply
wrong.
I've made some comments in-line below, but to get the full picture you'd really
need to study a text like Stevens' /TCP/IP Illustrated/, paying particular
attention to the TCP state diagram and the empirical
hi all,
I did a little comparison between microsoft's handshake process to openssl
one.
At the end of Msft handshake process i can see a finish, which i dont see
when using openssl .
Can i have that finish msg using openssl too?
Thanks
Idan
Idan Freiberg
21 matches
Mail list logo