Re: Linking error on Soalris x86 and sparc using fips capable openssl 1.0.1h

2014-09-17 Thread Mrunal Nerpawar
Thanks all for the help. I could resolve both the errors: Sun-Intel : using -Wl, -Bsymbolic and resolving few other linking errors. Sun-sparc : Re-building libstdc++ all the errors gone away. Thanks again Andy for pointing it out. Regards, Mrunal On Mon, Sep 15, 2014 at 12:40 AM, Andy

SIGSEGV in ssl3_get_message?

2014-09-17 Thread Michael Menge
Hi, i have a Problem with Cyrus-Imapd 2.4.17 and libopenssl0_9_8-0.9.8j-0.62.1 openssl-0.9.8j-0.62.1 on a SLES 11 SP 3 (most recent versions for SLES 11) We recently switched from a normal Cyrus to a Cluster Configuration (aka Cyrus Murder). A frontend imapd will proxy the requests to the

certificate error

2014-09-17 Thread Amir Reda
dear all i have made a client server code the client sends a X509 request and the server reply the X509 certificate but i have 2 questions 1- did i fill all the attributes of the X509 certificate in this code or not 2- when i compile this code using eclipse i got allot of errors but all are the

TLS handshake error : No shared cipher (SSL error 40)

2014-09-17 Thread Francis GASCHET
Hello, We use openSSL in OFTP2 implementation. The OFTP2 working group decided to strongly recommend to use preferably the cipher suites including PFS (ephemeral Diffie Hellman). So in our iplementation (linked against openssl 1.0.1g) I limited the list of offered ciphers (client) and

Re: TLS handshake error : No shared cipher (SSL error 40)

2014-09-17 Thread Viktor Dukhovni
On Wed, Sep 17, 2014 at 07:34:44PM +0200, Francis GASCHET wrote: We use openSSL in OFTP2 implementation. The OFTP2 working group decided to strongly recommend to use preferably the cipher suites including PFS (ephemeral Diffie Hellman). Preferably, does not mean exclusively. You should

RE: TLS handshake error : No shared cipher (SSL error 40)

2014-09-17 Thread Dave Thompson
From: owner-openssl-us...@openssl.org On Behalf Of Francis GASCHET Sent: Wednesday, September 17, 2014 13:35 We use openSSL in OFTP2 implementation. The OFTP2 working group decided to strongly recommend to use preferably the cipher suites including PFS (ephemeral Diffie Hellman). snip To

Change in default behavior from 1.0.1g to 1.0.1h

2014-09-17 Thread Andy Schmidt
I just tracked down an obscure bug in our certificate authentication code to a change in in the global mask for ASN.1 strings in crypto/asn1/a_strnid.c. (https://github.com/openssl/openssl/commit/3009244da47b989c4cc59ba02cf81a4e9d8f8431) I have a couple of questions about this: 1. Was this change

openssl 1.0.1i

2014-09-17 Thread Tulasi
Hi I installed openssl 1.0.1i fips enabled (fips 2.0.7) When i run the command openssl version, i get this OpenSSL 1.0.0-fips 29 Mar 2010 Why doesn't it show 1.0.1i in the version information. Please help.