Re: [openssl-users] openSSL and SLOTH attack

On 07/01/2016 23:06, jonetsu wrote: Does this mean that running 1.01e in FIPS mode is protected regarding this SLOTH attack ? Does FIPS mode prevent use of MD5: Yes. Does FIPS mode prevent insecure uses of SHA-1 (a FIPS algorithm): No. Does FIPS mode prevent the SSL/TLS handshake from using

Re: [openssl-users] openSSL and SLOTH attack

Does this mean that running 1.01e in FIPS mode is protected regarding this SLOTH attack ? -- View this message in context: http://openssl.6102.n7.nabble.com/openSSL-and-SLOTH-attack-tp62055p62074.html Sent from the OpenSSL - User mailing list archive at Nabble.com.

[openssl-users] openSSL and SLOTH attack

Hello users, Is there any fixes available from openSSL community for the SLOTH attack - http://www.mitls.org/pages/attacks/SLOTH or what are the possible mitigation points? Thanks Sandeep ___ openssl-users mailing list To unsubscribe:

Re: [openssl-users] CBC ciphers + TLS 1.0 protocol does not work in OpenSSL 1.0.2d

The proposed change: -- static inline unsigned int constant_time_msb(unsigned int a) { -return 0 - (a >> (sizeof(a) * 8 - 1)); + return (((unsigned)((int)(a) >> (sizeof(int) * 8 - 1; } - produces an implementation-defined value in C99. See the final sentence of ISO 9899-1999

Re: [openssl-users] CBC ciphers + TLS 1.0 protocol does not work in OpenSSL 1.0.2d

On 07/01/2016 15:52, Michael Wojcik wrote: The proposed change: -- static inline unsigned int constant_time_msb(unsigned int a) { -return 0 - (a >> (sizeof(a) * 8 - 1)); + return (((unsigned)((int)(a) >> (sizeof(int) * 8 - 1; } - produces an implementation-defined value in

Re: [openssl-users] openSSL and SLOTH attack

Michael Wojcik writes: > > As described on that web page, use OpenSSL 1.0.1f or later. That prevents the currently-practical SLOTH > attack against RSA-MD5 client authentication. > > If you're using an OpenSSL release earlier than 1.0.1f, SLOTH is probably not your biggest

Re: [openssl-users] EVP_PKEY *X509_get0_pubkey(X509 *x);

> On Jan 7, 2016, at 1:39 PM, Ken Goldman wrote: > > 3 - I use this sequence: > > x509 = PEM_read_bio_X509 > EVP_PKEY = X509_get_pubkey > RSA = EVP_PKEY_get1_RSA > > What should be freed? All three structures or just a subset? All three. -- Viktor.

[openssl-users] mailing list issues? Re: CBC ciphers + TLS 1.0 protocol does not work in OpenSSL 1.0.2d

A few zombie messages today: Received: from mta.openssl.org (localhost [127.0.0.1]) by mta.openssl.org (Postfix) with ESMTP id 14CB4201BB; Thu, 7 Jan 2016 12:13:22 + (UTC) X-Original-To: openssl-us...@mta.openssl.org Delivered-To: openssl-us...@mta.openssl.org Received: by

Re: [openssl-users] mailing list issues? Re: CBC ciphers + TLS 1.0 protocol does not work in OpenSSL 1.0.2d

> A few zombie messages today: There were some that had been held up on the queue because of things like size limits. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] EVP_PKEY *X509_get0_pubkey(X509 *x);

Meta-comment: The documentation is very thin on when objects should or should not be freed. The application developer is forced to chose between [don't free, leak memory] and [free, access freed memory]. ~~ 1 - The documentation here says this API is available, but I don't see it in either

[openssl-users] Troubleshooting failed TLS negotiation

I'm moving samba service between a couple of FreeBSD systems (9.3 to 10.2), and I'm stuck on getting samba on the new machine to connect to our openldap server over ssl - frustrating since I've been running samba+ldap for 15 years or so; feel sure I'm missing something basic! The smbd-to-ldap

Re: [openssl-users] CBC ciphers + TLS 1.0 protocol does not work in OpenSSL 1.0.2d

Sorry - I thought this topic had come up again (or that this was a new continuation of the older discussion). Now I see it was an old message that had been delayed. Apologies for the noise. -- Michael Wojcik Technology Specialist, Micro Focus ___

Re: [openssl-users] openSSL and SLOTH attack

On 07/01/2016 16:46, Michael Wojcik wrote: As described on that web page, use OpenSSL 1.0.1f or later. That prevents the currently-practical SLOTH attack against RSA-MD5 client authentication. If you're using an OpenSSL release earlier than 1.0.1f, SLOTH is probably not your biggest problem.