On 12/07/2017 07:23, Viktor Dukhovni wrote:
On Wed, Jul 12, 2017 at 02:02:31AM +0200, Jakob Bohm wrote:
I don't think a state is really needed for this, if the callback
simply checks if the certificate is in the loaded trust collection,
and/or if it is self-signed (depending on the application'
On Wed, Jul 12, 2017 at 02:02:31AM +0200, Jakob Bohm wrote:
> I don't think a state is really needed for this, if the callback
> simply checks if the certificate is in the loaded trust collection,
> and/or if it is self-signed (depending on the application's chosen
> root CA trust model).
Yes, th
On 10/07/2017 18:52, Viktor Dukhovni wrote:
On Jul 10, 2017, at 3:45 AM, Niklas Keller wrote:
What's the best way / a working way to reject weak signature schemes in OpenSSL
1.0.{1,2}?
Most CAs have stopped issuing SHA-1 certificates. Any old ones will expire
over the
next year or two. Wh
> It's very well worth the effort, otherwise there's a security issue, because
> certificates can be forged.
No they cannot.
What *has* been done is a document was created with "weak spots" and another
document was created that changed those weak spots, but the digest was the
same.
This is a
I'm having an issue with s_time and s_server using the latest OpenSSL
(1.1.1-dev) and tls1_3.
When I use tls1_2 connections are established and data is transferred.
However, when I use tls1_3 data is not transferred (connections are
established).
Below are the commands I use for s_time and s_
yes i can do this. I do it as github issue then. I hope i find time this
evening to do this otherwise tomorrow.
Von: openssl-users im Auftrag von Richard
Levitte
Gesendet: Dienstag, 11. Juli 2017 09:19:04
An: openssl-users@openssl.org
Betreff: Re: [openssl-user
This all sounds a bit mysterious...
would you mind sharing a test program that shows the problem, with
detailed step by step instructions (among others what libraries you're
running against each time)? Preferably as a github issue, but here is
fine as well...
Cheers,
Richard
In message
on Mo