On 11/10/2018 06:44, Paul Chubb wrote:
Hi thanks for the responses. I try not to do crypto for the very
reasons you raise - i simply don't know enough and your (good) pointed
questions have demonstrated that.
Context:
We are trying for GDPR and other privacy law compliance. We probably
On 10/11/2018 06:51 PM, The Doctor wrote:
Looks like
apache
There is still considerable discussion in the httpd mailists on the
topic. Don't be so certain.
Dennis
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Looks like
bind9
Exim
Inn
apache
POstgresql
and openssh > 7.8
Are all compliant.
What about
Dovecot
php
?
MySQL / Mariadb / Percona
are not yet.
Any full lists?
--
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
Yahweh, Queen & country!Never
Is there currently a way to manually shutdown the OpenSSL library?
We have a DLL that statically links OpenSSL. Our DLL gets loaded and unloaded
multiple times by a process (not our process), and we need to release OpenSSL
each time. This was not possible with OpenSSL 1.1 as of September
Hi Matt,
this make sense. As if I disable TLS1.3, the issue is gone. Thanks for your
help.
Regards,
Dave
On Thu, Oct 11, 2018 at 2:36 AM Matt Caswell wrote:
> I opened this issue to track this problem:
>
> https://github.com/openssl/openssl/issues/7384
>
> Matt
>
>
> On 11/10/18 10:25, Matt
As with essentially all open source software, there is no warranty with OpenSSL.
Having said that, people use the OpenSSL applications for all sorts of things,
including what you are doing.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
> Of Matt Caswell
> Sent: Thursday, October 11, 2018 05:04
>
>
> On 11/10/18 09:47, Peter Magnusson wrote:
> > You would be better off with AES-CCM or such for your backup, that
> > gives you the integrity check.
> > i.e.
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
> Of Viktor Dukhovni
> Sent: Wednesday, October 10, 2018 23:12
>
> On Thu, Oct 11, 2018 at 01:23:41AM +, Michael Wojcik wrote:
>
> > - Data recovery from an encrypted backup is tough. With CBC, one bit goes
> > astray
On Oct 11, 2018, at 05:03, Matt Caswell wrote:
> On 11/10/18 09:47, Peter Magnusson wrote:
>> You would be better off with AES-CCM or such for your backup, that
>> gives you the integrity check.
>> i.e. you would be reasonably sure what you decrypt is encrypted with your
>> key.
>
> I'd just
I opened this issue to track this problem:
https://github.com/openssl/openssl/issues/7384
Matt
On 11/10/18 10:25, Matt Caswell wrote:
>
>
> On 10/10/18 23:04, Dave Wang wrote:
>> Hi there,
>>
>> I have a client can talk with server, where the client certificate is
>> loaded in client_cert_cb
On 10/10/18 23:04, Dave Wang wrote:
> Hi there,
>
> I have a client can talk with server, where the client certificate is
> loaded in client_cert_cb based on matching the server side certificate.
>
> it works perfectly in openssl 1.1.0h, however it stops working after I
> upgrade to openssl
On 11/10/18 09:47, Peter Magnusson wrote:
> You would be better off with AES-CCM or such for your backup, that
> gives you the integrity check.
> i.e. you would be reasonably sure what you decrypt is encrypted with your
> key.
I'd just point out that CCM and other AEAD modes are not
You would be better off with AES-CCM or such for your backup, that
gives you the integrity check.
i.e. you would be reasonably sure what you decrypt is encrypted with your key.
So the fist question would be why even consider AES-CBC? Somewhere in
the decision process you ought to go "Is the
13 matches
Mail list logo