Re: [openssl-users] [openssl-project] OpenSSL 3.0 and FIPS Update

2019-02-19 Thread Walter Paley
Thanks for the speculation on validated platforms, Mark. Please be careful about using this resource as a medium for self-promotion. - Walt Walter Paley w...@safelogic.com SafeLogic - FIPS 140-2 Simplified

Re: Allow specifying the tag after AAD in CCM mode

2019-02-19 Thread Peter Magnusson
I've commented on the PR, mostly about not understanding the commit message RFC-references and indentation error. Overall the PR looks good to me, but I'd like someone who is more familiar with implementation have a look at it. Best Regards Eine Kleine Blau Fisch On Tue, Feb 19, 2019 at 2:10 PM

Forthcoming OpenSSL Releases

2019-02-19 Thread Matt Caswell
The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 1.1.1b and 1.0.2r. There will be no new 1.1.0 release at this time. These releases will be made available on 26th February 2019 between approximately 1300-1700 UTC. OpenSSL 1.0.2r is a security-fix

Allow specifying the tag after AAD in CCM mode

2019-02-19 Thread Tobias Nießen
Hello everyone, in GCM and OCB mode, it is possible to set the authentication tag after supplying AAD, but the CCM implementation does not allow that. This isn't a problem for most applications, but in Node.js, we expose similar APIs to interact with AEAD ciphers and these differences between

Re: understand 'openssl dhparms ....'

2019-02-19 Thread Matthias Apitz
El día Tuesday, February 19, 2019 a las 10:47:44AM +, Matt Caswell escribió: > > > On 19/02/2019 08:57, Matthias Apitz wrote: > > > > Two questions: > > > > 1. Why this has no input file? Shouldn't it have on, and which? The man > > page says, it would read stdin, but it doesn't do so. >

Re: openssl-users: DKIM, DMARC and all that jazz, and what it means to us

2019-02-19 Thread Richard Levitte
On Mon, 18 Feb 2019 22:51:09 +0100, Jakob Bohm wrote: > Having a DMARC record without DKIM signatures (including DKIM > signing mails relayed with openssl.org as From: address) is either > an RFC violation or very close to one. I suspected that. We're not quite ready for full blown DKIM yet, so

Re: understand 'openssl dhparms ....'

2019-02-19 Thread Matt Caswell
On 19/02/2019 08:57, Matthias Apitz wrote: > > Two questions: > > 1. Why this has no input file? Shouldn't it have on, and which? The man > page says, it would read stdin, but it doesn't do so. The man page in question is here: https://www.openssl.org/docs/man1.1.1/man1/dhparam.html I draw

understand 'openssl dhparms ....'

2019-02-19 Thread Matthias Apitz
Hello, Some years ago (in 2012) I wrote an OpenSSL server, loosely based on the example sources 'openssl-examples-20020110' which nowadays still exist in https://github.com/smbutton/DataCommProject/tree/master/openssl-examples-20020110/openssl-examples-20020110 There was also some guiding