Hi,
I am facing issue while trying to parse the Alert received from client.
I could see the Alert on wireshark as "Alert(21) Handshake Failure" but
while trying to parse it from below code doesn't work.
I want to parse this error and try to re-initiate the handshake from my
server code.
("OpenSSL doesn't do" _scalar_ blinding! Coordinate blinding is there.
sorry ...)
Ok, great thanks.
-Original Message-
From: Matt Caswell
Sent: Monday 15 April 2019 14:45
To: tim.j.culh...@gmail.com; openssl-users@openssl.org
Subject: Re: Best way of preventing denial of service attacks by way of secure
client-initiated renegotiation
On 15/04/2019 14:41,
> > Could you please explain how blinding works in OpenSSL?
> >
> > EC_KEY structure seems to have an unblinded private key structure and
> > blinded X, Y, Z- coordinates of the public key when blinding is in
> > use. But if I understand correctly, he idea of blinding is protecting
> > the private
On 15/04/2019 14:41, tim.j.culh...@gmail.com wrote:
> Hi Matt,
>
> Many thanks for your informative reply.
>
> So it seems the best approach is to upgrade to a version of OpenSSL
> supporting the SSL_OP_NO_RENGOTIATION option.
>
> If this option is enabled will it still allow
Hi Matt,
Many thanks for your informative reply.
So it seems the best approach is to upgrade to a version of OpenSSL
supporting the SSL_OP_NO_RENGOTIATION option.
If this option is enabled will it still allow server-initiated secure
renegotiations if TLS 1.3 is being used?
The docs
On Mon, 2019-04-15 at 10:39 +0300, Dmitry Belyavsky wrote:
> Hello,
>
> Could you please explain how blinding works in OpenSSL?
>
> EC_KEY structure seems to have an unblinded private key structure and
> blinded X, Y, Z- coordinates of the public key when blinding is in
> use. But if I
On 15/04/2019 09:35, tim.j.culh...@gmail.com wrote:
> I'm not sure if this means renegotiation has failed? Either way the
> connection remains open. Presumably if a client issued a large number of
> renegotiations like this the server could become overwhelmed.
No - renegotiation was
On 15/04/2019 12:25, Swamy J-S wrote:
> Hi All,
>
>
> I updated openssl from 1.0.2n to 1.1.0g recently and facing some errors in
> building my application because many functions and structures are opaque now
> in
> 1.1.0g. Errors am getting are as below :
>
>
> error:
Hi All,
I updated openssl from 1.0.2n to 1.1.0g recently and facing some errors in
building my application because many functions and structures are opaque now in
1.1.0g. Errors am getting are as below :
error: ‘CRYPTO_LOCK_X509_STORE’ undeclared (first use in this function); did
you mean
Hi all,
A customer of ours was recently running security checks against our mail
server. To do this they were running the testssl.sh script available at:
https://testssl.sh/
The test tool reports a potential DoS thread as a result of client-initiated
secure renegotiation as shown from the
Hello,
Could you please explain how blinding works in OpenSSL?
EC_KEY structure seems to have an unblinded private key structure and
blinded X, Y, Z- coordinates of the public key when blinding is in use. But
if I understand correctly, he idea of blinding is protecting the private
key from
>>If you want to disable TLSv1.0 and TLSv1.1 then you should do so at run time.
>>Use the SSL_OP_NO_TLSv1 and SSL_OP_NO_TLSv1_1 options to the
>>SSL_CTX_set_options() or SSL_set_options() functions.
Since we have many applications using openssl services, it is difficult to
implement this in all
13 matches
Mail list logo
