Compile Error in Cygwin / openssl 1.1.1d

2019-10-15 Thread Georg Höllrigl
Hello, I'm getting this error on compiling on MobaXTerm (basically Cygwin) compiling 1.1.1d: -- gcc -I. -Icrypto/include -Iinclude -Wall -O3 -fomit-frame-pointer -DTERMIOS -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ

Re: Questions about secure curves

2019-10-15 Thread Viktor Dukhovni
On Oct 15, 2019, at 1:02 PM, Mark Hack wrote:I believe that Firefox does still support P-521 but Chrome does not. Also be aware that if you set server side cipher selection and usedefault curves, that OpenSSL orders the curves weakest to strongest (even with @STRENGTH) so you will end up forcing

Linux error compiling OpenSSL 1.1.1d

2019-10-15 Thread Maxwell, Gary
I have downloaded and ran the following configuration for OpenSSL 1.1.1.d ./config shared --prefix=/opt/test/openssl -openssldir=/opt/test/openssl Does anyone have any idea why I receive the following error when executing "Make" c1: error: apps/app_rand.d: No such file or directory make[1]:

Re: Questions about secure curves

2019-10-15 Thread Mark Hack
I believe that Firefox does still support P-521 but Chrome does not. Also be aware that if you set server side cipher selection and use default curves, that OpenSSL orders the curves weakest to strongest ( even with @STRENGTH) so you will end up forcing P-256. On Tue, 2019-10-15 at 17:24 +0200,

Re: Questions about secure curves

2019-10-15 Thread Jakob Bohm via openssl-users
On 15/10/2019 15:43, Stephan Seitz wrote: Hi! I was looking at the output of „openssl ecparam -list_curves” and trying to choose a curve for the web server together with letsencrypt. It seems, letsencrypt supports prime256v1, secp256r1, and secp384r1. Then I found the site

Re: Questions about secure curves

2019-10-15 Thread Tomas Mraz
On Tue, 2019-10-15 at 15:43 +0200, Stephan Seitz wrote: > Hi! > > I was looking at the output of „openssl ecparam -list_curves” and > trying > to choose a curve for the web server together with letsencrypt. > > It seems, letsencrypt supports prime256v1, secp256r1, and secp384r1. > > Then I

Re: Questions about secure curves

2019-10-15 Thread Salz, Rich via openssl-users
There is nothing known to be wrong with NIST P256. If you don't have a known reason to use 384, then don't use it.

Questions about secure curves

2019-10-15 Thread Stephan Seitz
Hi! I was looking at the output of „openssl ecparam -list_curves” and trying to choose a curve for the web server together with letsencrypt. It seems, letsencrypt supports prime256v1, secp256r1, and secp384r1. Then I found the site https://safecurves.cr.yp.to/. I have problems mapping the

Re: Regarding netinet/sctp.h inclusion in bss_dgram.c

2019-10-15 Thread Naveen Shivanna
Thanks. Regarding BIO_dgram_sctp_wait_for_dry() and BIO_dgram_sctp_msg_waiting(), we can use the new control options which are already merged in master : BIO_CTRL_DGRAM_SCTP_WAIT_FOR_DRY BIO_CTRL_DGRAM_SCTP_MSG_WAITING. On Tue, 15 Oct, 2019, 3:19 PM Matt Caswell, wrote: > > > On 15/10/2019

Re: Regarding netinet/sctp.h inclusion in bss_dgram.c

2019-10-15 Thread Matt Caswell
On 15/10/2019 10:32, Matt Caswell wrote: > > > On 15/10/2019 07:51, Naveen Shivanna wrote: >> Hi,  >> >> After adding 'enable-sctp' compile option, OpenSSL (DTLS) can work with >> SCTP as transport. >> >> OpenSSL bss_dgram.c file includes the kernel /netinet/sctp.h. >> >> We have our own

Re:

2019-10-15 Thread Matt Caswell
On 15/10/2019 07:51, Naveen Shivanna wrote: > Hi,  > > After adding 'enable-sctp' compile option, OpenSSL (DTLS) can work with > SCTP as transport. > > OpenSSL bss_dgram.c file includes the kernel /netinet/sctp.h. > > We have our own custom SCTP implementation (also implements  custom BIO >

Re: How to run OpenSSL command line utility under debugger?

2019-10-15 Thread Dmitry Belyavsky
Dear Anton, On Tue, Oct 15, 2019 at 9:00 AM Anton Schmidt wrote: > I've got an error in openssl library function when trying to read a pkcs7 > message > > [schmidt@localhost ssl]$ ./bin/openssl version > OpenSSL 3.0.0-dev xx XXX (Library: OpenSSL 3.0.0-dev xx XXX ) > [schmidt@localhost

Regarding netinet/sctp.h inclusion in bss_dgram.c

2019-10-15 Thread Naveen Shivanna
Hi, After adding 'enable-sctp' compile option, OpenSSL (DTLS) can work with SCTP as transport. OpenSSL bss_dgram.c file includes the kernel /netinet/sctp.h. We have our own custom SCTP implementation (also implements custom BIO METHODS, do not use the default methods), so we need to remove the

[no subject]

2019-10-15 Thread Naveen Shivanna
Hi, After adding 'enable-sctp' compile option, OpenSSL (DTLS) can work with SCTP as transport. OpenSSL bss_dgram.c file includes the kernel /netinet/sctp.h. We have our own custom SCTP implementation (also implements custom BIO METHODS, do not use the default methods), so we need to remove the

Re: How to run OpenSSL command line utility under debugger?

2019-10-15 Thread Jordan Brown
On 10/14/2019 10:59 PM, Anton Schmidt wrote: > I've found OpenSSL library source > code https://github.com/openssl/openssl but not the sources for > command line utility. Are the sources available?  I believe they are in the "apps" directory of that repository. -- Jordan Brown, Oracle ZFS

How to run OpenSSL command line utility under debugger?

2019-10-15 Thread Anton Schmidt
I've got an error in openssl library function when trying to read a pkcs7 message [schmidt@localhost ssl]$ ./bin/openssl version OpenSSL 3.0.0-dev xx XXX (Library: OpenSSL 3.0.0-dev xx XXX ) [schmidt@localhost ssl]$ ./bin/openssl pkcs7 -in /tmp/55b0822e148e4ffaa0bd9ebc41814f54.der