As I can read from the documents mentioned below, "or not at all"
worries me. Is there a situation when a session ticket is not sent at
all (other than when reused)?
https://www.openssl.org/docs/manmaster/man3/SSL_CTX_sess_set_new_cb.html
Note that in TLSv1.3, sessions are established after the m
On Thu, Sep 16, 2021 at 08:11:44AM +0530, Jaya Muthiah wrote:
> I am trying to get the remaining lifetime of the ticket so that server can
> decide to renew ticket or not
In Postfix, I rotate ticket keys every hour, and sessions are valid for
two hours. For the first hour when they were issued b
Is it possible to send custom data to the client along with the ticket?
I tried using SSL_SESSION_set1_ticket_appdata but it didn't work.
I am trying to get the remaining lifetime of the ticket so that server can
decide to renew ticket or not
I have defined callback like this, and it is working. However, the
SSL_SESSION_get_ticket_lifetime_hint() always returns zero.
SSL_CTX_set_session_ticket_cb(ctx->ctx, ticket_gen_cb, ticket_dec
Jakob,
That's reasonable, although I wouldn't use the word "low" to describe it.
I did try to include 10.1.2 from NIST's SP 800-90C but it didn't make it.
There is nothing preventing the use of the existing DRBGs with longer
digests which Could increase number of bits.
Pauli
On 15/9/21 11:34
Great, thanks!
On 15 September 2021 17:07:59 BST, Matt Caswell wrote:
>
>
>On 15/09/2021 16:57, Matt Caswell wrote:
>>
>>
>> On 15/09/2021 16:50, Kris Kwiatkowski wrote:
>>> Can you point to instructions on how to load provider
>>> it into OpenSSL?
>>>
>>> Is there something similar to "[engin
On Wed, Sep 15, 2021 at 05:26:51PM +0530, Jaya Muthiah wrote:
> I am trying to reuse SSL_SESSION as below, it works fine when I use
> TLSv1_2_client_method() to create context. However, it does not work
> when I use TLS_client_method().
> [...]
> if (SSL_connect(ssl) != 1) { return -1; }
>
On 15/09/2021 16:57, Matt Caswell wrote:
On 15/09/2021 16:50, Kris Kwiatkowski wrote:
Can you point to instructions on how to load provider
it into OpenSSL?
Is there something similar to "[engine_section]",
that can be used to configure loading from openssl.conf?
Yes. See the "config" ma
On 15/09/2021 16:50, Kris Kwiatkowski wrote:
Can you point to instructions on how to load provider
it into OpenSSL?
Is there something similar to "[engine_section]",
that can be used to configure loading from openssl.conf?
Yes. See the "config" man page here:
https://www.openssl.org/docs/m
Can you point to instructions on how to load provider
it into OpenSSL?
Is there something similar to "[engine_section]",
that can be used to configure loading from openssl.conf?
BR,
Kris
On 9/15/21 4:39 PM, Matt Caswell wrote:
> Another, slightly more complicated, but fully self contained provid
Another, slightly more complicated, but fully self contained provider is
here:
https://github.com/openssl/openssl/blob/master/test/tls-provider.c
And another one here:
https://github.com/openssl/openssl/blob/master/test/p_test.c
A minimal bare bones provider is here:
https://github.com/opens
Was the original connection that you obtained the session from cleanly
closed down? From the man pages:
"A session will be automatically removed from the session cache and
marked as non-resumable if the connection is not closed down cleanly,
e.g. if a fatal error occurs on the connection or L
On 2021-09-14 12:14, Dr Paul Dale wrote:
> ...low security RNGs and other antifeatures.
Huh Where? Why plural?
The only **one** I'm aware of is the one I added to stochastically
flush the property cache where it doesn't need to be cryptographically
secure.
Some applications need mor
Shiva,
you may also have a look at the https://github.com/provider-corner/vigenere
That's (as far as I know) the most simple provider implementation available.
Petr
-Original Message-
From: openssl-users On Behalf Of Tomas Mraz
Sent: Wednesday, September 15, 2021 2:18 PM
To: Shivakumar P
I am sorry but as I said providers are not a direct replacement for
ENGINEs. It is a completely different implementation of the same
concept of pluggable cryptographical modules for OpenSSL. You can look
at the OpenSSL manual pages for the providers.
This is the starting point:
https://www.openssl
I am trying to reuse SSL_SESSION as below, it works fine when I use
TLSv1_2_client_method() to create context. However, it does not work when I
use TLS_client_method().
if (!SSL_set_session(ssl, ssl_session)) {
//code never reaches here so SSL_set_session is successful
}
i
Hi Tomas,
As Engine function are deprecated I tried using providers
But how to use providers to get engine functionality tried in man pages
Some sample program will help, maybe some sample program will give the clear
idea how to use provider
Struggling in understand the providers
Please share
17 matches
Mail list logo