Hi Jayalakshmi,
Is your implementation OSS or intellectual property? If it is OSS can you
please provide the URL?
Regards,
Freemon
On Wed, Oct 25, 2017 at 1:06 PM, Jayalakshmi bhat <
bhat.jayalaks...@gmail.com> wrote:
> Hi All,
>
> Our device uses TPM to protect certificate private keys. We
FIPS mode is a policy decision in my opinion also but since RedHat prides
itself in security e.g. SELinux, etc. I believe that is a RedHat decision
as opposed to the OpenSSL community. The alternative would be to use a
different Linux distro like Ubuntu, etc. which does not compile their
OpenSSL
Not sure if this helps but the native installation for CentOS7 by default
installs OpenSSL with FIPS mode compiled in which means deprecated
algorithms such as MD5 and the like will not work. If you tried to generate
a certificate you should have received an error or not have seen that
algorithm
Agreed. I can't speak for the gentleman that originated this thread but in
my context the use case would be to store the keys/certs within the TPM
that's all.
Regards,
Freemon
On Fri, Jul 7, 2017 at 12:03 PM, Blumenthal, Uri - 0553 - MITLL <
u...@ll.mit.edu> wrote:
> And in most cases (except
I would personally love to see an implementation of this as well for
OpenSSL. However in the interim you can see how these libraries were
referenced to insert keys into the TPM for OpenSSH. Our team here has also
verified this works nicely. Perhaps this can be extended if you do not wish
to work
Hello,
Can anyone help me in discerning which version of openssl supports
sbgp-autonomousSysNum
and sbgp-ipAddrBlock? If it has been deprecated then providing the
alternative would be greatly appreciated.
A sample openssl.cnf is provided below. When I perform a request for req it
fails because
Hello,
Can anyone help me in discerning which version of openssl supports
sbgp-autonomousSysNum
and sbgp-ipAddrBlock? If it has been deprecated then providing the
alternative would be greatly appreciated.
A sample openssl.cnf is provided below. When I perform a request for req it
fails because
Hello,
Can anyone help me in discerning which version of openssl supports
sbgp-autonomousSysNum
and sbgp-ipAddrBlock? If it has been deprecated then providing the
alternative would be greatly appreciated.
A sample openssl.cnf is provided below. When I perform a request for req it
fails because