> I am extremely for making such a basic stupid mistake.
I am extremely sorry.
On Wed, 17 Nov 2021 at 21:19, M K Saravanan wrote:
>
> Thanks Matt.
>
> I am extremely for making such a basic stupid mistake.
>
> On Wed, 17 Nov 2021 at 18:33, Matt Caswell wrote:
> >
&
Thanks Matt.
I am extremely for making such a basic stupid mistake.
On Wed, 17 Nov 2021 at 18:33, Matt Caswell wrote:
>
>
>
> On 17/11/2021 08:25, M K Saravanan wrote:
> > Hi,
> >
> > Do I need to do any config to enable DHE based ciphers in openssl for
> > c
Hi,
Do I need to do any config to enable DHE based ciphers in openssl for
command line usage?
$ openssl s_client -cipher 'DHE_RSA_WITH_AES_128_GCM_SHA256' -connect
10.10.16.100:443
Error with command: "-cipher DHE_RSA_WITH_AES_128_GCM_SHA256"
139775998456896:error:140E6118:SSL
ng A and B
> sequentially).
>
> I believe OpenSSL uses stitched implementations in TLS for AES-CBC +
> HMAC-SHA1/2, if they exist for the platform.
>
> Also note that "AEAD ciphersuites are not impacted", i.e. AES-GCM and
> ChaPoly are not impacted.
>
> Cheers,
Hi,
In the context of https://www.openssl.org/news/secadv/20190226.txt
==
In order for this to be exploitable "non-stitched" ciphersuites must be in use.
==
what is "non-stitched" ciphersuites means?
with regards,
Saravanan
Hi Matt,
On Tue, 15 Jan 2019 at 20:02, Matt Caswell wrote:
> This is perhaps best explained by this comment in the client side code for
> processing a new ticket from the server:
>
> /*
> * There are two ways to detect a resumed ticket session. One is to set
> * an appropriate
Hi,
When I use openssl s_client to connect to a server which uses session
ticket to resume a session (session ID is turned off), openssl is
still printing a session ID where none is sent by the server (packet
capture shows session ID length = zero in the Server Hello).
==
New, TLSv1.2,
Hi,
I read the recent research paper:
The 9 Lives of Bleichenbacher's CAT: New Cache ATtacks on TLS Implementations
by
Eyal Ronen, Robert Gillham, Daniel Genkin, Adi Shamir, David Wong, and
Yuval Yarom
Nov 30, 2018
Research Paper: https://eprint.iacr.org/2018/1173.pdf
As per this paper,
Hi,
When I create static DH key pair using openssl, why the public key and
prime contains the prefix 0x00 byte?
For e.g. in 1024 bit key, 128 bytes is enough.
private key properly shows 128 bytes. But public key and prime shows
129 bytes with a 0x00 byte at the beginning. What is the need for
Hi,
When using openssl with X25519, why it shows the server temp key as 253 bits?
Example:
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA
Server Temp Key: X25519, 253 bits
---
I thought Curve25519 is using 256 bit keys.
Why 253 instead of 256?
On 20 December 2017 at 14:21, haris iqbal wrote:
> Wanted to know this, since my custom application uses an older version
> of OpenSSL, and I wanted to be sure that it is not affected.
Not answering your original question. But you can test it using one
of the following
Hi,
> Upon checking the wireshark capture, I found the OCSP response does not send
> signer cert, but only the responderID (byKey).
>
> In such scenario, where do I find the OCSP response signer cert?
Clarifying my own question.
https://tools.ietf.org/html/rfc6960#section-4.2.2.3 says:
Hi,
If the OCSP responder does not send the response signer certificate in the
OCSP response, then how can we find the signer certificate?
I was doing a simple test to verify google certificate via OCSP like this:
$ openssl ocsp -issuer ./www.google.com.sg-issuer.cer -CAfile ./ca.cer
-cert
13 matches
Mail list logo