The doc/man5/config.pod file says to use
1.OU = “My first OU”
2.OU = “My second OU”
But doc/man5/x509v3_config.pod says to append the numeric, as in
email.1 = steve@here
email.2 = steve@there
I believe the second form is correct.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL version 1.1.1e released
===
OpenSSL - The Open Source toolkit for SSL/TLS
https://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 1.1.1e of our open
The TLS RFC describes the “bytes on the wire” – the syntax for how client and
server communicate, and the semantics of those exchanges.
Is it a specification or standard? Yup both.
Is OpenSSL implementation of the spec? Yup.
What language used in the spec? It’s described in the RFC; see
> Please suggest me books or tutorials to understand OpenSSL and TLS
> cryptographic protocol in detail. I look forward to hearing from you. Thanks
> in advance.
Start with the RFC’s, then look for crypto basics – there are free books online.
* I am reading this article
Perhaps someone should writeup and submit a "NOTES.zos" file to add?
On 2020-03-03 08:19, Viktor Dukhovni wrote:
On Mon, Mar 02, 2020 at 01:48:20PM +0530, shiva kumar wrote:
when I tried to verify the the self signed certificate in OpenSSL 1.0.2 it
is giving error 18 and gives OK as o/p, when I tried the same with OpenSSL
1.1.1 there is slight change
On 2020-03-03 07:46, Phani 2004 wrote:
Hi Team,
I am trying to implement mac-then-encrypt for aes_cbc_hmac_sha1
combined cipher. From the code i could understand that the first 16
bytes were being used as explicit IV while decrypting and the hmac is
done for 13 bye AAD and 16 byte Fin record
On 2020-02-28 03:37, Salz, Rich via openssl-users wrote:
*>*Per section Supported Groups in RFC 8446 [1], FFDHE groups could be
supported.
I was wrong, sorry for the distraction.
As others have pointed out, it will be in the next (3.0) release.
Note that the group identifi
>Per section Supported Groups in RFC 8446 [1], FFDHE groups could be supported.
I was wrong, sorry for the distraction.
As others have pointed out, it will be in the next (3.0) release.
None of those choices address what happens in the 1.0.2 module goes to historic
on Sept 1. See
https://csrc.nist.gov/projects/cryptographic-module-validation-program/validated-modules
for details.
* That's fair. So the only option is to use another module? Extended 1.0.2
support does not resolve this either, correct?
I do not think that is the only option. For example, you might be able to use
3.0 and say it’s “in evaluation.” There might be other options, that was all I
could
* The OpenSSL FIPS Object Module will be moved to the CMVP historical list
as of 9/1/2020. Since there is no OpenSSL 3.0 until Q4 2020, and a FIPS Module
will be after that sometime, where does this leave 1.0.2 users who need a FIPS
validated object module past that date?
Without
>It would probably be a good idea for us to pull together a "Getting
Started" guide on the Wiki with some basic information on how to get
things going, with some links to the various man pages etc where more
detailed information is required.
This needs to be real user
* Run the command: openssl s_client -tls1_3 -groups ffdhe2048 host:port
TLS 1.3 doesn’t have those groups.
> That's 5 weeks from now, I'd thought the basic structure might be present
> now.
It is. You probably have to look at the tests to see how to use things.
The 3.0 release is a work in progress and is not done yet.
FIPS 3.0 === OpenSSL 3.0, using a FIPS-validated crypto provider which will be
part of OpenSSL 3.0.
The architecture documents are at https://www.openssl.org/docs
On 2/26/20, 2:40 PM, "Sam Roberts" wrote:
On Wed, Fe
>I'd like to give this a spin, to get an idea what's going to be
involved in porting from FIPS2.0 to 3.0, any pointers on where to
start?
Per the blog post, "most applications should just need to be recompiled." :)
Get the source via instructions here:
Are you running as root? If not, that's likely to be the problem.
Hi,
Which is the minimum footprint needed to use OpenSSL TLS 1.3 library in an
embedded context?
Which embedded OS are supported? i.e. FreeRTOS, VxWorks, Micirium uC-OS
Thanks
Michele
[cid:image001.png@01D1DDF5.DD36FEF0]
Michele Innocenti
Sr Principal Engineer, SW Eng
Baxter Healthcare
I believe you just load your ECDSA cert and the other stuff – Dhparams!! – is
not needed.
The first thing I would suggest is to separate ECDH, the session key exchange,
from ECDSA, the signature. Try to make ECDH with RSA work. Then just load
your ECDSA cert; you can load one cert of each type (RSA DSA) and the runtime
will figure out what to do, depending on what the client
Batiment E, 2nd Floor, Desk A4-7
1015 Ecublens, Vaud
Switzerland
-Original Message-
From: Matt Caswell
Sent: Tuesday, February 11, 2020 4:14 PM
To: Valerio Di Gregorio (vadigreg) ;
openssl-users@openssl.org
Subject: Re: Issues with ASYNC_pause_job() wake up
On 11/02/2020 14:49, Valerio
and returning with no error, so I must assume I'm into an async job.
Should I call ASYNC_start_job() right after the write() to wake-up and read()?
Val
-Original Message-
From: Matt Caswell
Sent: Tuesday, February 11, 2020 3:36 PM
To: Valerio Di Gregorio (vadigreg) ;
openssl-users
to write() on the write file descriptor of the pipe
and that was enough to un-pause, without any need of calling ASYNC_start_job()
explicitily.
What's the right usage of this async APIs in my case?
Many thanks for helping!
Val
-Original Message-
From: openssl-users On Behalf Of Matt
Hello,
This is my first post here. I need help with ASYNC_pause_job(). I'm writing an
async engine to delegate certificate validation to a different process.
Validation happens asynchronously through IPCs. To explain what I'm doing I'll
use some "pseudo" code:
// this happens in process #1
ctx
I think the mismatch is that CSR extensions are not carried over; they have to
be added at signing time.
See https://github.com/openssl/openssl/issues/10458
A month ago Tim said[2] that PR 8797[1] requires on OMC decision on “whether or
not QUIC in this manner of approach should be added into OpenSSL at this time.”
To save you a click, this PR adds API’s to OpenSSL so that Google’s open source
QUIC implementation can be built on top of OpenSSL
other errors, where it points to
"x509.h and x509_vfy.h". Following are a few of the errors, I am seeing:
Error 209 error C2143: syntax error : missing ';' before '{'
x\thirdparty\openssl\include\openssl\opensslconf.h 16 1 mycrypto
Error 210 error C2447: '{' : missing function header (o
Hi All,
We have recently upgraded openssl from 1.0.1h to 1.1.1d. We have
compiled OpenSSL using "no-asm no-shared no-deprecated" as input to
configure.
When compiling our application (in Visual Studio 2013) by including these
headers and libraries, we are seeing many er
, this doesn’t your real question:
* According to FIPS 140-2 IG document, CSP defined in approved mode of
operation shall not be accessed or shared with non-approved mode of
operation.If allowed, will it not break the fips rules?
The OpenSSL FIPS-validated provider will only operate in FIPS mode
TLS/TLS will take your data and wrap it inside it’s own record structure. It
has to, that’s the nature of the protocol. Thinking that a single writev() is
“encrypt buffers and then do analogous syscall” is wrong.
Thanks everyone for the replies and the community support. I don't think I got
across what I am trying to do. I have experimented with subcommands req and
x509. The openssl x509 -in -x509toreq -signkey does *NOT*
do what I want (I'm pretty sure).
openssl x509 -x509toreq may sign a certificate
n 30 Jan 2020, at 21:38, Douglas Morris via openssl-users
wrote:
I am trying to implement automated domain certificate renewal. A certificate
signing request is sent to an ACME server and on success a certificate is
returned. I'd like to be able to call OpenSSL to make a new key and then mak
I am trying to implement automated domain certificate renewal. A certificate
signing request is sent to an ACME server and on success a certificate is
returned. I'd like to be able to call OpenSSL to make a new key and then make a
new certificate signing request just like the old one except
Victor,
Thanks for that walk-through explanation. I probably get it even. I should have
followed the reference for the definition of eol in Section 3 of RFC 7468. It
was only one more human stack call. I appreciate the clarification on the valid
text encoding of explanatory text and of the
The next release of OpenSSL splits the “help” for commands into sections, like
this:
; ./apps/openssl rehash --help
Usage: rehash [options] [directory...]
General options:
-helpDisplay this summary
-h Display this summary
-compat Create both new- and old-style hash links
Hi,
Tried the example on:
https://wiki.openssl.org/index.php/EVP_Symmetric_Encryption_and_Decryption
On the Linux platform, when I set plaintext to "jason", it works fine.
When I set it to "Jason", it returns an empty string.
It works fine on windows platform for both cases.
Thanks for your
I expect from RFC 8555 that an ACME server issues a full chain certificate as a
reply body in the PEM format. The media type is
'application/pem-certificate-chain'. I can only guess from RFC 1421, sec. 4.3.1
that the byte encoding of the certificate necessarily uses line
breaks. I get
Viktor,
Thanks for meticulously answering my questions. I know the file name encoding
is not necessarily the file content encoding. If a Python program were on a
Windows computer, it might show a file name encoding of UTC-16, which would
make UTC-16 a good guess for what openssl -text would
is not an explicit default for
text files). I wonder if OpenSSL (and generally other software) automatically
uses the filesystem name encoding by default for all text output. I don't see
anything about text encoding on the "Compilation and Installation" wiki page. I
have OpenSSL from a Debian
>Once we get that error, every time we try to serve a request in Apache using
>that pid, it errors out. So, it seems like something randomly corrupts that
>PID. Can someone provide some information about FIPS_CHECK_EC: pairwise test
>failed.
Once FIPS detects an error, it will stay stuck in
Sorry for the very late response...
On Sun, Nov 24, 2019 at 12:05:34PM +0100, Claus Assmann wrote:
> Seems it is impossible to override the list with NULL for SSL, as
> the code will then use the list from CTX (if my limited understanding
> of the code is correct):
>
> STACK_OF(X509_NAME)
* I want to us ECDSA for my Web server's SSL certificate via an ACME client
to Let's Encrypt and maybe later BuyPass.
That’s fine.
* I thought that EC is better than RSA, but now I don't think so. The
answer seems to be: it depends.
There are trade-offs. The biggest one is that EC
suppose RSA-8196 is sorta overkill maybe. I suspect quantum
computers would make it not overkill, but then mobile devises might not like it
for the overhead.)
My local version of openssl is:OpenSSL 1.1.1d 10 Sep 2019
When I openssl ecparam -list_curves I do NOT get X25519.
However, I was apple
Thanks, Nicola. You know your stuff and write well. Reading your answer was
actually pleasant.
Douglas Morris
Hello,
Not a genius with openssl or encryption at all. Thanks for reading.
Background:
* Generate a private key (really key set) with named curve:openssl genpkey
-algorithm EC -pkeyopt ec_paramgen_curve:prime256v1 -pkeyopt
ec_param_enc:named_curve -outform PEM -out account-privkey-prime256v1
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL version 1.0.2u released
===
OpenSSL - The Open Source toolkit for SSL/TLS
https://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 1.0.2u of our open
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
OpenSSL Security Advisory [6 December 2019]
===
rsaz_512_sqr overflow bug on x86_64 (CVE-2019-1551)
===
Severity: Low
There is an overflow bug in the x64_64
r the libssl library behavior.
> openssl-1.0.2t
> $ ./config enable-tlsext && make
> $ echo -n "" | ./apps/openssl s_client -connect blog.imirhil.fr:443 | ./apps/
> openssl x509 -noout -subject
> subject= /CN=localhost # No SNI by default, default vhost, bad certifi
Unless buffer is a char* instead of a char[] in which case its completely
wrong. A very common case among buggy C code.
On Wed, Nov 27, 2019 at 7:09 AM Phillip Susi wrote:
>
> Michael Wojcik writes:
>
> > Some C experts have argued that the length-checking versions of the
> library
Dear Users,
I have released version 5.56 of stunnel.
### Version 5.56, 2019.11.22, urgency: HIGH
* New features
- Various text files converted to Markdown format.
* Bugfixes
- Support for realpath(3) implementations incompatible
with POSIX.1-2008, such as 4.4BSD or Solaris.
- Support
embers who use non-openssl.org addresses
my %omc_email = (
'paul.d...@oracle.com' => 1,
'k...@roeckx.be' => 1,
'b...@links.org' => 1,
'openssl-us...@dukhovni.org' => 1,
);
my %committers = (
'matthias.st.pie...@ncp-e.com' => 1,
'beld...@gmail.com' => 1,
I am a novice...so any help please
Below is the stack trace on the outbound file but I cannot make any setting
change workthoughts on what could be blocked me from transferring the file?
log attached.
thank you!Krista
FTP was not successful com.tms.common.lib.FTPClient.FTPException:
Thanks Rich,
On Wed, Nov 13, 2019 at 12:34 PM Salz, Rich wrote:
> *>*For using 1.1.0, we only need to call RAND_bytes() ?
>
>
>
> Yes. But do check the return value of RAND_bytes.
>
>For using 1.1.0, we only need to call RAND_bytes() ?
Yes. But do check the return value of RAND_bytes.
Thanks Rich and Tomas,
Here is the code for creating the key (openssl-0.9.8h)
int AESCipher::createKey(unsigned char *buf, int keySize) {
char seed[256];
::sprintf(seed, "%ldXXX_XXX_H__x__xxx_x_xxx__INCLUDED_",
MiscUtils::generateId());
RAND_seed(seed, ::s
>RAND_seed(seed, ::strlen(seed));
>RAND_bytes(buf, keySize / 8);
I don’t know where you are getting the seed, but it is typically binary data,
not a C string.
If you are using 1.1.0 or later, you do not need to seed things.
On 13/11/2019 15:23, Michael Wojcik wrote:
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
Aijaz Baig
Sent: Wednesday, November 13, 2019 01:45
I am trying to statically link libssl.a and libcrypto.a into a static library
of my own
which I will be using
019-11-04 at 17:34 -0500, Jason Qian via openssl-users wrote:
>> > Hi
>> >
>> >We have an application that does the Diffie Hellman key exchange
>> > (OpenSSL/1.1.0f).
>> >It works fine, but under heavy loaded conditions, sometimes an
>> >
On Tue, Nov 12, 2019 at 03:08:19PM -0700, Phil Neumiller wrote:
> I find the comment below about TLS 1.3 troubling.
[...]
> */*
> * TODO(TLS1.3): These APIs cannot set TLSv1.3 sig algs so we just test
> it
> * for TLSv1.2 for now until we add a new API.
> */*
>
On Tue, Nov 12, 2019 at 01:13:49PM -0700, Phil Neumiller wrote:
> Thanks for all the useful device. I was able to get the server to accept
> this client hello message.
If you're willing/able to share, it can be useful for us to know what products
are buggy in that they don't implement extensions
Thanks Tomas,
I will try that.
On Tue, Nov 12, 2019 at 3:14 AM Tomas Mraz wrote:
> On Mon, 2019-11-04 at 17:34 -0500, Jason Qian via openssl-users wrote:
> > Hi
> >
> >We have an application that does the Diffie Hellman key exchange
> > (OpenSSL/1.1.0f).
>
On Mon, Nov 11, 2019 at 12:32:22PM -0700, Phil Neumiller wrote:
> I am speaking TLS 1.3 with openssl to a hardware device that I can't change.
> I need the client hello header to only support certain extensions, yet I
> see no way in the SSL API to remove the default extensions in th
Is there anyone on this group with experience with ebcdic platforms,
specifically zOS? I have built 1.1.1d on zOS and connections to my
server work for firefox 60 but not newer versions. I don't know exactly
where the cut off is or what they changed but current versions get an
HMAC error. I
The question about -rand option is valid, but Viktor’s post is right and the
rest of my post is wrong :(
From: openssl-users
Reply-To: Rich Salz
Date: Monday, November 11, 2019 at 8:10 AM
To: shiva kumar , openssl-users
Subject: Re: dsaparam error OpenSSL 1.1.1d
* openssl dsaparam 128
* openssl dsaparam 128 -rand file
Why are you using the -rand option? Unless this is a special platform, don’t
do that.
* is taking long time processing the command and not producing any output.
What is your hardware and software?
Can you run it under a debugger, and interrupt
should be of no concern to the source code
right? Or so I think.
2. when I downloaded and compiled the openssl library (from source), I
followed the INSTALL read me. All it resulted was libssl.a and
libcrypto.a. I didn't find any file name libSSL.so. So how will this
static library (archive
Hi
We have an application that does the Diffie Hellman key exchange
(OpenSSL/1.1.0f).
It works fine, but under heavy loaded conditions, sometimes an invalide
secret been generated and other side couldn't decrypt the data (the secret
seems offset by one).
The client side is c
If you are changing openssl, why not just change the init function to load your
engine and abort/exit/fail if it doesn’t load?
Why not just change things so that if your module fails to load, the library
exits?
Don't change the RAND code, change the INIT code.
On 30/10/2019 04:04, ratheesh kannoth wrote:
Hi,
1. what are these h0h4 ?
2. How are they generated ?
3. Could you help to locate code in openssl ?
typedef struct SHAstate_st {
SHA_LONG h0, h1, h2, h3, h4;
SHA_LONG Nl, Nh;
SHA_LONG data[SHA_LBLOCK];
unsigned int num
Is looking at the IssuerDN good enough?
>Is there a way for me to piggyback a void* inside the SSL structure so
that I can access it from within the callback?
Yes, you can use SSL_set_app_data and SSL_get_app_data which are documented in
https://github.com/openssl/openssl/pull/10216 (and due to be merged to master
soon)
* I can’t find documentation on how to tell TLS where to look.
Not sure about 1.0.2, but “openssl version -a” should show you the CERT
directory.
BTW, that’s an old release, you should upgrade if possible.
There's some (additional?) discussion on this topic in
https://github.com/openssl/openssl/pull/10018 . A couple comments inline,
though...
On Tue, Oct 22, 2019 at 02:30:37PM +0200, Yann Ylavic wrote:
> Hi,
>
> in master (and 1.1.1), SSL_get_servername() returns either
>
* Lastly, is there any chance of extending the EOL date of OpenSSL 1.0.2
till the new FIPS module/OpenSSL 3.0 becomes available?
This question gets asked a great deal. Why?
The OpenSSL project has not done any 1.0.2-FIPS work for years. This means that
if there are any CVE-level bugs
>; git status
>On branch master
>Your branch is up-to-date with 'origin/master'.
>Untracked files:
> (use "git add ..." to include in what will be committed)
>
>include/openssl/opensslv.h
>
>nothing added
Hi everyone,
On Windows, we require both /MD and /MT builds of OpenSSL, with Control Flow
Guard enabled. To do so, we tried using these steps in cmd.exe recently when
compiling 1.1.1d for /MT (64-bit shown; we also build 32-bit):
$ perl Configure VC-WIN64A no-asm --prefix=
$ ms\do_ms
$ perl
does still support P-521 but Chrome does not.
Also be aware that if you set server side cipher selection and use
default curves, that OpenSSL orders the curves weakest to strongest (
even with @STRENGTH) so you will end up forcing P-256.
On Tue, 2019-10-15 at 17:24 +0200, Jakob Bohm via openssl
On 15/10/2019 15:43, Stephan Seitz wrote:
Hi!
I was looking at the output of „openssl ecparam -list_curves” and
trying to choose a curve for the web server together with letsencrypt.
It seems, letsencrypt supports prime256v1, secp256r1, and secp384r1.
Then I found the site https
There is nothing known to be wrong with NIST P256. If you don't have a known
reason to use 384, then don't use it.
Emilia's work removed the need to add -DPURIFY; you never need to add it.
Note that the BN code is clever, it doesn't bother to zero everything when it
knows which bits within a word it is using.
Hello,
I had a question regarding the ECC CDH (KAS) algorithm listed on Page 15 of
https://www.openssl.org/docs/fips/SecurityPolicy-2.0.15.pdf
Which mode is used for the Key Agreement Scheme?
Full Unified
Full MVQ
Ephemeral Unified
One Pass Unified
One Pass MVQ
One Pass DH
Static Unified
And
Package: openssh
> > Debian Bug : 941663
>
> > A change introduced in openssl 1.1.1d (which got released as DSA 4539-1)
> > requires sandboxing features which are not available in Linux kernels
> > before 3.19, resulting in OpenSSH rejecting connec
On 03/10/2019 14:32, russellb...@gmail.com wrote:
fetchmail fails when openssl reports an error 114 (I think)
stat("/etc/ssl/certs/4a6481c9.0", {st_mode=S_IFREG|0644, st_size=1354, ...}) = 0
openat(AT_FDCWD, "/etc/ssl/certs/4a6481c9.0", O_RDONLY) = 4
fstat(4, {
Several people have told you the following:
That is an *internal* openssl header file; do not use it.
Remove the include statement from your code. Your code is wrong.
That file is a C file, not compatible with C++
Why do you not listen?
>Greetings. I was checking for the support for Trusted
> Execution Environment (TEE) in OpenSSL.
I’m curious – what do you think would be required?
I am using the openssl 3.0.0 library in an embedded environment and added a
unit test for RSA based on test/rsa_mp_test.c:test_rsa_mp().
When the test is run, I see:
1. crypto/rsa/rsa_pk1.c:RSA_padding_check_PKCS1_type_2() calls RSAerr()
just before returning at the bottom of the function
On 18/09/2019 20:58, Salz, Rich via openssl-users wrote:
Please take a look at
https://lore.kernel.org/lkml/CAHk-=wiGg-G8JFJ=r7qf0b+utqa_weouk6v+mcmfsljlrq6...@mail.gmail.com/
and consider giving your comments.
TL;DR: see the comment below.
+ * Hacky workaround for the fact that some
Please take a look at
https://lore.kernel.org/lkml/CAHk-=wiGg-G8JFJ=r7qf0b+utqa_weouk6v+mcmfsljlrq6...@mail.gmail.com/
and consider giving your comments.
TL;DR: see the comment below.
+ * Hacky workaround for the fact that some processes
+ * ask for truly secure random numbers and absolutely
* However if I try ECDHE, it works fine. Is DHE only cipher suites less
common now ?
* I believe its responsibility of server to generate DHparam of large
enough size.
Yes, DHE has dropped because it is hard to get right, and it takes more CPU
cycles than ECDHE.
On 14/09/2019 3:26 pm, Hal Murray wrote:
>
>> Would someone let me know how to add this path permanently, as currently i
>> need to re-add on restart ?
>
> man ld, search for rpath
>
>
Re-built with:
./config -Wl,-rpath,/os/openssl-1.1.1d
Worked a treat.
On restart on my host with version 1.1.1d , I have this problem:
I hope you are not replacing your system OpenSSL with one you built. Don't do
that.
Hi,
On restart on my host with version 1.1.1d , I have this problem:
>
HOST:/ # openssl version
openssl: /usr/lib/arm-linux-gnueabihf/libssl.so.1.1: version
`OPENSSL_1_1_1' not found (required by openssl)
openssl: /usr/lib/arm-linux-gnueabihf/libcrypto.so.1.1: version
`OPENSSL_1_1_1' not fo
* I'd still like to know if it's possible to enable to both. If it's not,
though, then which one is best to enable? MD2 or
RC5? Thanks in advantage for the reply and sorry for the new email thread.
They do different things; MD2 is a digest (“hash”) function, and RC5 is a block
>I used CX509CertificateRequestCertificate class to create CSR with only
public key.
Those functions/classes/names/whatever are not part of OpenSSL.
The OpenSSL "req" command cannot process as CSR unless it is signed by the
private key. If you have a requirement
n.
>
> Regards
> Francesco Petruzzi
>
> Da: openssl-users [mailto:openssl-users-boun...@openssl.org
> <mailto:openssl-users-boun...@openssl.org>] Per conto di Paul Yang via
> openssl-users
> Inviato: giovedì 12 settembre 2019 09:51
> A: Bharathi Prasad
> Cc
When I try to read
> the contents the of CSR in openssl (i used this command: openssl req -in
> client.csr -noout -text) i get "unable to load X509 request".
>
> Is this happening because the CSR does not contain the signature of private
> key or the CSR is faulty.
>
> Ki
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
OpenSSL version 1.1.1d released
===
OpenSSL - The Open Source toolkit for SSL/TLS
https://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 1.1.1d of our open
501 - 600 of 1657 matches
Mail list logo