Hello Openssl users,
Need pointers on how to use ECDSA vs RSA certificates.
When our device acting as TLS server, we have support for both ECDSA and
RSA based certificates. At first, we need to feed a certificate for the TLS
server to accept the connections.
>From the code, having a feel that,
Hello Openssl users,
Having a query on when our device acitng as TLS Client, we observed that
both client certificate and client key exchange messages are going in a
single packet.
Is there any way to separate this? That means is there any option to avoid
multiple records in a single packet?
Hello Openssl team,
We are currently facing an issue with RC4-MD5 cipher suite after upgrading
from openssl0.9.8q to openssl1.0.1j.
We see that on few platforms, RC4-MD5 cipher negotiation is returning bad
mac record error after receiving Client Key Exchange message.
Currently we are using
. But not ECDSA ciphers.
Thanks,
Rajeswari.
On Fri, Apr 24, 2015 at 11:06 PM, Dr. Stephen Henson st...@openssl.org
wrote:
On Fri, Apr 24, 2015, Rajeswari K wrote:
Hello openssl-users,
I have an issue with update of ECDSA digests in our environment.
We have our own digest functions for init, update
Hello openssl-users,
I have an issue with update of ECDSA digests in our environment.
We have our own digest functions for init, update and final where we
registered with these functions for NID_sha1, NID_sha256, NID_sha384 and
NID_sha512. These digests were updated at openssl, via
Hello Openssl Users,
Currently we are facing a memory leak issue in the following scenario.
We are allocating dynamic memory to a appctx and we are setting this appctx
to the session using the function
SSL_SESSION_set_app_data().
My understanding is that, this appctx will be updated as part of
: openssl-users On Behalf Of Rajeswari K
Sent: Friday, February 13, 2015 23:50
Hello Dave,
Based on your input, have stopped calling i2d_ECDSA_SIG()
and used BN_bn2bin() to overcome the der headers.
And now, my verification is working fine.
ECDSA_verify in ecs_vrf.c only uses i2d to *check
handshake?
Thanks,
Rajeswari.
On Sat, Feb 14, 2015 at 10:20 AM, Rajeswari K raji.kotamr...@gmail.com
wrote:
Hello Dave,
Based on your input, have stopped calling i2d_ECDSA_SIG() and used
BN_bn2bin() to overcome the der headers.
And now, my verification is working fine.
Is there any function
, Feb 13, 2015 at 4:48 AM, Rajeswari K raji.kotamr...@gmail.com
wrote:
Hello Dave,
Am really thankful to you. I am unaware that i2d_EC_PUBKEY() or i2d_x
function will move the pointer to after the encoded data. Due to which am
seeing unexpected data.
Based on your reply, i tried to print
to get
this? Please share.
Thanks,
Rajeswari.
On Sat, Feb 14, 2015 at 1:24 AM, Dave Thompson dthomp...@prinpay.com
wrote:
From: openssl-users On Behalf Of Rajeswari K
Sent: Friday, February 13, 2015 09:48
snip
As part of [ECDSA] signature verification, we first take
lenght_of_signature
is exactly same as what i inputted through
d2i_PUBKEY().
This resolves my current issue. Once again, thanks alot.
Rajeswari.
On Fri, Feb 13, 2015 at 2:36 AM, Dave Thompson dthomp...@prinpay.com
wrote:
From: openssl-users On Behalf Of Rajeswari K
Sent: Thursday, February 12, 2015 00:40
I have
Hello Openssl users,
I have a query on d2i_PUBKEY() and i2d_PUBKEY().
i have a EC public key in form of character buffer.
Have inputted this character buffer to d2i_PUBKEY() and got EVP_PKEY format
EC key.
Now i tried to input this EVP_PKEY to i2d_PUBKEY() to compare will i get
exactly same
Hello Openssl users,
Am facing following issue while am loading ECDSA private key using
EVP_PKCS82PKEY().
I hope am missing some initialization in this regard. Can you please point
me what am i doing wrong.
Steps followed :
Have generated CSR and signed using openssl commans.
Following are the
issue with these parameters?
Thanks,
Rajeswari.
On Tue, Feb 3, 2015 at 8:28 AM, Dave Thompson dthomp...@prinpay.com wrote:
From: openssl-users On Behalf Of Rajeswari K
Sent: Sunday, February 01, 2015 21:18
Am facing an issue of no shared cipher error during SSL Handshake,
when tried
Hello Openssl users,
Am facing an issue of no shared cipher error during SSL Handshake, when
tried to negotiate ECDHE cipher suite.
We are using openssl-1.0.1j version. Can you please share your thoughts?
Following are the logs during SSL Handshake.
Server has 2 from 0xE29690E0:
Hello Openssl users,
I have a basic query that
Lets say my SSL client is capable of versions SSL3.0 and SSL3.1.
And my SSL server is capable of versions TLS1.0, TLS1.1 and TLS1.2
Now SSL client has sent a client hello with version SSL3.0. Since, SSL
server doesn't have this version present, it
information will
be cleared? When we do SSL_CTX_free() does this get free'd? Or
Where actually this session information will be saved.
Can some provide some light on this information. Any URL where this
information is stored is fine.
Thanks,
Rajeswari.
On Tue, Aug 26, 2014 at 2:08 PM, Rajeswari K
Hello Openssl team,
I have a query on the memory hold with openssl handshake.
When performed openssl handshake, we are always observing memory hold
increase. This hold eventually increases and at last we end up with device
having no memory at all.
Following is the memory hold tracebacks.
First
Hello Team,
In our application we open non blocking socket for read and write
operation and pass the fd to openssl through BOI API's like this
bio = BIO_new(BIO_s_socket());
BIO_set_fd(bio, socket_fd, BIO_NOCLOSE);
And
we update this bio to SSL using SSL_set_bio() function.
My query is do we
Hello Openssl-dev team,
Currently am checking whether Renegotiation is enabled in openssl 0.9.8q
version. If enabled, would like to disable this.
As per release note, i see
*Changes between 0.9.8k and 0.9.8l [5 Nov 2009]*
*) Disable renegotiation completely - this fixes a severe security
Hello Openssl dev team,
Currently we are using openssl 0.9.8q version. Earlier we have used openssl
0.9.8k.
We have seen change in the return value handling of ssl_verify_cert_chain()
at function ssl3_get_client_certificate().
At openssl 0.9.8k, ssl_verify_cert_chain() is handled like this
Sorry team. Change observed between openssl 0.9.8g to openssl0.9.8k
Can you please tell us the intent of this change and how we can get out of
this problem.
Regards,
Rajeswari
On Thu, Sep 26, 2013 at 3:18 PM, Rajeswari K raji.kotamr...@gmail.comwrote:
Hello Openssl dev team,
Currently we
Hello Openssl Team,
I would like to understand how Renegotation DOS impacts our current TLS
session and its issues.
How we can avoid Renegotation initialized by client during the TLS/SSL
session at openssl0.9.8q version.
Please provide documents if any describes about Renegotiation DOS.
And
Hello Openssl dev team,
Currently we are using openssl 0.9.8q version. Earlier we have used openssl
0.9.8k.
We have seen change in the return value handling of ssl_verify_cert_chain()
at function ssl3_get_client_certificate().
At openssl 0.9.8k, ssl_verify_cert_chain() is handled like this
Hello Openssl team,
Does any of you faced an issue while freeing the SSL_CTX?
Following is the backtrace found. But we are not yet sure which address is
being passed to SSL_CTX_free(). We are trying to get the crashinfo file and
trying to debug.
Meanwhile, if any of you faced similar issue
Hello Users/dev Team,
Need some urgent help to program openssl for smart card/HSM.
Our smart card never shares private keys. All crypto operations such as
encryption,decryption will be performed by smart card. And any such actions
from openssl needs to be redirected to smart card. Only certicate
Hello openssl-users,
We have two different keypairs such as signature keypair and encryption
keypair on our device. Hence, two different certificates (signature and
encryption) were issued by CA server.
Query :
To perform openssl handshake, which key do we need to read?
Is it Encryption private
Hello Team,
Does Openssl has definition for SHA1_Init() , SHA1_Update() etc functions?
If present, which file i can refer? I see only declarations for SHA1xxx
functions. But no definition. Can you please direct?
And also i would like to know one more thing that, is there any
implementation
28 matches
Mail list logo
