On 27.02.2017 13:03, Akshar Kanak wrote:
Dear Team
In https://en.wikipedia.org/wiki/POODLE , It is mentioned that
POODLE attack is possible aganist *TLS *also . has this issue been
alredy addressed in openssl .
Thanks and regards
Akshar
As the corresponding section in the Wikipedia
On 18.05.2016 19:51, Salz, Rich wrote:
Is there something I'm missing?
Nope.
From the description of SSL_CTX_load_verify_locations i would have
expected that certificates loaded via the CApath mechanism are loaded
anew for every verification process. If this is not the case an
appropriate
On 05.11.2014 17:00, Viktor Dukhovni wrote:
On Wed, Nov 05, 2014 at 12:18:05PM +, Philip Bellino wrote:
Jeffrey,
May I ask why you included no-ssl2 as an option to config?
Is only adding no-ssl3 not sufficient enough to fully disable SSLv3?
No. If you leave SSLv2 enabled, and disable
On 06.11.2014 10:02, Rajeswari K wrote:
Hello Openssl users,
I have a basic query that
Lets say my SSL client is capable of versions SSL3.0 and SSL3.1.
And my SSL server is capable of versions TLS1.0, TLS1.1 and TLS1.2
Now SSL client has sent a client hello with version SSL3.0. Since, SSL
On 06.11.2014 16:35, Viktor Dukhovni wrote:
On Thu, Nov 06, 2014 at 03:31:10PM +0100, Richard K?nning wrote:
Well, the ClientHello message only allows to advertise the highest protocol
version the client speaks, it is expected that the client speaks also all
lower versions.
The client uses
Am 25.10.2014 13:55, schrieb Jaya Nageswar:
2. In general, if we have SSLv23 protocol at both client and Server, How
does the protcol negotiation happens? I have been reading that the
client sends a client_hello message along with the other protocols
supported and the cipher suites. The Server
Am 24.10.2014 23:16, schrieb David Li:
On Fri, Oct 24, 2014 at 1:28 PM, Richard Könning
richard.koenn...@ts.fujitsu.com
mailto:richard.koenn...@ts.fujitsu.com wrote:
Am 24.10.2014 20:47, schrieb David Li:
On Fri, Oct 24, 2014 at 11:18 AM, Richard Könning
At 24.10.2014 19:03, David Li wrote:
I am still a little unclear by what exactly TLS_FALLBACK_SCSV option
would do.
What if the server only supports SSLv3 + TLSv1 and client only connects
with SSLv3? Without the patch, both would agree to SSLv3. So this is a
problem.
Where is the problem?
Am 08.07.2014 18:10, schrieb T. Travers:
I am new to this forum so please excuse me if I do not do this right.
I am working on a z/OS 1.13 system aka OS/390 aka MVS.
We have the need to parse X509 certificates. We were using an older
version, 0.9.6a, but found that it did not interpret new
Hello,
in the request tracker under item #843 there are patches for 0.9.7c
(created and tested on Fujitsu BS2000) and 0.9.7j (updated by Jeremy
Grieshop for z/OS).
Because i saw no actions to incorporate the patches into the official
sources in the last ten years i saved afterwards the work to
Am 03.10.2013 14:32, schrieb Puneet Khunteta:
Hello,
I have later found that the fail behavior may be due to the insufficient
memory available for the target device .
I have seen that -stream option is added in smime application in
openssl version 1.0.0 .
1.) Can i have the access to the
Am 23.09.2013 21:59, schrieb starlight.201...@binnacle.cx:
At 20:27 9/23/2013 +0200, Richard Könning wrote:
/dev/random is a PRNG which blocks when the (crude)
entropy estimation of the entropy pool falls below a
limit. Besides this there are afaik no big
differences between /dev/random
Am 24.09.2013 02:05, schrieb starlight.201...@binnacle.cx:
At 12:59 9/23/2013 -0700, Michael Sierchio wrote:
I'll repeat myself - the fact that the
/dev/random implementation you're using
blocks is a serious design flaw.
Convince Linus, the GPG developers et al.--not me.
No one has to
Am 22.09.2013 19:27, schrieb starlight.201...@binnacle.cx:
No /dev/urandom is a PRNG. /dev/random
is a TRNG. Read the code
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/drivers/char/random.c?id=272b98c6455f00884f0350f775c5342358ebb73f
/dev/random is a PRNG which
Am 11.03.2013 13:01, schrieb kap...@mizera.cz:
P.S: is this forum monitored by developers of openssl or should I report
it in devel forum?
At least Stephen Henson answers regularily in this mailing list (as you
can see by looking into a couple of threads), therefore i would stay in
this
Am 19.11.2012 15:45, schrieb John Zavgren:
So, what is a list of easy-to-follow code examples? Here are some
suggestions:
1.) read private key and a message from a file: encrypt message with
private key, write encrypted buffer to (another) file.
2.) read cert and private key, read file, compute
Am 03.11.2012 15:26, schrieb Frediano Ziglio:
Hi,
I'm searching for a way to pass a TLS session between two programs
under Unix. I can use unix sockets to send the file descriptor but I
don't know how to request to OpenSSL crypto information (like
algorithm used and key) in order to pass to
Hello,
the kEDH set of cipher suites provide so called perfect forward
secrecy, for a description of this term see e.g.
http://en.wikipedia.org/wiki/Perfect_forward_secrecy.
Ciao,
Richard
Am 26.04.2012 13:23, schrieb Jack Bauer:
We are currently experiencing some scaling problems on our
Am 19.04.2012 14:05, schrieb Daniel Doron:
Hi,
I have noticed the following command sequence generates Private Key
files with different _Header_. Is there a reason for this?? You will
A quick look into the source gave me no strong hint whether this is
intended, is a bug or is sloppiness not
Am 05.04.2012 13:35, schrieb Leonardo:
I’d like to add some question about this.
What kind of RNG is implemented? Linear Congruential generator?
No.
Is it another more sophisticated?
Yes. For more information see the rand man page.
Ciao,
Richard
Am 16.02.2012 12:17, schrieb Jakob Bohm:
2. Creating primes starts with high quality random numbers,
such that there are a gigantic number of possible primes.
If done correctly (like in current OpenSSL versions), the
chance of choosing the same prime as somebody else is
extremely low (again, I
Am 09.01.2012 13:10, schrieb Ashok C:
Hi,
In addition to the online material, are there any good books which we
can refer to understand openSSL better? Both conceptually as well as
from the API/code perspective.
We hear of the Network Security with OpenSSL by John Viega as one good
reference.
Am 27.10.2011 14:09, schrieb Matthias Meixner:
Hello!
When upgrading to version 0.9.8r my system stopped supporting session
resumption.
It looks like session tickets are the reason for this.
I was using some external session cache to support session resumption on a
cluster
of servers where
Am 12.10.2011 15:29, schrieb nilesh:
Hi,
I am writing some code for decryption of https data.
Currently I have planned to support SSLv3 with AES, 3DES and RC4
algorithms only.
Below are the cipher suites in SSLv3. I am looking for information on
which of these suites are commonly used.
SSLv3
Am 06.10.2011 23:28, schrieb Ritesh Rekhi:
Does openssl support TLS false start
http://tools.ietf.org/html/draft-bmoeller-tls-falsestart-00 ?
I cite the last section of this draft:
At the time of writing, the authors are not aware of any deployed TLS
implementation that is not False
25 matches
Mail list logo