If it's a simple matter of adding =0 in the declaration, we should just fix
the darn thing.
--
Senior Architect, Akamai Technologies
IM: richs...@jabber.at Twitter: RichSalz
___
openssl-users mailing list
To unsubscribe:
For the stragglers, I don't think its a stretch to ask C99 in 2015.
We agreed to support Netware; does it have C99? Anyone know?
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
If some one build their own openssl and add few lines to print the keys
during encrypt and decrypt and put in the library in the LD_LIBRARY_PATH, may
result in compromising the security of the keys.
Can anyone other than root do this? You have to trust root. They could just
cat your
This is important when creating root certs with expiry dates after 2038
Not an issue for openssl. As long as you use ASN1_TIME values, it's okay.
Might be an issue if converting to time_t on 32-bit platforms.
___
openssl-users mailing list
To
if ASN1_TINE_set_string() avoids that limitation, despite Victor's suggestion
to never use it.
It does avoid the limitation, using only |struct tm| to hold parsed fields, and
not building a |time_t| from it. Not sure why Viktor doesn't like it. It seems
to me it's the only portable thing to
I wanted to suggest that when notifying of new vulnerabilities, in addition
to the severity level, information is also provided about how widespread the
issue is expected to be.
I'd be concerned about doing that. While this one seemed pretty rare -- only
folks running a release less than
How deep does the certificate chain have to be?
It does not matter.
If I have 2 self-signed CA certificates, and a non-CA certificate is received
for verification, will this hit the problem?
Also, is it a condition of the bug that both CA certificates have to have the
same subject names and
Is it planned to tackle the warnings, for example by checking the involved
code lines and (carefully) replace them by explicit casting to achieve clean
compiles when using stricter warnings?
Yes.
Timetable TBD.
___
openssl-users mailing list
To
This issue affects OpenSSL versions 1.0.2c, 1.0.2b, 1.0.1n and 1.0.1o.
In other words, if you are not using those specific releases -- i.e., the ones
that came out less than 30 days ago -- you do not need to upgrade.
___
openssl-users mailing list
OpenSSL is a critical part of security in too many places for us to take on
any unnecessary technical debt.
This is a somewhat empty argument as long as no one bothers to properly
determine if a piece of code is a debt or an asset.
I claim that we are being careful and doing the proper
Because both methods confirm your prior decisions, you therefore conclude
that you were always right in the first place.
Provably wrong. I wanted to get rid of Netware support as the first example
that comes to mind. As the second, I want to move all uses of RC4 and MD5 to
LOW strength
1. Is there any good reason to remove this code?
Yes. If it's not tested, reviewed, or in general use, then it's more likely to
be harmful (source of bugs) than useful.
2. Is this the OpenSSL name for the private key format
used by older Microsoft Authenticate tools (and thus
That's an overly general criteria, and may be the source of your mysterious
marauding of the APIs.
Well there was no intent to be mysterious although I like the alliteration. We
did mention it in the roadmap (https://openssl.org/about/roadmap.html) .
Things are evaluated on a case-by-case
Is surprising a better word than sub-optimal?
If you and Dave didn't know about it (nor did I) then it's surprising. And
therefore probably not a good thing. Yes it can be useful. But the openssl
rehash program only read one PEM block per file. So we need to fix one of
those things.
I thought, as the doc has (always? long?) said, that CApath must have each
cert (or CRL) in a separate file. But on checking I see that by_dir.c
actually calls
X509_load_{cert,crl}_file from by_file.c, which for PEM loads all certs (or
crls)
in a file to the working context. Thus a
For some reason, the X509_NAME_hash function calculates a very different
hash for the server certificate:
Ah. Have you mixed openssl versions? At one point the hashing changed from
md5 to sha1. That would explain why specifying a directory works, but a
specific file doesn't.
the question: where does the serial number for this certificate come from?
is it random by default when nothing is said about it?
It will be random if (a) the serial file does not exist; and (b) you specify
the -create_serial flag. Otherwise it opens the file, reads the number
(defaulting
Unless I'm misreading the code an absent serial number file is an error.
I was looking at load_serial() in apps.c, with the |create| parameter.
/r$
___
openssl-users mailing list
To unsubscribe:
./testssl[149]: local: not found [No such file or directory]
./testssl[150]: local: not found [No such file or directory]
This is marked in RT 3907 and was fixed last week; it will be in the next
releases. Thanks.
___
openssl-users mailing
We are thinking about removing the old RSA_NET format for private keys. This
is used by very old Netscape and IIS.
This would remove the d2i/i2d RSA_NET API's, and the nss format flag from the
openssl program. It would not remove the SPKI stuff.
If this would cause a problem for you, please
The link you posted, and quoted from, says which versions are vulnerable and
which ones are fixed. You could run a diff between them to isolate the fix.
Or you could just upgrade.
___
openssl-users mailing list
To unsubscribe:
I am writing to introduce a new TLS library which presently makes use of
OpenSSL: libtlssep. Libtlssep has two aims: (1) to provide a simpler API to
application developers and (2) to encourage the decomposition of
applications into at least two processes, one of which isolates access to
Deprecated means discouraged, not disallowed.
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
I looked at how SSL_CTX_set_cipher_list and SSL_set_cipher_list operate,
but they don't use SSL_{CTX}_ctrl.
That API probably predates the ctrl. It's a trade-off; you lose type-safety
but have less to document :)
What is the suggested way to control the functionality through a flag?
$ tar zxf openssl-1.0.1n.tar.gz
tar: A lone zero block at 46120
Perhaps this?
http://askubuntu.com/questions/169223/tar-a-lone-zero-block-at-343398
___
openssl-users mailing list
To unsubscribe:
I wonder if this is an expected behavior change or it is a bug.
As Dave Thompson said, you haven't yet shown that there is a bug or change.
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
WARNING: can't open config file: /usr/local/ssl/openssl.cnf
Set OPENSSL_CONF in your environment.
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
We are thinking of removing support for EGD (entropy-gathering daemon) in the
next release. None of our supported platforms have needed it for some time.
If this will cause an issue for you, please reply soon.
--
Senior Architect, Akamai Technologies
IM: richs...@jabber.at Twitter: RichSalz
While HP NonStop is not officially supported, I have been helping to maintain
a fork for the platform since December and are current through 1.0.2a. We
do use prngd. I am looking for ways to get back on the official platform list,
looking for alternatives to prngd for that platform, and trying
Thanks for the info!
it should be noted that a networked variant of the EGD protocol has been
used by at least one hardware RNG vendor, though I am unsure if the builtin
EGD code in OpenSSL could ever talk directly to that variant anyway.
I don't think so, since all the code does is open a
I've tested with s_client between my PC and an AWS EC2 instance. I've also
tried using s_tunnel and nmap/ncat. The results appear the same. Using
wireshark I see a lot of TCP retransmissions.
That sounds like a network issue. Try testing using something like netcat and
see if you also get TCP
“It does” Does that mean you have the same behavior? If so, it is possible
that your simulator is, well, not great. But this doesn’t seem an openssl
issue. Not sure where to suggest you go for help.
___
openssl-users mailing list
To unsubscribe:
What Mr. Salz refers to by Verification should be okay is probably this:
Yes and Mr. Salz greatly appreciates Mr. Bohm's elaboration.
:)
Lest the humor be misunderstood: yes, you're right, thanks for explaining.
___
openssl-users mailing list
To
You can't easily have test vectors for DSA signatures since they include a
random. Any test vector would have to include the random, and any API would
have to be able to accept the random as part of the sign API. Verification
should be okay.
___
Is anyone using the counters maintained in COMP_CTX?
unsigned long compress_in;
unsigned long compress_out;
unsigned long expand_in;
unsigned long expand_out;
We're making that structure opaque in 1.1, and are wondering if we need an API
(two, probably) to make those numbers
After getting into building and especially configuring my own CA again I'm
nearly at the end and I've noticed some errors in the documentation I want
to report.
I like the again :)
3) On https://www.openssl.org/docs/apps/req.html the option -subj is listed
twice with a slightly different
You can private message me the patch and I can benchmark it for you.
Please let me know what release version or hash on git that it will cleanly
apply. Do you know what release this will be going in?
It is this commit 3e47caff4830d2a117eda15b57a5feab89b846ae on master. A quick
check shows
I will just grab master then. Will this change be in the next 1.0.2 release?
No. Released branches only get bug-fixes.
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
I would like to know whether OpenSSL supports TLS 1.3, if supported from
which version of OpenSSL the implementation started.
Since TLS 1.3 is not even done yet, no. If I had to guess, I'd say it won't be
done for at least six months.
/r$, IETF TLS WG member
SNAP releases are just that, snapshots.
If you see the same problem twice, say, it is worth reporting.
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Lock #1 is CRYPTO_LOCK_ERR, which I believe is used for logging errors. It
appears your application is generating a lot of errors for some reason. Never
tried it myself, but you probably can't disable this lock with multiple
threads running. You should take a look at the error log to
My webserver is getting flooded with queries like:
ocsp.omniroot.com 124.205.254.7 - - [30/Apr/2015:19:24:30 +0200] GET
/baltimoreroot/MEowSKADAgEAMEEwPzA9MAkGBSsOAwIaBQAEFMEvRXbt
FVnssF26ib%2BdgHjlI9QTBBTlnVkwgkdYzKz6CFQ2hns6tQRN8AIEByekag%3D
%3D
HTTP/1.1 301 184 - ocspd/1.0.3
Well, that
But once I showed my work to people in my company, one of them asked me why
did I choose not to add the client hostname to the Client Certificate, thus
making it usable only by that specific client.
You put to put the client name or ipaddr in the subjectAltName extension field.
Then you'd
If they have counterparts in TLS that could be used, why wouldn't
the TLS version show up instead ?
Because they are *the same* TLS did not take old ciphers and renumber or
rename them.
___
openssl-users mailing list
To unsubscribe:
A pair means two. An RSA keypair is two keys, the public key and the private
key. You cannot have one without the other, and you cannot generate them
separately. You can, of course, store and use them separately, and must do so.
--
Senior Architect, Akamai Technologies
IM: richs...@jabber.at
Unfortunately this didn't solve my problem, but at least I narrowed it down.
The leaks are caused by my call to SSL_CTX_load_verify_locations, which is
essentially X509_STORE_load_locations.
Doesn't freeing the SSL_CTX_free release that data? If not, please file an RT
ticket.
If you used BIO_NOCLOSE then you have to close the BIO.
Yes, after shutdown is done, call SSL_free()
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
So why does it work for me?
Well, who knows when the remote server wants to see SNI? It could be based on
url, ipaddress, etc.
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
It is weird that it worked for you. Anyway I found a way how to fix it (if I
can
call it a fix). The key is to provide a flag -servername
to enable SNI (Server Name Indication).
It's not wrong to call it a fix. The server you are talking to is configured
to require SNI, apparently.
This
I have need to identify a Microsoft generated certificate's template name, I
believe as part of oid 1.3.6.1.4.1.311.21.7
Where, in a cert OtherName field?
___
openssl-users mailing list
To unsubscribe:
This isn't paid support; two days isn't a long time to wait :)
Is this on process exit? If so, does it really matter?
You might look at the apps_startup and apps_shutdown functions in
apps/openssl.c on the master branch.
/r$
--
Senior Architect, Akamai Technologies
IM:
And it returns this kind of error
error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal
error
The site uses TLS 1.1, AES_128_CBC_SHA1, ECDHE-ECDSA.
Perhaps there is a middlebox in the way that gets version negotiation wrong.
Try adding the -tls1 flag.
WS-Security? Blast from the past … ☺
To fill in the BinarySecurityToken field, take the PEM version of the cert,
strip off the leading and trailing marker lines ---BEGIN… and output that. To
generate the signature look at the pkeyutl app. (Sorry, don’t remember any
other details)
--
Senior
Can a message be removed by the system administrator of the openssl-user
email forum?
There are several places that archive openssl mailing lists.
My original post about NULL EVP_PKEY was flag by my company as a security
risk.
That seems erroneous to me.
I have been directed to remove
I am currently using openssl 1.0.1e (compiling from source), and I was
wondering whether I needed to put in any patch files with it as well. Does
anybody know? Let's assume I can't just use a later version's tarball.
There are no patch files. Letter releases, 1.0.1f, 1.0.1g, etc., are only
Is there a way to specify where objects and binaries go? Or, alternatively,
where the source lives (rather like OpenSSH's --srcdir option)?
Not currently. This might change as the make system is being reviewed and
overhauled. Until then, rsync is your best option, as long as all your
I am having a problem reading a password protected private key file (.pem)
using the OpenSSL library (programmatically).
Can you read it using the openssl command-line tool?
--
Senior Architect, Akamai Technologies
IM: richs...@jabber.at Twitter: RichSalz
How do we use `openssl req` and a CONF file to add the information
(assuming we already have the certified timestamps)?
Ouch, that's gonna be nasty. Look at ASN1_generate_nconf.pod Most likely have
to use the SEQUENCE type, recursively. Ouch indeed.
A patch to let you specify the DER
A patch to let you specify the DER directly would be useful.
No patch required:
Looks like a doc bug then.
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
https://www.openssl.org/docs/apps/x509v3_config.html#ARBITRARY-
EXTENSIONS
Oops.
I on ly looked at asn1_generate. Should there be a cross-link?
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Sometimes, the program crashes when doing an SSL_CTX_free; before the
crash, ctx is an invalid pointer, that's why I can get a valid value from
SSL_CTX_get_max_cert_list (ctx), so it's not a double free problem.
You mean it's a VALID pointer?
We'll need a more detailed backtrace.
You could mail it to RT and then it will at least be logged and not forgotten.
But no response within four days isn't surprising.
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
If I may, I'd like to ask about including the Linux kernel in the validation.
As the old joke goes, if you have to ask, you can't afford it.
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
In other words, is the only
practical and viable option regarding this to re-implement crypt() using EVP
methods ? - thanks.
Yes. That would be so much easier than anything you can imagine.
___
openssl-users mailing list
To unsubscribe:
Jakob,
Thanks very much for the detailed response! I'm still not convinced that
tls-layer compression is a good thing. You seem to be saying it could
possibly be made to work, but ... do I have that view right?
--
Senior Architect, Akamai Technologies
IM: richs...@jabber.at Twitter:
At the
very least, you need to measure many encryptions and take the average.
+1 Also look at the openssl speed app.
--
Senior Architect, Akamai Technologies
IM: richs...@jabber.at Twitter: RichSalz
___
openssl-users mailing list
To unsubscribe:
Yes, some others have spoken up so compression at the TLS layer will stay. The
ability to add new compression methods at run-time is likely to go away.
___
openssl-users mailing list
To unsubscribe:
I'm not sure if/how SPDY differs from HTTP/2 (other than I know they are
different but aligned).
I Google just turned off spdy for official http/2.
http://blog.chromium.org/2015/02/hello-http2-goodbye-spdy-http-is_9.html
___
openssl-users mailing
Perhaps you don't want to post this kind of thing to a global mailing list for
all users of openssl?
--
Senior Architect, Akamai Technologies
IM: richs...@jabber.at Twitter: RichSalz
-Original Message-
From: MAGANA, ANDREAS S I CTR USAF AFMC 72 ABW/SCOOT
by randomly interspersing flush commands into the data stream (description
and example implementation https://github.com/wnyc/breach_buster)?
It's not perfect but for some use cases better than having no compression at
all.
Flushing the stream seems like an application-level thing to do, and
Modulus:
00:9a:18:ca:4b:94:0d:00:2d:af:03:29:8a:f0:0f:
The leading zero is so that you don't confuse it with a sign bit.
___
openssl-users mailing list
To unsubscribe:
I am thinking about removing compression and would like to know what the
community thinks.
At a minimum, I am going to remove the ability to add compression at run-time.
This was never really documented. Moving forward, if someone wants to add a new
compression scheme they will need to modify
It is a hack. Most people do it the other way and look for a G or P as the
first letter.
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Are there any plans or patches for such a feature?
We have no plans for this.
--
Senior Architect, Akamai Technologies
IM: richs...@jabber.at Twitter: RichSalz
___
openssl-users mailing list
To unsubscribe:
I am wondering is this newly introduced?.
No it's not new.
Application compiled with openssl-0.9.8d used to work when Cipher string has
'+'.or ':'
That release is nearly 10 years old (Sep 2006) And are you sure it worked? +
tended to mean add, so :+ worked...
--
Senior Architect,
I see Adam Langley's patch here:
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9a8646510b
Any ideas why it was not accepted or not merged? (I'm assuming it was not
merged because it was rejected for some reason).
I thought his patch came before the IETF final doc, which
From document, I think CTX can be initialize only once. But I do not know
g_ssl can be initialize only once? I can reuse g_ssl for 1000 differnt URLs?
Please correct me if anything. Thanks!
You need to create a new SSL object every time you want to do a connect.
/r$
--
Senior
It's unlikely to appear in 1.0.2 as it's a new feature.
CloudFlare has posted patches that seem like they would drop in easily, for
folks that want to do it; see
https://blog.cloudflare.com/do-the-chacha-better-mobile-performance-with-cryptography/
--
Senior Architect, Akamai Technologies
The extra work is also documented (in a place not linked from the wiki) for
those who maintain a git fork of the OpenSSL repository.
I just tossed together https://wiki.openssl.org/index.php/Code_reformatting
Found off the main page,
Ok, so TLS does not handle this.
The current draft of the TLS 1.3 specification includes a field to pad every
data record.
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
I'm using TLS 1.2 with compression and was wondering if OpenSSL
implements ways to hide the exact length of the message (may be using RFC
6066).
No. What in 6066 were you thinking of trying to use?
___
openssl-users mailing list
To unsubscribe:
Many servers have disabled client-initiated renegotation.
I thought you were testing your client/server.
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Guess I'll mention this here. After the mailing list changes, MARC stopped
archiving the OpenSSL lists, e.g.
Thanks, I'll get in touch with them.
--
Senior Architect, Akamai Technologies
IM: rs...@jabber.me Twitter: RichSalz
___
openssl-users
Does OpenSSL support renegotiation?
Yes.
You probably need more than that. :) Take a look at the apps/s_client and look
for the 'R' constant to see how to do client-initiated reneg.
___
openssl-users mailing list
To unsubscribe:
I see some delay about 30-40 min for my emails. They arrive and I see them
in the incoming messages in the list only after 30-40 min. And one email was
delivered for 2 hours. Is it normal for the openssl-users@openssl.org?
It happens sometimes.
Some time ago I see an email with message:
How to I disable all EXPORT Ciphers from OpenSSL?
Will the use of string kEDH:ALL:!ADH:!DES:!LOW:!EXPORT:+SSLv2:@STRENGTH
; openssl ciphers -v kEDH:ALL:!ADH:!DES:!LOW:!EXPORT:+SSLv2:@STRENGTH |
grep EXP
;
Yes.
But really, SSLv2? Really? You have clients that haven't been
As far as I know SSL_read will only return data from 1 record.
But there is no requirement that each write translates into one record.
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
So this is preserving message boundaries. How do I get the complete
message just like with TCP?
No, it just happened that way. TLS does not preserve message boundaries.
___
openssl-users mailing list
To unsubscribe:
if (!openssl_is_patched(CVE-2014-0160”)) {
complain_vociferously();
}
That's an interesting idea. Of course the CVE list would grow, so perhaps
arrays of ints are better
Int OPENSSL_cve_fixed(int year, int vuln);;
?
___
openssl-users
I am facing unknown digest error from ASN1 while verifying certificate from
client using PKCS7_verify.
Is this a cert you generated with the old openssl code? I believe there is an
issue with OID's, but am not sure. Maybe somebody else can recall.
I've found one on-line tester for CVE-2014-8730 here:
You sure that's the one you want? That is only for F5. See
https://support.f5.com/kb/en-us/solutions/public/15000/800/sol15882.html
___
openssl-users mailing list
To unsubscribe:
I like https://www.feistyduck.com/
--
Principal Security Engineer, Akamai Technologies
IM: rs...@jabber.memailto:rs...@jabber.me Twitter: RichSalz
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
As there is no documentation and as noone seems to know the meaning of
the -no_explicit for openssl ocsp, should I file a documentation defect in
RT
for that?
yes, please.
___
openssl-users mailing list
To unsubscribe:
As there is no documentation and as noone seems to know the meaning of
the -no_explicit for openssl ocsp, should I file a documentation
defect in RT for that?
yes, please.
Never mind, Stephen already fixed the doc in master :)
___
For that matter and in a general sense, so far I've seen that many encryption
methods do not return any error code. How does error reporting generally
works ?
Really? Which ones?
___
openssl-users mailing list
To unsubscribe:
For instance, any of the void DES_*_encrypt(). This cursory observation is
also supported by a vendor application code such as:
Ah, okay. Those functions are 'just math' They depend on no external state.
They can't fail. It's shifts and masking, etc.
This is basically why I'm wondering
Is there a chance you can interrupt and get a backtrace to see where it’s
hanging?
--
Principal Security Engineer, Akamai Technologies
IM: rs...@jabber.memailto:rs...@jabber.me Twitter: RichSalz
From: Mike Collins [mailto:mikec1...@gmail.com]
Sent: Wednesday, February 18, 2015 3:54 PM
To:
From: Michael Wojcik [mailto:michael.woj...@microfocus.com]
Thanks for the detailed and thoughtful response. I only want to respond to a
few of your points.
One is simply that we're seeing a lot of
OpenSSL roadmap announcements. That's good in the sense that before the
funding boost,
I agree with Viktor. His suggestion (keep RC4 in MEDIUM, suppress it
explicilty in DEFAULT) is a good one that maintains important backward
compatibility while providing the desired removal of RC4 by default. There's
no advantage to moving RC4 to LOW.
Sure there is: it's an accurate
All sorts of things can be done. Clearly, in the Brave New World of well-
funded OpenSSL, they'll have to be, because it's apparent that we're going to
see a lot of disruptive change made on the flimsiest of pretexts, with
objections from the user community brushed aside. That's your
701 - 800 of 1110 matches
Mail list logo