s listed in the RFC.
>
>
> On 08/06/2018 12:15, Sanjaya Joshi wrote:
>
>> Hello,
>> Thank you Matt and Jordan. So, it seems that it's possible to modify my
>> client to accept/reject the DH group key length. But i have one more issue
>> to be clarified.
>
Hello,
Thank you Matt and Jordan. So, it seems that it's possible to modify my
client to accept/reject the DH group key length. But i have one more issue
to be clarified.
Is it possible that if a client does not accept the DH group key length
used by the server, then, a different possible cipher (
s are no more allowed, for
which i didn't find a good reasoning.
Regards,
Sanjaya
On Thu, Jun 7, 2018 at 8:52 AM, Jordan Brown
wrote:
> On 6/6/2018 12:11 PM, Sanjaya Joshi wrote:
>
> I understood that when DHE ciphers are tried to be used between two
> entities, it's onl
Hello,
I understood that when DHE ciphers are tried to be used between two
entities, it's only the server that plays a role about selection of the DH
parameters. This is not negotiable with the client. For e.g., the server
can freely use a very low not-recommended DH group with 512 bit key length
a
Hi,
Thanks Michael. I'll check if your proposal fits my requirement.
Regards,
Sanjaya
On Wed, Jan 10, 2018 at 7:55 PM, Michael Richardson
wrote:
>
> Sanjaya Joshi wrote:
> > Is there a BIO family of API that OpenSSL provides to bind to a
> > specific source IP
Hello,
Is there a BIO family of API that OpenSSL provides to bind to a specific
source IP address before creating a socket connection (using for e.g.
BIO_new_connect()) ?
My application does not need to rely on the kernel-provided source IP
address and hence the need for this.
Regards,
Sanjaya
--
Hi,
Thank you Salz Rich. It's clear now.
Regards,
Sanjaya
On Mon, Nov 27, 2017 at 6:42 PM, Salz, Rich via openssl-users <
openssl-users@openssl.org> wrote:
>
>- Whether openssl 1.0.x and 1.1.x can interwork ?
>
>
>
> Yup. As long as they share a TLS version, no problem.
>
> --
> openssl-use
Thank you for the confirmation Matt.
Regards,
Sanjaya
On Mon, Nov 27, 2017 at 3:50 PM, Matt Caswell wrote:
>
>
> On 27/11/17 08:47, Sanjaya Joshi wrote:
> > Hello,
> > Whether openssl 1.0.x and 1.1.x can interwork ?
> > That is, whether TLS client on top of open
Hello,
Whether openssl 1.0.x and 1.1.x can interwork ?
That is, whether TLS client on top of openssl 1.1.x and TLS server on top
of openssl 1.0.x (or vice versa) can interwork efficiently ?
Regards,
Sanjaya
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/ope
Thanks. I'll try that.
Regards,
Sanjaya
On 18 Apr 2017 15:27, "Matt Caswell" wrote:
>
>
> On 16/04/17 20:17, Sanjaya Joshi wrote:
> > Hello,
> >
> > I use openldap_2.3.39 to initiate secure LDAP connection (starttls) to
> > external
Hello,
I use openldap_2.3.39 to initiate secure LDAP connection (starttls) to
external LDAP server. The used openssl version is 1.0.2k.
While establishing the secure connection from client, i observe the
following segmentation fault occasionally (Not always reproducible).
Any pointers please ?
Hi,
Thanks for the pointers. We will consider that option.
Regards,
Sanjaya
On Wed, Mar 1, 2017 at 6:59 PM, Michael Tuexen <
michael.tue...@lurchi.franken.de> wrote:
> > On 1 Mar 2017, at 06:34, Sanjaya Joshi wrote:
> >
> > Hi,
> > Thank you Salz Rich for the
Hi,
Thank you Salz Rich for the confirmation.
So, whether application can perform manual TLS handshakes when
SOCK_SEQPACKET is used ?
Regards,
Sanjaya
On Tue, Feb 28, 2017 at 7:03 PM, Salz, Rich wrote:
> > But these calls don't work when SOCK_SEQPACKET (one-to-many connections)
> is used. Does
Hello,
I understand that when implementing TLS over SCTP, if socket is opened with
SOCK_STREAM (one-to-one connection), then normal openssl calls (SSL_accept,
SSL_connect) can be used for TLS handshakes in a client/server program.
But these calls don't work when SOCK_SEQPACKET (one-to-many connect
Hello,
1)
In openssl1.0.2i, the release note says, there is a fix for CVE-2016-2178:
"
*) Constant time flag not preserved in DSA signing
Operations in the DSA signing algorithm should run in constant time in
order to avoid side channel attacks. A flaw in the OpenSSL DSA
impleme
my client does not support SHA512 ?
I use TLSv1.0.
Could someone please let me know, if SHA512 is not supported by TLSv1.0 ?
Thanks in advance.
Regards,
Sanjaya Joshi
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listin
UST also be asserted."
Regards,
Sanjaya
On Tue, Jul 8, 2014 at 2:16 AM, Kyle Hamilton wrote:
>
> On 7/7/2014 2:40 AM, Sanjaya Joshi wrote:
> > Hello,
> > My application uses openssl 1.0.0, and it uses X509_check_ca() to
> > find out if an X509 certific
Hello,
My application uses openssl 1.0.0, and it uses X509_check_ca() to find
out if an X509 certificate is a CA certificate, or an End-entity (EE)
certificate.
The below are the possible return codes.
/* return codes of X509_check_ca():
* 0 not a CA
* 1 is a CA
Thanks Dave for the clarifications.
Regards,
Sanjaya
On Thu, Jun 6, 2013 at 2:11 AM, Dave Thompson wrote:
> >From: owner-openssl-us...@openssl.org On Behalf Of sanjaya joshi
> >Sent: Wednesday, 05 June, 2013 01:27
>
> >I have few queries wrt the RSA private key generation
teKey() to get PKCS#1 encoded key in
openssl 1.0.0 ?
Note: In openssl 0.9.8, PEM_write_PrivateKey() provides a PKCS#1
encoded key.
Regards,
Sanjaya
On Wed, Jun 5, 2013 at 6:33 PM, Dr. Stephen Henson wrote:
> On Tue, Jun 04, 2013, sanjaya joshi wrote:
>
> > Hello,
> > I am using
Hello,
I have few queries wrt the RSA private key generation and writing using
openssl. Could anybody please clearify.
(1). Has the behavior of api PEM_write_PrivateKey() has been changed
between openssl 0.9.8 and 1.0.0 ?
(2). The above api uses PKCS#8 encoding (while writing) by default in
1
Hello,
Could anyone let me know which is the suitable openssl command to convert
PKCS#8 key to traditional PKCS#1 key in openssl_1.0.0?
I used the below command, and it works in openssl_1.0.0:-
openssl rsa -in pkcs8.pem -out pkcs1.pem
But if i use the below command, it doesn't work in openssl_1
Hello,
I am using strongswan(v_4.5.3) for ipsec, that uses my X509 certificate
and RSA private key.
If i use RSA private key(un-encrypted) that is PKCS#8 encoded, then
strongswan is not able to load the key. But it works, if i use a
traditional PKCS#1 encoded RSA key.
Could anyone explain, which
Hello,
I need to update my end entity certificate using CMP key update request.
There are 2 possibilities for the private key to be used - 'existing' or
'new'.
RFC 4210 says:
"When a key pair is due to expire, the relevant end entity MAY request
a key update; that is, it MAY request that the
, Sep 25, 2012, sanjaya joshi wrote:
>
> >
> > We can conclude an X509 V1 certificate to be a root ca using
> > (EXFLAG_V1|EXFLAG_SS).
> > Similarly, is there a way to know whether an X509 V1 certificate is an
> > intermediate CA or end-entity certificate ?
> >
>
25 matches
Mail list logo