> From: owner-openssl-us...@openssl.org On Behalf Of Charles Mills
> Sent: Friday, November 21, 2014 12:30
> Thanks. I guess I may have to open a problem with IBM. The IBM
> documentation
> clearly lists a number of "cipher suites" (at they call them) that use
SHA1
> (including the one we (IBM+Ope
PM
To: openssl-users@openssl.org
Subject: RE: SSL alert number 51
Thanks guys for all of the clues! I got it working! Long story. Wow, FIPS is
a moving target. I re-did my root CA with SHA 256, and my server
certificate. I had to move my testing from z/OS V1R13 to z/OS V2R1 --
*apparently* V1R13
Of Dr. Stephen Henson
Sent: Friday, November 21, 2014 11:00 AM
To: openssl-users@openssl.org
Subject: Re: SSL alert number 51
On Fri, Nov 21, 2014, Charles Mills wrote:
> Thanks. I guess I may have to open a problem with IBM. The IBM
> documentation clearly lists a number of "cipher suite
On Fri, Nov 21, 2014, Charles Mills wrote:
> Thanks. I guess I may have to open a problem with IBM. The IBM documentation
> clearly lists a number of "cipher suites" (at they call them) that use SHA1
> (including the one we (IBM+OpenSSL) default to as being FIPS 140-2
> compliant.
>
> GSK appears
mber 21, 2014 7:04 AM
To: openssl-users@openssl.org
Subject: Re: SSL alert number 51
On 21/11/14 14:43, Charles Mills wrote:
> I posted the certificates. What's next?
>
> Charles
The key sizes look ok to me. As I said I'm no FIPS expert, but this page
http://wiki.openssl.org
On Fri, Nov 21, 2014, Matt Caswell wrote:
>
>
> On 21/11/14 14:43, Charles Mills wrote:
> > I posted the certificates. What's next?
> >
> > Charles
>
> The key sizes look ok to me. As I said I'm no FIPS expert, but this page
> http://wiki.openssl.org/index.php/FIPS_mode_and_TLS
>
> says the f
On 21/11/14 14:43, Charles Mills wrote:
> I posted the certificates. What's next?
>
> Charles
The key sizes look ok to me. As I said I'm no FIPS expert, but this page
http://wiki.openssl.org/index.php/FIPS_mode_and_TLS
says the following:
"The RSA key in the certificate has to be of suitable s
I posted the certificates. What's next?
Charles
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Matt Caswell
Sent: Wednesday, November 19, 2014 3:35 PM
To: openssl-users@openssl.org
Subject: Re: SSL alert number 51
: openssl-users@openssl.org
Subject: RE: SSL alert number 51
- DHE is 1024
- RSA is 2048
Server certificate:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13 (0xd)
Signature Algorithm: sha1WithRSAEncryption
Issuer: CN=Charles Mills Consulting, LLC, ST=California
Henson
Sent: Wednesday, November 19, 2014 4:35 PM
To: openssl-users@openssl.org
Subject: Re: SSL alert number 51
On Wed, Nov 19, 2014, Matt Caswell wrote:
>
>
> On 19/11/14 22:57, Charles Mills wrote:
>
> > User response: If the error occurred while executing in FIPS mode,
&
On Wed, Nov 19, 2014, Matt Caswell wrote:
>
>
> On 19/11/14 22:57, Charles Mills wrote:
>
> > User response: If the error occurred while executing
> > in FIPS mode, check that only FIPS key sizes are used.
> > Collect a System SSL trace containing the error and
> > then contact your service repr
On 19/11/14 22:57, Charles Mills wrote:
> Dave -
>
> Thanks much.
>
>> Either there's a bug somewhere or you are being attacked (MitM'ed).
>
> Unlikely I am being MitM'ed -- the connection is over a VPN. (Why TLS when
> there is already a VPN in place? I am testing TLS software and the VPN is
Charles
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Dave Thompson
Sent: Wednesday, November 19, 2014 2:20 PM
To: openssl-users@openssl.org
Subject: RE: SSL alert number 51
> From: owner-openssl-us...@openssl.org
> From: owner-openssl-us...@openssl.org On Behalf Of Charles Mills
> Sent: Wednesday, November 19, 2014 14:08
> 10280:error:1409441B:SSL routines:SSL3_READ_BYTES:tlsv1 alert decrypt
error:.\ssl\s3_pkt.c:1275:SSL alert number 51
http://tools.ietf.org/html/rfc5246.html#section-7.2
decrypt_error
14 matches
Mail list logo