Testing

I'll take care of it and ask the administrator to remove it manually if possible. The last message I sent had garbled characters in the sender, subject, and part of the content, and also had useless characters inserted. So, I tried to unify all the characters into single-byte characters. In

RE: Testing

I’ll take care of it and ask the administrator to remove it manually if possible. From: Kingsley O Sent: Thursday, August 26, 2021 3:41 PM To: Dr. Matthias St. Pierre Cc: openssl-users@openssl.org Subject: Re: Testing Didn't work..:-( Did not receive email to complete the unsubscribe process

RE: Testing

To unsubscribe, visit https://mta.openssl.org/mailman/listinfo/openssl-users Regards From: openssl-users On Behalf Of Kingsley O Sent: Wednesday, August 25, 2021 6:06 PM To: Turritopsis Dohrnii Teo En Ming Cc: openssl-users@openssl.org Subject: Re: Testing Please remove my email from

Re: Testing

Please remove my email from this group. Thank you On Wed, Aug 25, 2021 at 4:10 PM Turritopsis Dohrnii Teo En Ming < ceo.teo.en.m...@gmail.com> wrote: > Testing >

Testing

Testing

Re: OpenSSL beta testing on Solaris and z/OS

ject, so it's good to know they aren't too far from working out of >>> the box. >>> >>> We would definitely be interested in a pull request with your fixes at >>> some stage -- post 3.0 since it's almost certainly too late now. >>> >> >> I th

Re: OpenSSL beta testing on Solaris and z/OS

in a pull request with your fixes at some stage -- post 3.0 since it's almost certainly too late now. I thought we were still in "beta" testing mode here? Release of 3.0 "final" is imminent. OTC met on Tuesday 10th to decide whether to release it today (Thursday 12th

Re: OpenSSL beta testing on Solaris and z/OS

fixes at > some stage -- post 3.0 since it's almost certainly too late now. > I thought we were still in "beta" testing mode here? -- Dennis Clarke RISC-V/SPARC/PPC/ARM/CISC UNIX and Linux spoken GreyBeard and suspenders optional

Re: OpenSSL beta testing on Solaris and z/OS

Dennis, Thanks for the information.  Solaris and z/OS are not tested by the project, so it's good to know they aren't too far from working out of the box. We would definitely be interested in a pull request with your fixes at some stage -- post 3.0 since it's almost certainly too late now.

OpenSSL beta testing on Solaris and z/OS

>From another thread : > > The OpenSSL team has wondered how many people were trying out 3.0 > during the beta period without any way of knowing for sure. > If your curious about the old legacy Solaris 10 on reasonably new Fujitsu SPARC64 then I can tell you nearly everything "just works".

RE: Testing

As if amazon is the only provider you can host an mta. As I wrote before your laziness to find a proper provider solution, causes work at other providers. The only advantage that your type of customer has, is that your brains all work the same going for cheap and easy. So if I do block such

Re: Testing

On 2020-09-03 12:25, Marc Roos wrote: Why are you defending amazon? Everyone processing significant mail and http traffic is complaining about them. They were even listed in spamhaus's top 10 abuse networks (until they started contributing to them?) Because we are sending non-spam mail from

RE: Testing

Why are you defending amazon? Everyone processing significant mail and http traffic is complaining about them. They were even listed in spamhaus's top 10 abuse networks (until they started contributing to them?)

Re: Testing

- To: openssl-users@openssl.org Subject: Re: Testing On 2020-08-31 16:28, Marc Roos wrote: Why don't you block the whole compute cloud of amazon? ec2-3-21-30-127.us-east-2.compute.amazonaws.com Please note, that at least our company hosts a secondary MX in the EC2 cloud, with the option to direct my

Re: Testing

gt; > > Why don't you block the whole compute cloud of amazon? > ec2-3-21-30-127.us-east-2.compute.amazonaws.com > > > -Original Message- > > To: openssl-users@openssl.org > Subject: Testing > > > > -- > -BEGIN EMAIL SIGNATURE- > >

RE: Testing

on their abuse department. -Original Message- To: openssl-users@openssl.org Subject: Re: Testing On 2020-08-31 16:28, Marc Roos wrote: > Why don't you block the whole compute cloud of amazon? > ec2-3-21-30-127.us-east-2.compute.amazonaws.com Please note, that at least our company

Re: Testing

@openssl.org Subject: Testing -- -BEGIN EMAIL SIGNATURE- The Gospel for all Targeted Individuals (TIs): [The New York Times] Microwave Weapons Are Prime Suspect in Ills of U.S. Embassy Workers Link: https://www.nytimes.com/2018/09/01/science/sonic-attack-cuba-microwave.html

RE: Testing

Why don't you block the whole compute cloud of amazon? ec2-3-21-30-127.us-east-2.compute.amazonaws.com -Original Message- To: openssl-users@openssl.org Subject: Testing -- -BEGIN EMAIL SIGNATURE- The Gospel for all Targeted Individuals (TIs): [The New York Times

Testing

-- -BEGIN EMAIL SIGNATURE- The Gospel for all Targeted Individuals (TIs): [The New York Times] Microwave Weapons Are Prime Suspect in Ills of U.S. Embassy Workers Link: https://www.nytimes.com/2018/09/01/science/sonic-attack-cuba-microwave.html

Re: Testing TLS 1.0 with OpenSSL master

On Mon, Aug 24, 2020 at 01:38:41PM -0700, John Baldwin wrote: > On 8/18/20 9:49 AM, Matt Caswell wrote: > > > > > > On 17/08/2020 18:55, John Baldwin wrote: > >> 1) Is 'auth_level' supposed to work for this? The CHANGES.md change > >>references SSL_CTX_set_security_level and openssl(1)

Re: Testing TLS 1.0 with OpenSSL master

On 8/18/20 9:49 AM, Matt Caswell wrote: > > > On 17/08/2020 18:55, John Baldwin wrote: >> 1) Is 'auth_level' supposed to work for this? The CHANGES.md change >>references SSL_CTX_set_security_level and openssl(1) claims that >>'-auth_level' changes this? Is the CHANGES.md entry wrong

Re: Testing TLS 1.0 with OpenSSL master

On 17/08/2020 18:55, John Baldwin wrote: > 1) Is 'auth_level' supposed to work for this? The CHANGES.md change >references SSL_CTX_set_security_level and openssl(1) claims that >'-auth_level' changes this? Is the CHANGES.md entry wrong and only >SECLEVEL=0 for the ciphers work by

Testing TLS 1.0 with OpenSSL master

Sadly, I need to be able to test some KTLS changes I have in FreeBSD that support legacy clients still using TLS 1.0. After seeing the note in CHANGES.md about TLS 1.0 signature algs no longer being permitted in the default security level, I tried using '-auth_level=0' to lower the security

Building and testing 1.1.1t with /MT run-time library

Hi everyone, On Windows, we require both /MD and /MT builds of OpenSSL, with Control Flow Guard enabled. To do so, we tried using these steps in cmd.exe recently when compiling 1.1.1d for /MT (64-bit shown; we also build 32-bit): $ perl Configure VC-WIN64A no-asm --prefix= $ ms\do_ms $ perl

Re: TLS-1.3 Certificate Authorities implementation and testing

On Mon, Sep 02, 2019 at 06:49:40PM +0200, Alexandre Schaff wrote: > serverside : 'openssl s_server' using certfile which has 2 root-CA+cert > (certA and certB) and keyfile which has both secrets. The s_server application loads just one certificate chain from its certFile, and just one key from

TLS-1.3 Certificate Authorities implementation and testing

Hello, Sorry if question has already been asked, I saw https://github.com/openssl/openssl/issues/3029 . Issue#3029 is a mixed discussion on both tls-1.2 extension "trusted CA indication" (rfc6066#section-6) and TLS-1.3 "Certificate Authorities", thus conclusion is unclear. tests done : openssl

Re: [openssl-users] How to use a specific ip interface while testing TLS/SSL connectivity.

while testing TLS/SSL connectivity. Thanks Mark for the prompt reply. Absolutely makes sense. Actually, i am on Nonstop HPE servers. There are no internal routing tables or so to say static routes. Environment is different from unix/linux. From Application perspective, we choose what ip

Re: [openssl-users] How to use a specific ip interface while testing TLS/SSL connectivity.

Thanks Mark. Will definitely try this. Appreciate your help. Will keep you losted. Regards. On Sat, Feb 9, 2019, 8:45 AM open...@foocrypt.net HI Rajinder > > Perhaps a tunnel may help ? > > Have a look at man -s ssh, check out binding to interfaces and setting up > a tunnel from one Nic through

Re: [openssl-users] How to use a specific ip interface while testing TLS/SSL connectivity.

It appears you could create() a socket, bind() it to the interface you want to use, possibly connect() it, and then pass it to either BIO_s_connect() or BIO_s_socket() depending on which meets your needs. -Kyle H On Sat, Feb 9, 2019 at 7:21 AM Rajinder Pal Singh wrote: > > Thanks Mark for the

Re: [openssl-users] How to use a specific ip interface while testing TLS/SSL connectivity.

HI Rajinder Perhaps a tunnel may help ? Have a look at man -s ssh, check out binding to interfaces and setting up a tunnel from one Nic through to your endpoint. Have a look at nectar or nc as its called these days for listening on the endpoint of the tunnel as your basic http 1.1 server, and

Re: [openssl-users] How to use a specific ip interface while testing TLS/SSL connectivity.

Thanks Mark for the prompt reply. Absolutely makes sense. Actually, i am on Nonstop HPE servers. There are no internal routing tables or so to say static routes. Environment is different from unix/linux. >From Application perspective, we choose what ip interface to use. Wondering if we can force

Re: [openssl-users] How to use a specific ip interface while testing TLS/SSL connectivity.

ets used in > outbound connections. Not usually, but in the specific case of testing connections bound to specific local addresses - an artificial use case - it will either avoid having to wait for the 2MSL timer to expire (if you bind to a specific local port) or exhausing the ephemeral por

Re: [openssl-users] How to use a specific ip interface while testing TLS/SSL connectivity.

Hi Rajinder There shouldn’t be any issues depending on how your host OS is performing the routing to the network the SSL/TLS endpoint is on. Try a tracerout to the IP to see where it goes, and a telnet IP 80 or 443 to make sure you can connect to the web server. — Regards, Mark A. Lane

Re: [openssl-users] How to use a specific ip interface while testing TLS/SSL connectivity.

> On Feb 8, 2019, at 12:55 PM, Michael Wojcik > wrote: > > For IPv4: Create your socket, bind it to the local interface you want to use > (specifying a port of 0 if you want an ephemeral port assigned as in the > usual case), then connect to the peer. You'll probably want to enable >

Re: [openssl-users] How to use a specific ip interface while testing TLS/SSL connectivity.

> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of > Rajinder Pal Singh > Sent: Friday, February 08, 2019 12:20 > I want to use a specific ip interface (out of several available ethernet > interfaces available > on my server) to test TLS/SSL connectivity to a remote

[openssl-users] How to use a specific ip interface while testing TLS/SSL connectivity.

Hi, I want to use a specific ip interface (out of several available ethernet interfaces available on my server) to test TLS/SSL connectivity to a remote server. Wondering if its possible? Regards, Rajinder. -- openssl-users mailing list To unsubscribe:

[openssl-users] Successful testing of 1.1.1

Fedora 29 beta just provided (in testing-update repo): openssl-1.1.1-2.fc29.armv7hl.rpm Against this version, I successfully produced by ED25519 pki per: https://github.com/rgmhtt/draft-moskowitz-eddsa-pki I have some minor textual edits to make in the draft and then submit it.  Then I can

Re: [openssl-users] Call for testing TLS 1.3

On 21/06/18 10:44, John Jiang wrote: > If s_server doesn't use option -early_data, the NewSessionTicket won't > contain early_data extension, > and then in the second connection, s_client won't send early data even > option -early_data is used. > Right? Correct. > Is it possible to take

Re: [openssl-users] Call for testing TLS 1.3

2018-06-20 17:01 GMT+08:00 Matt Caswell : > > > On 20/06/18 07:11, John Jiang wrote: > > 2018-06-19 6:21 GMT+08:00 Matt Caswell > >: > > > > > > > > On 18/06/18 21:23, Hubert Kario wrote: > > > On Friday, 8 June 2018 10:26:07 CEST Matt Caswell wrote: > > >>

Re: [openssl-users] Call for testing TLS 1.3

On 20/06/18 07:11, John Jiang wrote: > 2018-06-19 6:21 GMT+08:00 Matt Caswell >: > > > > On 18/06/18 21:23, Hubert Kario wrote: > > On Friday, 8 June 2018 10:26:07 CEST Matt Caswell wrote: > >> On 08/06/18 02:48, John Jiang wrote: > >>> Is it

Re: [openssl-users] Call for testing TLS 1.3

2018-06-19 6:21 GMT+08:00 Matt Caswell : > > > On 18/06/18 21:23, Hubert Kario wrote: > > On Friday, 8 June 2018 10:26:07 CEST Matt Caswell wrote: > >> On 08/06/18 02:48, John Jiang wrote: > >>> Is it possible to check Key/IV update feature via these tools? > >>> Thanks! > >> > >> Yes. See the

Re: [openssl-users] Call for testing TLS 1.3

On 18/06/18 21:23, Hubert Kario wrote: > On Friday, 8 June 2018 10:26:07 CEST Matt Caswell wrote: >> On 08/06/18 02:48, John Jiang wrote: >>> Is it possible to check Key/IV update feature via these tools? >>> Thanks! >> >> Yes. See the "CONNECTED COMMANDS" sections of these pages: >>

Re: [openssl-users] Call for testing TLS 1.3

e should enable TLS 1.3 by default or not, > or when it should be enabled. For that, we would like to know how > applications behave with the latest beta release. > > When testing this, it's important that both sides of the > connection support the same TLS 1.3 draft version. OpenSS

Re: [openssl-users] Call for testing TLS 1.3

On Friday, 8 June 2018 10:26:07 CEST Matt Caswell wrote: > On 08/06/18 02:48, John Jiang wrote: > > Is it possible to check Key/IV update feature via these tools? > > Thanks! > > Yes. See the "CONNECTED COMMANDS" sections of these pages: > https://www.openssl.org/docs/manmaster/man1/s_server.html

Re: [openssl-users] Call for testing TLS 1.3

/wiki.openssl.org/index.php/TLS1.3 > <https://wiki.openssl.org/index.php/TLS1.3>> > > > >     We are considering if we should enable TLS 1.3 by default or not, > >     or when it should be enabled. For that, we would like to know how > >     appl

Re: [openssl-users] Call for testing TLS 1.3

> > an overview see https://wiki.openssl.org/index.php/TLS1.3 > > <https://wiki.openssl.org/index.php/TLS1.3> > > > > We are considering if we should enable TLS 1.3 by default or not, > > or when it should be enabled. For that, we would like to

Re: [openssl-users] Call for testing TLS 1.3

(For those who are not Jouni, there is some spec work needed for TLS 1.3/EAP integration as well, occurring in the IETF EMU working group. I assume Jouni is on the mailing list and knows this already) -Ben On Mon, May 28, 2018 at 03:28:13PM +0300, Jouni Malinen wrote: > On Sun, Apr 29, 2018 at

Re: [openssl-users] Call for testing TLS 1.3

On Sun, Apr 29, 2018 at 12:43:26PM +0200, Kurt Roeckx wrote: > We are considering if we should enable TLS 1.3 by default or not, > or when it should be enabled. For that, we would like to know how > applications behave with the latest beta release. It looks like couple of TLS 1.3 changes result

Re: [openssl-users] Call for testing TLS 1.3

ssl.org/index.php/TLS1.3 > <https://wiki.openssl.org/index.php/TLS1.3> > >     <https://wiki.openssl.org/index.php/TLS1.3 > <https://wiki.openssl.org/index.php/TLS1.3>> > > > >     We are considering if we should enable TLS 1.3 by defaul

Re: [openssl-users] Call for testing TLS 1.3

index.php/TLS1.3> > > > > We are considering if we should enable TLS 1.3 by default or not, > > or when it should be enabled. For that, we would like to know how > > applications behave with the latest beta release. > > > > When testing this,

Re: [openssl-users] Call for testing TLS 1.3

wiki.openssl.org/index.php/TLS1.3 > <https://wiki.openssl.org/index.php/TLS1.3> > > We are considering if we should enable TLS 1.3 by default or not, > or when it should be enabled. For that, we would like to know how > applications behave with the latest beta release.

Re: [openssl-users] Call for testing TLS 1.3

might cause incompatibility. For > an overview see https://wiki.openssl.org/index.php/TLS1.3 > > We are considering if we should enable TLS 1.3 by default or not, > or when it should be enabled. For that, we would like to know how > applications behave with the latest beta release. > >

Re: [openssl-users] Call for testing TLS 1.3

>Interoperability issues with middle-boxes or existing software written for > TLS 1.2. Facebook, Google, and Mozilla did lots of testing with TLS 1.3 and middleboxes. If something was missed, the whole Internet will have problems. Existing software is the question we are

Re: [openssl-users] Call for testing TLS 1.3

On 30/04/18 05:41 PM, Matt Caswell wrote: On 30/04/18 21:55, Dennis Clarke wrote: On 30/04/18 03:48 PM, Salz, Rich via openssl-users wrote:   I think that makes a very strong argument that TLS 1.3 should be enabled by default if it all possible. Question would be "why would it not be?"

Re: [openssl-users] Call for testing TLS 1.3

On 30/04/18 21:55, Dennis Clarke wrote: > On 30/04/18 03:48 PM, Salz, Rich via openssl-users wrote: >>   I think that makes a very strong argument that TLS 1.3 should be >> enabled by default if it all possible. > > > Question would be "why would it not be?" TLSv1.3 behaves differently to

Re: [openssl-users] Call for testing TLS 1.3

> On Apr 30, 2018, at 4:55 PM, Dennis Clarke wrote: > > Question would be "why would it not be?" Interoperability issues with middle-boxes or existing software written for TLS 1.2. -- Viktor. -- openssl-users mailing list To unsubscribe:

Re: [openssl-users] Call for testing TLS 1.3

On 30/04/18 03:48 PM, Salz, Rich via openssl-users wrote: I think that makes a very strong argument that TLS 1.3 should be enabled by default if it all possible. Question would be "why would it not be?" dc -- openssl-users mailing list To unsubscribe:

Re: [openssl-users] Call for testing TLS 1.3

>The issue is most likely that no one "in the wild" has done any testing of significance. I thought the Akamai numbers were significant. I can certainly see tls1.2 exchange but there is nothing for tls1.3 and so I am working on getting a site up pronto

Re: [openssl-users] Call for testing TLS 1.3

On 30/04/18 03:01 PM, Salz, Rich via openssl-users wrote: Sorry, typo. We've had hundreds of millions of connections, with megabytes of data exchanged." The issue is most likely that no one "in the wild" has done any testing of significance. I can certainly see

Re: [openssl-users] Call for testing TLS 1.3

oyment on our network, and requiring customers to opt in to enable beta-testing. We have found no issues. We don't do 0RTT. We are using our own server. I was surprised by how many connections and how much data we are already seeing. I think that makes a very strong argument that TLS 1.3 should b

Re: [openssl-users] Call for testing TLS 1.3

Akamai has had millions of connections with megabytes of data exchanged. This is with partial deployment on our network, and requiring customers to opt in to enable beta-testing. We have found no issues. We don't do 0RTT. We are using our own server. I was surprised by how many connections

Re: [openssl-users] Call for testing TLS 1.3

Yes, by default only 3 are anbled, but there are also 2 other supported included in ALL. I must have done something wrong here as I see these 3 only : n0$ LD_LIBRARY_PATH=`pwd`/openssl-1.1.1-pre5_SunOS5.10_sparc64vii+.001 \ > openssl-1.1.1-pre5_SunOS5.10_sparc64vii+.001/apps/openssl \ >

Re: [openssl-users] Call for testing TLS 1.3

On Sun, Apr 29, 2018 at 10:05:39PM -0400, Dennis Clarke wrote: > On 29/04/18 06:43 AM, Kurt Roeckx wrote: > > The upcomming OpenSSL 1.1.1 release will have TLS 1.3 support. TLS > > 1.3 brings a lot of changes that might cause incompatibility. For > > an overview see

Re: [openssl-users] Call for testing TLS 1.3

On 29/04/18 06:43 AM, Kurt Roeckx wrote: The upcomming OpenSSL 1.1.1 release will have TLS 1.3 support. TLS 1.3 brings a lot of changes that might cause incompatibility. For an overview see https://wiki.openssl.org/index.php/TLS1.3 Looking at

[openssl-users] Call for testing TLS 1.3

. For that, we would like to know how applications behave with the latest beta release. When testing this, it's important that both sides of the connection support the same TLS 1.3 draft version. OpenSSL currently implements draft 26. We would like to see tests for OpenSSL acting as client and server. https

[openssl-users] testing OpenSSL version 1.1.1 pre release 3 on Sol10 sparc

I'll jump on that. Managed to get past the perl requirements and am now using Oracle Studio 12.6 on Solaris 10 sparc ( for some recent sparc incantation ) wherein I usually see : cc: Warning: -xarch=v9 is deprecated, use -m64 -xarch=sparc instead So the conf files need a small tweak.

Re: [openssl-users] Testing ports through firewall

Hi, You can test ports with OpenSSL. But you gotta need a certificate for your s_server. You can generate a self signed certificate with openssl. Try this https://stackoverflow.com/questions/10175812/how-to-create-a-self-signed-certificate-with-openssl And place that file in the dir were you are

Re: [openssl-users] Testing ports through firewall

normal SSL/TLS server needs a certificate.  For testing the certificate doesn't have to be "real" (from a trusted public CA). A dummy certificate for a server named "computer.example.com" can be generated using the command: openssl req -x509 -days 365 -newkey:rsa:2048 -nodes -

[openssl-users] Testing ports through firewall

Hello Community, and Merry Christmas/Happy Seasons Greetings, anyway, I need some help with understanding an openssl feature - *s_server*. I executed the following command: openssl s_server -accept 21937 -www & And immediately got the following output: [1] 3286 [sysadm@wfrench-rhel6c-cit ~]$

Re: [openssl-users] Testing OCSP with openssl

On 09/05/2017 11:59 AM, Dr. Stephen Henson wrote: On Tue, Sep 05, 2017, Robert Moskowitz wrote: Jamie Nugyen's guide uses openssl to test OCSP with 'openssl ocsp': https://jamielinux.com/docs/openssl-certificate-authority/online-certificate-status-protocol.html What is unclear here is:

Re: [openssl-users] Testing OCSP with openssl

On Tue, Sep 05, 2017, Robert Moskowitz wrote: > Jamie Nugyen's guide uses openssl to test OCSP with 'openssl ocsp': > > https://jamielinux.com/docs/openssl-certificate-authority/online-certificate-status-protocol.html > > What is unclear here is: > > Does openssl read the index.txt file once

Re: [openssl-users] Testing OCSP with openssl

Michael, Thanks for this concise review. I look at it as the "Big Bang theory of Security". i.e. what comes first. And HOW DID we get those heavy metals beyond Iron? :) Bob On 09/05/2017 09:10 AM, Michael Wojcik wrote: From: openssl-users [mailto:openssl-users-boun...@openssl.org] On

Re: [openssl-users] Testing OCSP with openssl

> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf > Of Robert Moskowitz > Sent: Tuesday, September 05, 2017 08:43 > > Also he recommends password protecting the keypair. That results in > needing to provide the password at responder startup. Is this the > 'normal'

[openssl-users] Testing OCSP with openssl

Jamie Nugyen's guide uses openssl to test OCSP with 'openssl ocsp': https://jamielinux.com/docs/openssl-certificate-authority/online-certificate-status-protocol.html What is unclear here is: Does openssl read the index.txt file once at startup, or does it read it with each query. From the

[openssl-users] CAVP protocol testing - what does it really consist of ?

about what seems to be /protocol/ testing. I would like to know what's involved in the CAVP testing of the SSH protocol.   I browsed the NIST CAVP web site, browsed some documents, although I haven't found any satisfying, technically-oriented, document on what has to be done if say, I have

Re: [openssl-users] CAVP protocol testing - what does it really consist of ?

that it would not be far-fetched to consider that there is > also knowledge about what seems to be /protocol/ testing. > > > I would like to know what's involved in the CAVP testing of the SSH > protocol. I browsed the NIST CAVP web site, browsed some documents, > although I

Re: [openssl-users] CAVP protocol testing - what does it really consist of ?

constant change is part of the fun), but the general concept is the > same. The algorithm testing is the easiest part of FIPS 140-2 validations. What would you consider being the difficult parts ? > Note the CAVP only tests specific cryptographic algorithms, not > cryptographic protocol suit

Re: [openssl-users] CAVP protocol testing - what does it really consist of ?

changed quite a bit since then >> (constant change is part of the fun), but the general concept is the >> same. The algorithm testing is the easiest part of FIPS 140-2 >> validations. > > What would you consider being the difficult parts ? > >> Note the CAVP only te

[openssl-users] RES: Testing OpenSSL based solution

wraps openssl. Does it make sense? Thanks. -Mensagem original- De: openssl-users [mailto:openssl-users-boun...@openssl.org] Em nome de Dave Thompson Enviada em: quarta-feira, 13 de maio de 2015 04:22 Para: openssl-users@openssl.org Assunto: Re: [openssl-users] Testing OpenSSL based solution

Re: [openssl-users] RES: RES: Testing OpenSSL based solution

17:06 *Para:* openssl-users@openssl.org *Assunto:* [openssl-users] RES: Testing OpenSSL based solution Thanks for both answers. I tried using Y as the public key, but ssl seems not to accept that. Here is the error scenario: From the FIP file: [mod = 1024] P

Re: [openssl-users] Testing OpenSSL based solution

From: openssl-users On Behalf Of Marcus Vinicius do Nascimento Sent: Tuesday, May 12, 2015 16:50 I did some quick research and found this: http://en.wikipedia.org/wiki/Digital_Signature_Algorithm If my understanding is correct, the public key is (p, q, g, y). You might want to look at the

[openssl-users] Testing OpenSSL based solution

I'm working on a C++ security library solution that uses openssl internally. It offers Sign/Verify, Digest and Encrypt/Decrypt as its features (please check available methods below). I'm using FIPS 2.0 test vectors to validate my library, but I'm having a bit of trouble with that. Testing

Re: [openssl-users] Testing OpenSSL based solution

What Mr. Salz refers to by Verification should be okay is probably this: Yes and Mr. Salz greatly appreciates Mr. Bohm's elaboration. :) Lest the humor be misunderstood: yes, you're right, thanks for explaining. ___ openssl-users mailing list To

Re: [openssl-users] Testing OpenSSL based solution

On 12/05/2015 20:10, Salz, Rich wrote: You can't easily have test vectors for DSA signatures since they include a random. Any test vector would have to include the random, and any API would have to be able to accept the random as part of the sign API. Verification should be okay. What

Re: [openssl-users] Testing OpenSSL based solution

On Tue, May 12, 2015 at 06:10:39PM +, Salz, Rich wrote: You can't easily have test vectors for DSA signatures since they include a random. Any test vector would have to include the random, and any API would have to be able to accept the random as part of the sign API. Verification should

[openssl-users] RES: Testing OpenSSL based solution

; PEM_read_bio_DSAPrivateKey fails. Am I missing something here? De: openssl-users [mailto:openssl-users-boun...@openssl.org] Em nome de Jakob Bohm Enviada em: terça-feira, 12 de maio de 2015 15:42 Para: openssl-users@openssl.org Assunto: Re: [openssl-users] Testing OpenSSL based solution On 12/05/2015

[openssl-users] RES: RES: Testing OpenSSL based solution

, based on p, q, g and y? De: openssl-users [mailto:openssl-users-boun...@openssl.org] Em nome de Marcus Vinicius do Nascimento Enviada em: terça-feira, 12 de maio de 2015 17:06 Para: openssl-users@openssl.org Assunto: [openssl-users] RES: Testing OpenSSL based solution Thanks for both

Re: [openssl-users] Testing OpenSSL based solution

You can't easily have test vectors for DSA signatures since they include a random. Any test vector would have to include the random, and any API would have to be able to accept the random as part of the sign API. Verification should be okay. ___

Re: [openssl-users] Testing FIPS mode using 0 randomness

On Mar 2, 2015, at 12:18 PM, jonetsu jone...@teksavvy.com wrote: Hello, I tried a simple test to see if FIPS mode would fail, using the example given in the FIPS user guide 2.0. The test consisted of replacing the /dev/random and /dev/urandom with /dev/zero. I would have expected

[openssl-users] Testing FIPS mode using 0 randomness

Hello,   I tried a simple test to see if FIPS mode would fail, using the example given in the FIPS user guide 2.0.  The test consisted of replacing the /dev/random and /dev/urandom with /dev/zero.  I would have expected that no source of randomness would make the tests ran at the call of

Re: Expected results for testing Poodlebug using OpenSSL CLI

* Paul Konen: Is the above window showing that is was NOT able to make a SSLv3 connection? Yes, the output is certainly confusing, but it indicates an aborted SSL 3.0 handshake. __ OpenSSL Project

Re: Expected results for testing Poodlebug using OpenSSL CLI

the POODLE attack (not poodlebug, it is not a bug but an attack against known old bugs). There are at least 3 ways: A. Simply turning off SSLv3 connections, and loose support for older clients that cannot be upgraded to support TLS. This is what you are testing for. B. Support SSLv3, but implement

Expected results for testing Poodlebug using OpenSSL CLI

Hi, I found on the web a way to use your tool to test for the new vulnerability called Poodlebug. The command is: opsnssl s_client -connect ip:port -ssl3 I feel that I have tomcat configured to use TLS only and this is the response back. [cid:image001.png@01CFF38B.07A521A0] When I execute this

Re: Testing openssl with s_server and s_client

On Mon, Feb 17, 2014 at 01:44:53AM -0800, Nomad Esst wrote: What are the steps to test openssl with s_client and s_server? I have create a private key using the following command: openssl genpkey -algorithm gost2001 -pkeyopt paramset:A -out seckey.pem This generates a private key. But

ASKDFVS (NIST SP 800-135 ) CAVP testing

the FIPSv2.0 validation was initiated prior to the release of NIST's VS release? Has anybody written a test program for TLS KDF (specifically TLSv1.0/1.1) CAVP testing? __ OpenSSL Project http

S/MIME certification and testing

Does anyone know what certification and testing the S/MIME support in OpenSSL has gone through? I see that it went through FIPS and NISCC but am wondering if there is anything more recent. -Jon

OpenSSL/FIPS Object Module and FIPS compliance - testing some assertions

We are starting our FIPS implementation soon (FIPS OM 2.0 and OpenSSL 1.0.1) and I'd like to test out this set of assumptions (or maybe they are 'assertions') - In the context of OpenSSL, FIPS compliance is all about algorithm choice. In FIPS mode (FIPS_mode_set() returns success),

Re: OpenSSL/FIPS Object Module and FIPS compliance - testing some assertions

On Tue, Nov 13, 2012 at 4:26 PM, mclellan, dave dave.mclel...@emc.com wrote: We are starting our FIPS implementation soon (FIPS OM 2.0 and OpenSSL 1.0.1) and I’d like to test out this set of assumptions (or maybe they are ‘assertions’) - In the context of OpenSSL, FIPS compliance is

RE: OpenSSL/FIPS Object Module and FIPS compliance - testing some assertions

and FIPS compliance - testing some assertions We are starting our FIPS implementation soon (FIPS OM 2.0 and OpenSSL 1.0.1) and I'd like to test out this set of assumptions (or maybe they are 'assertions') - In the context of OpenSSL, FIPS compliance is all about algorithm choice

RE: OpenSSL/FIPS Object Module and FIPS compliance - testing some assertions

: Thursday, November 15, 2012 10:17 AM To: openssl-users@openssl.org Subject: RE: OpenSSL/FIPS Object Module and FIPS compliance - testing some assertions The term 'FIPS compliant' does not refer to the software capability, but to the implementation used to perform the cryptographic operations

  1   2   >