On 10/24/13 1:59 PM, Dave Thompson wrote:
(For EC, the specified curve must also be acceptable to client(s) per
ClientHello extension,
which encourages using the callback or choosing a popular curve like P-256.)
So, my understanding is that if the tmp_ecdh is set to a curve which
is not
I am trying to use a statically link OpenSSL in FIPS mode on IBM PLinux using
xlC_r as the compiler/linker. This combination is not supported by fipsld or
fips_premain.c. fipld will add linker options to call FINGERPRINT_premain on
uname -s in {OSF1, IRIX, HP-UX, AIX, Darwin}, fips_premain.c
On Thu, Oct 24, 2013 at 03:59:08PM -0400, Dave Thompson wrote:
0 The shutdown is not yet finished. Call SSL_shutdown() for a
second
time, if a bidirectional shutdown shall be performed. The output
of SSL_get_error(3) may be misleading, as an erroneous
Hi!
I am trying to use DTLS with PSK (cipher: SSL_TXT_PSK). Everything works
well if I don't set OpenSSL in FIPS mode (FIPS_mode_set(1)).
If I do, I get crashes as below where p =0;
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffddffb700 (LWP 15278)]
Hi again,
in d1_pkt.c:574
(s-rstate != SSL_ST_READ_BODY) || (s-packet_length
DTLS1_RT_HEADER_LENGTH)) seems to be false at times. When the program
reaches *p == SSL3_MT_CLIENT_HELLO further down it fails (since p is
initialized to NULL).
if I add
if (NULL == p) {
p = s-packet;
}
before *p
On Thu, Oct 24, 2013 at 11:52:36PM -0700, Patrick Pelletier wrote:
(For EC, the specified curve must also be acceptable to client(s) per
ClientHello extension,
which encourages using the callback or choosing a popular curve like P-256.)
So, my understanding is that if the tmp_ecdh is set to
Hi,
I mean in a typical usage of OpenSSL is it mandatory to call
SSL_CTX_set_tmp_dh() if I callĀ SSL_CTX_use_certificate() andĀ
SSL_CTX_use_PrivateKey(). I know that for RSA keys, for example, the session
key exchange is done using the public keys of the client and server.
If my understanding is
On Fri, Oct 25, 2013 at 06:35:08AM -0700, LN wrote:
I mean in a typical usage of OpenSSL is it mandatory to call
SSL_CTX_set_tmp_dh() if I call SSL_CTX_use_certificate()
and SSL_CTX_use_PrivateKey().
No, this is optional.
I know that for RSA keys, for example, the session key exchange is
Is it recommended to specify and use DH parameters for server ?
I know that RSA encryption/decryption is slow and this is why RSA public keys
are used only for establishing the session key which is a symmetric key usually
because symetric key encryption is fast.
If the negotiated cipher suite
I found the following using Google.
===begin quote===
IETF PKIX (latest version RFC 5280) is a well accepted profile for
certificates. From section 4.1.2.4, the following fields must be
supported (I've added between parenthesis is the OpenSSL long and
optional short name):
country
Happy Linux OpenSSL user here. Moving to Windowsville. Haven't been there
in over a decade. Read INSTALL.W32 and INSTALL.W64. Read Configure. Read
crypto/asm/*.pl. Clearly Perl is needed to compile openssl with Visual
Studio - which we will be using.
Does OpenSSL need Perl at runtime?
Thanks,
Perl is simply used to configure the makefiles that build openssl.
-Ike-
John Eichenberger
Principal Engineer: Sustaining Engineering: Intermec
425.265.2108 john.eichenber...@intermec.com
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Michael Mueller
12 matches
Mail list logo
