Re: How to disable TLS 1.3 in OpenSSL 1.1.1

> But I want to use TLS 1.2 only for my application with curl 7.58 in Ubuntu > 18.04. So while using openssl 1.1.1 how to disable default TLS 1.3 and how > to enable TLS 1.2? Just curious. Why do you want to disable TLS 1.3? It will automagically use 1.2 if that's all the other end

Re: Openssl Version 1.1.1b fails to compile on Solaris platform(Intel & Sparc)

"collect2" indicates that this isn't Solaris ld, but GNU ld in action. With GNU ld, -Map doesn't do what you think it does (from https://sourceware.org/binutils/docs/ld/Options.html#Options): -Map=mapfile Print a link map to the file mapfile. See the description of the -M

Re: Openssl Version 1.1.1b fails to compile on Solaris platform(Intel & Sparc)

Tentative fix: https://github.com/openssl/openssl/pull/8548 On Thu, 21 Mar 2019 07:22:39 +0100, Richard Levitte wrote: > > Said and done: https://github.com/openssl/openssl/issues/8547 > > I would appreciate it if you followed what's happening there and > helped out getting it right... > >

Re: Openssl Version 1.1.1b fails to compile on Solaris platform(Intel & Sparc)

Said and done: https://github.com/openssl/openssl/issues/8547 I would appreciate it if you followed what's happening there and helped out getting it right... Cheers, Richard On Thu, 21 Mar 2019 07:09:37 +0100, Richard Levitte wrote: > > "collect2" indicates that this isn't Solaris ld, but GNU

How to disable TLS 1.3 in OpenSSL 1.1.1

I have updated my openssl from 1.1.0 to 1.1.1 recently. Openssl 1.1.1 version supports TLS1.3 feature. But I want to use TLS 1.2 only for my application with curl 7.58 in Ubuntu 18.04. So while using openssl 1.1.1 how to disable default TLS 1.3 and how to enable TLS 1.2? Can I set any flags

Re: How to disable TLS 1.3 in OpenSSL 1.1.1

> On Mar 21, 2019, at 2:14 AM, Hal Murray wrote: > >> Can I set any flags while building openssl 1.1.1 to disable TLS 1.3 or can >> i get any package from ubuntu to disable TLS 1.3 ? > > You can do it at run time using SSL_set_max_proto_version It can also be set in the system-wide default

Re: i2d_X509_REQ() -> d2i_X509_REQ() = asn1 encoding routines:c2i_ASN1_OBJECT:invalid object encoding:a_object.c:287

>This software however is 7 years old, we’re not in a position to drop > everything and rewrite it. Then don't upgrade? If it's for a CA you don't need TLS 1.3 for example. Or take the existing OpenSSL code that works and jam it into the current release.

Re: i2d_X509_REQ() -> d2i_X509_REQ() = asn1 encoding routines:c2i_ASN1_OBJECT:invalid object encoding:a_object.c:287

On Thu, Mar 21, 2019 at 01:00:14PM +, Salz, Rich via openssl-users wrote: > >This software however is 7 years old, we’re not in a position to drop > > everything and rewrite it. > > Then don't upgrade? If it's for a CA you don't need TLS 1.3 for example. > > Or take the existing

Re: Openssl Version 1.1.1b fails to compile on Solaris platform(Intel & Sparc)

On 3/21/19 7:04 AM, Richard Levitte wrote: > Tentative fix: https://github.com/openssl/openssl/pull/8548 > I think this was all covered in detail during the beta test releases and I am certain that last year I was quite vocal that the config files are wrong for Solaris. The solution is that the

Re: Using (not building) openssl with mingw on Windows 10

On 3/20/2019 12:41 PM, Michael Wojcik wrote: Sounds like you might have import libraries there. Does "ar t libcrypto.lib" show a bunch of .obj members, or a bunch of .dll members? If it's the latter, then it's just an import library that tells the linker what DLL needs to be loaded at

Re: Using (not building) openssl with mingw on Windows 10

On 3/20/2019 6:44 PM, Sergio NNX wrote: I've been happily using the Shining Light 32-bit binaries with both openssl 1.0 and 1.1 and mingw. Getting back to this: I tried mingw linking against these "c:/program files/openssl64/lib/libcrypto.lib" "c:/program files/openssl64/lib/libssl.lib"

Re: i2d_X509_REQ() -> d2i_X509_REQ() = asn1 encoding routines:c2i_ASN1_OBJECT:invalid object encoding:a_object.c:287

First, let me prefix that while I don't want to badmouth anybody, even incompetence cannot excuse deliberately generating bad/unparsable encoding. That's one of the cases when the cure is clearly worse than the disease. On 3/21/19, 13:58, "openssl-users on behalf of Viktor Dukhovni" wrote:

Re: i2d_X509_REQ() -> d2i_X509_REQ() = asn1 encoding routines:c2i_ASN1_OBJECT:invalid object encoding:a_object.c:287

> On Mar 21, 2019, at 1:57 PM, Viktor Dukhovni > wrote: > >1. Return failure from i2d_ASN_OBJECT(), which then percolates > up to failure to encode the containing structure. > >2. Emit a "harmless" default OID (such as 0.0), returning to > the behaviour prior to 1.0.1i >

Re: i2d_X509_REQ() -> d2i_X509_REQ() = asn1 encoding routines:c2i_ASN1_OBJECT:invalid object encoding:a_object.c:287

+1 to Viktor's points. Regards, Uri Sent from my iPhone > On Mar 21, 2019, at 12:52, Viktor Dukhovni wrote: > > On Thu, Mar 21, 2019 at 01:00:14PM +, Salz, Rich via openssl-users wrote: > >>> This software however is 7 years old, we’re not in a position to drop >>> everything and

Re: i2d_X509_REQ() -> d2i_X509_REQ() = asn1 encoding routines:c2i_ASN1_OBJECT:invalid object encoding:a_object.c:287

On Thu, Mar 21, 2019 at 05:22:24PM +, Blumenthal, Uri - 0553 - MITLL wrote: > > On the DER padding front, the minimal > > working suffix is 7 bytes: Apparently I can't count today, clearly the suffix is 8 bytes. > > > >30 03-- Length 3 sequence > >06 01 00 -- OBJECT ID: 0.0 > >

Re: cURL with openSSL 1.1.1 version

On Tue, 19 Mar 2019 at 07:56, Swamy J-S wrote: > Right now my code uses curl library with libcurl4 and gnuTLS as SSL > backend. Am using many curl options such as CURLOPT_SSL_VERIFYPEER , > If you use gnuTLS as your SSL backend then this is nothing to do with openssl at all. Kind Regards Rich