Thanks..
--
Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html
Hello,
I have two questions regarding support for FIPS in 3.0. We're currently
working on early planning for our migration to OpenSSL 3.0 and we're
trying to size the effort for our team. We're also beginning to put together
contingency plans in the event that dates on either side change
>> The second question is somewhat related. Has there been a decision yet
> whether the FOM 3.0 will go through a 140-2 or a 140-3 validation?
>We are going through 140-2.
Has the list of validated platforms been made public yet?
For people using a different platform, will
Hi,
I’m using OpenSSL 1.1.1 to issue a certificate and include the AKI by defining
authorityKeyIdentifier = keyid,issuer:always
The issued certificate contains the AKI afterwards with 3 values:
KeyID: issuer's key id
Serial: issuer's serial
Issuer: the issuer’s issuer, not the issuer’s
> error:140E0197:SSL routines:SSL_shutdown:shutdown while in init,
> State: SSL negotiation finished successfully
And lots more similar overnight:
error:140E0197:SSL routines:SSL_shutdown:shutdown while in init, State:
TLSv1.3 early data
It seems some browsers open three to five sockets at the
On 24/03/2020 14:06, Pete wrote:
> Hello,
>
> I have two questions regarding support for FIPS in 3.0. We're currently
> working on early planning for our migration to OpenSSL 3.0 and we're
> trying to size the effort for our team. We're also beginning to put together
> contingency plans in
Hi Matt,
Thanks so much for the quick and thorough response. I had caught bits
and pieces of the algorithm selection process while going through the
design doc but apparently didn't catch just how flexible it really is.
As for the 140 level of testing, that's just what we expected.
Thanks
>It seems some browsers open three to five sockets at the same time and
then don't complete SSL negotiation on all of them, just closing them
in various states.
Yes, this is exactly what they do.
Hi,
I am beginner in openssl and I am porting openSSL-1.1.1d in vxWorks-6.9. So
as suggested I have defined "OPENSSL_RAND_SEED_NONE" flag, as for vxWorks
'none' is only supported but after doing so I am observing
"rand_pool_entropy_available()" returns 0 which further leads to failure.
I came
Hi,
> I am beginner in openssl and I am porting openSSL-1.1.1d in vxWorks-6.9. So
> as suggested I have defined "OPENSSL_RAND_SEED_NONE" flag, as for vxWorks
> 'none' is only supported but after doing so I am observing
> "rand_pool_entropy_available()" returns 0 which further leads to failure.
>
I replied to the original commit on GH but haven't seen any responses so
thought I would follow up here as well.
https://github.com/openssl/openssl/pull/10907
After this PR was merged, I am now getting what look like spurious errors
for a "normal" connection end. For example, if I run 'openssl
> Indeed, one workaround for your application would be to seed and reseed
> the random generator manually using RAND_bytes(), ...
Correction, I meant to say ".. using RAND_add()..."
> -Original Message-
> From: openssl-users On Behalf Of Dr.
> Matthias St. Pierre
> Sent: Tuesday,
12 matches
Mail list logo
