https://www.openssl.org/news/changelog.html
1.0.1 introduced the heartbeat support.
1.0.0 and earlier are fortunate in that they didnt have it.but then they
didnt have things to stop you from being BEASTed so some you win, some you
lose. ;)
alan
True. Thanks for the quick reply.
On Wednesday, April 9, 2014 3:33 PM, Alan Buxey a.l.m.bu...@lboro.ac.uk wrote:
https://www.openssl.org/news/changelog.html
1.0.1 introduced the heartbeat support.
1.0.0 and earlier are fortunate in that they didnt have it.but then they
didnt have things
I call a EVP-based verify function (that works), I then call a
HSM/dynamic/OpenSC/pkcs11-based sign function ( works too ) , but then a
second call to my verify functions complains with
ecc_ssl_gen_EC_KEY EC_KEY_generate_key FAIL error:2D06D075:FIPS
routines:fips_pkey_signature_test:test failure
I am newer to this and i want to make ECDHE algorithm for cilient-server.
Can anyone tell me basic steps and functions to do this. all response are
acceptable.
Thankss in advance
--
View this message in context:
Thanks Wim.
On Tue, Apr 8, 2014 at 10:36 PM, Wim Lewis w...@omnigroup.com wrote:
On 8 Apr 2014, at 7:14 PM, Chris Hill wrote:
Team, I am having a discussions with a few friends about why this
OpenSSL vuln (CVE 2014-0160) does not affect SSH. This may be TOO basic for
many of you
Hi all,
I have a question on openssl ECDSA code. Can ECDSA be safely used without
infringing on patents? The ECDSA implementation which is patent-free in
openssl ?
I would like to make use of ECDSA in embedded system, so I porting code from
openssl. Will there be any problem?
Best Wishes!
Hi all,
I have a question on openssl ECDSA code. Can ECDSA be safely used without
infringing on patents? The ECDSA implementation which is patent-free in
openssl ?
I would like to make use of ECDSA in embedded system, so I porting code from
openssl. Will there be any problem?
Best Wishes!
Hi,
when you set the -host parameter as last, you will get the following error:
~/cert-test/ $ openssl ocsp -CApath /etc/ssl/certs -no_nonce -issuer
issuer.crt -cert cert.crt -url http://ocsp2.globalsign.com/gsalphag2
-host ocsp2.globalsign.com
Error querying OCSP responsder
Hi all,
Since 1.0.0 version the STORE functionallity has been removed from openssl
distirbutive by default.
We may see in CHANGES
*) Removed effectively defunct crypto/store from the build.
[Ben Laurie]
Does anybody know why the STORE support has been disabled?
How do I determine whether or not the web servers I run are affected? They
are Apache 2.4, built for 64 bit Windows and downloaded from Apachelounge.
I have no idea what version of openssl it was built with. Does anyone here
know if the feature that introduces the risk can be turned off, without
http://filippo.io/Heartbleed/#www.unlocator.com
On Wed, Apr 9, 2014 at 2:05 PM, Ted Byers r.ted.by...@gmail.com wrote:
How do I determine whether or not the web servers I run are affected?
They are Apache 2.4, built for 64 bit Windows and downloaded from
Apachelounge. I have no idea what
Hi Ted,
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
How do I determine whether or not the web servers I run are affected?
They are Apache 2.4, built for 64 bit Windows and downloaded from
Apachelounge. I have no idea what version of openssl it
Ø How do I determine whether or not the web servers I run are affected?
Here's a simple way:
echo B | openssl s_client -connect $HOST:$PORT
if you see heartbeating at the end, then $HOST is vulnerable.
How can you tell if private keys have been taken? You can't, really. You can
Can anyone confirm my understanding that the FIPS 140-2 certified module is
NOT affected by the CVE 2014-0160 vulnerability?
--
Chris Bare
Thanks Rich,
I have obtained the new, patched, release of Apache from Apache lounge, and
applied the patch to one server, which the online services say fix the
problem on it, but your simple way of checking still says heartbeating at
the end. Does that mean that the patch didn't truly work?
I
Thanks Patrick.
Apache lounge already has a patched release released. So, once I deploy
that, and get my certificates reissued, I ought to be OK.
Thanks
Ted
--
R.E.(Ted) Byers, Ph.D.,Ed.D.
On Wed, Apr 9, 2014 at 8:37 AM, Eisenacher, Patrick
patrick.eisenac...@bdr.de wrote:
Hi Ted,
It is not.
-ag
--
sent via 100% recycled electrons from my mobile command center.
On Apr 9, 2014, at 7:22 AM, Chris Bare chris.b...@gmail.com wrote:
Can anyone confirm my understanding that the FIPS 140-2 certified module is
NOT affected by the CVE 2014-0160 vulnerability?
--
Chris
It looks like OpenSSL always shows unsupported for a subjectAltName of
otherName.
The string that was written (both via M2Crypto, and directly at the
commandline via openssl.cnf):
1.2.3.4;UTF8:some other identifier
Dumped (openssl x509 -in test.crt -noout -text):
On Wed, Apr 09, 2014 at 10:55:23AM -0400, Ted Byers wrote:
I get the heartbeating message on both unpatched and patched servers.
Should that make me worry about the patched machines?
No, unfortunately both patched and unpatched systems respond the
same way to valid heartbeat requests as send
Ø I get the heartbeating message on both unpatched and patched servers.
Should that make me worry about the patched machines?
Not necessarily. If they updated to the 'g' release, then they are doing
buffer-overrun checking and you're safe. You can probably find out by
connecting to your
On 9 April 2014 08:39, chetan chet...@neominds.in wrote:
I am newer to this and i want to make ECDHE algorithm for cilient-server.
Can anyone tell me basic steps and functions to do this. all response are
acceptable.
Thankss in advance
Its unclear from your question
- Forwarded message from Salz, Rich rs...@akamai.com -
Date: Wed, 9 Apr 2014 09:54:25 -0400
From: Salz, Rich rs...@akamai.com
To: openssl-users@openssl.org openssl-users@openssl.org
Subject: RE: OpenSSL Security Advisory
Ø How do I determine whether or not the web servers I run
Can you please post a good and a bad server example. I have tested a lot
of servers, including 'akamai.com', and they all show HEARTBEATING at the end:
Look at Victor's recent post about how to patch openssl/s_client to make your
own test. That's the simplest. My example tests only for
Attention: The .asc file I downloaded directly from openssl.org for the
1.0.1g tarball was signed with a key NOT authorized by the
fingerprints.txt file distributed in previous tarballs, nor by the
(unverifiable) fingerprints.txt available from
http://www.openssl.org/docs/misc/
On Apr 9, 2014 7:30 PM, Jakob Bohm jb-open...@wisemo.com wrote:
Attention: The .asc file I downloaded directly from openssl.org for the
1.0.1g tarball was signed with a key NOT authorized by the fingerprints.txt
file distributed in previous tarballs, nor by the (unverifiable)
fingerprints.txt
Hi -
I just compiled OpenSSL 1.0.1g for Win32 using Visual Studio 2005; my
application failed to link because of an unresolved external
_check_winnt
In crypto/rand/rand_win.c, function readscreen, this line:
if (GetVersion() 0x8000 OPENSSL_isservice()0)
was changed to
if
I just compiled 32 bit with ntdll.mak with nasm 2.11.02 and Visual
Studio Express 2013 with no issues, with and without the
DOPENSSL_NO_HEARTBEATS option. I was making it to drop the keys files
into Apache 2.2.26:
openssl.exe
ssleay32.dll
libeay32.dll
I am doing this to compile:
perl Configure
Thanks for the report. Is check_winnt() in the Windows libraries or
in OpenSSL? I tried Googling it, but didn't come up with anything,
and I didn't find a declaration in the OpenSSL source code.
I do nmake -f ntlib.mak, which makes some static libraries for me,
using only code in crypto/ and
On 9 Apr 2014, at 4:12 PM, Jakob Bohm wrote:
Attention: The .asc file I downloaded directly from openssl.org for the
1.0.1g tarball was signed with a key NOT authorized by the fingerprints.txt
file distributed in previous tarballs, nor by the (unverifiable)
fingerprints.txt available from
Googling check_winnt suggests openssl/e_os.h.
From: Geoffrey Coram [mailto:gjco...@gmail.com]
Sent: Thursday, April 10, 2014 3:27 AM
Thanks for the report. Is check_winnt() in the Windows libraries or
in OpenSSL? I tried Googling it, but didn't come up with anything,
and I didn't find a
30 matches
Mail list logo