openssl 1.0.1i

2014-09-17 Thread Tulasi
Hi I installed openssl 1.0.1i fips enabled (fips 2.0.7) When i run the command openssl version, i get this OpenSSL 1.0.0-fips 29 Mar 2010 Why doesn't it show 1.0.1i in the version information. Please help.

Change in default behavior from 1.0.1g to 1.0.1h

2014-09-17 Thread Andy Schmidt
I just tracked down an obscure bug in our certificate authentication code to a change in in the global mask for ASN.1 strings in crypto/asn1/a_strnid.c. (https://github.com/openssl/openssl/commit/3009244da47b989c4cc59ba02cf81a4e9d8f8431) I have a couple of questions about this: 1. Was this change

RE: TLS handshake error : No shared cipher (SSL error 40)

2014-09-17 Thread Dave Thompson
> From: owner-openssl-us...@openssl.org On Behalf Of Francis GASCHET > Sent: Wednesday, September 17, 2014 13:35 > We use openSSL in OFTP2 implementation. The OFTP2 working group > decided > to strongly recommend to use preferably the cipher suites including PFS > (ephemeral Diffie Hellman). To

Re: TLS handshake error : No shared cipher (SSL error 40)

2014-09-17 Thread Viktor Dukhovni
On Wed, Sep 17, 2014 at 07:34:44PM +0200, Francis GASCHET wrote: > We use openSSL in OFTP2 implementation. The OFTP2 working group decided to > strongly recommend to use preferably the cipher suites including PFS > (ephemeral Diffie Hellman). Preferably, does not mean exclusively. You should pro

Preshared keys - tutorial requested

2014-09-17 Thread Bush, Stephen F (GE Global Research)
I would like to implement pre-shared keys using OpenSSL (another mechanism is being used to provide for a common secret at all nodes to be used as a symmetric key). My goal is for OpenSSL to simply load the key from a local location and use it. No certificates should be involved. I notice two f

TLS handshake error : No shared cipher (SSL error 40)

2014-09-17 Thread Francis GASCHET
Hello, We use openSSL in OFTP2 implementation. The OFTP2 working group decided to strongly recommend to use preferably the cipher suites including PFS (ephemeral Diffie Hellman). So in our iplementation (linked against openssl 1.0.1g) I limited the list of offered ciphers (client) and prefered

certificate error

2014-09-17 Thread Amir Reda
dear all i have made a client server code the client sends a X509 request and the server reply the X509 certificate but i have 2 questions 1- did i fill all the attributes of the X509 certificate in this code or not 2- when i compile this code using eclipse i got allot of errors but all are the s

SIGSEGV in ssl3_get_message?

2014-09-17 Thread Michael Menge
Hi, i have a Problem with Cyrus-Imapd 2.4.17 and libopenssl0_9_8-0.9.8j-0.62.1 openssl-0.9.8j-0.62.1 on a SLES 11 SP 3 (most recent versions for SLES 11) We recently switched from a normal Cyrus to a Cluster Configuration (aka Cyrus Murder). A frontend imapd will proxy the requests to the backen