I am trying to build a Windows DLL that includes the static OpenSSL FIPS
libraries. I built the FIPS libraries using the perl Configure fips
--with-fipslibdir=... -no-shared and then nmake -f ms\nt.mak. I'm using
openssl-fips-2.0.5, openssl-1.0.1j, and MS Visual Studio 2010.
Now I'm trying to
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
Of Dave Thompson
Sent: Monday, December 08, 2014 20:02
To: openssl-users@openssl.org
Subject: Re: [openssl-users] Strange SSL_read behavior: 1/N-1
But given that SSL/TLS is a stream service and any implementation
So Adam Langley writes SSLv3 decoding function was used with TLS,
then the POODLE attack would work, even against TLS connections. on
his the latest POODLE affecting TLS 1.x.
(https://www.imperialviolet.org/).
I also received a notification from Symantec's DeepSight, that states:
OpenSSL
I also received a notification from Symantec's DeepSight, that states:
OpenSSL CVE-2014-8730 Man In The Middle Information Disclosure
Vulnerability.
Did Symantic really label it an OpenSSL CVE? That's wrong.
OpenSSL does not have this defect.
/r$
Hi,
I am doing the following:
1. I have a dynamic engine that I would like to use to produce random
numbers on Android (aosp).
2. I can successfully load the dynamic engine by using the Android
OpenSSLEngine.getInstance() which takes care of loading the engine and I
can see that the binding is
Hi,
OpenSSL does not have this defect.
Does this mean that openssl is not vulnerable to this issue even if TLS 1.0/TLS
1.1 are enabled?
Are all versions of openssl (0.9.8* and 1.0.1*) free from impact?
Thanks,
RMitra
-Original Message-
From: openssl-users
Does this mean that openssl is not vulnerable to this issue even if TLS
1.0/TLS 1.1 are enabled?
Are all versions of openssl (0.9.8* and 1.0.1*) free from impact?
OpenSSL does not have this defect.
___
openssl-users mailing list
Kurt Roeckx wrote:
Kurt
___
openssl-users mailing list
openssl-users@openssl.org
https://mta.opensslfoundation.net/mailman/listinfo/openssl-users
The footer still says mta.opensslfoundation.net ... is this intentional?
--
Álvaro Herrera
openssl-users mailing list
openssl-users@openssl.org
https://mta.opensslfoundation.net/mailman/listinfo/openssl-users
The footer still says mta.opensslfoundation.net ... is this intentional?
Yes, until we make some more DNS changes as we move our infrastructure forward.
Hello!
Do you set your RNG as default when the engine is loaded?
On Tue, Dec 9, 2014 at 10:44 PM, Brian Watson bwats9...@gmail.com wrote:
Hi,
I am doing the following:
1. I have a dynamic engine that I would like to use to produce random
numbers on Android (aosp).
2. I can successfully
Hi Rich,
do we have some formal announcement that openssl is not vulnerable for
POODLE in TLS? or can you explain why Openssl is not affected? if
symantec is issuing notification like that, i guess, a lot of management
will demand explanations. Thanks,
Thanks,
Arthur
On Tue, Dec 9, 2014 at
On Tue, Dec 9, 2014 at 2:07 PM, Amarendra Godbole
amarendra.godb...@gmail.com wrote:
So Adam Langley writes SSLv3 decoding function was used with TLS,
then the POODLE attack would work, even against TLS connections. on
his the latest POODLE affecting TLS 1.x.
(https://www.imperialviolet.org/).
Ask Symantec why they labeled it as an openssl CVE; it is not. Read AGL’s blog
post[1]. Two specific implementations are identified and a different crypto
library (NSS) is implicated.
This is about as formal a statement as you’re going to get. ☺
[1]
On Tue, Dec 9, 2014 at 11:26 AM, Salz, Rich rs...@akamai.com wrote:
I also received a notification from Symantec's DeepSight, that states:
OpenSSL CVE-2014-8730 Man In The Middle Information Disclosure
Vulnerability.
Did Symantic really label it an OpenSSL CVE? That's wrong.
OpenSSL does
On 09/12/14 20:30, Arthur Tsang wrote:
Hi Rich,
do we have some formal announcement that openssl is not vulnerable for
POODLE in TLS? or can you explain why Openssl is not affected? if
symantec is issuing notification like that, i guess, a lot of
management will demand explanations.
I thought that's what the following does:
ENGINE_set_default(engine, ENGINE_METHOD_RAND).
I'm also trying to figure out in rand_lib.c and RAND_get_rand_method() what
causes default_RAND_meth to change.
Thanks,
BW
On Tue, Dec 9, 2014 at 1:52 PM, Dmitry Belyavsky beld...@gmail.com wrote:
Tina Olson
Systems Integration Analyst-Staff, EBS
Lockheed Martin Corporation
Telecommuter - Valley Forge, PA
O 484-369-6001 | M 484-557-1003 | E tina.s.ol...@lmco.com
___
openssl-users mailing list
openssl-users@openssl.org
thanks for the clarification.
On Tue, Dec 9, 2014 at 1:00 PM, Matt Caswell m...@openssl.org wrote:
On 09/12/14 20:30, Arthur Tsang wrote:
Hi Rich,
do we have some formal announcement that openssl is not vulnerable for
POODLE in TLS? or can you explain why Openssl is not affected? if
Hello Brian,
Do you call ENGINE_set_RAND function?
On Tue, Dec 9, 2014 at 11:19 PM, Brian Watson bwats9...@gmail.com wrote:
I thought that's what the following does:
ENGINE_set_default(engine, ENGINE_METHOD_RAND).
I'm also trying to figure out in rand_lib.c and RAND_get_rand_method()
what
19 matches
Mail list logo
