On Tue, Mar 10, 2015 at 10:23:41PM +0300, Serj Rakitov wrote:
> Hello,
>
> I see some delay about 30-40 min for my emails. They arrive and I see them in
> the incoming messages in the list only after 30-40 min. And one email was
> delivered for 2 hours. Is it normal for the openssl-users@openss
Hmm. I am pretty sure I was linking against the FIPS capable OpenSSL but I will
double check tomorrow to make sure I did it right.
Thanks.
> On Mar 10, 2015, at 7:28 PM, Dr. Stephen Henson wrote:
>
>> On Tue, Mar 10, 2015, Jason Schultz wrote:
>>
>> Is this function available to call in O
On Tue, Mar 10, 2015, Jason Schultz wrote:
> Is this function available to call in OpenSSL 1.0.1? I'm trying to call it
> from my application running a FIPS capable version of OpenSSL (everything
> else works, turning FIPS on, etc), but I include fips.h but I get a compile
> error saying the fu
On Tue, Mar 10, 2015, jonetsu wrote:
>
>
> > From: "Dr. Stephen Henson"
> > Date: 03/10/15 10:21
>
> > Although you cannot modify the FIPS module itself without voiding the
> > validation you *can* change the FIPS capable OpenSSL.
>
> > You might (for example) change FIPS_mode_set() to alwa
> I see some delay about 30-40 min for my emails. They arrive and I see them
> in the incoming messages in the list only after 30-40 min. And one email was
> delivered for 2 hours. Is it normal for the openssl-users@openssl.org?
It happens sometimes.
> Some time ago I see an email with message:
Hi, Jakob. Thanks for reply.
Now I have seen OpenSSL code and something clear for me.
WANT_READ/WANT_WRITE it's just an implementation for "WOULDBLOCK": not fatal
error for non-blocking IO. So, for example for socket and Windows it's just
WSAEWOULDBLOCK returns by WSAGetLastError. Peforms by
Hello,
I see some delay about 30-40 min for my emails. They arrive and I see them in
the incoming messages in the list only after 30-40 min. And one email was
delivered for 2 hours. Is it normal for the openssl-users@openssl.org?
Some time ago I see an email with message: Welcome to the
opens
> From: openssl-users On Behalf Of Viktor Dukhovni
> Sent: Monday, March 09, 2015 12:47
> On Mon, Mar 09, 2015 at 02:23:53PM +0530, Deepak wrote:
> > "kEDH:ALL:!ADH:!DES:!LOW:!EXPORT:+SSLv2:@STRENGTH"
> > with SSL_CTX_set_cipher_list() be good enough to disable EXPORT40, 56
> and 1024?
>
You only
I guess I didn't have the correct fips.h file in my include path when I
couldn't get it to compile. But I don't think it will work for my purposes
since if I install my application on another system, that entry point is not
defined in libcrypto.so or libssl.so.
Does anyone know if it's really g
> Does OpenSSL support renegotiation?
Yes.
You probably need more than that. :) Take a look at the apps/s_client and look
for the 'R' constant to see how to do client-initiated reneg.
___
openssl-users mailing list
To unsubscribe: https://mta.openssl
Nobody knows?
09.03.2015, 15:30, "Serj Rakitov" :
> I have to open discussion again.
>
> I want to test situations when SSL_read WANT_WRITE and SSL_write WANT_READ.
> But I can't do this. SSL_read never wants write and SSL_write never wants
> read!
>
> I don't know how to catch these situat
> From: "Dr. Stephen Henson"
> Date: 03/10/15 10:21
> Although you cannot modify the FIPS module itself without voiding the
> validation you *can* change the FIPS capable OpenSSL.
> You might (for example) change FIPS_mode_set() to always add a callback
> which logs any errors.
I see. So t
Nobody knows?
Does OpenSSL support renegotiation?
I will be very grateful for answers because there is no any info about this in
the net.
09.03.2015, 00:36, "Serj Rakitov" :
> Hello
>
> I want to test SSL_ERROR_WANT_READ/SSL_ERROR_WANT_WRITE.
> I have client and server. Server is sending data
On 09/03/2015 14:13, Waldin wrote:
Am 08.03.2015 um 09:14 schrieb Waldin:
Now, I also want to check ciphers enabled in (mobile) mail clients.
I've tried to make OpenSSL listen on port 110 (for POP with TLS) and
redirected the client to the OpenSSL server. But when trying to pull
mail I can't s
On 09/03/2015 13:21, Serj Rakitov wrote:
I have to open discussion again.
I want to test situations when SSL_read WANT_WRITE and SSL_write WANT_READ. But
I can't do this. SSL_read never wants write and SSL_write never wants read!
I don't know how to catch these situations. I don't know how to
Viktor's description agrees with Matthew Green's explanation.[1] The FREAK
attack can work against non-patched OpenSSL clients even if they disable
export-grade ciphers; in fact, that's precisely the problem.
The attack works like this:
1. Client sends ClientHello with a suite list that include
On Tue, Mar 10, 2015, jonetsu wrote:
> Hello,
>
> Is there a method that is always in the path of execution when a crypto
> error occurs ? The reason for asking is that I would like to very slightly
> modify the OpenSSL FIPS version so that it will write a file in tmpfs when
> an error occurs.
> From: "Steve Marquess"
> Date: 03/10/15 08:56
Hello,
Thanks for your reply.
> You're talking about a Level 2 validation (or higher)? You most
> definitely do *not* want to include the OS or applications in the
> "cryptographic module boundary" for Level 1.
It's a level 2. The behaviou
> Is there a method that is always in the path of execution when a crypto error
> occurs ?
It looks like fips_set_selftest_fail() would be a likely candidate where to
create an empty file on a tmpfs in order to let the OS know about the error.
Comments and suggestions welcomed. Based on yo
On 03/10/2015 08:20 AM, jonetsu wrote:
> ...
> Steve has replied that indeed the validation will be lost - I wonder
> if that would have any impact on the total validation costs for a
> whole unit, OS and apps ?
You're talking about a Level 2 validation (or higher)? You most
definitely do *not* w
Hello,
Is there a method that is always in the path of execution when a crypto error
occurs ? The reason for asking is that I would like to very slightly modify
the OpenSSL FIPS version so that it will write a file in tmpfs when an error
occurs. That place will be observed by another app us
On Tue, Mar 10, 2015 at 08:44:57AM +, Christian Georg wrote:
> I understand that the downgrading of the ciphersuites is a bug in the
> library that should be patched. Doing this can however be dificult when
> talking about mobile apps that use OS Libraries. From my understanding
> the bug onl
Hi Viktor,
please help me to understand your sentence:
"Note that doing so does not address the FREAK CVE in SSL clients.
Even with EXPORT ciphers disabled they are still vulnerable, unless patched!"
I understand that the downgrading of the ciphersuites is a bug in the library
that sh
23 matches
Mail list logo