On 23/03/15 11:54, Linsell, StevenX wrote:
On 20/0315 15:51, Matt Caswell wrote:
On 20/03/15 12:44, Linsell, StevenX wrote:
On Thu, Mar 19, 2015, Steve Linsell wrote:
Following further testing I see identical failures in the master branch
using the \
following cipher/protocol
Hi All,
As per openssl advisory http://www.openssl.org/news/secadv_20150319.txt,
the vulnerability CVE-2015-0292 is fixed in 0.9.8 za. Is this correct or
typo? Can some one point me to the code changes related to this fix on gib
hub. I really could not find the code changes related to the commit
On 23/03/15 10:50, Jaya Nageswar wrote:
Hi All,
As per openssl advisory http://www.openssl.org/news/secadv_20150319.txt,
the vulnerability CVE-2015-0292 is fixed in 0.9.8 za. Is this correct or
typo?
It is correct. As the advisory states this is a historic bug that was
fixed in previous
On 20/0315 15:51, Matt Caswell wrote:
On 20/03/15 12:44, Linsell, StevenX wrote:
On Thu, Mar 19, 2015, Steve Linsell wrote:
Following further testing I see identical failures in the master branch
using the \
following cipher/protocol combinations:
ECDH-ECDSA-AES128-SHA ssl3
On 23/03/15 14:19, Jakob Bohm wrote:
On 23/03/2015 14:48, Matt Caswell wrote:
On 23/03/15 13:45, Viktor Dukhovni wrote:
On Mon, Mar 23, 2015 at 01:01:29PM +, Matt Caswell wrote:
As Viktor states RFC 4492 says if the client sends no TLS extension
containing the curves supported then the
Hello,
Following on the 'SP800-90 DRBG in OpenSSL FIPS 140 for SP800-90A?' topic, the
OpenSSL source code does not seem to mention SP 800-90A. Only SP 800-90. So
the certifications were made for SP 800-90, is that right ?
Also, does it depend on the application to choose which DRBG and
It's unlikely to appear in 1.0.2 as it's a new feature.
CloudFlare has posted patches that seem like they would drop in easily, for
folks that want to do it; see
https://blog.cloudflare.com/do-the-chacha-better-mobile-performance-with-cryptography/
--
Senior Architect, Akamai Technologies
Hi,
For the second question any DRBG that are approved in FIPS SP 800-90A are
approved for any application. You can chose over tha Hash, HMAC or CTR DRBG
equivalently.
Best regards
Q Gouchet
Le 23 mars 2015 09:38, jonetsu jone...@teksavvy.com a écrit :
Hello,
Following on the 'SP800-90 DRBG
On 23/03/15 13:45, Viktor Dukhovni wrote:
On Mon, Mar 23, 2015 at 01:01:29PM +, Matt Caswell wrote:
As Viktor states RFC 4492 says if the client sends no TLS extension
containing the curves supported then the server can choose any supported
curve. So your fix is to continue when we
Thanks Jakob.
On 23-Mar-2015 11:58 AM, Jakob Bohm jb-open...@wisemo.com wrote:
The most common Java interface for openssl is to use an
openssllibrary wrapper as the JNI backend behind the
Java CryptographyExtensions (JCE). For instance this
is how Android implements JCE.
Curiously Android
On Mon, Mar 23, 2015 at 01:01:29PM +, Matt Caswell wrote:
As Viktor states RFC 4492 says if the client sends no TLS extension
containing the curves supported then the server can choose any supported
curve. So your fix is to continue when we reach the second iteration if
there are no
On 23/03/2015 14:48, Matt Caswell wrote:
On 23/03/15 13:45, Viktor Dukhovni wrote:
On Mon, Mar 23, 2015 at 01:01:29PM +, Matt Caswell wrote:
As Viktor states RFC 4492 says if the client sends no TLS extension
containing the curves supported then the server can choose any supported
curve.
The most common Java interface for openssl is to use an
openssllibrary wrapper as the JNI backend behind the
Java CryptographyExtensions (JCE). For instance this
is how Android implements JCE.
Curiously Android returns the OID from the JCE name()
method, and then end up having to add alias
(Resending because I accidentally sent this
reply from the wrong addresslast week, and
yes, this is the correct mailing list).
No, don't dump the CA certificate. Dump one
of the *old* *issued*certificates.
There is nothing to diff against, you need to
see in what ways the *old**issued*
On Tue, Oct 7, 2014 at 12:42 PM, Matt Caswell m...@openssl.org wrote:
On 07/10/14 18:07, Jeffrey Walton wrote:
But I have not been able to find its trail:
$ cd openssl-git
$ git pull
Already up-to-date.
$ grep -R -i chacha *
$ grep -R -i poly1305 *
$
Where are
Hi,
My apologies if I missed a post about this already, but I'm seeing the
following when running `nmake -f ms\ntdll.mak` in the vc9x64 build of openssl
1.0.2a:
...
Assembling: tmp32dll\aesni-sha256-x86_64.asm
tmp32dll\aesni-sha256-x86_64.asm(109) : error A2006:undefined symbol : __imp_Rtl
Thanks Matt for a prompt response.
On Mon, Mar 23, 2015 at 4:25 PM, Matt Caswell m...@openssl.org wrote:
On 23/03/15 10:50, Jaya Nageswar wrote:
Hi All,
As per openssl advisory http://www.openssl.org/news/secadv_20150319.txt,
the vulnerability CVE-2015-0292 is fixed in 0.9.8 za. Is
The key issue still remains, are the validated SP800-90 DRBGs the _same_
as SP800-90A's DRBGs? If yes then we can probably use Openssl-FIPS with
SP800-90A, otherwise OpenSSL-FIPS 2.0.9 probably can no longer be used
for any new validations?
Thanks,
xxiao
---
Hi,
For the second question any
Hi,
I'm facing a crash (heap corruption) on Windows ever since I updated
OpenSSL to the version 1.0.2a. The same seems to happen in 1.0.1m.
I'm using Visual Studio 2013. I'm building the x64-static variant of
OpenSSL like so:
perl Configure VC-WIN64A no-asm
On 3/23/2015 9:51 AM, Kevin Moody wrote:
Hi,
My apologies if I missed a post about this already, but I'm seeing the
following when running `nmake -f ms\ntdll.mak` in the vc9x64 build of openssl
1.0.2a:
...
Assembling: tmp32dll\aesni-sha256-x86_64.asm
tmp32dll\aesni-sha256-x86_64.asm(109) :
20 matches
Mail list logo