Re: [openssl-users] Unhandled exception at 0x005904dc (libeay32.dll) (Windows x86)

On 26/08/2016 05:42, Scott Ware wrote: On Mon, Aug 22, 2016 at 8:05 PM, Jakob Bohm wrote: On 22/08/2016 22:33, Scott Ware wrote: On Mon, Aug 22, 2016 at 3:04 PM, Jakob Bohm >wrote: On 22/08/2016 20:09, Scott Ware

Re: [openssl-users] Unhandled exception at 0x005904dc (libeay32.dll) (Windows x86)

On Mon, Aug 22, 2016 at 8:05 PM, Jakob Bohm wrote: > On 22/08/2016 22:33, Scott Ware wrote: >> >> >> On Mon, Aug 22, 2016 at 3:04 PM, Jakob Bohm > >wrote: >> >> On 22/08/2016 20:09, Scott Ware wrote: >> >> We

Re: [openssl-users] CVE-2016-2108 and openssl 0.9.8zf

Thanks Marcus! Lily -Original Message- From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Marcus Meissner Sent: Thursday, August 25, 2016 6:34 PM To: openssl-users@openssl.org Subject: Re: [openssl-users] CVE-2016-2108 and openssl 0.9.8zf Hi, to my knowledge

[openssl-users] OpenSSL version 1.1.0 published

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenSSL version 1.1.0 released === OpenSSL - The Open Source toolkit for SSL/TLS https://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 1.1.0 of our open source

Re: [openssl-users] libssl.so.1.0.0 -> Java1.6 net.ssl gives: dh key too small:s3_clnt.c:3617:

There may be other solutions but here are two I've used: (1) Upgrade the Java the server uses to a recent Java 8. It should run fine. The product I work in is built with the Java 6 development kit but runs without any problems on Java 6 - 8. (2) Update the server Java 6 to the latest version

Re: [openssl-users] libssl.so.1.0.0 -> Java1.6 net.ssl gives: dh key too small:s3_clnt.c:3617:

On 25/08/2016 16:21, Matthias Apitz wrote: Hello, We have a C written OpenSSL application which talks to a server written in Java1.6. The client side (i.e. OpenSSL) rejects connecting with the error: 25.08.2016-10:58:06 Error - SSL_connect() returned:<-1> - connection failed

[openssl-users] libssl.so.1.0.0 -> Java1.6 net.ssl gives: dh key too small:s3_clnt.c:3617:

Hello, We have a C written OpenSSL application which talks to a server written in Java1.6. The client side (i.e. OpenSSL) rejects connecting with the error: 25.08.2016-10:58:06 Error - SSL_connect() returned:<-1> - connection failed 25.08.2016-10:58:06 SSL_get_error() returned SSL_ERROR_SSL,

Re: [openssl-users] Example on SSL_SESSION_set_ex_data?

Sorry, I missed that call to SSL_set_session. No, you don't need to call SSL_set_session. SSL_get_session is a get0-type function; it just returns a copy of the pointer in the SSL object. So any changes you make to that SSL_SESSION object are to the one that's already in the SSL object.

Re: [openssl-users] Example on SSL_SESSION_set_ex_data?

Thanks Rich and Michael. That was it, I was under the impression that these set functions would behave like those i2d function that would put the actual data inside... as I don't want to deal with the deallocation later (as I am modifying apache's mod_ssl). This seems to work as I can immediately

Re: [openssl-users] Building OpenSSL 1.0.1t without tls1.1 support?

1.0.1 is old, and not really supported, except some security fixes. 1.0.x does not provide the ability to compile out TLSv1.0 from 1.1 from 1.2. The upcoming 1.1.x does. If you disable tls1, then you’ve also disabled all later versions, so enable tlsv1 at config time and use the SSL options to

Re: [openssl-users] CVE-2016-2108 and openssl 0.9.8zf

Hi, to my knowledge older versions are also affected. Ciao, Marcus On Thu, Aug 25, 2016 at 03:10:19AM +, Zhang, Lily (USD) wrote: > Hi > > From the openssl website, it mentioned that > CVE-2016-2108 > affected version of

[openssl-users] Transmit on a specific nic

Hi, I am having trouble getting my application to send out DTLS packets on a specific nic/vlan. My application needs to bypass the local routing table and force packets to go out via a specified nic. The way I do it in plaintext mode is to simply bind the output socket to that specific nic

[openssl-users] CVE-2016-2180

I am using openssl-1.0.0e in my product. Here i want to know that OpenSSL is CVE-2016-2180 vulnerable or not. https://github.com/openssl/openssl/commit/0ed26acce328ec16a3aa635f1ca37365e8c7403a?diff=unified In this page showing some information about CVE-2016-2180 vulnerability. Actually i read