[openssl-users] -pkeyopt parameters?

I seem unable to figure how to configure RSA-OAEP parameters (hash and MGF functions) for “opensl pkeyutl” command. The man page seems to say that only thing I can do is tell openssl CLI that I want OAEP padding, and nothing more. File “apps/pkeyutl.c” was of no help. Where can I find

Re: [openssl-users] Why wasn't the fix for IP name restrictions included in 1.0.2 ?

➢ But the patch was put in git almost 10 months before 1.0.2 initial release. We weren’t using git back then. So maybe it’s a bad/confusing import. Maybe matt can explain. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Why wasn't the fix for IP name restrictions included in 1.0.2 ?

On 14/09/2017 23:06, Salz, Rich via openssl-users wrote: ➢ However for some unknown reason, this was not included in 1.0.2 which thus still rejects all such certificate chains. Because it was seen to be a feature, not a bug-fix? But the patch was put in git almost 10 months

Re: [openssl-users] Why wasn't the fix for IP name restrictions included in 1.0.2 ?

➢ However for some unknown reason, this was not included in 1.0.2 which thus still rejects all such certificate chains. Because it was seen to be a feature, not a bug-fix? -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Why wasn't the fix for IP name restrictions included in 1.0.2 ?

Way back in May 2014, there was a patch by Matt Casswell to not incorrectly reject all certificate chains with IP address name constraints and actual IP address names (dd36fce023a64d90058b8fefbd95dadaca98f9ca). However for some unknown reason, this was not included in 1.0.2 which thus still

Re: [openssl-users] [EXT] TLS 1.3 performance

Hi Neetish, I would recommend considering the following in your research: - The impact of Nagle. See https://github.com/openssl/openssl/issues/4237 - The impact of the KeyShare calculation on TLS 1.3 session resumption (assuming most deployments will use psk_dhe_ke) - The impact of

[openssl-users] TLS 1.3 performance

Hi, I worked on TLS 1.3 performance bench-marking. After my tests, I found that TLS 1.3 based resumption is not giving us the connection latency benefits when tested in a LAN environment. It is slower than TLS 1.2. When tested on WAN, definitely, TLS 1.3 fares better than TLS 1.2. I want your

Re: [openssl-users] Lost in STACK_OF again (porting M2Crypto to OpenSSL 1.1.* API)

On 2017-09-12, 19:33 GMT, Dr. Stephen Henson wrote: > Yes *_seq_unpack() is no longer in 1.1. What happens is that > code above it generates a function d2i_SEQ_CERT() which does > the same as ASN1_seq_unpack() for a certificate. > > So something like this should work: > > const unsigned char

Re: [openssl-users] [openssl-dev] 20170914 snapshots

We did some system upgrades and they were down during the update time. As I’ve said before, please wait for at least a second day before writing about the snapshots. On 9/14/17, 8:09 AM, "The Doctor" wrote: They are missing in action! -- openssl-users mailing

[openssl-users] 20170914 snapshots

They are missing in action! -- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising! https://www.empire.kred/ROOTNK?t=94a1f39b Look at Psalms 14 and 53 on Atheism Talk Sense to a fool and