Re: [openssl-users] Early data based on SNI with OpenSSL 1.1.1

Hi Matt, Sorry for the late answer. On Mon, Oct 23, 2017 at 04:31:02PM +0100, Matt Caswell wrote: > > > On 23/10/17 16:16, Olivier Houchard wrote: > > Hi, > > > > I'm trying to use OpenSSL 1.1.1 to accept or reject early data based on > > the SNI, and I'm a bit confused on how to do so. > >

[openssl-users] OpenSSL outputs entire CA bundle with libcurl

Hello all, First, some config info: OpenSSL v1.0.1t PLATFORM=arm-linux- OPTIONS=enable-tls enable-threads enable-shared --cross-compile-prefix=arm-linux- -pthread --prefix=/usr/local no-ec_nistp_64_gcc_128 no-gmp no-idea no-jpake no-krb5 no-md2 no-mdc2 no-rc5 no-rfc3779 no-ripemd no-sctp

Re: [openssl-users] OpenSSL engine and TPM usage.

Hi Jayalakshmi, Is your implementation OSS or intellectual property? If it is OSS can you please provide the URL? Regards, Freemon On Wed, Oct 25, 2017 at 1:06 PM, Jayalakshmi bhat < bhat.jayalaks...@gmail.com> wrote: > Hi All, > > Our device uses TPM to protect certificate private keys. We

Re: [openssl-users] OpenSSL engine and TPM usage.

> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf > Of Michael Richardson > Sent: Wednesday, October 25, 2017 18:37 > > Jakob Bohm wrote: > > > Please beware that many TPM chips were recently discovered to contain a > > broken RSA key

[openssl-users] ENGINE_by_id creates ENGINE with load_ssl_client_cert = null

Hi everyone, When I execute ENGINE_by_id ('pkcs11') I get a ENGINE structure where load_ssl_client_cert (ENGINE_SSL_CLIENT_CERT_PTR type) is null. I'm using Gemalto and Athena cards. Is this behavior related to a card or a pkcs11 engine? This is a problem because calling

Re: [openssl-users] Issue with DTLS for UDP

On 26/10/17 16:43, Grace Priscilla Jero wrote: > Thankyou for the responses. > We figured the issue. But now we are getting error -5 from "SSL_connect" > and the errno is set to 22 which means invalid argument. > Is there a easy way to debug or get logs for SSL_connect. > > Below is the

Re: [openssl-users] Issue with DTLS for UDP

Thankyou for the responses. We figured the issue. But now we are getting error -5 from "SSL_connect" and the errno is set to 22 which means invalid argument. Is there a easy way to debug or get logs for SSL_connect. Below is the sequence for the dtls udp connect that we are trying. ssl =

Re: [openssl-users] SSL_read() failed: error:140E0197:SSL routines:SSL_shutdown:shutdown while in init

On 26/10/17 13:50, Kadlecsik József wrote: > Hi Matt, > > On Thu, 26 Oct 2017, Matt Caswell wrote: > > Oct 20 18:50:05 mail2 dovecot: imap-login: Debug: SSL error: SSL_read() > failed: error:140E0197:SSL routines:SSL_shutdown:shutdown while in init >>> >>> But why SSL_read() failed

Re: [openssl-users] SSL_read() failed: error:140E0197:SSL routines:SSL_shutdown:shutdown while in init

Hi Matt, On Thu, 26 Oct 2017, Matt Caswell wrote: > >>> Oct 20 18:50:05 mail2 dovecot: imap-login: Debug: SSL error: SSL_read() > >>> failed: error:140E0197:SSL routines:SSL_shutdown:shutdown while in init > > > > But why SSL_read() failed with this error message? > > That I can't explain

Re: [openssl-users] OpenSSL engine and TPM usage.

On 10/26/2017 3:33 AM, Michael Ströder wrote: Michael Richardson wrote: Jakob Bohm wrote: wow, further evidence that everything needs an upgrade path. From the viewpoint of hardware vendors the upgrade path is selling new hardware. It's simply like that. Not very

Re: [openssl-users] SSL_read() failed: error:140E0197:SSL routines:SSL_shutdown:shutdown while in init

On 26/10/17 13:28, Kadlecsik József wrote: > Hi, > > On Thu, 26 Oct 2017, Matt Caswell wrote: > >>> Oct 20 18:50:05 mail2 dovecot: imap-login: Debug: SSL error: SSL_read() >>> failed: error:140E0197:SSL routines:SSL_shutdown:shutdown while in init >>> >>> The openssl package is 1.1.0f-3. >>>

Re: [openssl-users] SSL_read() failed: error:140E0197:SSL routines:SSL_shutdown:shutdown while in init

Hi, On Thu, 26 Oct 2017, Matt Caswell wrote: > > Oct 20 18:50:05 mail2 dovecot: imap-login: Debug: SSL error: SSL_read() > > failed: error:140E0197:SSL routines:SSL_shutdown:shutdown while in init > > > > The openssl package is 1.1.0f-3. > > > > The error messsage is total cryptic to me: how

Re: [openssl-users] SSL_read() failed: error:140E0197:SSL routines:SSL_shutdown:shutdown while in init

On 26/10/17 11:22, Kadlecsik József wrote: > Hello, > > We upgraded one of our dovecot servers to debian stretch with dovecot > 2.2.27 and since then an alpine MUA user has been experiencing random IMAP > failures. > > We enabled debugging at both sides, the client tells only: > >

Re: [openssl-users] OpenSSL engine and TPM usage.

In message

Re: [openssl-users] Wanted details on ./config or Configure options

On 25/10/17 18:02, Jayalakshmi bhat wrote: > Hi Matt, > > Thanks a lot. This helps me. I had seen different options for OpenSSL > 1.0.1e versions. Hence had some confusions. > Does this means, options specified here only can be used for OpenSSL > 1.0.2x releases. The INSTALL file is specific

[openssl-users] SSL_read() failed: error:140E0197:SSL routines:SSL_shutdown:shutdown while in init

Hello, We upgraded one of our dovecot servers to debian stretch with dovecot 2.2.27 and since then an alpine MUA user has been experiencing random IMAP failures. We enabled debugging at both sides, the client tells only: {}INBOX: [CLOSED] IMAP connection broken (server response) and we

Re: [openssl-users] OpenSSL engine and TPM usage.

Michael Richardson wrote: > > Jakob Bohm wrote: > >> I wanted to know when we use engine instance for encyrption/decryption > >> operation, can it be done selectively? > > > Please beware that many TPM chips were recently discovered to contain a > > broken

Re: [openssl-users] RSA-PSS Certificate

Thanks. Now all I need to do is figure out what parameter to pass the req or ca command to get the get the subject key info to accept the new algorithm. -Original Message- From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Jakob Bohm Sent: Wednesday, October 25,