Re: [openssl-users] Double TLS 1.3 session ticket?

On 06/20/2018 08:46 PM, Salz, Rich via openssl-users wrote: Thanks, it does not happen with mozzilla implementation (tls13.crypto.mozilla.org), is this openssl specific or part of the specification? The specification allows a server to send one or more tickets, at its

Re: [openssl-users] OpenSSL FIPS Object Module 2.0 on CD

I'm responding to a previous post about obtaining a CD of the OpenSSL FIPS Object Module from KeyPair Consulting rather than directly from OpenSSL. The question is: > Just curious, but does this satisfy Section 6.6 of the User Guide, > since the CD does not come directly from the OpenSSL

Re: [openssl-users] Double TLS 1.3 session ticket?

On Thu, Jun 21, 2018 at 12:17 AM, Yann Ylavic wrote: > > Right but if s_server had handled SSL_CB_HANDSHAKE_START/DONE in its > info callback (like s_client), you'd see "SSL negotiation finished > successfully" after each ticket, even if the server knows (or could). Hm, actually I tried that and

Re: [openssl-users] Double TLS 1.3 session ticket?

On Wed, Jun 20, 2018 at 11:49 PM, Matt Caswell wrote: > > On 20/06/18 22:31, Yann Ylavic wrote: >> >> but I wonder if >> announcing the start then end of the same handshake multiple times >> could/should be avoided (i.e. handshake ends after last ticket only)? > > They really are individual

Re: [openssl-users] Double TLS 1.3 session ticket?

On 20/06/18 22:31, Yann Ylavic wrote: >>>Thanks, it does not happen with mozzilla implementation >> (tls13.crypto.mozilla.org), is this openssl specific or part of the >> specification? >> >> The specification allows a server to send one or more tickets, at its >> discretion. > >

Re: [openssl-users] Unexpected behaviors in TLS handshake

On 20/06/2018 23:07, Viktor Dukhovni wrote: On Jun 20, 2018, at 3:44 PM, Jakob Bohm wrote: I believe there is a fundamental concern, impossible to handle sanely at the CA policy level, that a CA may reasonably have certificate hierarchies targeting people with different maximum security

Re: [openssl-users] Double TLS 1.3 session ticket?

>>Thanks, it does not happen with mozzilla implementation > (tls13.crypto.mozilla.org), is this openssl specific or part of the > specification? > > The specification allows a server to send one or more tickets, at its > discretion. OK thanks, I could find the relevant PR and

Re: [openssl-users] Unexpected behaviors in TLS handshake

> On Jun 20, 2018, at 3:44 PM, Jakob Bohm wrote: > > I believe there is a fundamental concern, impossible to handle sanely > at the CA policy level, that a CA may reasonably have certificate > hierarchies targeting people with different maximum security strength > and/or living at different

Re: [openssl-users] OpenSSL FIPS Object Module 2.0 on CD

Just curious, but does this satisfy Section 6.6 of the User Guide, since the CD does not come directly from the OpenSSL Foundation? I don't have a huge need to know, just curious since as with a lot of issues regarding FIPS, no answer would surprise me.

Re: [openssl-users] Double TLS 1.3 session ticket?

>Thanks, it does not happen with mozzilla implementation (tls13.crypto.mozilla.org), is this openssl specific or part of the specification? The specification allows a server to send one or more tickets, at its discretion. -- openssl-users mailing list To unsubscribe:

Re: [openssl-users] Unexpected behaviors in TLS handshake

On 20/06/2018 19:31, Viktor Dukhovni wrote: If some root CAs, or intermediate CAs to which they delegate authority, employ weak algorithms, your best bet is to not trust those CAs, they should not be using weak algorithms. TLS is not the best place to regulate (Web) PKI. I believe there is a

Re: [openssl-users] Double TLS 1.3 session ticket?

On Wed, Jun 20, 2018 at 8:59 PM, Viktor Dukhovni wrote: > > >> On Jun 20, 2018, at 2:55 PM, Yann Ylavic wrote: >> >> Hi, >> >> connecting s_client to s_server with TLS 1.3 seems to cause two >> successive session tickets to be sent by the server (see below). >> >> Is this expected? > > Yes.

Re: [openssl-users] Double TLS 1.3 session ticket?

>connecting s_client to s_server with TLS 1.3 seems to cause two successive session tickets to be sent by the server (see below). >Is this expected? Yes. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Double TLS 1.3 session ticket?

> On Jun 20, 2018, at 2:55 PM, Yann Ylavic wrote: > > Hi, > > connecting s_client to s_server with TLS 1.3 seems to cause two > successive session tickets to be sent by the server (see below). > > Is this expected? Yes. -- Viktor. -- openssl-users mailing list To unsubscribe:

[openssl-users] Double TLS 1.3 session ticket?

Hi, connecting s_client to s_server with TLS 1.3 seems to cause two successive session tickets to be sent by the server (see below). Is this expected? $ openssl s_server -accept 127.0.0.1:4443 -cert ... -key ... -state Using default temp DH parameters ACCEPT SSL_accept:before SSL initialization

Re: [openssl-users] Unexpected behaviors in TLS handshake

> On Jun 20, 2018, at 12:47 PM, Matt Caswell wrote: > > An OpenSSL client will enforce that the ServerKeyExchange signature is > consistent with the sig algs that it sent. It does *not* enforce that > the server's certificate signatures are consistent with those sig algs. > I don't think

Re: [openssl-users] rsa_pss_pss_*/rsa_pss_rsae_* and TLS_RSA_*/TLS_ECDHE_RSA_*

On Wednesday, 20 June 2018 07:51:11 CEST John Jiang wrote: > 2018-06-19 23:11 GMT+08:00 Jakob Bohm : > > On 19/06/2018 15:40, John Jiang wrote: > >> Using OpenSSL 1.1.1-pre7 > >> > >> Please consider the following cases and handshaking results: > >> 1. rsa_pss_pss_256 certificate +

Re: [openssl-users] Unexpected behaviors in TLS handshake

On 20/06/18 14:51, Devang Kubavat wrote: > Hi Matt, > Thanks for reply. > > I also used both functions SSL_CTX_set1_sigalgs_list() > SSL_CTX_set1_client_sigalgs_list() > but same thing happens. > I set client side “RSA+SHA512” using SSL_CTX_set1_sigalgs_list() but still it > is accepting

[openssl-users] OpenSSL FIPS Object Module 2.0 on CD

If you are looking for a copy of the OpenSSL FIPS Object Module (versions 2.0 to 2.0.16) delivered to you on CD, then please send an email to c...@keypair.us with your shipping address. We will send you a copy of the original OpenSSL FOM CD. For details, see: https://keypair.us/2018/05/cd/ Mark

Re: [openssl-users] FIPS 140-2 certification

> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of > Oleg Paikin > Sent: Wednesday, June 20, 2018 01:01 > We would like to add to our product OpenSSL with FIPS 140-2 module. The > problem is that our OS and CPUs > are not FIPS certified. We use vxWorks 5.5.1 with 3

[openssl-users] FIPS 140-2 certification

Oleg wrote: > We would like to add to our product OpenSSL with FIPS 140-2 module. The problem is that our OS > and CPUs are not FIPS certified. We use vxWorks 5.5.1 with 3 types of CPUs in different products. > > How can we get certification for these environments? OSF answered that they do not do

[openssl-users] OpenSSL version 1.1.1 pre release 8 published

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 OpenSSL version 1.1.1 pre release 8 (beta) === OpenSSL - The Open Source toolkit for SSL/TLS https://www.openssl.org/ OpenSSL 1.1.1 is currently in beta. OpenSSL 1.1.1 pre release 8 has now

Re: [openssl-users] Unexpected behaviors in TLS handshake

Hi Matt, Thanks for reply. I also used both functions SSL_CTX_set1_sigalgs_list() SSL_CTX_set1_client_sigalgs_list() but same thing happens. I set client side “RSA+SHA512” using SSL_CTX_set1_sigalgs_list() but still it is accepting sever certificate which has signature algorithm

Re: [openssl-users] help : tls1.3 : tls1.2 test case failing after integration of openssl-1.1.1-pre7

Hi Matt, Thanks Matt for your reply. As per my understanding internal OpenSSL header file is not included. Shall we know the way how to access SSL object members with openssl-1.1.1-pre ? Regards, Chakrapani On 19/06/18 16:18, Chakrapani Reddy wrote: > Hello , > > Started using

Re: [openssl-users] Call for testing TLS 1.3

On 20/06/18 07:11, John Jiang wrote: > 2018-06-19 6:21 GMT+08:00 Matt Caswell >: > > > > On 18/06/18 21:23, Hubert Kario wrote: > > On Friday, 8 June 2018 10:26:07 CEST Matt Caswell wrote: > >> On 08/06/18 02:48, John Jiang wrote: > >>> Is it

Re: [openssl-users] Unexpected behaviors in TLS handshake

On 20/06/18 09:44, Devang Kubavat wrote: > Hi all, > > I set the signature algorithm using in client, > > /* signature algorithm list */ > > (void)SSL_CTX_set1_client_sigalgs_list(ctx, “RSA+SHA512”); > >   > > Expected behavior: client only accepts server certificate which has > signature

[openssl-users] Unexpected behaviors in TLS handshake

Hi all, I set the signature algorithm using in client, /* signature algorithm list */ (void)SSL_CTX_set1_client_sigalgs_list(ctx, "RSA+SHA512"); Expected behavior: client only accepts server certificate which has signature algorithm SHA512withRSAencryption during TLS handshake. But, here even

[openssl-users] FIPS 140-2 certification

Hi We would like to add to our product OpenSSL with FIPS 140-2 module. The problem is that our OS and CPUs are not FIPS certified. We use vxWorks 5.5.1 with 3 types of CPUs in different products. How can we get certification for these environments? OSF answered that they do not do FIPS

Re: [openssl-users] Call for testing TLS 1.3

2018-06-19 6:21 GMT+08:00 Matt Caswell : > > > On 18/06/18 21:23, Hubert Kario wrote: > > On Friday, 8 June 2018 10:26:07 CEST Matt Caswell wrote: > >> On 08/06/18 02:48, John Jiang wrote: > >>> Is it possible to check Key/IV update feature via these tools? > >>> Thanks! > >> > >> Yes. See the