Hi,
I have the below ssl settings in nginx.conf file and VAPT test has reported
us to disable CBC ciphers
ssl_ciphers HIGH:!aNULL:!MD5:!DH+3DES:!kEDH;
> ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
openssl version on the box is OpenSSL 1.0.2k-fips 26 Jan 2017 on CentOS
Linux release 7.3.1611 (Core)
I
Chrome 70 with final tls 1.3 install itself with automatic update. So there
will be a lot of tls 1.3 client !
And Firefox will update next week
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Looks like there is some problem in higher-level EVP_ functions.
I completely rewrote the example using lower-level ECDSA_do_sign and it
started to work always.
Here is the code:
EVP_MD_CTX *Ctx = EVP_MD_CTX_create();
EVP_DigestInit(Ctx, EVP_sha256());
EVP_DigestUpdate(Ctx, dt.data(), dt
i'm trying to figure out why BIO_do_connect is failing with
a negative value. so far as i know i've done all preliminaries
correctly, but apparently i've missed something. i am dumping
the SSL errors from ERR_get_error but am not getting any in
this instance.
OpenSSL version is 1.1.0h
Ubuntu 18.0
Thank you for the hint, but it looks like the problem is somewhere else
I rewrote the piece of code in such a way:
char *Result = new char [SignatureLength];
EVP_DigestSignFinal(Ctx, reinterpret_cast(Result),
&SignatureLength);
TFile SignatureBin = {"/home/gc/signature.bin", ...};
Depends what you want it to print, I guess... ASN1_STRING_print_ex() can print
any ASN1_STRING (including an ASN1_BIT_STRING) but it'll come out binary
packed. If you want to do anything fancier like print individual bit values in
a more human-readable way, you'll have to do it yourself, as fa
On 16/10/2018 16:39, Dmitry wrote:
Hello!
I have a C++ programme, ECDSA key pair and some string to sign. The
programme generates signature and saves it into a file
(signature.bin). Then I check the validity of the signature via the
following command:
openssl dgst -verify ec_public.pem -sig
Hello!
I have a C++ programme, ECDSA key pair and some string to sign. The
programme generates signature and saves it into a file (signature.bin).
Then I check the validity of the signature via the following command:
openssl dgst -verify ec_public.pem -signature signature.bin ToSign.txt
the prob
Hi,
thanks for this - what about the ASN1_BIT_STRING? Is there such a predefined
function?
Von: openssl-users im Auftrag von Dave
Coombs
Gesendet: Dienstag, 16. Oktober 2018 15:17 Uhr
An: openssl-users@openssl.org
Betreff: Re: [openssl-users] BIO_printf with A
Hi,
thanks for this - what about the ASN1_BIT_STRING? Is there such a predefined
function?
Von: openssl-users im Auftrag von Dave
Coombs
Gesendet: Dienstag, 16. Oktober 2018 15:17 Uhr
An: openssl-users@openssl.org
Betreff: Re: [openssl-users] BIO_printf with AS
Hi,
You can use i2a_ASN1_INTEGER() to print an ASN1_INTEGER to a BIO.
-Dave
> On Oct 16, 2018, at 05:37, Opa114 wrote:
>
> Hi there,
>
> i have to print out some data, which is an ASN1_BIT_STRING and an
> ASN1_INTEGER with BIO_printf. For GENERAL_NAME for example there a predefined
> fun
Hi there,
i have to print out some data, which is an ASN1_BIT_STRING and an ASN1_INTEGER
with BIO_printf. For GENERAL_NAME for example there a predefined functions i
can use like this: GENERAL_NAME_print(bp, GENERAL_NAME_VAR) <= 0
But for ASN1_INTGER and ASN1_BIT_STRING i haven't found any pred
Hi,
tl;dr If you use OpenSSL 1.1.1_pre* versions please update to the final
version as soon as possible.
Not sure if this has been discussed here before, but I'd like to point
out a mail David Benjamin has recently sent to the TLS WG list:
https://www.ietf.org/mail-archive/web/tls/current/msg2706
Sorry, I am an idiot =)
Problem resolved, user error. -key was the problem and should not be
used as I showed.
-key has a different meaning for openssl ca than for openssl req, so
my PIN was my -key argument. It got my keyfile from the openssl conf
file.
On Tue, Oct 16, 2018 at 10:23 AM Richard
I'm curious about this error line from the 'openssl ca' output:
> 140735853761408:error:28078064:UI routines:UI_set_result_ex:result too
> large:crypto/ui/ui_lib.c:910:You must type in 4 to 32 characters
It should be interesting to try and figure out what pass phrased was
passed and where it cam
On 10/16/2018 09:27 AM, Viktor Dukhovni wrote:
> On Tue, Oct 16, 2018 at 08:13:11AM +0200, Jakob Bohm via openssl-users wrote:
>
>>> As for the 16K limit, and whether we should be sending client
>>> CA names without further indication from the (TLS 1.3) client
>>> to do so, I'm hoping Matt Caswell
The error can be workaround by entering PIN = "..." into [pkcs11_section].
pkcs11 engine version is libp11-0.4.9.
Anyone know if this a 1) libp11 issue or 2) openssl issue or 3) me
doing something wrong?
On Mon, Oct 15, 2018 at 5:40 PM Peter Magnusson
wrote:
>
> Hi,
>
> I'm trying to understand ho
On Tue, Oct 16, 2018 at 08:13:11AM +0200, Jakob Bohm via openssl-users wrote:
> > As for the 16K limit, and whether we should be sending client
> > CA names without further indication from the (TLS 1.3) client
> > to do so, I'm hoping Matt Caswell and or other team members
> > will chime in.
>
> J
18 matches
Mail list logo