Do they overlap in purpose, so the cipher list can be used to limit
the signature algorithms? Or are the signature algorithms used for
different purposes than the cipher suites in the cipher list?
If they have to be configured seperately, is the mechanism to use
It’s looking like AssAccess will be law here by the end of the week.
Anyone know of a ‘good’ country to live / work in ?
How many Openssl developers are within Australian boarders ?
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Those darned customers are asking for it!
I do understand the privacy exposure. Don't know if the customers do or do
not.
Charles
-Original Message-
From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
Viktor Dukhovni
Sent: Monday, December 3, 2018 12:40 PM
To:
> On Dec 3, 2018, at 3:35 PM, Charles Mills wrote:
>
> OCSP and OCSP stapling are currently higher on my wish list than this.
Good luck with OCSP, the documentation could definitely be better, and
various projects get it wrong. IIRC curl gets OCSP right, so you
could look there for example
> zOS does, for example, at least if you're using the RACF security
provider.
Ha! Spoken like a Micro Focus guy! One of the most likely clients for this
server is in fact implemented on z/OS. Just FYI, the key variable is not so
much RACF: (a.) RACF is just (in this case) a certificate store, not
LOL. Amen to that. It has gotten a WHOLE lot better. I started with OpenSSL
somewhere around 2010 and the documentation was EXTREMELY sparse to say the
list. Lots of functions documented as "under construction."
Charles
-Original Message-
From: openssl-users
> On Dec 3, 2018, at 1:47 PM, Sands, Daniel via openssl-users
> wrote:
>
> Just wondering, is there a different error for an untrusted cross-
> signed root? If it's the same error, then maybe remove "self-signed"
> from the above message too, because that would not always be the case
> either.
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
> Of Charles Mills
> Sent: Monday, December 03, 2018 10:55
>
> Got it. Thanks. I would think the basic client case is "one certificate, one
> CA"
I'm going to disagree somewhat with this assumption, but not necessarily
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
> Of Charles Mills
> Sent: Monday, December 03, 2018 10:53
>
> I appreciate it. OpenSSL is of course a great product but it can be a little
> mystifying to debug.
If I were ever to write a book about OpenSSL, "a great
On Sat, 2018-12-01 at 15:53 -0500, Viktor Dukhovni wrote:
> On Sat, Dec 01, 2018 at 07:12:24PM +, Michael Wojcik wrote:
>
> > > Are there compatibility concerns around changing error message
> > > text for which users may have created regex patterns in scripts?
> > >
> > > I agree the text
Got it. Thanks. I would think the basic client case is "one certificate, one
CA" so I think I will roll with what we have (especially since the product has
been out there for years with no reported problems in this area -- although I
think client certificate usage is rare) but keep the issue in
I appreciate it. OpenSSL is of course a great product but it can be a little
mystifying to debug.
I am a developer and I understand the problem of "layering" and
virtualization, where the component that realizes there is a problem is so
far removed that it does not know what the underlying real
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
> Of Viktor Dukhovni
> Sent: Saturday, December 01, 2018 13:53
>
> On Sat, Dec 01, 2018 at 07:12:24PM +, Michael Wojcik wrote:
>
> > > Are there compatibility concerns around changing error message
> > > text for which
Thanks for the hint... I'll implement this.
Nevertheless, padding is not supported as far as I understand, right ?
Thus, in order to prevent SHA256 on a P384 curve, I'll have to set the
DEFAULT_MD_NID hint, right ?
Could anybody give me some feedback, whether my intended approach is correct ?
14 matches
Mail list logo
