On Thu, Sep 03, 2020 at 11:45:28PM +, Yury Mazin via openssl-users wrote:
> Hello,
>
> We have a server was originaly using OpenSSL 1.0.2h.
> Server is configured to use SSL ciphers as following
> ALL:!aNULL:!ADH:!EDH:!eNULL:!EXPORT
> When openssl client tries to connect to this server with
On Fri, Aug 21, 2020 at 05:05:51PM +0200, Detlef Vollmann wrote:
> On 2020-08-20 21:44, Detlef Vollmann wrote:
> >
> > Is there any way to set the maximum fragment size for
> > DTLS handshake with a BIO pair?
> One solution is to set the MTU and the int_bio size to
> exactly the same value.
>
On Thu, Aug 13, 2020 at 08:19:10PM +0200, Detlef Vollmann wrote:
> Hello,
>
> with the following commands:
>
> openssl s_server -accept 18010 -cert srv.crt -key test.key \
> -CAfile testca.crt -debug -cipher 'NULL-SHA256' -dtls1_2
>
> openssl s_client -connect localhost:18010 -cert clnt.crt \
>
On Thu, Aug 06, 2020 at 01:51:35AM +0530, prudvi raj wrote:
> Hi there,
>
> I got this error during compilation , in file b_addr.c :
> In function 'BIO_lookup_ex':
> /b_addr.c:748:9: error: unknown type name 'in_addr_t'
>
> I see that "in_addr_t" is defined in "netinet/in.h" & "arpa/inet.h" in
>
On Wed, Aug 05, 2020 at 10:28:26PM +0200, Patrick Mooc wrote:
> Thank you very much Kyle for your quick and clear answer.
>
> The reason why I want to upgrade OpenSSL version, is that I encounter a
> problem with 1 frame exchange between client and server.
>
> This frame is the first packet sent
FLAGS =
> CPPINCLUDES =
> CROSS_COMPILE =
> CXX =
> CXXFLAGS =
> HASHBANGPERL =
> LD =
> LDFLAGS =
> LDLIBS =
> MT =
> MTFLAGS =
> OPENSSL_LOCAL_CONFIG_DIR =
> PERL =
> RANLIB =
> RC =
> RC
On Thu, Jul 09, 2020 at 06:07:41PM +, Andreas Müller wrote:
> Hi,
>
> I "inherited" our project to support/use TLSv1.3 from a late colleague. We
> have a server written in C++ (Windows, Linux)
> and clients (Windows, Linux, also written in C++ and also a Java client).
> With Java, we use the
On Tue, Jul 14, 2020 at 09:08:10PM +0200, shivaramakrishna chakravarthula wrote:
> This is exactly similar to what I am looking for. I am using 1.0.2J version
> and there are some changes in the next version onwards that causes problems
> in SSL connections to older versions when DH key = 256
On Tue, Jul 14, 2020 at 04:58:38PM +0200, shivaramakrishna chakravarthula wrote:
> Hi,
>
> I have compatibility issues for my application with new versions of OpenSSL
> and I want to use the older version of OpenSSL with my application. So, I
> want to link my application with an OpenSSL library
On Mon, Jun 08, 2020 at 06:53:32PM +, Neil Proctor via openssl-users wrote:
> Hello,
>
> Specific to OpenSSL v1.0.2p and TLS1.2 are there any flags or options like,
> SSL_CERT_FLAG_TLS_STRICT, that set whether or not the client handshake
> finished hash is verified by the server? Or is
On Wed, Jun 03, 2020 at 07:05:32PM +0200, Claus Assmann wrote:
> Just curious: Why is the output of
> openssl ciphers MEDIUM
> "empty" for 3.0.0.a2?
There are no ciphers available by default that are at the MEDIUM
level (which, to be honest, does not make a huge amount of sense at this
point
On Mon, Jan 11, 2021 at 09:26:30PM +, Jeremy Harris wrote:
> On 11/01/2021 08:20, Benjamin Kaduk wrote:
> > Current recommendations are not to use the finished message as the channel
> > binding but instead to define key exporter label for the given usage
> > (see
>
On Mon, Jan 11, 2021 at 10:31:01PM +, Jeremy Harris wrote:
> On 11/01/2021 22:07, Benjamin Kaduk wrote:
> > > Looking at the implementation, SSL_export_keying_material() only
> > > functions for TLS 1.3 . This is not documented. Is this a bug
Hi Craig,
On Wed, Dec 09, 2020 at 08:35:46PM +0900, Craig Henry wrote:
> Hi,
>
> This is my first post to this list so please be kind!
>
> Environment - Linux Centos
> SSL - 1.0.2k19-el7
>
> Connection - CURL (via PHP) with public / private key auth + http basic auth
>
> We're having an issue
On Sun, Jan 10, 2021 at 02:44:38PM +, Jeremy Harris wrote:
> Hi,
>
> What is the status of SSL_get_finidhed() / SSL_get_peer_finished() ?
>
> I do not find them documented at
>
>
And again, where do you believe such a conversion is specified?
The IETF internet-draft I reference is a way to do so, but it is (to repeat)
very much a work in progress.
-Ben
On Thu, Jan 21, 2021 at 12:35:24AM +, Blumenthal, Uri - 0553 - MITLL wrote:
> I meant not "CBOR protocol" (which,
On Tue, Jun 22, 2021 at 04:18:25AM +, Revestual, Raffy [AUTOSOL/PSS/MNL]
wrote:
> Also asked this question in stackoverflow.com
>
>
On Mon, Jun 21, 2021 at 10:23:06PM -0400, Michael Richardson wrote:
>
> I downloaded and compiled opensssl 3.0.0-beta1 from git today.
> I installed into a private prefix.
>
> While my debian desktop system has:
>
> %ls -l /usr/lib/x86_64-linux-gnu/libssl*
> -rw-r--r-- 1 root root 357056 Jul
That sounds like the certificate is encoded using ASN.1 BER rules, that openssl
accepts, but the python library is insisting on DER encoding (per the spec).
-Ben
On Thu, Feb 25, 2021 at 05:19:32PM +, John Robson via openssl-users wrote:
> Hi all,
>
> I'm encountering an error connecting to
On Thu, Feb 25, 2021 at 03:30:43PM -0800, Frank Liu wrote:
> Looking at test cases
> https://urldefense.com/v3/__https://github.com/openssl/openssl/blob/OpenSSL_1_1_1-stable/test/recipes/04-test_pem.t__;!!GjvTz_vk!A42D2c2brOwptas6T1iBt9i7pMWhwehkKAmeCuILgR-6iv5n0TQPQ6tkkVgG9A$
>
> , openssl
Hi Stephen :)
The API you'll want to use is EVP_PKEY_fromdata(); there's
a stubbed out example of using it to make an EVP_PKEY with
EC group parameters at
https://github.com/openssl/openssl/issues/14258#issuecomment-783351031
but the translation to also specify OSSL_PKEY_PARAM_PRIV_KEY
(and
On Tue, Mar 09, 2021 at 02:44:20AM +, Stephen Farrell wrote:
>
> Hiya,
>
> On 08/03/2021 02:37, Benjamin Kaduk wrote:
> > Hi Stephen :)
> >
> > The API you'll want to use is EVP_PKEY_fromdata(); there's
> > a stubbed out example of using it to make an E
They are macros now. You should still be able to build code that uses them.
-Ben
On Fri, Apr 09, 2021 at 08:03:28PM +, Robert Smith via openssl-users wrote:
> Hello,
> I am porting application from openSSL version 1.0.2u to 1.1.1k and linker
> complaints that symbols X509_set_notAfter and
On Wed, Sep 01, 2021 at 03:36:36PM +, Zeke Evans wrote:
> Hi,
>
> Is there any way to check the status of client authentication sent in a TLS
> 1.3 handshake after SSL_connect returns? With TLS 1.2 SSL_connect seems to
> always capture the status and return an error code if it failed but
On Thu, Sep 09, 2021 at 12:15:44AM +0200, Steffen Nurpmeso wrote:
>
> P.S.: maybe at least release commits and tags could be signed?
> And/or HTTPS access to the repository ... but then i get the gut
> feeling that the answer to this will be "use github" or something.
tag openssl-3.0.0
Tagger:
On Thu, Sep 09, 2021 at 01:03:28AM +0200, Steffen Nurpmeso wrote:
> But if i use
>
> #?0|kent:tls-openssl.git$ alias gl1
> alias gl1='git slpn -1'
> #?0|kent:tls-openssl.git$ git alias|grep slpn
> alias.slpn log --show-signature --patch --find-renames --stat
> --no-abbrev-commit
>
On Thu, Sep 16, 2021 at 04:11:49PM +0200, Hubert Kario wrote:
> On Thursday, 16 September 2021 04:41:44 CEST, Jaya Muthiah wrote:
> >
> > I am trying to get the remaining lifetime of the ticket so that server
> > can decide to renew ticket or not
>
> TLS 1.3 tickets are single use. If the ticket
On Thu, Sep 16, 2021 at 04:57:03PM +0200, Hubert Kario wrote:
> On Thursday, 16 September 2021 16:28:47 CEST, Benjamin Kaduk wrote:
> > On Thu, Sep 16, 2021 at 04:11:49PM +0200, Hubert Kario wrote:
> > > On Thursday, 16 September 2021 04:41:44 CEST, Jaya Muthiah wrote:
> >
On Thu, Sep 16, 2021 at 12:20:05PM -0400, Viktor Dukhovni wrote:
>
> I don't recall whether OpenSSL makes any effort to or supports deferring
> the transmission of session tickets until just before the first
> application data transmission from server to client (or else perhaps
> just before
On Thu, Sep 16, 2021 at 12:40:55PM -0400, Viktor Dukhovni wrote:
> On Thu, Sep 16, 2021 at 09:30:18AM -0700, Benjamin Kaduk via openssl-users
> wrote:
> > On Thu, Sep 16, 2021 at 12:20:05PM -0400, Viktor Dukhovni wrote:
> > >
> > > I don't recall whether OpenSSL m
On Sat, Sep 11, 2021 at 10:29:07PM -0400, Dennis Clarke via openssl-users wrote:
>
> This is slightly better than the beta release :
>
> Test Summary Report
> ---
> 03-test_internal_modes.t (Wstat: 256 Tests: 1 Failed: 1)
> Failed test: 1
> Non-zero exit status: 1
>
I'm also a bit confused at how this became the limiting factor for the
application
in question.
https://datatracker.ietf.org/doc/html/draft-ietf-emu-eaptlscert-08 has some
discussion of how large certificates can cause issues for EAP (as well as some
guidance to EAP deployments as to how to
On Mon, Dec 05, 2022 at 11:31:18AM -0800, Thomas Dwyer III wrote:
> Why does EVP_get_digestbyname("md4") return non-NULL if the legacy provider
> isn't loaded? Similarly, why does it return non-NULL for "md5" after doing
> EVP_set_default_properties(NULL, "fips=yes")? This seems unintuitive.
On Sat, Nov 05, 2022 at 11:50:18AM +0100, Dirk Menstermann wrote:
> Hello,
>
> I did few experiments with early data but was not successful in solving my
> exotic use case: "Using early data dependent on the SNI"
>
> I control the server (linux, supports http2) based on OpenSSL 111q and use a
>
101 - 134 of 134 matches
Mail list logo