SSLv23_Server_Method() not working in OpenSSL 1.01e

I just updated my Win64 server app from OpenSSL 1.0.0k to 1.01e, and I noticed that although it was configured to use the SSLv23_Server_method(), it no longer accepts SSLv3 connections from clients as it did using 1.0.0k. It does accept TLSv1 connections this way however. If I change it to use

Re: RC4-MD5 cipher suites rep;acement

On 5/15/08, PoWah Wong [EMAIL PROTECTED] wrote: Is there some cipher suites more secure than SSL_RSA_WITH_RC4_128_MD5 (RC4-MD5) so that they should replace RC4-MD5? The AES 256-bit cipher suites are not only more secure then RC4, they are also much faster. :) -Chris

Re: RC4-MD5 cipher suites rep;acement

On 5/15/08, PoWah Wong [EMAIL PROTECTED] wrote: Use TLS_RSA_WITH_AES_256_CBC_SHA (AES256-SHA) to replace SSL_RSA_WITH_RC4_128_MD5 (RC4-MD5) and TLS_DH_anon_WITH_AES_256_CBC_SHA (ADH-AES256-SHA) to replace SSL_DH_anon_WITH_RC4_128_MD5 (ADH-RC4-MD5), right? I'm not clear on what your

Re: Max length of company field

I tried this here, and it accepted the Organization Name that you provided long Name problems making Certificate Request without any errors. As you can see, this name is only 45 characters long, and the maxsize is 64 characters. -Chris On 6/9/08, Florian Lindner [EMAIL PROTECTED] wrote:

Re: Please help: very urgent: Query on patented algorithms

On 6/16/08, bagavathy raj [EMAIL PROTECTED] wrote: Hi, Is there any binary distribution where I can find SSL dlls without patented algorithms like IDEA,MCD2,RC4,RC5 etc. I tried compiling without them. I could exclude other algos but not RC4. Some linking issues. So i need to know if there is

Re: commercial OpenSSL use

Hi Alan, If you re-read below you will see it says this: If...advertisement of the product... that lists a line item of a feature that your software has which is dependent on use of OpenSSL, you must follow the... So if your advertisement does not list any encryption or other features provided

Re: Downage

What he means, is that the openssl.org web site was down most of yesterday.. But I see it is working again today. -Chris On Tue, Mar 9, 2010 at 2:34 AM, tensy joseph rajanchit...@gmail.com wrote: What you mean by Downage on 8th March 2010?Can you please elaborate? On Mon, Mar 8, 2010 at

Re: Broadcom OpenSSL support

One specific advancement is the AES-specific instruction set in the 2010 Intel Core™ processor family; an excerpt: Intel® AES instructions are a new set of instructions available beginning with the all new 2010 Intel® Core™ processor family based on the 32nm Intel® microarchitecture codename

Re: Apache SSL3_ACCEPT:unsafe legacy renegotiation disabled?

On Thu, Apr 1, 2010 at 3:11 AM, Jason Haar jason.h...@trimble.co.nz wrote: Hi there We have a CentOS-4.8 server that was upgraded to httpd-2.0.52-41.ent.7.centos4 this week - You need to upgrade Apache to httpd-2.2.15 (released March 6, 2010) Your version is years old. -Chris

VS2010 compatibility?

Can anyone confirm if OpenSSL 1.0.0a is compatible with Visual Studio 2010? -Chris __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org

OpenSSL 0.9.8f Win32 Compile Error

I am trying to compile version 0.9.8f for Windows, using VC++ 6.0, ActivePerl, and MASM 6.15.8803. I am following the instructions in INSTALL.W32, which works fine for the previous 0.9.8f build, but when I get to the point of running nmake -f ms\ntdll.mak I get the following errors in 0.9.8f:

Re: OpenSSL 0.9.8f Win32 Compile Error

I am following the instructions in INSTALL.W32, which works fine for the previous 0.9.8f build, but when I get to the point of running nmake -f ms\ntdll.mak I get the following errors in 0.9.8f: oops.. I ment to say that the previous version 0.9.8E works fine, and now that I look closer I see

Re: OpenSSL 0.9.8f Win32 Compile Error

Did someone forget to add the equate for XMMWORD? Can anyone tell me how XMMWORD should be defined? It appears that I need more then just the newer version of MASM, and while reading the MASM32 forums they reference this page: http://www.intel.com/cd/ids/developer/asmo-na/eng/167741.htm?page=6

Re: OpenSSL 0.9.8f Win32 Compile Error

I downloaded NASM (nasm-0.99.04-win32.zip) from Soundforge, and gave it a try, and when I run ms\do_nasm it is all sucessful but now I get a different error when running nmake -f ms\ntdll.mak: Microsoft (R) Program Maintenance Utility Version 6.00.9782.0 Copyright (C) Microsoft Corp 1988-1998.

Re: OpenSSL How to redistribute as part of our application

On 10/30/07, Dave Bound wrote: Not everyone can use the default build of OpenSSL. Can you point me at some docs which will allow me to ascertain whether I fall into the 'not everyone' category? One thing to consider is if you want to include the patented ciphers in your build, such as RC5,

Cipher suites

-SHA DHE-DSS-AES128-SHA But when I select a high set of cipher suites it does include the above, in addition to the 256 bit ciphers. It seems that this is only a problem with the AES ciphers. -Chris Clark

Re: Cipher suites

is faster then 256 bit AES, and will use less CPU overhead on slower machines. Is this not true? Is there an easy way I can limit openssl to only use 128 bit ciphers for example? -Chris Clark __ OpenSSL Project

Re: Cipher suites

great for everything except AES, which incorrectly groups all the 128 bit ciphers as being HIGH instead of MEDIUM. Is it a known bug, or are the docs outdated? -Chris Clark __ OpenSSL Project http

Re: Cipher suites

128 bit and 256 bit key lengths when they are using AES... Looks like I will have to implement these user options the hard way then :( -Chris Clark __ OpenSSL Project http://www.openssl.org User

Re: Cipher suites

on which ciphers to use, or to stick with the simplistic nature of the MEDIUM and HIGH settings along with the 4 groups. -Chris Clark __ OpenSSL Project http://www.openssl.org User Support Mailing List

Re: Cipher suites

be best to do it this way so the users have a choice of 128 or 256 bit AES, and at the same time adhering to the documented definition of what MEDIUM means. -Chris Clark __ OpenSSL Project http

SSL_METHOD

It appears that the SSL_METHOD functions don't allow a server to accept connections using either SSL or TLS, so it has to be either one or the other. Does anyone have a work around to allow both SSL and TLS connections to be accepted? -Chris Clark

AES cipher

= SSL_get_cipher_list(lSSL, i); if (res) { m_List.AddString((char*)res); ccnt++; } } -Chris Clark __ OpenSSL Project http://www.openssl.org User Support Mailing List

Re: AES cipher

I tried adding : as suggested, but this still did not work. :( Does anyone have other suggestions? -Chris I'm trying to allow my program to be configurable for either AES 128 bit, or AES 256 bit. The problem is that when I select only the AES128-SHA cipher, the AES256-SHA cipher gets added

Re: AES cipher

On 2/16/06, Kyle Hamilton wrote: Yeah. Any cipher that is not explicitly added is denied. So, try just doing: CString Shif = AES128-SHA; When I just use this string, it automaticly adds AES256-SHA as well. This appears to be a bug in OpenSSL 0.98a. Could anyone confirm this? -Chris

Re: AES cipher

CString Shif = AES128-SHA; When I just use this string, it automaticly adds AES256-SHA as well. This appears to be a bug in OpenSSL 0.98a. Could anyone confirm this? Yes I can confirm that. The ciphers command does the same. Thanks Steve. Do you know if this has been fixed in the

Re: AES key length selection bug in OpenSSL 0.9.8a

Hi Michal, OpenSSL 0.9.8a does not allow to properly select AES key length. It selects both 128-bit and 256-bit AES no matter which one was specified: I reported this same bug in February 17th, and Dr. Steven Henson has confirmed it is a bug so hopefully it will be fixed soon. If you find any

Re: AES128 accepted when AES256 configured

Hi Roy, In 0.9.8a, it looks like AES 128 will be accepted by the server even if it is supposed to accept only AES 256. I reported this same bug on February 17th, and Dr. Steven Henson has confirmed it is a bug so hopefully it will be fixed. If you find any work around please let me know.

Re: AES128 accepted when AES256 configured

What I tried was to remove all the AES 128 options from ssl/s3_lib.c. That seemed to do the trick. I do not know if it has any bad side effects though. Of course, this will only work if you don't need AES 128 at all. In my case I have a configuration program which allows users to select

Re: AES128 accepted when AES256 configured

Try the next 0.9.8 snapshot. Thanks Dr. Steve! -Chris __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager

Errors compiling snapshot under Win32

I'm having trouble compiling the current snapshot of OpenSSL under VC++. Configure and domasm are both successful, but when I run nmake I get the following result: nmake -f ms\ntdll.mak Microsoft (R) Program Maintenance Utility Version 6.00.9782.0 Copyright (C) Microsoft Corp 1988-1998. All

Cipher Negotiation

I have written a client program in which I allow the user to configure which cipher groups they want to allow as well as a cipher strength of low, medium, or high. The problem is I can't find a way of selecting the order in which I want the cipher negotiated. For example if all ciphers are

Re: Cipher Negotiation

The problem is I can't find a way of selecting the order in which I want the cipher negotiated. For example if all ciphers are enabled in the configuration, I would perfer if AES is selected during negoitation. What real problem is this intended to solve? Because AES is faster then other

Re: Cipher Negotiation

It's not a bug that AES182 is classified as HIGH, although it is a missing feature that there is no class that encompasses only the 256-bit ciphers. That's why there now is @STRENGTH, which does not add any ciphers and just sorts the one enabled so far. I assume AES182 is a typo for AES128.

Re: [openssl-users] FW: Website changing this weekend

Hi Rich, I'm curious why the new download page lists version 1.01p before version 1.02d? Is it suggesting that users download the 1.01 branch instead of the later one? -Chris On Fri, Aug 14, 2015 at 1:26 PM, Salz, Rich rs...@akamai.com wrote: From: Salz, Rich [mailto:rs...@akamai.com] Sent:

[openssl-users] How to detect AES-NI compatible CPU

My application links to OpenSSL 1.1.0 dynamically, and I would like to be able to determine if the CPU supports the AES-NI instruction set. Is there an OpenSSL API that can do this? -Chris -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] How to enable RC4 in OpenSSL 1.1.0c

On Wed, Jan 18, 2017 at 3:37 PM, Viktor Dukhovni wrote: >> I am trying to compile OpenSSL 1.1.0c for Visual Studio with the > >depreciated RC4 cipher enabled. >> I tried the following configure line: >> perl Configure VC-WIN64A enable-weak-ssl-ciphers

[openssl-users] How to enable RC4 in OpenSSL 1.1.0c

I am trying to compile OpenSSL 1.1.0c for Visual Studio with the depreciated RC4 cipher enabled. I tried the following configure line: perl Configure VC-WIN64A enable-weak-ssl-ciphers enable-deprecated enable-rc4 Once I compile, and I run "openssl cipher -v" it does not show any RC4 ciphers. Is

Re: [openssl-users] How to enable RC4 in OpenSSL 1.1.0c

On Thu, Jan 19, 2017 at 10:36 AM, Matt Caswell wrote: > Try this: > > openssl ciphers -v "ALL:@SECLEVEL=0" Okay that worked! Thanks to everyone that responded. I saw Rich Salz mentioned using ALL, but I didn't realize it was a parameter. -Chris -- openssl-users mailing list

Re: [openssl-users] How to enable RC4 in OpenSSL 1.1.0c

On Wed, Jan 18, 2017 at 7:01 PM, Viktor Dukhovni wrote: > Sadly this does not shed much light on the build options. Here is more info, and now I added the "enable-ssl3" and "enable-ssl3-method" options: c:\openssl-1.1.0c64>perl Configure VC-WIN64A

[openssl-users] How to compile 1.1.1 under Windows

I am attempting to upgrade a project using OpenSSL 1.0.0h to version 1.1.1 under Visual Studio 2008-SP1, but when I try to compile version 1.1.1 for VC-WIN64A I get the following compile error: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 /I "." /I "crypto\include"

Re: [openssl-users] How to compile 1.1.1 under Windows

XE"' : return code '0x2' Stop. NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual Studio 9.0\VC\BIN\amd64\nmake.exe"' : return code '0x2' Stop. On Tue, Oct 23, 2018 at 12:19 AM Richard Levitte wrote: > > I suspect you'll find some kind of error message in > cry

Re: [openssl-users] How to compile 1.1.1 under Windows

> HTH, > > Matthias > > > > > > > -Ursprüngliche Nachricht- > > > Von: openssl-users Im Auftrag von > > > Chris Clark > > > Gesendet: Dienstag, 23. Oktober 2018 08:51 > > > An: openssl-users@openssl.org > > > Betreff: [open

Re: [openssl-users] How to compile 1.1.1 under Windows

1.1-stable-SNAP-20181018. On Tue, Oct 23, 2018 at 3:31 AM Chris Clark wrote: > > Next I tried an older stable snapshot > openssl-1.1.1-stable-SNAP-20181018 which configured without issue, but > I got a different compile result: > > cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /

Re: [openssl-users] How to compile 1.1.1 under Windows

gt; > You found a bug in crypto\sm2\sm2_sign.c, thank you. Are you willing > > to write up a Github issue for it? > > > > In message > > on > > Tue, 23 Oct 2018 01:22:34 -0700, Chris Clark said: > > > > > Thank you Richard. Adding the "no-makedepe

Re: [openssl-users] How to compile 1.1.1 under Windows

clared identifier crypto\rand\drbg_ctr.c(422) : error C2065: 'INT32_MAX' : undeclared identifier crypto\rand\drbg_ctr.c(423) : error C2065: 'INT32_MAX' : undeclared identifier crypto\rand\drbg_ctr.c(424) : error C2065: 'INT32_MAX' : undeclared identifier NMAKE : fatal error U1077: '"C:

[openssl-users] Exclude unwanted ciphers during build

Is there a simple way of excluding unwanted ciphers or cipher suites during a build? I would like to remove ARIA in particular, but may want to remove additional ones in order to use a smaller footprint. -- openssl-users mailing list To unsubscribe: