___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding
as they know.
It is at
https://support.globalsign.com/customer/portal/articles/1499561-sha-256-compatibility
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding
after the heartbleed backdoor was closed.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs
On 30/06/2015 18:32, Ben Humpert wrote:
2015-06-24 1:35 GMT+02:00 Jakob Bohm jb-open...@wisemo.com:
On 19/06/2015 16:24, Ben Humpert wrote:
When the CSR contains an email address and the email_in_dn setting in
the config file is set to no the email address is actually present
in the issuer DN
(think
different serials/keyids).
Arbitrary criteria searching would typically end up
as a loop over enumeration functions anyway.
Searching for chain building purposes can be built
on top of all this without bloating the EVP and engine
interfaces with all that code.
Enjoy
Jakob
--
Jakob Bohm, CIO
:
Hello Jakob,
Looking at crypt/store/store.h, do you agree that a store
implementation is the place where the functionality that you describe
below belongs?
Thanks,
Reinier
On 8/6/15 8:44 PM, Jakob Bohm wrote:
I think what one wants as a first approximation is
functions that can enumerate
, the CII, and/or the SFLC (using a list
from the latest public blog post)
Do you mean me? Or did you make a typo, and mean members rather than
someone ?
No, I meant someone like the examples at the end of the sentence.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
before free),
making malloc calls compile with C++ compilers
(casting the return value of malloc to specific
pointer type), forcing compiler errors if variable
types change (that same cast!).
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg
it being larger than
10Kio code.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones
the parameters would be for a binary
input file.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management
reported in GCC 5.1 via -Wmaybe-unitialized (I
suspect). That may point to an issue in OpenSSL's engineering process.
There may be a gap because no one is running, say Fedora 22 or Debian
8 (I think Debian 8 provides GCC 5.1).
F.Y.I. Debian 8 (Jessie) uses GCC 4.9.2
Enjoy
Jakob
--
Jakob Bohm
.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
On 22/07/2015 13:14, Jeffrey Walton wrote:
On Wed, Jul 22, 2015 at 6:40 AM, Jakob Bohm jb-open...@wisemo.com wrote:
On 22/07/2015 01:21, Jeffrey Walton wrote:
For the stragglers, I don't think its a stretch to ask C99 in 2015.
Visual Studio is often used on Windows, and it is not C99.
Oh my
. This is in the same
header as SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS.
The proper solution, as just about everybody knows
by now would have been to insert 1-byte fragments
(known as the 1/n-1 solution) which some other
SSL/TLS implementations do.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http
such an option, you might be accidentally
linking against a too old libcrypto from Apple.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain
creating self-signed Android
apk signing certificates (which /must/ be valid for at
least 30 years).
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
() together
with libc parsing functions. That would obviously not
work outside the libc time_t range, hence my question
if ASN1_TINE_set_string() avoids that limitation,
despite Victor's suggestion to never use it.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
On 15/07/2015 11:13, Victor Wagner wrote:
On Tue, 14 Jul 2015 20:35:31 +0200
Jakob Bohm jb-open...@wisemo.com wrote:
Does ASN1_TIME_set_string() support dates outside the
time_t range of the local libc?
Why do yo need time dates outside of 64-bit integer range?
Sun would explode into red
then can you start using the resulting fipscanister with
openSSL 0.9.8zg source code to create a fips-capable OpenSSL
library.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non
sible to change the
default to encrypted, confident that adding explicit "-nodes"
to scripts and examples will not fail on any reasonably
maintained systems (including systems where openssl is built
by some upstream OS maker).
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.
On 27/10/2015 03:42, Viktor Dukhovni wrote:
On Tue, Oct 27, 2015 at 02:21:13AM +0100, Jakob Bohm wrote:
More specifically, the issue is that the currently
recommended command "openssl pkey", allegedly silently
omits the encryption when told not to Base64 encode the
encrypted key
certificate? That is my question.
Obvious first check is to see if it is the CA certificate
that issued thecertificate you are checking.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion
not to use HTTPS for CRL and OCSP access
as long as infinite recursion is avoided, preferably
through the choice of server certificates.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion
On 28/10/2015 17:36, Walter H. wrote:
On 28.10.2015 16:44, Jakob Bohm wrote:
On 27/10/2015 21:21, Walter H. wrote:
On 26.10.2015 21:42, rosect...@yahoo.com wrote:
Hi, I need some help on this call.
I am building an OCSP client following guide in openssl and compile
the code in Cygwin
On 28/10/2015 21:58, Walter H. wrote:
On 28.10.2015 18:34, Jakob Bohm wrote:
On 28/10/2015 17:36, Walter H. wrote:
On 28.10.2015 16:44, Jakob Bohm wrote:
On 27/10/2015 21:21, Walter H. wrote:
On 26.10.2015 21:42, rosect...@yahoo.com
<mailto:rosect...@yahoo.com> wrote:
Hi, I need som
or of AEAD suites that are
designed very close to the margins of being secure.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseM
S versions supported in
the source code of that version).
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Manage
be a patent problem and would probably be
disabled in most OpenSSL builds anyway.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors
On 13/11/2015 18:00, Benjamin Kaduk wrote:
On 11/13/2015 09:31 AM, Jakob Bohm wrote:
On 13/11/2015 14:40, Emilia Käsper wrote:
Hi all,
We are considering removing from OpenSSL 1.1 known broken or
outdated cryptographic primitives. As you may know the forks have
already done this but I'd
many
end-users this is also a hurdle they simply can't cross.
And this also allows openssl to change the cryptographic policy in
stable branches without breaking the API/ABI promise. (POODLE, FREAK,
Logjam)
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.w
Also the root certificate you are using.
It is not mandatory to set X509_VERIFY_PARAMs (but typically you at
least want to verify the hostname through a call to
"X509_VERIFY_PARAM_set1_host"). Are you currently do anything like
this?
Enjoy
Jakob
--
Jakob Bohm, CIO, P
with? Also the root certificate you are using.
It is not mandatory to set X509_VERIFY_PARAMs (but typically you at
least want to verify the hostname through a call to
"X509_VERIFY_PARAM_set1_host"). Are you currently do anything like
this?
Enjoy
Jakob
--
Jakob Bohm, CIO, P
bits) keys as the best
current solution where possible.
The (non-classified) current official advice can be read at
https://www.nsa.gov/ia/programs/suiteb_cryptography/index.shtml
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmar
"-binary" mode, no byte value or sequence of byte value
is special, except that explicit use of the "-crlf" option
still works.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public
that myself.
Could you point me to where this (non-obvious) relationship
between options ostensibly doing something else and the
desired effect is documented? The 1.0.1* man-page of s_server
certainly doesn't say that.
On 2 November 2015 at 13:37, Jakob Bohm <jb-open...@wisemo.com
<mailto:j
).
P.S.
On most existing OpenWrt installs, there is actually
plenty of RAM, but a shortage of flash storage space,
though exceptions have occurred.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public
y Google's modified BoringSSL.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones an
of the CryptoAPI 1 structure
named simply PRIVATEKEYBLOB in Windows 2000
documentation.
3. Is this any of the formats used by SSH?
No; the seven characters RSA_NET do not appear in the openssh source.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860
. Is this any of the formats used by SSH?
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones
, Jakob Bohm replied:
J That's an overly general criteria...
Nope, Rich is right on the money.
You are obviously quoting others without deep understanding.
J To objectively consider the potential harm of rarely used code,
J one must clearly determine if there is any way this code could be
J
for a feature, you still ignore all
arguments as to why it is an asset.
Because both methods confirm your prior decisions, you
therefore conclude that you were always right in the
first place.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg
must
have ignored the Reply-To.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones
of SCEP_FAILINFO_BADREQ .
If my interpretation is right, this means you need to look at why the
SCEP server (or whatever else returns that PKCS#7 message) returned
SCEP_FAILINFO_BADREQ.
I don't know much about SCEP specifically, so I cannot dig deeper into
this myself.
Enjoy
Jakob
--
Jakob
implementation
inside a patch which was only supposed to fix security
and build issues.
This is the kind of event which has caused many dists
to cherry pickindividual changes rather than just
following the official releases.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
be used
to determine if the current copy has been compiled without
IDEA, ECC or other optional cipher suites.
This is what happens in the real world when end users run your
compiled program on various Linux distributions, such as Red
Hat vs. OpenSUSE vs. Ubuntu...
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner
l what you
propose to remove.
Enjoy (NOT A CONTRIBUTION)
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service
uot;openssl rsa" command to convert the
encrypted private key files from PKCS#8 format to
"old-openssl/PKCS#1" format.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion mes
On 11/09/2015 23:26, Michael Heide wrote:
Am Fri, 11 Sep 2015 15:07:20 +0200 schrieb Jakob Bohm <jb-open...@wisemo.com>:
2.3.1 RFC2985 form Timestamp countersignature Attribute
This one.
I thought so, many people think this one is proprietary,
not realizing it was in the original
timestamp).
And this file is very new (July 2015), are you sure
it uses the nonstandard EncryptedDigest calculation?
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is n
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
eb 2013
That's kind of old.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs,
ich is
loaded into memory at OpenSSL start up, this is especially
useful if the process will chroot() into a directory that
doesn't contain the certificates.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13
On 15/09/2015 08:06, Michael Heide wrote:
Am Mon, 14 Sep 2015 21:01:49 +0200 schrieb Jakob Bohm <jb-open...@wisemo.com>:
Seems to be a file with the same criteria here.
That one is a big surprise to me.
Thanks.
(if it's a surprise to you, then it's ok to be a surprise for
have very little value, since if that authority signed just
a few timestamps requested by an attacker knowing the method
published in 1999, that attacker now has the ability to sign
anything using any old date as if he was that authority.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http:
On 14/09/2015 17:40, Michael Heide wrote:
Am Mon, 14 Sep 2015 16:39:15 +0200 schrieb Jakob Bohm <jb-open...@wisemo.com>:
Where can I see the actual file (Not the virustotal
description of the signature), I would need to look
at the actual details to make sense of this.
I think you have
ream repo.
Also, isn't GitHub located in the country crypto folk always
try to avoid for legal reasons?
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may c
.
Thanks,
-Steve M.
[*] Many hundreds of vendors, most but not all small companies you never
heard of. Those are the ones who use the #1747 validation directly,
still more do copycat validations.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860
On 30/09/2015 14:28, Steve Marquess wrote:
On 09/30/2015 03:50 AM, Jakob Bohm wrote:
Dear Steve,
Have you considered that their contribution may be of value
to the next/future major version of the open source FIPS
module (which would presumably involve a fresh submission
under updated FIPS
d point; perhaps
you can host a repo? Denmark is relatively right-thinking on this issue.
Unfortunately, that would be problematic due to potentially
conflicting legal obligations.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, De
identical string is tagged differently but
represents the same textual value (because it uses only
the common subset of the two string encodings)?
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public
signature.
At least one of the tools involved is buggy, question is
which one.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseM
On 30/09/2015 16:17, Steve Marquess wrote:
On 09/30/2015 09:58 AM, Jakob Bohm wrote:
On 30/09/2015 15:34, Steve Marquess wrote:
On 09/30/2015 09:18 AM, Jakob Bohm wrote:
...
Under the new "contribution agreement" scheme, publishing such items
early would also make them availabl
On 30/09/2015 15:34, Steve Marquess wrote:
On 09/30/2015 09:18 AM, Jakob Bohm wrote:
...
Under the new "contribution agreement" scheme, publishing such items
early would also make them available to users ...
Publishing by someone else is fine, go for it. It would be nice to have
so
n the know would
explain under which conditions this alternative signature
algorithm is used and/or necessary.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-bind
LSv1.1 capable OpenSSL
* goes here.
*/
#endif
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Mana
lf-hosting platform,
everything is done by cross-compiling on a PC.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remo
On 07/12/2015 11:52, zosrothko wrote:
Hi Jacob
Le 18/09/2015 19:34, Jakob Bohm a écrit :
On 18/09/2015 18:05, zosrothko wrote:
Hi
is there a way to know the supported TLS protocols from the
OPENSSL_VERSION_NUMBER (specifically, the TLSv1_1 and TLSv1_2?
For exemple, I have a code
?
Any help will be greatly appreciated !
One solution (if all else fails) is to implement the
calculations direcly using the bigint functions in
version 1.0.2 and older of OpenSSL.
This has worked very well for me in code that didn't
need FIPS certification.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner
ket.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones
what "Configure" options did you use?
What O/S is this on?
Matt
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
___
openssl-users mailing list
To unsubscribe: https://mta.open
t;> wrote:
On 08/12/15 17:27, Jakob Bohm wrote:
> On 08/12/2015 11:57, Matt Caswell wrote:
>> On 07/12/15 05:18, Jayalakshmi bhat wrote:
>>> Hi All,
>>>
>>> Is there inputs or suggestions.
>> Have you run the tests on this p
can bypass the proxy.
That's assuming stunnel doesn't also play silly buggers with the cipher suite
list.
Wouldn't that extra hop via stunnel cost performance
(noting that Ron is apparently running at faster than
gigabit speed).
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.
an isolated network and
push and get objects out of it using https.
âIf network is fully isolated you could use plain text. Using 'https'
and null encryption is basically just pretending to do security.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transfo
en by a fanatic who put
the "right shift of negative signed values is
undefined" rule above common sense.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-bind
On 10/12/2015 19:13, Benjamin Kaduk wrote:
On 12/10/2015 12:09 PM, openssl-us...@dukhovni.org wrote:
On Dec 10, 2015, at 12:45 PM, Jakob Bohm <jb-open...@wisemo.com> wrote:
On 10/12/2015 18:33, Viktor Dukhovni wrote:
On Thu, Dec 10, 2015 at 04:55:29AM -0700, Jayalakshmi bhat wrote:
/
/Check that the request matches the signature/
/Signature ok/
/The stateOrProvinceName field needed to be the same in the/
/CA certificate (HK) and the request (HK)/
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860
directory layout produced by
c_rehash from OpenSSL 1.0.x, while OpenSSL 0.9.8 can do the
same with the similar but different layout produced by
c_rehash from OpenSSL 0.9.8, either OpenSSL version can
alternatively use a concatenation of all the certs in PEM
format).
Enjoy
Jakob
--
Jakob Bohm, CI
and smaller. For SQL there
is no natural limit however, unless your SQL parser
happens to fail on statements above some arbitrary size.
Enjoy and Merry Christmas
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
is not a part of a
commercial grade full featured SSL/TLS and general purpose
crypto library, it is just a means to do quality assurance
on said library.
Enjoy and Merry Christmas
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31
to optimize allocation
and system call patterns, such as keeping all the
small allocations for a decoded X.509 certificate or
all the intermediaries for an RSA calculation
together.
Enjoy and Merry Christmas
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860
. But I think there is various code that assumes that
char is 8 bit, and I doubt you can get OpenSSL working on such a
system.
Target in question is traditional 32 bit ARM with 32 bit
instructions and 8 bit char.
Looks like a hard to fix compiler bug to me.
Enjoy
Jakob
--
Jakob Bohm, CIO
ets to mask the result down to 8 bits after inlining
in test_is_zero_8(). The missing mask with FF occurs
in multiple functions in the disassembly.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
96 bit truncated HMAC values: Probably not.
Does FIPS mode prevent use of the insecurely designed
'tls-unique' feature: Probably not.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public
thmetic operation elsewhere in the code and ends up
producing the wrong result. Changing from the portable
implementation to the old non-portable implementation
happens to avoid that compiler bug, by pure chance.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transform
m the OP's test scenario?
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones an
trong hash (SHA-256 or
better) of the complete handshake (all handshake
messages in both directions, including record headers).
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussi
joy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones an
r
that future "version 3" FIPS module?
Enjoy and Merry Christmas
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service
citly, by providing that kind of service for so long. And
explicitly,
as pointed out by Hubert:
From the main web page of project:
The OpenSSL Project is a collaborative effort to develop a robust,
commercial-grade, *full-featured*, and Open Source toolkit
implementing the Transport Layer Security
nyone. So are the other public key
exchange algorithms in TLS, but not the PSK algorithms
without PFS.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and m
y.
6. All of this requires a lot more caution and a lot less
arrogance from the people making decisions about changes
in the OpenSSL library and project.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
T
On 23/11/2015 21:36, Karl Vogel wrote:
On Mon, 23 Nov 2015 05:17:33 +0100,
Jakob Bohm <jb-open...@wisemo.com> said:
J> You all seem to misunderstand the fundamental release engineering issues
J> involved.
Actually, we don't.
J> 1. Very shortly after you release Open
at INRIA had given specific names and CVE ids for
each of the issues in their report, such that one might say
"SLOTH-1: Never vulnerable, SLOTH-2: Fixed in 1.0.1f, SLOTH-3:
hypothetical for now, can be fixed with a cipher string
setting, etc. etc." But no such names exist.
Enjoy
Jakob
--
ord for that file written down in an envelope in a locked physical
safe
(its kind of hard to hack a piece of paper in a locked non-electronic
safe over
the Internet...).
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 1
(including OpenSSL) have
their own error string functions that know the library
specific error codes.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may
port 443
https servers, but nothing else, a downloadable copy of the
QualSys code without the policy restrictions of the online
service would be one way of filling the gap.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direc
ed
TLS/SSL sessions.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
-
DER
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
--
openssl-users
passed as a top level parameter have changed between the various
1.0.x patch versions.
You can override their policy by changing one or two settings in the top
level Makefile.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.
601 - 700 of 1144 matches
Mail list logo