So I have a server I connect to that replies “insufficient security” when I
connect with an ssl23 client helo from openssl 1.0.2. However when I connect
with any of ssl3-tls1.1 client helo it works. It doesn’t work if I try to
connect with a tls1.2 client helo. I am trying to narrow down the
See: https://www.openssl.org/blog/blog/2016/08/24/sweet32
> On Sep 15, 2017, at 11:52 AM, Dave Serls wrote:
>
>
> A file DES3 encrypted here by OpenSSL 1.0.1t 3 May 2016 (Debian 7 or earlier
> version) is not accessible
> by OpenSSL 1.1.0f 25 May 2017 (Debian 9). Is
>
>># tcpdump -s0 -w /some/file tcp port 16370
>>
>> and post the the decode from:
>>
>>$ tshark -r /tmp/p2 -d tcp.port==16370,ssl -V |
>>sed -ne '/^Secure Sockets Layer/,/^$/p'
>>
>> Or just attach the PCAP file to
Is there a way to enable one or both of those ciphers in OpenSSL?
> On Apr 18, 2017, at 1:28 PM, Jason Schultz wrote:
>
> RSA_With_AES_128_CBC_SHA and RSA_With_3DES_EDE_CBC_SHA
--
openssl-users mailing list
To unsubscribe:
Verify return code: 0 (ok)
Extended master secret: no
---
> On Apr 14, 2017, at 2:49 PM, Viktor Dukhovni <openssl-us...@dukhovni.org>
> wrote:
>
>
>> On Apr 14, 2017, at 9:48 AM, Joseph Southwell <jsouthw...@serengeti.com>
>> wrote:
>>
>>
Version 1.1 openssl
openssl.exe s_client -connect hostname:16370 -starttls ftp
CONNECTED(0104)
877788:error:1409442F:SSL routines:ssl3_read_bytes:tlsv1 alert insufficient
security:ssl\record\rec_layer_s3.c:1385:SSL alert number 71
The host I am connecting to apparently only supports the
Are you suggesting that I should modify openssl myself to expose that
functionality or are suggesting that there is a way to do that given the
already exposed functionality? If it is the latter could you point me in the
right direction?
> On Mar 15, 2017, at 2:21 PM, Salz, Rich via
On any new install of our software we generate new dh parameters as follows…
DH *dh = DH_new();
!DH_generate_parameters_ex(dh, 2048, 2, NULL);
int codes = 0;
DH_check(dh, );
DH_generate_key(dh);
It takes a long time. Is there some way to have it use all available cores
instead of just the
We upgraded from 0.9.8 to 1.0.2 and now we are seeing that message when we try
connecting to a server that previously worked. What does it mean and how can I
figure out how to work around it? I can’t get the server to change anything and
I need to be able to continue connecting to it.
openssl