Hi,
Please can I enquire what the actual vulnerability is with...
Information leak in pretty printing functions (CVE-2014-3508)
=
A flaw in OBJ_obj2txt may cause pretty printing functions such as
X509_name_oneline, X509_name_print_e
Hi,
Following my previous question, is it possible on OpenSSL 0.9.8 to have secure
renegotiation but turn off client initiated renegotiation.
If so, how?
If not, is it available in later versions of OpenSSL?
The customer has scanned the phone and the scanner has reported a security
problem with
Thanks Dave for the information.
I can confirm the customer wants renegotiation turned off altogether.
No secure renegotiation and no unsafe renegotiation either.
>If what they actually want is to drop the secure renegotiation functionality
>and go back to the old world
>with traditional unsafe r
Dear All,
I am working on an embedded product which has the OpenSSL 0.9.8w library and
acts as a client.
It is communicating with another product which has the OpenSSL 0.9.8e library
and acts as a server.
A customer has supplied the client certificate for the server and the
associated root CA t
C and OpenSSL version
On Tue, May 22, 2012, Simner, John wrote:
> Dear all,
>
> I am working on an embedded product which currently uses OpenSSL 0.9.8w with
> FIPS support.
>
> We have received a request to support ECC and in particular the following
> cipher su
Dear all,
I am working on an embedded product which currently uses OpenSSL 0.9.8w with
FIPS support.
We have received a request to support ECC and in particular the following
cipher suites for ECC certification TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA and
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA.
I ca
HI,
I am using the openSSL 0.9.8q library inconjunction with appWeb 3.3.0 and I
need to remove the TLS renegotiation due to SSL_OP_LEGACY_SERVER_CONNECT being
set by default.
Is there any way that I can do this as part of building the openSSL 0.9.8q
library with ./configure or should I patch the
Hello,
I am using the openSSL 0.9.8q library in conjunction with appWeb 3.3.0 and I
need to remove the TLS renegotiation due to SSL_OP_LEGACY_SERVER_CONNECT being
set by default.
Is there any way that I can do this as part of building the openSSL 0.9.8q
library with ./configure or should I patch