On Tue, Sep 11, 2018, 13:10 Kurt Roeckx wrote:
> On Tue, Sep 11, 2018 at 04:59:45PM +0200, Juan Isoza wrote:
> > Hello,
> >
> > What is the better way, for anyone running, by example, Apache or nginx
> on
> > a popular Linux districution (Ubuntu, Debian, Suse) and want support TLS
> > 1.3 ?
> >
On Fri, Mar 17, 2017 at 12:06 PM, Michael Wojcik
wrote:
>
>> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
>> Of Neptune
>> Sent: Friday, March 17, 2017 09:26
>> To: openssl-users@openssl.org
>> Subject: [openssl-users] Static FIPS Library
Just FTR...
http://www.osnews.com/story/28933/Blue_Lion_new_OS_2_distribution_due_2016
Not that I'd take that as a mandate to preserve support... We are having
the same internal dialog at the ASF httpd project and coming to the same
conclusions.
On Mar 17, 2016 1:36 PM, "Salz, Rich"
On Tue, 21 May 2013 16:12:45 +0530
Abhijit Ray Chaudhury abhijit.ray.chaudh...@gmail.com wrote:
Hi,
I have compiled openssl-fips and openssl in Windows CE 6. But when I
run fips_premain_dso.exe libeay32.dll in target environment I get
following error:
=
On Tue, 21 May 2013 16:12:45 +0530
Abhijit Ray Chaudhury abhijit.ray.chaudh...@gmail.com wrote:
Which means GetProcAddress is failing for symbol name
FINGERPRINT_premain. But if I do dumpbin /exports libeay32.dll, I
can see the symbol FINGERPRINT_premain exported.
Quote that output line from
/dev/random is your culprit... your config isn't 100% transportable between
Solaris and linux.
Sent from my Verizon Wireless 4G LTE Phone
-Original message-
From: Ruiyuan Jiang ruiyuan_ji...@liz.com
To: openssl-users@openssl.org openssl-users@openssl.org
Sent: Mon, Jan 23, 2012
On 1/18/2012 9:57 AM, Brooke, Simon wrote:
Sadly, removing -fomit-frame-pointer does not work.
Isn't that the default behavior for -O3?
__
OpenSSL Project http://www.openssl.org
User Support
On 11/1/2011 8:35 PM, Bin Lu wrote:
Do you have an answer for my question below? Is the fips-2.0-test code
branched off from a
FIPS-capable version? Which version is it based on if yes?
AIUI, fipscanister doesn't include TLS 1.2. Nor 1.0, nor SSLv3 or v2.
That's the beauty of proper
On 10/5/2011 10:08 AM, Dr. Stephen Henson wrote:
On Tue, Oct 04, 2011, William A. Rowe Jr. wrote:
On 10/4/2011 10:45 PM, Bill Durant wrote:
But when I run it under Windows NT, I get the following run-time error:
The procedure entry point Module32NextW could not be located
On 10/4/2011 10:45 PM, Bill Durant wrote:
Does anyone know how to produce a FIPS-capable OpenSSL that works on Windows
NT?
It's likely not possible...
But when I run it under Windows NT, I get the following run-time error:
The procedure entry point Module32NextW could not be
On 5/7/2011 7:16 AM, Justin Schoeman wrote:
It does not matter which of these I try, openssl always binds to '::1:8008',
which does
not accept IPV4.
I have tried various combinations of:
BIO_new_accept(0.0.0.0:8008)
This syntax should have bound to all IPv4 interfaces alone,
so as
On 3/6/2011 3:48 PM, Tim Hudson wrote:
In the example of building the openssl FIPS *capable* distribution, it
seems one should take the distribution from the official
openssl.org/source website and validate it using PGP. However,
FreeBSD ships openssl distribution within its source tree.
On 1/31/2011 1:07 PM, John R Pierce wrote:
On 01/31/11 10:55 AM, Harshvir Sidhu wrote:
Hi,
Can we use OpenSSL lib with Managed C++? Thanks.
can you call native C style DLL's from this 'Managed C++' (whatever that
is) ? my
initial google of 'Managed C++' indicates its a Microsoft .NET
On 1/6/2011 12:23 PM, Garry S Ditzler wrote:
Can you tell me if OpenSSL 0.9.7 is still supported?
Yes, the answer is no, it is not.
__
OpenSSL Project http://www.openssl.org
User Support Mailing
On 11/18/2010 10:36 AM, Dr. Stephen Henson wrote:
A 1.0.0c release is planned in the next few days. We're just seeing if any
other issues arise before the release: a couple have been fixed already.
Have any observed issues affected 0.9.8p? If so, is there a planned .8q?
On 11/18/2010 12:05 PM, Victor Duchovni wrote:
None that are publically visible. You can check for yourself:
No commits to the 0.9.8 branch after the release of 0.9.8p.
http://cvs.openssl.org/chngview?cn=19996
I was aware of this. It's why I raised the question, if any of these were
On 10/13/2010 3:31 PM, Bill Durant wrote:
I am interested in building the static version of the FIPS-capable OpenSSL as
an universal
binary.
Three builds, per spec, of the FIPS canister. No tweaks, no exceptions to
the security policy.
Then it's possible but non-trivial to integrate these
On 10/13/2010 7:22 PM, Bill Durant wrote:
On Oct 13, 2010, at 5:19 PM, William A. Rowe Jr. wrote:
On 10/13/2010 3:31 PM, Bill Durant wrote:
I am interested in building the static version of the FIPS-capable OpenSSL
as an universal
binary.
Three builds, per spec, of the FIPS canister
On 9/30/2010 11:42 AM, Jakob Bohm wrote:
In Windows XP, Microsoft introduced their own badly designed idea of
versioned so-names in the form of so-called Assemblies. Unless
you are writing .NET code, you should really avoid that nonsense.
I expect SxS packages for openssl (and several other
On 8/3/2010 1:17 PM, William A. Rowe Jr. wrote:
On 8/3/2010 10:05 AM, Bryan wrote:
I see a fips directory in 0.9.8o. If I'm building OpenSSL with FIPS
on cygwin, should I use the openssl-fips, or use the 0.9.8o tarfile?
This is well documented in the FIPS user guide and security policy
On 8/3/2010 10:05 AM, Bryan wrote:
I see a fips directory in 0.9.8o. If I'm building OpenSSL with FIPS
on cygwin, should I use the openssl-fips, or use the 0.9.8o tarfile?
This is well documented in the FIPS user guide and security policy, and
if you haven't read them in detail, what you are
On 7/9/2010 9:05 AM, Steve Marquess wrote:
Mark Parr wrote:
Use of the FIPS OpenSSL is a mandated thing and not just something that we
are looking to do for the fun of it. In fact, the base OpenSSL was working
fine using the FIPS AES 256 encryption in a non FIPS Certified mode.
...
Yes,
On 6/24/2010 4:04 AM, Deckers, Rob wrote:
Creating library out32dll\libeay32.lib and object out32dll\libeay32.exp
IF EXIST out32dll\libeay32.dll.manifest mt -nologo -manifest
out32dll\libeay32.dll.manifest -outputresource:out32dll\libeay32.dll;2
mt: Unknown option -n
Usage: mt
On 6/17/2010 10:10 PM, Dave Thompson wrote:
From: owner-openssl-us...@openssl.org On Behalf Of JC Yang
Sent: Wednesday, 16 June, 2010 23:53
Hi, I'm new to openssl. I've just compiled openssl with Visual C++
2008,
I've read the installation guide and added the debug
On 6/16/2010 12:10 PM, Dr. Stephen Henson wrote:
Those for the bleeding egde development version are also available online too,
see: http://www.openssl.org/docs/ the API doesn't change that much so those
will be largely accurate for older versions of OpenSSL.
The examples at the bottom of
On 6/2/2010 11:08 AM, Alona Rossen wrote:
Building dynamic library on HP-UX fails despite I explicitly specify
‘shared’ as Configure argument:
./Configure hpux64-ia64-cc -D_REENTRANT shared
Why are you adding -D for _REENTRANT?
I did a very similar build last week, no such problems, would
On 6/2/2010 4:04 PM, Alona Rossen wrote:
This is a suggested configuration. -D stands for preprocessor define.
The reason I ask is that the entries in Configure should provide the
necessary defines, and if not, that is a bug. As it was 'suggested',
we'll just presume things are fine w/w-o it.
On 4/15/2010 12:42 PM, Adam Grossman wrote:
hello,
i had my code running on 0.9.8e without any issues. i upgraded to
0.9.8n, and now when my server initiates a renegotiation with the client
(which is either IE or Firefox), SSL_renegotiation returns a 0. i
understand from the CHANGELOG the
On 4/13/2010 4:49 PM, 芦翔 wrote:
Dear all,
I am trying to add the security flavor to an application. To achieve
this objective, I wrote the codes to establish a security tunnel between
the server and the client with VC2008. When I build the whole project,
there are tens of similar errors.
On 4/7/2010 12:33 PM, Ryan Pfeifle wrote:
While we are on the subject of Unicode, there are other areas of OpenSSL
that need Unicode support added, in particular handling of paths and
filenames on UTF16-based filesystems that require wchar_t* parameters.
For instance, on Windows, OpenSSL
On 3/30/2010 10:58 AM, Gatewood (Woody) Green wrote:
I assume the 2010 limit on new validations is the impending finalization
of 140-3.
What you are thinking of won't be designated 140-3, it's not sequential,
there is such a FIPS level already. Probably FIPS-{new}-2 or FIPS-140-2 2010
or
On 3/31/2010 4:21 PM, Gatewood (Woody) Green wrote:
Actually, no 140-3 will be successor to 140-2 which is successor to
140-1. The hyphenated number is a release version.
Woody, thanks for this clarification...
You are trying to talk about FIPS 140-2, Level 3 certification in your
On 1/18/2010 2:42 PM, Kyle Hamilton wrote:
The way that the FIPS module verifies its signature is that it forces
itself to load (via a pre-main() section) and then calculate the
checksum of the image in-core. Probably the reason why you're running
into issues is because of the fixup step of
James Baker wrote:
The problem does occur with full admin privileges.
To be 100% clear, this is full admin with no UAC? UAC will drop privilege
of an app seemingly running as 'administrator'.
__
OpenSSL Project
Dave Thompson wrote:
From: owner-openssl-us...@openssl.org On Behalf Of Pankaj Aggarwal
Sent: Tuesday, 25 August, 2009 05:06
I am using cygwin on windows xp to compile FIPS Openssl 1.2 using
Visual studio 2005.
Apparently you mean cygwin _perl_. The MS compiler and
William A. Rowe, Jr. wrote:
Dave Thompson wrote:
From: owner-openssl-us...@openssl.org On Behalf Of Pankaj Aggarwal
Sent: Tuesday, 25 August, 2009 05:06
I am using cygwin on windows xp to compile FIPS Openssl 1.2 using
Visual studio 2005.
Apparently you mean cygwin _perl_
[EMAIL PROTECTED] wrote:
In the previous post, another subscriber suggested patching SunStudio 11.
I applied all the patches I could find on SunSolve (namely, 120761-03,
121023-04, and 122142-03.) I'm getting the same result, so I'm really
baffled at this point. Any suggestions would be
Michael Durket wrote:
There seem to be a few problems successfully building OpenSSL
on a Sun T2000 running Solaris 10 using the Sun Studio 11
compiler suite.
I ignored those warnings and ran make which appeared to
work. However, after doing a 'make test' I received this
error:
Because Solaris has a loop unroll optimization bug.
Apply all the latest patches to SunStudio 11 and it should work. Please
check back in to let us know.
It's a really high level bug - because it hit both sparc and x86 :)
Donny Dinh wrote:
I managed to get the solaris build to work properly
Michael - just to rest your mind - you might want to examine both wsock32.dll
and winsock2.dll using DEPENDS.EXE.
You'll find the results are interesting :)
__
OpenSSL Project
Brown, Michael A wrote:
I’m looking at an app where the app and all libs/DLLs it uses EXCEPT
openssl use ws2_32, and openssl uses wsock32. Is this a problem or can
the two coexist peacefully? It makes me somewhat uneasy.
Well, using winsock period makes me uneasy ;-)
Seriously - no - there's
Marek Marcola wrote:
Hello,
I have read the advisory an I am a bit puzzled regarding the there are
CAs using exponent 3 in wide use comment, I have tried to check and
could not found any CA using this exponent, all the CA’s I have seen
are using 0x10001 (CA’s I have generate by OpenSSL using
Ryan Shon wrote:
I work for nFocal, a company in
Rochester, New York. We want to develop a variant of OpenSSL
in which we optimize the cryptography library to run on
a particular DSP. The other components of OpenSSL would remain
unchanged except where needed to utilize our custom library.
Thomas J. Hruska wrote:
Now compare that number to how many hackers know and care about the same
information.
None. If an exploit exists, it will be exploited. You are a fool if you
expect that a hacker would rely on the reported version number to elect
one of the dozens of past exploits.
Randy Turner wrote:
I would probably consider the publishing of the openssl version on the web
server announcment message as a security issue.
And some of us would laugh in your general direction ;-)
Exploiters don't need to know, they can just persist till they find
a known exploit.
David Schwartz wrote:
Notice the two persistent connection headers returned? And, in practice,
the connection is in fact persistent. If you were correct, the server would
ignore the Connection header since it has no meaning. Try it without a
connection header and you will see the
httpd's scripts are known to the autoconf community as gross bastardizations
of intent of autoconf, so forwared ;-) But they do illustrate verifying the
version of openssl, take a look at APACHE_CHECK_SSL_TOOLKIT in;
http://svn.apache.org/repos/asf/httpd/httpd/trunk/acinclude.m4
Matt England
Kendall, Jerry wrote:
Now, I have a Unix Project that runs wonderfully on Linux/Aix/Solaris…..
There are two lines of code that cause a windows exception.
PEM_write_PrivateKey(fp, NewKeyReq, Cipher, GetCode(0),strlen(GetCode(0)),
NULL, NULL);
PEM_write_X509(fp, x509_Cert);
Did you
I heard 'very soon now' :)
Tinnerello, Richard wrote:
Can anyone say when the openssl-fips-1.1.tar.gz distribution announced
on Saturday will be available for download? Thanks!
Richard
__
OpenSSL Project
Kyle Hamilton wrote:
It will violate the FIPS security policy. That much has been stated,
but there's been no workaround that I'm aware of to select alternate
options like that.
Right, not with openssl ./config. However, some folks might want to consider
if their compiler environment can be
hunter wrote:
On 5/7/06, William A. Rowe, Jr. [EMAIL PROTECTED] wrote:
Typically one links to the static library then, which of course will only
link in .obj files that are consumed. One bit of OpenSSL magic are the
seperate objects which create a (relatively) quite small binary
Mike Ehlert wrote:
but what I'm after now is some information on any tricks to compiling
the DLL's with only the features needed for my application to reduce
their size.
Typically one links to the static library then, which of course will only
link in .obj files that are consumed. One bit of
Bill Angus wrote:
I'm having a little trouble with setting up a secure server on windows
with openssl and Apache2 + Mod_SSL.
Well, you are in the wrong place, this should be on [EMAIL PROTECTED]
Neverminding that blunder, and possibly aggrivating your good openssl user
supporters by
William A. Rowe, Jr. wrote:
Bill Angus wrote:
I'm having a little trouble with setting up a secure server on windows
with openssl and Apache2 + Mod_SSL.
The config I am attempting to use for the secure directory is as below.
listen 443
...
VirtualHost *:443
Why *:443? stop and consider
Rovan, Jim (IMS) wrote:
When I attempt to follow the instructions from the Compilation of
OpenSSL-fips-1.0 under Windows thread (2006-03-31) to build fips
OpenSSL for Borland Builder 5, I can make it through the point where I
run ms\do_nasm fips to create bcb.mak for the 0.9.7 snapshot. But
[EMAIL PROTECTED] wrote:
I am unable to install openssl 0.9.8a as I sent earlier. Here is make
report:
Compiler: gcc version egcs-2.91.66 19990314/Linux (egcs-1.1.2
release)
EEEK! 2.91? Really?
Try a more modern compiler that understands modern assembly syntax.
Jie Zhang wrote:
Hello everybody,
I am not able to debug into the OpenSSL library(openssl-0.9.8a) with my Microsoft
Visual C++ .net IDE.
But during my application execution, I got:
'alfssl2_server.exe': Loaded
'C:\Jie\vscode\alfssl2_work_client\Debug\ssleay32.dll', Symbols loaded.
Venkata Sairam wrote:
I am also encountering the same problem. I tried adding in options as
suggested. I had modified the CFLAG and LFLAG as below.
CFLAG= /MD /Ox /O2 /Zi /Oy /Ob2 /W3 /WX /Gs0 /GF /Gy /nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32
Richard Levitte - VMS Whacker wrote:
In message [EMAIL PROTECTED] on Sat, 18 Mar 2006 02:27:18 -0500, Hector Santos
[EMAIL PROTECTED] said:
ssluser I have multiple applications using OPENSSL 0.9.7c and I'm finally
getting
ssluser around to updating it.
ssluser
ssluser Can I just use the new
Doug Frippon wrote:
I mean instead of just writting tmp\e_os.h in your config file ( there
one probably) write down c:\openssl-0.9.8a\tmp\e_os.h
maybe mingw32 couldn't find tmp\e_os.h and need the full path to that file
Certain that \o isn't a quoted o in this context? Forward or doubled-back
Chandi Bernier wrote:
My point was... why on Linux did I need only libssl and to compile the
same client on Windows/MinGW requires libssl and libeay32.
Something's wrong.
You either want libssl + libcrypto, or libssl32 + libeay32.
On Linux the reason it -probably- worked is that
1.
William A. Rowe, Jr. wrote:
Chandi Bernier wrote:
My point was... why on Linux did I need only libssl and to compile the
same client on Windows/MinGW requires libssl and libeay32.
Something's wrong.
You either want libssl + libcrypto, or libssl32 + libeay32.
Whoops - you either want
Tinnerello, Richard wrote:
Hello,
I'm having trouble building 0.9.7i on a Solaris 10 on x86 (Opteron)
machine. I configured manually with:
./Configure solaris-x86-gcc --prefix=/sci/openssl-0.9.7i no-idea no-rc5
no-mdc2 fiips
make depend is OK, but make gets this compile error:
Fabro, Loic wrote:
Hum... I remove support for IDEA (and no fPIC) and now the test is segfaulting..
make clean
make depends
?
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
Matthias wrote:
Kyle Hamilton wrote:
Did you make sure to remove %SYSTEMROOT%\system32\ssleay32.dll and
libeay32.dll? Just running the uninstaller doesn't get rid of them.
No, I forgot that. Sorry, my fault.
I now replaced those two DLLs with the ones I compiled myself.
Good news: in
Matthias wrote:
I deleted all ssl-related DLLs on my system now.
When I compile OpenSSL as described in INSTALL.W32, point the include
library directory of my example program on openssl\out32dll, recompile
my example program, copy the 2 DLLs from openssl\out32dll to my
example project
Daniel Maag wrote:
Hi,
I am trying to compile OpenSSL V0.9.8a.
Visual Studio 2005 has several functions deprecated
(read,write,fileno).
Honestly, I don't believe that OpenSSL should waste cycles to support any
compiler that deliberate moves away from posix. Fairly certain it's MS's
goal
TLSv1_server_methods() do not speak the crufty old SSLv2 garbage, you
can't connect to it using a multi-protocol handshake.
For maxiumum portability use SSLv23_server_methods()
On the client side it doesn't matter, if you want a TLSv1 connection
only, then by all means use
If you want to submit and have considered by the httpd project, perhaps you
ment to submit it there?
Nice work b.t.w.
Bill
Peter Sylvester wrote:
Hello,
I just have put together the small patch for apache 2.2.0 which allows
to use the sernername extension
logic in the development snapshot
kadir iscmng wrote:
I downloaded and installed SFU35SEL_EN.exe (Windows Services for UNIX) software
I'll just warn you you've wandered deep, deep into uncharted waters :)
The native win32 build is the only one most folks support. Some have invested
effort and energy into getting 1.3 cygwin
Jörg Eyring wrote:
Hi everybody,
we have a new platform - Macs with Intel processors.
Is there a chance to build a static library (i386 code) for linking in Xcode
2.2? A static library with ppc code has been done already. I'd like to end
up with a Universal Binary of my code.
For fun;
Bernhard Froehlich wrote:
Dan Peacock wrote:
I've got a production site running OpenSA 1.0.4 (which uses OpenSSL
0.9.6c, Apache 1.3.27, and mod_ssl 2.8.11) and we need to upgrade it
to plug the security holes that this version has. Is there anything
that I can do to upgrade this install? Can
Dudue Doo wrote:
I would like to implement a C++ program that will use openssl to encrypt
packets using AES 128 bit key.
However, the problem is that I live in the US. Does this mean that I
will be breaking the export control law if I put the program on a server
for others to download? I
73 matches
Mail list logo