Re: [openssl-users] ca md too weak

OK, I understand, thanks for your answer! I'll look into building openvpn 2.4.3 from source. F. Delente -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] ca md too weak

On Fri, Oct 6, 2017 at 12:22 PM, Fabrice Delente wrote: > OK, I understand, thanks for your answer! I'll look into building > openvpn 2.4.3 from source. I believe you only have to set Fedora's security policy to allow MD5. That is covered in the Fedora wiki page you were

Re: [openssl-users] ca md too weak

Thanks for your answer too, I had already seen this wiki page before posting but I didn't find in it any info on how to do that; I'll look into it again and try harder then. F. Delente -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] DH_generate_key Hangs

1.0.2 and 1.1.0, whatever the highest letter is, are the supported releases. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] DH_generate_key Hangs

> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of > Jason Qian via openssl-users > Sent: Friday, October 06, 2017 07:14 > The challenge is that,  we are not directly calling RAND_poll(). We just call > DH_generate_key for DH key.  > From the following call stacks,

Re: [openssl-users] DH_generate_key Hangs

Hi Jeff, Checked https://rt.openssl.org/Ticket/Display.html?id=2100= guest=guest and it seems exactly the same issue I have. I have moved to 1.0.1c. One question is where can I find the patch ? I have the built environment and I can build myself. Thanks for the help Jason On Thu, Oct

Re: [openssl-users] DH_generate_key Hangs

Hi Salz, I have built the 1.1.0f with vc10 ( have to move some header files) Is the OpenSSL 1.1.0f supported version ? Thanks Jason On Thu, Oct 5, 2017 at 3:31 PM, Salz, Rich wrote: > >- Compared code of RAND_poll(void) between 1.0.1 and 1.0.2 and it >

Re: [openssl-users] DH_generate_key Hangs

Okay, you seem to be looking for an answer and there isn’t one. The release you are using has problems when it decided to walk the heap. The release you are using WILL NOT BE FIXED. Change your code, backport the fix, or move to a more modern release. Sorry, there is no other way. --

Re: [openssl-users] DH_generate_key Hangs

Thanks, On Fri, Oct 6, 2017 at 9:36 AM, Salz, Rich wrote: > Okay, you seem to be looking for an answer and there isn’t one. > > > > The release you are using has problems when it decided to walk the heap. > The release you are using WILL NOT BE FIXED. > > > > Change your code,

Re: [openssl-users] ca md too weak

> Until two days ago I used OpenVPN to connect to my workplace, on a > non-security sensitive tunnel (just for convenience). > > However, OpenSSL updated on my machine (Fedora 26), and now the > certificate is rejected: > > ... > routines:SSL_CTX_use_certificate:ca md too weak > Fri Oct 6

[openssl-users] ca md too weak

Hello, Until two days ago I used OpenVPN to connect to my workplace, on a non-security sensitive tunnel (just for convenience). However, OpenSSL updated on my machine (Fedora 26), and now the certificate is rejected: Fri Oct 6 17:25:06 2017 OpenVPN 2.4.4 x86_64-redhat-linux-gnu [SSL (OpenSSL)]

Re: [openssl-users] DH_generate_key Hangs

Thanks Jeff, The challenge is that, we are not directly calling RAND_poll(). We just call *DH_generate_key* for DH key. >From the following call stacks, you can see the RAND_poll() is triggered by ssleay_rand_bytes. libeay32d.dll!*RAND_poll*() Line 572 C

Re: [openssl-users] ca md too weak

Hi, On 06/10/17 17:26, Fabrice Delente wrote: Hello, Until two days ago I used OpenVPN to connect to my workplace, on a non-security sensitive tunnel (just for convenience). However, OpenSSL updated on my machine (Fedora 26), and now the certificate is rejected: Fri Oct 6 17:25:06 2017

[openssl-users] Double free of session occurs in multithread program.

Hello, I am using OpenSSL's API to create multithreaded programs. Check the contents of the program in ssl_test.c. I have the following two questions. The purpose of the question is to create a program that does not cause double free. Question 1. Is this program correct as a program without

Re: [openssl-users] Openssl FIPS 186-4 Patch

➢ This FIPS186-4 is not just about SHA. It basically about the key generation parameters. Especially I am looking for RSA key generation parameters wrt FIPS 186-4. I do not know how you got the opinion that OpenSSL has 186-4 support. It does not. Perhaps other people have written