[openssl-users] DTLS with multiple clients

2018-04-04 Thread Varun Kulkarni
Hi, I was able to get DTLS work with the latest version of openssl with a single client and server. However, I was unable to get it to work with multiple clients. The first client completes the handshake and works well. But however the function DTLSv1_listen returns 1 immediately even for an

Re: [openssl-users] SSL_CTX_set_tlsext_ticket_key_cb - creating a valid ctx and hmac ctx in callback.

2018-04-04 Thread Henderson, Karl via openssl-users
Thanks for the response - yes, I do understand I'm re-purposing this mechanism in a creative way. At this time, it's just for experimental purposes. On 4/3/18, 5:34 PM, "Viktor Dukhovni" wrote: > On Apr 3, 2018, at 11:00 AM, Henderson, Karl via openssl-users

[openssl-users] AES-GCM cipher in TLS

2018-04-04 Thread PS
I am trying to decrypt TLS 1.2 records that is using the TLS_AES_128_GCM_SHA256 cipher-suite using openssl's EVP API. Per RFC 5246, decryption needs 4 inputs. " In order to decrypt and verify, the cipher takes as input the key, nonce, the "additional_data", and the AEADEncrypted value.

[openssl-users] make test failure OpenSSL 1.0.2o

2018-04-04 Thread Jerry L
Compiled OpenSSL on AIX 7.1.5.2 using gcc, I used the same Configuration options that I have been using for 5 years: Configure aix-gcc zlib fips shared When running make test, I am getting the following: test_bad_dtls ../util/shlib_wrap.sh .bad_dtls_test test_fatalerr

Re: [openssl-users] [External] Re: Correct the check of RSA_FLAG_SIGN_VER

2018-04-04 Thread Eichenberger, John
Honeywell Internal Your answer #1 below presumes that RSA_new_method() is called AFTER RSA_set_method(). Is that a valid presumption? How is that documented as a requirement? When the flag is set in a call to RSA_set_method() after a call to RSA_new(), the flag gets ignored with the current

Re: [openssl-users] make test failure OpenSSL 1.0.2o

2018-04-04 Thread Matt Caswell
On 04/04/18 16:38, Jerry L wrote: > Compiled OpenSSL on AIX 7.1.5.2 using gcc, I used the same Configuration > options that I have been using for 5 years: > >     Configure aix-gcc zlib fips shared > > When running make test, I am getting the following: > >  test_bad_dtls > >    

Re: [openssl-users] Workaround for "SSL_CTX_use_certificate:ca md too weak"

2018-04-04 Thread Salz, Rich via openssl-users
You need to change your server config (however it is done), so that it gets @SECLEVEL=0 into the cipher string. See the ciphers manpage for description of security levels. You can also edit openssl source and rebuild/relink, but that shouldn’t be necessary. -- openssl-users mailing list To

[openssl-users] Workaround for "SSL_CTX_use_certificate:ca md too weak"

2018-04-04 Thread pratyush parimal
Hi everyone, I'm upgrading a server application from using OpenSSL 1.0.2n to using OpenSSL 1.1.0g. I noticed that after the upgrade, some SSL certs get rejected because they use an MD5 digest, with the error: "SSL_CTX_use_certificate:ca md too weak" While I could ask clients to get a better CA

[openssl-users] (no subject)

2018-04-04 Thread Guido
Gesendet von Mail für Windows 10 -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] (no subject)

2018-04-04 Thread Guido
Gesendet von Mail für Windows 10 -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users