Re: NTP

vulnerable to this: https://github.com/PentesterES/Delorean (tl;dr Man-in-the-Middle) ntp is not secure. openntpd is a more secure implementation of a protocol that is not secure by design. -- Hanno Böck http://hboeck.de/ mail/jabber: ha...@hboeck.de GPG: BBB51E42 pgppRon8i_0_S.pgp Description

[PATCH, libressl] discuss: removal of padding extension?

://www.ietf.org/mail-archive/web/tls/current/msg12143.html cu, -- Hanno Böck http://hboeck.de/ mail/jabber: ha...@hboeck.de GPG: BBB51E42 diff -Naur libressl-2.0.3/include/openssl/tls1.h libressl-2.0.3-1/include/openssl/tls1.h --- libressl-2.0.3/include/openssl/tls1.h 2014-07-11 18:50:56.0

Re: [PATCH, libressl] discuss: removal of padding extension?

for their firmware. They did. The problem is people not updating their firmware. -- Hanno Böck http://hboeck.de/ mail/jabber: ha...@hboeck.de GPG: BBB51E42 signature.asc Description: PGP signature

remaining compression function stubs (patch and potential discussoin)

how much api breakage libressl is willing to accept. However, in the case of egd it was decided against having such stub functions around. Patch to remove compression related stub functions attached. cu, -- Hanno Böck http://hboeck.de/ mail/jabber: ha...@hboeck.de GPG: BBB51E42 diff -Naur

[PATCH] main symbol in libcrypto causes trouble

getentropy_linux.c and wasn't really a function, just a stub of it. Removing it did the trick for me. Is this the right approach? (see patch attached) cu, -- Hanno Böck http://hboeck.de/ mail/jabber: ha...@hboeck.de GPG: BBB51E42 --- libressl-2.0.0/crypto/compat/getentropy_linux.c 2014-07-11 19:41

Re: [PATCH] main symbol in libcrypto causes trouble

On Sat, 12 Jul 2014 10:29:31 +0200 Philip Guenther guent...@gmail.com wrote: On Sat, Jul 12, 2014 at 10:20 AM, Hanno Böck ha...@hboeck.de wrote: I had a number of compilation problems with packages when linking to libressl that I could trace back to the appearance of a main symbol

[PATCH] libressl: add dummy egd functions

on archs that had no egd. See attached patch. What confused me a bit was that openssl returned 0 on RAND_egd when I gave it a bogus parameter (according to the docs -1 should be the error value). Maybe this is a bug in openssl. cu, -- Hanno Böck http://hboeck.de/ mail/jabber: ha...@hboeck.de GPG

libressl portable and openssh portable causes segfault

calls arc4random * arc4random is a compat function both in openssh and libressl * arc4random from openssh uses RAND_bytes Is there some funny recursion going on here? cu, -- Hanno Böck http://hboeck.de/ mail/jabber: ha...@hboeck.de GPG: BBB51E42 signature.asc Description: PGP signature

Re: libressl portable and openssh portable causes segfault

On Fri, 11 Jul 2014 18:12:49 -0600 Bob Beck b...@obtuse.com wrote: You need a more recent OpenSSH. The old versions of OpenSSH did a foolish thing with their portable arc4random, and called RAND_BYTES. New OpenSSH does not do this. I use 6.6p1 which is the latest available. -- Hanno Böck