OpenSSL version 1.1.1 pre release 9 published

classic Classic list List threaded Threaded
23 messages Options
12
Reply | Threaded
Open this post in threaded view
|

OpenSSL version 1.1.1 pre release 9 published

openssl
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512


   OpenSSL version 1.1.1 pre release 9 (beta)
   ===========================================

   OpenSSL - The Open Source toolkit for SSL/TLS
   https://www.openssl.org/

   OpenSSL 1.1.1 is currently in beta. OpenSSL 1.1.1 pre release 9 has now
   been made available. For details of changes and known issues see the
   release notes at:

        https://www.openssl.org/news/openssl-1.1.1-notes.html

   Note: This OpenSSL pre-release has been provided for testing ONLY.
   It should NOT be used for security critical purposes.

   The beta release is available for download via HTTP and FTP from the
   following master locations (you can find the various FTP mirrors under
   https://www.openssl.org/source/mirror.html):

     * https://www.openssl.org/source/
     * ftp://ftp.openssl.org/source/

   The distribution file name is:

    o openssl-1.1.1-pre9.tar.gz
      Size: 8411103
      SHA1 checksum: 01a42e93a34746340974b9fafe960226f7d10ff7
      SHA256 checksum: 95ebdfbb05e8451fb01a186ccaa4a7da0eff9a48999ede9fe1a7d90db75ccb4c

   The checksums were calculated using the following commands:

    openssl sha1 openssl-1.1.1-pre9.tar.gz
    openssl sha256 openssl-1.1.1-pre9.tar.gz

   Please download and check this beta release as soon as possible.
   To report a bug, open an issue on GitHub:

    https://github.com/openssl/openssl/issues

   Please check the release notes and mailing lists to avoid duplicate
   reports of known issues. (Of course, the source is also available
   on GitHub.)

   Yours,

   The OpenSSL Project Team.

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAlt8Ah8ACgkQ2cTSbQ5g
RJGYTAgAm4xPeNBGKAsmA9eoRm8FkQHew1zhf9G2P677n26+JKwoUBx7O6c/zhKV
c9wP5xjvDl3KlUNw3gga2URIE95wj4RGMOcLUxWEVci+oR7luRXDocJKcAfppLcl
50T4OKL/5tqtAodI700t42SlA4EWyZIv+Kt5YMzQnkbbelGqFA8Loi1yDks+JwWU
2xlx4ukAvCNUuHvKIs85QaRi5PSWRZHE4o49ijP+ynUSxSqjGTLpeW+Ij6pHOH+e
2rKAScmx1Ll3ZK50dVnlWif6H7hjftWclqbNXrGy76SUQjmmzi1vxAm8ftmgUZEP
qXxGwJpfpCirNBHPSXeaMSe4thZeCw==
=etGy
-----END PGP SIGNATURE-----
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: OpenSSL version 1.1.1 pre release 9 published

Robert Moskowitz
Thanks!

Once Fedora beta picks this up, I will run my scripts against it and see
if all cases of hash with ED25519 are fixed.

On 08/21/2018 08:36 AM, OpenSSL wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
>
>     OpenSSL version 1.1.1 pre release 9 (beta)
>     ===========================================
>
>     OpenSSL - The Open Source toolkit for SSL/TLS
>     https://www.openssl.org/
>
>     OpenSSL 1.1.1 is currently in beta. OpenSSL 1.1.1 pre release 9 has now
>     been made available. For details of changes and known issues see the
>     release notes at:
>
>          https://www.openssl.org/news/openssl-1.1.1-notes.html
>
>     Note: This OpenSSL pre-release has been provided for testing ONLY.
>     It should NOT be used for security critical purposes.
>
>     The beta release is available for download via HTTP and FTP from the
>     following master locations (you can find the various FTP mirrors under
>     https://www.openssl.org/source/mirror.html):
>
>       * https://www.openssl.org/source/
>       * ftp://ftp.openssl.org/source/
>
>     The distribution file name is:
>
>      o openssl-1.1.1-pre9.tar.gz
>        Size: 8411103
>        SHA1 checksum: 01a42e93a34746340974b9fafe960226f7d10ff7
>        SHA256 checksum: 95ebdfbb05e8451fb01a186ccaa4a7da0eff9a48999ede9fe1a7d90db75ccb4c
>
>     The checksums were calculated using the following commands:
>
>      openssl sha1 openssl-1.1.1-pre9.tar.gz
>      openssl sha256 openssl-1.1.1-pre9.tar.gz
>
>     Please download and check this beta release as soon as possible.
>     To report a bug, open an issue on GitHub:
>
>      https://github.com/openssl/openssl/issues
>
>     Please check the release notes and mailing lists to avoid duplicate
>     reports of known issues. (Of course, the source is also available
>     on GitHub.)
>
>     Yours,
>
>     The OpenSSL Project Team.
>
> -----BEGIN PGP SIGNATURE-----
>
> iQEzBAEBCgAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAlt8Ah8ACgkQ2cTSbQ5g
> RJGYTAgAm4xPeNBGKAsmA9eoRm8FkQHew1zhf9G2P677n26+JKwoUBx7O6c/zhKV
> c9wP5xjvDl3KlUNw3gga2URIE95wj4RGMOcLUxWEVci+oR7luRXDocJKcAfppLcl
> 50T4OKL/5tqtAodI700t42SlA4EWyZIv+Kt5YMzQnkbbelGqFA8Loi1yDks+JwWU
> 2xlx4ukAvCNUuHvKIs85QaRi5PSWRZHE4o49ijP+ynUSxSqjGTLpeW+Ij6pHOH+e
> 2rKAScmx1Ll3ZK50dVnlWif6H7hjftWclqbNXrGy76SUQjmmzi1vxAm8ftmgUZEP
> qXxGwJpfpCirNBHPSXeaMSe4thZeCw==
> =etGy
> -----END PGP SIGNATURE-----

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: OpenSSL version 1.1.1 pre release 9 published

Matt Caswell-2


On 21/08/18 16:24, Robert Moskowitz wrote:
> Thanks!
>
> Once Fedora beta picks this up, I will run my scripts against it and see
> if all cases of hash with ED25519 are fixed.

Unfortunately the command line usability changes for this didn't make it
into the beta. They should still be in the final release.

Matt


>
> On 08/21/2018 08:36 AM, OpenSSL wrote:
>
>     OpenSSL version 1.1.1 pre release 9 (beta)
>     ===========================================
>
>     OpenSSL - The Open Source toolkit for SSL/TLS
>     https://www.openssl.org/
>
>     OpenSSL 1.1.1 is currently in beta. OpenSSL 1.1.1 pre release 9
> has now
>     been made available. For details of changes and known issues see the
>     release notes at:
>
>          https://www.openssl.org/news/openssl-1.1.1-notes.html
>
>     Note: This OpenSSL pre-release has been provided for testing ONLY.
>     It should NOT be used for security critical purposes.
>
>     The beta release is available for download via HTTP and FTP from the
>     following master locations (you can find the various FTP mirrors
> under
>     https://www.openssl.org/source/mirror.html):
>
>       * https://www.openssl.org/source/
>       * ftp://ftp.openssl.org/source/
>
>     The distribution file name is:
>
>      o openssl-1.1.1-pre9.tar.gz
>        Size: 8411103
>        SHA1 checksum: 01a42e93a34746340974b9fafe960226f7d10ff7
>        SHA256 checksum:
> 95ebdfbb05e8451fb01a186ccaa4a7da0eff9a48999ede9fe1a7d90db75ccb4c
>
>     The checksums were calculated using the following commands:
>
>      openssl sha1 openssl-1.1.1-pre9.tar.gz
>      openssl sha256 openssl-1.1.1-pre9.tar.gz
>
>     Please download and check this beta release as soon as possible.
>     To report a bug, open an issue on GitHub:
>
>      https://github.com/openssl/openssl/issues
>
>     Please check the release notes and mailing lists to avoid duplicate
>     reports of known issues. (Of course, the source is also available
>     on GitHub.)
>
>     Yours,
>
>     The OpenSSL Project Team.
>
>
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: OpenSSL version 1.1.1 pre release 9 published

Robert Moskowitz


On 08/21/2018 06:31 PM, Matt Caswell wrote:
>
> On 21/08/18 16:24, Robert Moskowitz wrote:
>> Thanks!
>>
>> Once Fedora beta picks this up, I will run my scripts against it and see
>> if all cases of hash with ED25519 are fixed.
> Unfortunately the command line usability changes for this didn't make it
> into the beta. They should still be in the final release.

Sigh.  That means you will get it right.  Right?  :)

Change seems simple enough.

>
> Matt
>
>
>> On 08/21/2018 08:36 AM, OpenSSL wrote:
>>
>>      OpenSSL version 1.1.1 pre release 9 (beta)
>>      ===========================================
>>
>>      OpenSSL - The Open Source toolkit for SSL/TLS
>>      https://www.openssl.org/
>>
>>      OpenSSL 1.1.1 is currently in beta. OpenSSL 1.1.1 pre release 9
>> has now
>>      been made available. For details of changes and known issues see the
>>      release notes at:
>>
>>           https://www.openssl.org/news/openssl-1.1.1-notes.html
>>
>>      Note: This OpenSSL pre-release has been provided for testing ONLY.
>>      It should NOT be used for security critical purposes.
>>
>>      The beta release is available for download via HTTP and FTP from the
>>      following master locations (you can find the various FTP mirrors
>> under
>>      https://www.openssl.org/source/mirror.html):
>>
>>        * https://www.openssl.org/source/
>>        * ftp://ftp.openssl.org/source/
>>
>>      The distribution file name is:
>>
>>       o openssl-1.1.1-pre9.tar.gz
>>         Size: 8411103
>>         SHA1 checksum: 01a42e93a34746340974b9fafe960226f7d10ff7
>>         SHA256 checksum:
>> 95ebdfbb05e8451fb01a186ccaa4a7da0eff9a48999ede9fe1a7d90db75ccb4c
>>
>>      The checksums were calculated using the following commands:
>>
>>       openssl sha1 openssl-1.1.1-pre9.tar.gz
>>       openssl sha256 openssl-1.1.1-pre9.tar.gz
>>
>>      Please download and check this beta release as soon as possible.
>>      To report a bug, open an issue on GitHub:
>>
>>       https://github.com/openssl/openssl/issues
>>
>>      Please check the release notes and mailing lists to avoid duplicate
>>      reports of known issues. (Of course, the source is also available
>>      on GitHub.)
>>
>>      Yours,
>>
>>      The OpenSSL Project Team.
>>
>>

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: OpenSSL version 1.1.1 pre release 9 published

Matt Caswell-2


On 22/08/18 00:53, Robert Moskowitz wrote:

>
>
> On 08/21/2018 06:31 PM, Matt Caswell wrote:
>>
>> On 21/08/18 16:24, Robert Moskowitz wrote:
>>> Thanks!
>>>
>>> Once Fedora beta picks this up, I will run my scripts against it and see
>>> if all cases of hash with ED25519 are fixed.
>> Unfortunately the command line usability changes for this didn't make it
>> into the beta. They should still be in the final release.
>
> Sigh.  That means you will get it right.  Right?  :)
>
> Change seems simple enough.

The relevant change has now been merged to master.

Matt


>
>>
>> Matt
>>
>>
>>> On 08/21/2018 08:36 AM, OpenSSL wrote:
>>>
>>>      OpenSSL version 1.1.1 pre release 9 (beta)
>>>      ===========================================
>>>
>>>      OpenSSL - The Open Source toolkit for SSL/TLS
>>>      https://www.openssl.org/
>>>
>>>      OpenSSL 1.1.1 is currently in beta. OpenSSL 1.1.1 pre release 9
>>> has now
>>>      been made available. For details of changes and known issues see
>>> the
>>>      release notes at:
>>>
>>>           https://www.openssl.org/news/openssl-1.1.1-notes.html
>>>
>>>      Note: This OpenSSL pre-release has been provided for testing ONLY.
>>>      It should NOT be used for security critical purposes.
>>>
>>>      The beta release is available for download via HTTP and FTP from
>>> the
>>>      following master locations (you can find the various FTP mirrors
>>> under
>>>      https://www.openssl.org/source/mirror.html):
>>>
>>>        * https://www.openssl.org/source/
>>>        * ftp://ftp.openssl.org/source/
>>>
>>>      The distribution file name is:
>>>
>>>       o openssl-1.1.1-pre9.tar.gz
>>>         Size: 8411103
>>>         SHA1 checksum: 01a42e93a34746340974b9fafe960226f7d10ff7
>>>         SHA256 checksum:
>>> 95ebdfbb05e8451fb01a186ccaa4a7da0eff9a48999ede9fe1a7d90db75ccb4c
>>>
>>>      The checksums were calculated using the following commands:
>>>
>>>       openssl sha1 openssl-1.1.1-pre9.tar.gz
>>>       openssl sha256 openssl-1.1.1-pre9.tar.gz
>>>
>>>      Please download and check this beta release as soon as possible.
>>>      To report a bug, open an issue on GitHub:
>>>
>>>       https://github.com/openssl/openssl/issues
>>>
>>>      Please check the release notes and mailing lists to avoid duplicate
>>>      reports of known issues. (Of course, the source is also available
>>>      on GitHub.)
>>>
>>>      Yours,
>>>
>>>      The OpenSSL Project Team.
>>>
>>>
>
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: OpenSSL version 1.1.1 pre release 9 published

Robert Moskowitz


On 08/22/2018 11:48 AM, Matt Caswell wrote:

>
> On 22/08/18 00:53, Robert Moskowitz wrote:
>>
>> On 08/21/2018 06:31 PM, Matt Caswell wrote:
>>> On 21/08/18 16:24, Robert Moskowitz wrote:
>>>> Thanks!
>>>>
>>>> Once Fedora beta picks this up, I will run my scripts against it and see
>>>> if all cases of hash with ED25519 are fixed.
>>> Unfortunately the command line usability changes for this didn't make it
>>> into the beta. They should still be in the final release.
>> Sigh.  That means you will get it right.  Right?  :)
>>
>> Change seems simple enough.
> The relevant change has now been merged to master.

Fedora had already built pre9.1.  But on the off chance, I will look at
it with tomorrow's build.

>
> Matt
>
>
>>> Matt
>>>
>>>
>>>> On 08/21/2018 08:36 AM, OpenSSL wrote:
>>>>
>>>>       OpenSSL version 1.1.1 pre release 9 (beta)
>>>>       ===========================================
>>>>
>>>>       OpenSSL - The Open Source toolkit for SSL/TLS
>>>>       https://www.openssl.org/
>>>>
>>>>       OpenSSL 1.1.1 is currently in beta. OpenSSL 1.1.1 pre release 9
>>>> has now
>>>>       been made available. For details of changes and known issues see
>>>> the
>>>>       release notes at:
>>>>
>>>>            https://www.openssl.org/news/openssl-1.1.1-notes.html
>>>>
>>>>       Note: This OpenSSL pre-release has been provided for testing ONLY.
>>>>       It should NOT be used for security critical purposes.
>>>>
>>>>       The beta release is available for download via HTTP and FTP from
>>>> the
>>>>       following master locations (you can find the various FTP mirrors
>>>> under
>>>>       https://www.openssl.org/source/mirror.html):
>>>>
>>>>         * https://www.openssl.org/source/
>>>>         * ftp://ftp.openssl.org/source/
>>>>
>>>>       The distribution file name is:
>>>>
>>>>        o openssl-1.1.1-pre9.tar.gz
>>>>          Size: 8411103
>>>>          SHA1 checksum: 01a42e93a34746340974b9fafe960226f7d10ff7
>>>>          SHA256 checksum:
>>>> 95ebdfbb05e8451fb01a186ccaa4a7da0eff9a48999ede9fe1a7d90db75ccb4c
>>>>
>>>>       The checksums were calculated using the following commands:
>>>>
>>>>        openssl sha1 openssl-1.1.1-pre9.tar.gz
>>>>        openssl sha256 openssl-1.1.1-pre9.tar.gz
>>>>
>>>>       Please download and check this beta release as soon as possible.
>>>>       To report a bug, open an issue on GitHub:
>>>>
>>>>        https://github.com/openssl/openssl/issues
>>>>
>>>>       Please check the release notes and mailing lists to avoid duplicate
>>>>       reports of known issues. (Of course, the source is also available
>>>>       on GitHub.)
>>>>
>>>>       Yours,
>>>>
>>>>       The OpenSSL Project Team.
>>>>
>>>>

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: OpenSSL version 1.1.1 pre release 9 published

Tomas Mraz-2
On Wed, 2018-08-22 at 20:08 -0400, Robert Moskowitz wrote:

>
> On 08/22/2018 11:48 AM, Matt Caswell wrote:
> >
> > On 22/08/18 00:53, Robert Moskowitz wrote:
> > >
> > > On 08/21/2018 06:31 PM, Matt Caswell wrote:
> > > > On 21/08/18 16:24, Robert Moskowitz wrote:
> > > > > Thanks!
> > > > >
> > > > > Once Fedora beta picks this up, I will run my scripts against
> > > > > it and see
> > > > > if all cases of hash with ED25519 are fixed.
> > > >
> > > > Unfortunately the command line usability changes for this
> > > > didn't make it
> > > > into the beta. They should still be in the final release.
> > >
> > > Sigh.  That means you will get it right.  Right?  :)
> > >
> > > Change seems simple enough.
> >
> > The relevant change has now been merged to master.
>
> Fedora had already built pre9.1.  But on the off chance, I will look
> at
> it with tomorrow's build.

I'm sorry but no, I am not updating Fedora with current git tree
checkout. You'll have to wait for the next prerelease or the final
version if there are no further prereleases.

--
Tomáš Mráz
No matter how far down the wrong road you've gone, turn back.
                                              Turkish proverb
[You'll know whether the road is wrong if you carefully listen to your
conscience.]

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: OpenSSL version 1.1.1 pre release 9 published

Robert Moskowitz


On 08/23/2018 09:00 AM, Tomas Mraz wrote:

> On Wed, 2018-08-22 at 20:08 -0400, Robert Moskowitz wrote:
>> On 08/22/2018 11:48 AM, Matt Caswell wrote:
>>> On 22/08/18 00:53, Robert Moskowitz wrote:
>>>> On 08/21/2018 06:31 PM, Matt Caswell wrote:
>>>>> On 21/08/18 16:24, Robert Moskowitz wrote:
>>>>>> Thanks!
>>>>>>
>>>>>> Once Fedora beta picks this up, I will run my scripts against
>>>>>> it and see
>>>>>> if all cases of hash with ED25519 are fixed.
>>>>> Unfortunately the command line usability changes for this
>>>>> didn't make it
>>>>> into the beta. They should still be in the final release.
>>>> Sigh.  That means you will get it right.  Right?  :)
>>>>
>>>> Change seems simple enough.
>>> The relevant change has now been merged to master.
>> Fedora had already built pre9.1.  But on the off chance, I will look
>> at
>> it with tomorrow's build.
> I'm sorry but no, I am not updating Fedora with current git tree
> checkout. You'll have to wait for the next prerelease or the final
> version if there are no further prereleases.
>
Tomas,

Thanks for responding here.

I have been preparing an Internet Draft on how to build an ED25519 pki. 
I know have the choice of:

building my own 1.1.1 pre9 for testing.
Wait to push the draft out until 1.1.1 is fully released.
Fudge the draft by adding yet another caveat (yes there is a caveat
section that I developed in creating the ECDSA pki draft) that the
commands are for how it is suppose to work in production 1.1.1, not what
I had to do in the prerelease.

Decisions decisions.  Thing is I want the draft out so I can push for
EDDSA support in IEEE 802.1AR with the next meeting early Sept.


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: OpenSSL version 1.1.1 pre release 9 published

Matt Caswell-2


On 23/08/18 15:35, Robert Moskowitz wrote:
> building my own 1.1.1 pre9 for testing.

Note - you would have to build off of git master to get the usability
fixes since 1.1.1-pre9 was created prior them being merged.

Matt

> Wait to push the draft out until 1.1.1 is fully released.
> Fudge the draft by adding yet another caveat (yes there is a caveat
> section that I developed in creating the ECDSA pki draft) that the
> commands are for how it is suppose to work in production 1.1.1, not what
> I had to do in the prerelease.
>
> Decisions decisions.  Thing is I want the draft out so I can push for
> EDDSA support in IEEE 802.1AR with the next meeting early Sept.
>
>
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

OpenSSL 1.1.1 pre-7 or pre-8 connect to 1.1.1 pre-9 oddity?

Dennis Clarke-2
In reply to this post by openssl


I find it interesting that openssl 1.1.1-pre7 can not connect to a
server which has openssl 1.1.1-pre9 in place. Nor can Firefox nightly.


$ /usr/local/bin/openssl version
OpenSSL 1.1.1-pre7 (beta) 29 May 2018

$ /usr/local/bin/openssl s_client -connect 68.179.116.201:443 -tls1_3
CONNECTED(00000003)
4294967296:error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert
protocol version:ssl/record/rec_layer_s3.c:1569:SSL alert number 70
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 242 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
SSL-Session:
     Protocol  : TLSv1.3
     Cipher    : 0000
     Session-ID:
     Session-ID-ctx:
     Master-Key:
     PSK identity: None
     PSK identity hint: None
     SRP username: None
     Start Time: 1535074652
     Timeout   : 7200 (sec)
     Verify return code: 0 (ok)
     Extended master secret: no
---
$

Looks similar to a system with OpenSSL 1.1.1-pre8 :

$ /usr/local/bin/openssl version
OpenSSL 1.1.1-pre8 (beta) 20 Jun 2018

$ /usr/local/bin/openssl s_client -connect 68.179.116.201:443 -tls1_3
CONNECTED(00000003)
4294967296:error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert
protocol version:ssl/record/rec_layer_s3.c:1556:SSL alert number 70
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 242 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
SSL-Session:
     Protocol  : TLSv1.3
     Cipher    : 0000
     Session-ID:
     Session-ID-ctx:
     Master-Key:
     PSK identity: None
     PSK identity hint: None
     SRP username: None
     Start Time: 1535074764
     Timeout   : 7200 (sec)
     Verify return code: 0 (ok)
     Extended master secret: no
---
$

However a client with OpenSSL 1.1.1-pre9 has much more to say :

min_$ /usr/local/bin/openssl version
OpenSSL 1.1.1-pre9 (beta) 21 Aug 2018

min_$ /usr/local/bin/openssl s_client -connect 68.179.116.201:443 -tls1_3
CONNECTED(00000005)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = *.tls13.net
verify return:1
---
Certificate chain
  0 s:CN = *.tls13.net
    i:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
  1 s:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
    i:O = Digital Signature Trust Co., CN = DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGAjCCBOqgAwIBAgISA3lbcjYuS0tUnszwWevJIyQaMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xODA1MjgwNjAzNDBaFw0x
ODA4MjYwNjAzNDBaMBYxFDASBgNVBAMMCyoudGxzMTMubmV0MIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsBAe67Fo6plfaNkcKLwN9t9YqT0K56RHZ8U2
3AdLG3P56jPfZJ72JmVZB7GcxIQJL02DOmgLEv2Z2YCJyMqkSZFRpDEVR/Y5URN6
DXqxLr5GTX421aTgBY10+9psJnoBgeV5PlEipZ6cQEg9CrF+RYZcOn/FzEQL1eXC
/G4K03X0r8YOn5zPWj8NXhHptC9qRImy6REnivWs3CEEQLg5+tzQwjYt8V/IiRrl
SbMCZlpAYxVMOeAtvhQXffbXYIgnm6ypmaBzSWM+z/25yPgwhXUDyktn6r6k6mRH
D5mnjPoVg0Xk0SgqE0oHAONfCwRnP0ZYtYUp40sSc2k3BygceQIDAQABo4IDFDCC
AxAwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD
AjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBS9g2YSl7BF5PPZD7xb8hOxBrQJXDAf
BgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBvBggrBgEFBQcBAQRjMGEw
LgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLmludC14My5sZXRzZW5jcnlwdC5vcmcw
LwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlwdC5vcmcv
MBYGA1UdEQQPMA2CCyoudGxzMTMubmV0MIH+BgNVHSAEgfYwgfMwCAYGZ4EMAQIB
MIHmBgsrBgEEAYLfEwEBATCB1jAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRz
ZW5jcnlwdC5vcmcwgasGCCsGAQUFBwICMIGeDIGbVGhpcyBDZXJ0aWZpY2F0ZSBt
YXkgb25seSBiZSByZWxpZWQgdXBvbiBieSBSZWx5aW5nIFBhcnRpZXMgYW5kIG9u
bHkgaW4gYWNjb3JkYW5jZSB3aXRoIHRoZSBDZXJ0aWZpY2F0ZSBQb2xpY3kgZm91
bmQgYXQgaHR0cHM6Ly9sZXRzZW5jcnlwdC5vcmcvcmVwb3NpdG9yeS8wggEFBgor
BgEEAdZ5AgQCBIH2BIHzAPEAdwApPFGWVMg5ZbqqUPxYB9S3b79Yeily3KTDDPTl
RUf0eAAAAWOlj0izAAAEAwBIMEYCIQC5o0yxNe2SY1sA6ZvPhHCEo6J4itPKKQ0s
EnCgEWq1gQIhAPsDEFYOPxHrii5/B8pDtTvQGuj9HfPFqiDES9QJ73XMAHYAb1N2
rDHwMRnYmQCkURX/dxUcEdkCwQApBo2yCJo32RMAAAFjpY9JuwAABAMARzBFAiEA
g0nicYbN9QLQbprHPQUdzFVDFt1L1XAn9Z3NvFY8OH4CIC+gq3Bb1C/TMWhDrcCb
4W+BzWQup0B1GGdIGKC+N8zcMA0GCSqGSIb3DQEBCwUAA4IBAQBurQFuNye9qk4W
hsIYfRh3zDyB3oW0x9XZFxeWVS5Lyk05DE9cgTku1roZ2d+OMNOOOeUhhUWZfGQO
/C/972Am/4gT5QyiiEXZjeASQz5zvrbur0b5qI4nhAUdQ54be7D+vvqMjSN5BH0F
0+7Y7DxIIvUWmWPtyfA3mQI0anbA3WelnDoon/HiAwvdzj130fABl4M81PUN3GVf
ySsGXKitxY8HofArokYLygbwFVe3A1H4cyWwLQk+vHXDyYJWqh78UFhXS2A6kjwg
1vNRzOHTLCQfYIoWw8CePPeKTbxc7sr3zRBhNCYN/5rhzniBymc72wDcPOXpXSB3
PrK8bh7S
-----END CERTIFICATE-----
subject=CN = *.tls13.net

issuer=C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3

---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 3277 bytes and written 318 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
     Protocol  : TLSv1.3
     Cipher    : TLS_AES_256_GCM_SHA384
     Session-ID:
28BDFEE2BCCD4A96147F0896C2140A6F011904108294FF4E1BD777CCFFCD65AA
     Session-ID-ctx:
     Resumption PSK:
2942321AF1EAC0C009D578AD3F33707B0715A28A734296AEE627D3924A5FEE4BA5D57EAA3422401460D14AB2EC66784C
     PSK identity: None
     PSK identity hint: None
     SRP username: None
     TLS session ticket lifetime hint: 300 (seconds)
     TLS session ticket:
     0000 - 29 2d 6e a5 eb f0 24 15-09 4b a7 c7 80 61 21 12 )-n...$..K...a!.
     0010 - 55 21 07 47 d2 ad f8 73-fa 60 95 c4 d9 7e bf 69 U!.G...s.`...~.i
     0020 - 8e a8 b5 3b 8d 58 10 8e-5e 21 67 7e 73 8d f7 49 ...;.X..^!g~s..I
     0030 - 28 66 84 b9 96 b2 de 4a-f4 92 47 35 bf b9 19 b0 (f.....J..G5....
     0040 - b9 5b 78 13 7a 9e e1 51-a6 ed e0 b0 09 14 91 5b .[x.z..Q.......[
     0050 - c8 94 1c b9 ac d2 ce 1d-bf b4 47 63 77 49 75 71 ..........GcwIuq
     0060 - 40 cc 01 d5 6f 77 0d b1-ea 96 81 48 5e 9d 89 da @...ow.....H^...
     0070 - 30 d0 2e e8 a7 a7 1c 07-e2 1c f3 f5 aa 96 58 4c 0.............XL
     0080 - f9 ba 8e 01 c7 ad 38 6e-da ee 15 ed 24 53 81 26 ......8n....$S.&
     0090 - 9d 34 cd c2 c7 70 39 36-43 44 0d 40 05 3e 45 5f .4...p96CD.@.>E_
     00a0 - d8 65 5f 6b 77 ab f2 fa-a5 ea 47 7e 5f 82 d8 db .e_kw.....G~_...
     00b0 - 32 7d b5 8b 25 e9 83 23-fe 1a f0 79 d3 c8 52 23 2}..%..#...y..R#
     00c0 - ec c8 76 a6 b6 c3 00 99-e8 21 91 cf 69 50 3c d0 ..v......!..iP<.
     00d0 - b7 5f d7 ed 70 0b b3 02-34 d3 90 fb 4d 21 b8 1d ._..p...4...M!..

     Start Time: 1535075008
     Timeout   : 7200 (sec)
     Verify return code: 0 (ok)
     Extended master secret: no
     Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
     Protocol  : TLSv1.3
     Cipher    : TLS_AES_256_GCM_SHA384
     Session-ID:
D8D05B640BF1B476B096BA4DD5CD188DD25F2DCC7799A6C8ED39800BBC6C1D71
     Session-ID-ctx:
     Resumption PSK:
427A9747E8A65332AB7C61E556D3320995AE950ED35B162D4268BD8A909B268DA75F87B36A551344C534F3D2C63AD21E
     PSK identity: None
     PSK identity hint: None
     SRP username: None
     TLS session ticket lifetime hint: 300 (seconds)
     TLS session ticket:
     0000 - 29 2d 6e a5 eb f0 24 15-09 4b a7 c7 80 61 21 12 )-n...$..K...a!.
     0010 - 6d 59 da 8b 91 bb 5e c9-c9 4b c3 ec 45 9c ca 0c mY....^..K..E...
     0020 - 45 65 32 38 da e4 e4 e7-8e f8 eb 43 08 8e 25 64 Ee28.......C..%d
     0030 - 22 65 a3 f5 2f b3 e1 90-d2 8a 0c e4 94 a1 5d 9a "e../.........].
     0040 - 22 f3 14 5d 08 6b 53 fa-0f 82 47 0d b5 ea be a0 "..].kS...G.....
     0050 - e0 9c 58 7d 57 00 81 89-e7 1e df 25 cd 42 38 96 ..X}W......%.B8.
     0060 - 93 56 1f 12 14 22 db 84-19 c0 23 de 16 4d 60 72 .V..."....#..M`r
     0070 - 4c b8 33 96 68 a1 aa 10-45 69 ab 38 e0 c1 10 be L.3.h...Ei.8....
     0080 - 7d cf 5e 86 8a 37 9a 41-f4 e5 f5 ab 82 04 59 42 }.^..7.A......YB
     0090 - 50 a1 ad bb 45 c6 26 89-22 59 a3 72 6f e2 15 31 P...E.&."Y.ro..1
     00a0 - fa 93 ed d4 f4 fc 17 bb-d8 4d ed 31 b2 85 a5 e0 .........M.1....
     00b0 - b4 7e 6c 7f 94 4e ce d8-72 ac 97 28 61 bf bb 21 .~l..N..r..(a..!
     00c0 - 79 74 8a 4b 28 5e ee 98-ef d1 0a 7b 4d bc e3 b3 yt.K(^.....{M...
     00d0 - 7b 0c c5 3e a6 3c be 4b-03 16 5d d4 ce 83 dd d4 {..>.<.K..].....

     Start Time: 1535075008
     Timeout   : 7200 (sec)
     Verify return code: 0 (ok)
     Extended master secret: no
     Max Early Data: 0
---
read R BLOCK
GET
HTTP/1.1 400 Bad Request
Date: Fri, 24 Aug 2018 01:43:34 GMT
Server: Apache/2.5.1-dev (Unix) OpenSSL/1.1.1-pre9
Strict-Transport-Security: max-age=31536000; includeSubdomains;
Last-Modified: Mon, 28 May 2018 19:03:30 GMT
ETag: "2b0-56d48c600191c"
Accept-Ranges: bytes
Content-Length: 688
Connection: close
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
             "http://www.w3.org/TR/html4/strict.dtd" >
<html>
<head>
     <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
     <meta name="Generator" content="Dennis Clarke at Blastwave and
GenUNIX with vi and coffee">
     <meta name="CopyRight" content="Copyright 2002-2018 blastwave.org
Inc.">
     <meta http-equiv="Pragma" content="no-cache">
     <META HTTP-EQUIV="Expires" CONTENT="Tue, 18 Mar 1997 00:00:00 GMT">
     <meta http-equiv="Cache-Control" content="max-age=0, must-revalidate">
     <title>error code 400 bad request</title>
</head>
<body>
error code 400 bad request ... that is all for now
</body>
</html>
closed
min_$

Seems to have been some interesting changes between pre7 and pre8
upwards to pre9.  All systems have a full pile of CA cert data in
/usr/local/ssl/certs and similar openssl.cnf files.  So this is odd or
fully expected?

Dennis

ps: https://www.tls13.net/ is running with OpenSSL 1.1.1-pre9

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: OpenSSL 1.1.1 pre-7 or pre-8 connect to 1.1.1 pre-9 oddity?

OpenSSL - User mailing list
    I find it interesting that openssl 1.1.1-pre7 can not connect to a
    server which has openssl 1.1.1-pre9 in place. Nor can Firefox nightly.

This is to be expected.  Pre-9 implements the official RFC version of TLS 1.3, while the earlier beta releases implement drafts.  One of the major differences between the RFC and the drafts, is that (a) they don't interoperate, by design; and (b) fallback is an error.


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: OpenSSL 1.1.1 pre-7 or pre-8 connect to 1.1.1 pre-9 oddity?

Dennis Clarke-2
On 08/23/2018 10:12 PM, Salz, Rich via openssl-users wrote:
>      I find it interesting that openssl 1.1.1-pre7 can not connect to a
>      server which has openssl 1.1.1-pre9 in place. Nor can Firefox nightly.
>
> This is to be expected.  Pre-9 implements the official RFC version of TLS 1.3, while the earlier beta releases implement drafts.  One of the major differences between the RFC and the drafts, is that (a) they don't interoperate, by design; and (b) fallback is an error.
>
>

OKay, thank you.

I'll add a note to the Mozilla bug :

     https://bugzilla.mozilla.org/show_bug.cgi?id=1485866

Seems that tls13.crypto.mozilla.org is on draft 28 and not the final
protocol spec.

Makes perfect sense.

Dennis
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: OpenSSL 1.1.1 pre-7 or pre-8 connect to 1.1.1 pre-9 oddity?

Dennis Clarke-2
In reply to this post by OpenSSL - User mailing list
On 08/23/2018 10:12 PM, Salz, Rich via openssl-users wrote:
>      I find it interesting that openssl 1.1.1-pre7 can not connect to a
>      server which has openssl 1.1.1-pre9 in place. Nor can Firefox nightly.
>
> This is to be expected.  Pre-9 implements the official RFC version of TLS 1.3, while the earlier beta releases implement drafts.  One of the major differences between the RFC and the drafts, is that (a) they don't interoperate, by design; and (b) fallback is an error.
>
>

OKay .. I was told to chill out over at Mozilla :

     https://bugzilla.mozilla.org/show_bug.cgi?id=1485866

     https://bugzilla.mozilla.org/show_bug.cgi?id=1457761

So .. a few days or so .. or more.

Dennis
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: OpenSSL version 1.1.1 pre release 9 published

Hubert Kario
In reply to this post by Robert Moskowitz
On Thursday, 23 August 2018 16:35:01 CEST Robert Moskowitz wrote:

> On 08/23/2018 09:00 AM, Tomas Mraz wrote:
> > On Wed, 2018-08-22 at 20:08 -0400, Robert Moskowitz wrote:
> >> On 08/22/2018 11:48 AM, Matt Caswell wrote:
> >>> On 22/08/18 00:53, Robert Moskowitz wrote:
> >>>> On 08/21/2018 06:31 PM, Matt Caswell wrote:
> >>>>> On 21/08/18 16:24, Robert Moskowitz wrote:
> >>>>>> Thanks!
> >>>>>>
> >>>>>> Once Fedora beta picks this up, I will run my scripts against
> >>>>>> it and see
> >>>>>> if all cases of hash with ED25519 are fixed.
> >>>>>
> >>>>> Unfortunately the command line usability changes for this
> >>>>> didn't make it
> >>>>> into the beta. They should still be in the final release.
> >>>>
> >>>> Sigh.  That means you will get it right.  Right?  :)
> >>>>
> >>>> Change seems simple enough.
> >>>
> >>> The relevant change has now been merged to master.
> >>
> >> Fedora had already built pre9.1.  But on the off chance, I will look
> >> at
> >> it with tomorrow's build.
> >
> > I'm sorry but no, I am not updating Fedora with current git tree
> > checkout. You'll have to wait for the next prerelease or the final
> > version if there are no further prereleases.
>
> Tomas,
>
> Thanks for responding here.
>
> I have been preparing an Internet Draft on how to build an ED25519 pki.
> I know have the choice of:
>
> building my own 1.1.1 pre9 for testing.
> Wait to push the draft out until 1.1.1 is fully released.
> Fudge the draft by adding yet another caveat (yes there is a caveat
> section that I developed in creating the ECDSA pki draft) that the
> commands are for how it is suppose to work in production 1.1.1, not what
> I had to do in the prerelease.
>
> Decisions decisions.  Thing is I want the draft out so I can push for
> EDDSA support in IEEE 802.1AR with the next meeting early Sept.
I'm not sure if providing command line examples for one particular tool are a
good idea...

Example certificates, sure, but not commands to generate them...

--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00  Brno, Czech Republic
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: OpenSSL version 1.1.1 pre release 9 published

Blumenthal, Uri - 0553 - MITLL
Since this example would show how to generate certificates that people may not have a lot of experience dealing with - I think it would make a lot of sense to document as much as possible.

In short: yes please do include the examples of both what the certs should look like, and how to generate them.

On 8/27/18, 2:34 PM, "openssl-users on behalf of Hubert Kario" <[hidden email] on behalf of [hidden email]> wrote:

    On Thursday, 23 August 2018 16:35:01 CEST Robert Moskowitz wrote:
    > On 08/23/2018 09:00 AM, Tomas Mraz wrote:
    > > On Wed, 2018-08-22 at 20:08 -0400, Robert Moskowitz wrote:
    > >> On 08/22/2018 11:48 AM, Matt Caswell wrote:
    > >>> On 22/08/18 00:53, Robert Moskowitz wrote:
    > >>>> On 08/21/2018 06:31 PM, Matt Caswell wrote:
    > >>>>> On 21/08/18 16:24, Robert Moskowitz wrote:
    > >>>>>> Thanks!
    > >>>>>>
    > >>>>>> Once Fedora beta picks this up, I will run my scripts against
    > >>>>>> it and see
    > >>>>>> if all cases of hash with ED25519 are fixed.
    > >>>>>
    > >>>>> Unfortunately the command line usability changes for this
    > >>>>> didn't make it
    > >>>>> into the beta. They should still be in the final release.
    > >>>>
    > >>>> Sigh.  That means you will get it right.  Right?  :)
    > >>>>
    > >>>> Change seems simple enough.
    > >>>
    > >>> The relevant change has now been merged to master.
    > >>
    > >> Fedora had already built pre9.1.  But on the off chance, I will look
    > >> at
    > >> it with tomorrow's build.
    > >
    > > I'm sorry but no, I am not updating Fedora with current git tree
    > > checkout. You'll have to wait for the next prerelease or the final
    > > version if there are no further prereleases.
    >
    > Tomas,
    >
    > Thanks for responding here.
    >
    > I have been preparing an Internet Draft on how to build an ED25519 pki.
    > I know have the choice of:
    >
    > building my own 1.1.1 pre9 for testing.
    > Wait to push the draft out until 1.1.1 is fully released.
    > Fudge the draft by adding yet another caveat (yes there is a caveat
    > section that I developed in creating the ECDSA pki draft) that the
    > commands are for how it is suppose to work in production 1.1.1, not what
    > I had to do in the prerelease.
    >
    > Decisions decisions.  Thing is I want the draft out so I can push for
    > EDDSA support in IEEE 802.1AR with the next meeting early Sept.
   
    I'm not sure if providing command line examples for one particular tool are a
    good idea...
   
    Example certificates, sure, but not commands to generate them...
   
    --
    Regards,
    Hubert Kario
    Senior Quality Engineer, QE BaseOS Security team
    Web: www.cz.redhat.com
    Red Hat Czech s.r.o., Purkyňova 115, 612 00  Brno, Czech Republic

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: OpenSSL version 1.1.1 pre release 9 published

Robert Moskowitz
In reply to this post by Hubert Kario


On 08/27/2018 02:33 PM, Hubert Kario wrote:

> On Thursday, 23 August 2018 16:35:01 CEST Robert Moskowitz wrote:
>> On 08/23/2018 09:00 AM, Tomas Mraz wrote:
>>> On Wed, 2018-08-22 at 20:08 -0400, Robert Moskowitz wrote:
>>>> On 08/22/2018 11:48 AM, Matt Caswell wrote:
>>>>> On 22/08/18 00:53, Robert Moskowitz wrote:
>>>>>> On 08/21/2018 06:31 PM, Matt Caswell wrote:
>>>>>>> On 21/08/18 16:24, Robert Moskowitz wrote:
>>>>>>>> Thanks!
>>>>>>>>
>>>>>>>> Once Fedora beta picks this up, I will run my scripts against
>>>>>>>> it and see
>>>>>>>> if all cases of hash with ED25519 are fixed.
>>>>>>> Unfortunately the command line usability changes for this
>>>>>>> didn't make it
>>>>>>> into the beta. They should still be in the final release.
>>>>>> Sigh.  That means you will get it right.  Right?  :)
>>>>>>
>>>>>> Change seems simple enough.
>>>>> The relevant change has now been merged to master.
>>>> Fedora had already built pre9.1.  But on the off chance, I will look
>>>> at
>>>> it with tomorrow's build.
>>> I'm sorry but no, I am not updating Fedora with current git tree
>>> checkout. You'll have to wait for the next prerelease or the final
>>> version if there are no further prereleases.
>> Tomas,
>>
>> Thanks for responding here.
>>
>> I have been preparing an Internet Draft on how to build an ED25519 pki.
>> I know have the choice of:
>>
>> building my own 1.1.1 pre9 for testing.
>> Wait to push the draft out until 1.1.1 is fully released.
>> Fudge the draft by adding yet another caveat (yes there is a caveat
>> section that I developed in creating the ECDSA pki draft) that the
>> commands are for how it is suppose to work in production 1.1.1, not what
>> I had to do in the prerelease.
>>
>> Decisions decisions.  Thing is I want the draft out so I can push for
>> EDDSA support in IEEE 802.1AR with the next meeting early Sept.
> I'm not sure if providing command line examples for one particular tool are a
> good idea...
>
> Example certificates, sure, but not commands to generate them...
>
"We can't test out the security part of the protocol because we cannot
get certificates"
"We ran our tests with security disable because we could not afford the
cost and time for a test pki."
"We did test with RSA certificates from vendor A." (and they were using
old libs that would not support ecdsa, but marketed it as such.)"

Over the years and in protocol design development, I have heard too many
we can't.  So I set about with, "here is one way."  Since then I have
had a few people actually thank me for making it possible for them to
build an ecdsa pki for their product testing needs.  Just one justifies
my effort.

If my making EDDSA certs easy for testing and I get one IoT product
using certs that would otherwise claim that their product could not
support the overhead of certs, it has been worth it.

I don't expect RFCs  from these draft.  Now Internet Drafts live forever
(the drafts Yakov and I did for RFC 1597 are gone).  So my work will be
around for others to use without a lot of pecking at google and this
list to get it working.

And with eddsa, I did find one issue.  I was on the front side of things
for a change.


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: OpenSSL version 1.1.1 pre release 9 published

Hubert Kario
On Monday, 27 August 2018 20:57:53 CEST Robert Moskowitz wrote:

> On 08/27/2018 02:33 PM, Hubert Kario wrote:
> > On Thursday, 23 August 2018 16:35:01 CEST Robert Moskowitz wrote:
> >> On 08/23/2018 09:00 AM, Tomas Mraz wrote:
> >>> On Wed, 2018-08-22 at 20:08 -0400, Robert Moskowitz wrote:
> >>>> On 08/22/2018 11:48 AM, Matt Caswell wrote:
> >>>>> On 22/08/18 00:53, Robert Moskowitz wrote:
> >>>>>> On 08/21/2018 06:31 PM, Matt Caswell wrote:
> >>>>>>> On 21/08/18 16:24, Robert Moskowitz wrote:
> >>>>>>>> Thanks!
> >>>>>>>>
> >>>>>>>> Once Fedora beta picks this up, I will run my scripts against
> >>>>>>>> it and see
> >>>>>>>> if all cases of hash with ED25519 are fixed.
> >>>>>>>
> >>>>>>> Unfortunately the command line usability changes for this
> >>>>>>> didn't make it
> >>>>>>> into the beta. They should still be in the final release.
> >>>>>>
> >>>>>> Sigh.  That means you will get it right.  Right?  :)
> >>>>>>
> >>>>>> Change seems simple enough.
> >>>>>
> >>>>> The relevant change has now been merged to master.
> >>>>
> >>>> Fedora had already built pre9.1.  But on the off chance, I will look
> >>>> at
> >>>> it with tomorrow's build.
> >>>
> >>> I'm sorry but no, I am not updating Fedora with current git tree
> >>> checkout. You'll have to wait for the next prerelease or the final
> >>> version if there are no further prereleases.
> >>
> >> Tomas,
> >>
> >> Thanks for responding here.
> >>
> >> I have been preparing an Internet Draft on how to build an ED25519 pki.
> >> I know have the choice of:
> >>
> >> building my own 1.1.1 pre9 for testing.
> >> Wait to push the draft out until 1.1.1 is fully released.
> >> Fudge the draft by adding yet another caveat (yes there is a caveat
> >> section that I developed in creating the ECDSA pki draft) that the
> >> commands are for how it is suppose to work in production 1.1.1, not what
> >> I had to do in the prerelease.
> >>
> >> Decisions decisions.  Thing is I want the draft out so I can push for
> >> EDDSA support in IEEE 802.1AR with the next meeting early Sept.
> >
> > I'm not sure if providing command line examples for one particular tool
> > are a good idea...
> >
> > Example certificates, sure, but not commands to generate them...
>
> "We can't test out the security part of the protocol because we cannot
> get certificates"
> "We ran our tests with security disable because we could not afford the
> cost and time for a test pki."
> "We did test with RSA certificates from vendor A." (and they were using
> old libs that would not support ecdsa, but marketed it as such.)"
>
> Over the years and in protocol design development, I have heard too many
> we can't.  So I set about with, "here is one way."  Since then I have
> had a few people actually thank me for making it possible for them to
> build an ecdsa pki for their product testing needs.  Just one justifies
> my effort.
well, I see nothing wrong with providing documentation and how-to's, I just
don't see that it should be elevated to an Internet Draft level...

by its very nature it needs to be constantly updated, so having it in a static
RFC is contrary to that

now, for generating testing certificates (and what's more important, the whole
PKI) we are using this script to provide sensible defaults and easy way to
generate certificates with just few options departing from those defaults:
https://github.com/redhat-qe-security/certgen

to get a PKI you run those commands:
source certgen/lib.sh
x509KeyGen ca
x509KeyGen server
x509SelfSign ca
x509CertSign --CA ca server

The private key file will be printed by use of:
x509Key server
to get certificate file name you run:
x509Cert server

(easy switches are also provided to get DER files or PKCS#12 files instead of
the default PEM format)

to get ecdsa certificate, you just need to change one of the above lines
with x509KeyGen to have `-t ecdsa` specified. Want RSA-PSS certificate? do `-t
rsa-pss`.

See runtest.sh for other examples.

It is compatible with all versions of openssl since RHEL-4 (so 0.9.7), if a
given feature is supported in that version of openssl.

(while ed25519 support is not yet there, it will be in few weeks, I was
running just basic tests of it, without involving full PKI)
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00  Brno, Czech Republic
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: OpenSSL version 1.1.1 pre release 9 published

Robert Moskowitz


On 08/27/2018 04:07 PM, Hubert Kario wrote:

> On Monday, 27 August 2018 20:57:53 CEST Robert Moskowitz wrote:
>> On 08/27/2018 02:33 PM, Hubert Kario wrote:
>>> On Thursday, 23 August 2018 16:35:01 CEST Robert Moskowitz wrote:
>>>> On 08/23/2018 09:00 AM, Tomas Mraz wrote:
>>>>> On Wed, 2018-08-22 at 20:08 -0400, Robert Moskowitz wrote:
>>>>>> On 08/22/2018 11:48 AM, Matt Caswell wrote:
>>>>>>> On 22/08/18 00:53, Robert Moskowitz wrote:
>>>>>>>> On 08/21/2018 06:31 PM, Matt Caswell wrote:
>>>>>>>>> On 21/08/18 16:24, Robert Moskowitz wrote:
>>>>>>>>>> Thanks!
>>>>>>>>>>
>>>>>>>>>> Once Fedora beta picks this up, I will run my scripts against
>>>>>>>>>> it and see
>>>>>>>>>> if all cases of hash with ED25519 are fixed.
>>>>>>>>> Unfortunately the command line usability changes for this
>>>>>>>>> didn't make it
>>>>>>>>> into the beta. They should still be in the final release.
>>>>>>>> Sigh.  That means you will get it right.  Right?  :)
>>>>>>>>
>>>>>>>> Change seems simple enough.
>>>>>>> The relevant change has now been merged to master.
>>>>>> Fedora had already built pre9.1.  But on the off chance, I will look
>>>>>> at
>>>>>> it with tomorrow's build.
>>>>> I'm sorry but no, I am not updating Fedora with current git tree
>>>>> checkout. You'll have to wait for the next prerelease or the final
>>>>> version if there are no further prereleases.
>>>> Tomas,
>>>>
>>>> Thanks for responding here.
>>>>
>>>> I have been preparing an Internet Draft on how to build an ED25519 pki.
>>>> I know have the choice of:
>>>>
>>>> building my own 1.1.1 pre9 for testing.
>>>> Wait to push the draft out until 1.1.1 is fully released.
>>>> Fudge the draft by adding yet another caveat (yes there is a caveat
>>>> section that I developed in creating the ECDSA pki draft) that the
>>>> commands are for how it is suppose to work in production 1.1.1, not what
>>>> I had to do in the prerelease.
>>>>
>>>> Decisions decisions.  Thing is I want the draft out so I can push for
>>>> EDDSA support in IEEE 802.1AR with the next meeting early Sept.
>>> I'm not sure if providing command line examples for one particular tool
>>> are a good idea...
>>>
>>> Example certificates, sure, but not commands to generate them...
>> "We can't test out the security part of the protocol because we cannot
>> get certificates"
>> "We ran our tests with security disable because we could not afford the
>> cost and time for a test pki."
>> "We did test with RSA certificates from vendor A." (and they were using
>> old libs that would not support ecdsa, but marketed it as such.)"
>>
>> Over the years and in protocol design development, I have heard too many
>> we can't.  So I set about with, "here is one way."  Since then I have
>> had a few people actually thank me for making it possible for them to
>> build an ecdsa pki for their product testing needs.  Just one justifies
>> my effort.
> well, I see nothing wrong with providing documentation and how-to's, I just
> don't see that it should be elevated to an Internet Draft level...
>
> by its very nature it needs to be constantly updated, so having it in a static
> RFC is contrary to that

that is the value of Internet Drafts that many of us IETFers have
figured out.  draft versions can just keep on going and the tools will
take you to the current draft.  IDs have become neat working documents,
though there is more github work coming along.  More workgroups are
doing requirements docs that will never be published as RFCs; they will
stay as IDs.  Much better source of why did the wg do? than plow through
the old mailing list archives.  The IESG is actually encouraging such a
use of IDs.

> now, for generating testing certificates (and what's more important, the whole
> PKI) we are using this script to provide sensible defaults and easy way to
> generate certificates with just few options departing from those defaults:
> https://github.com/redhat-qe-security/certgen

I will take a look at this.  It did not come up in my google searches a
year ago.  Guess just not asking the right question or github is
protected from google...

> to get a PKI you run those commands:
> source certgen/lib.sh
> x509KeyGen ca
> x509KeyGen server
> x509SelfSign ca
> x509CertSign --CA ca server
>
> The private key file will be printed by use of:
> x509Key server
> to get certificate file name you run:
> x509Cert server

In testing situations I have been in, intermediate CAs, revocation, the
like are needed.

Plus getting more interest in 802.1AR certs with vendors (can't get
certs to test out my product design).

> (easy switches are also provided to get DER files or PKCS#12 files instead of
> the default PEM format)

I will be interested to see how you handle DER, as I found cases where
the command line was broken.  Read my caveat section.  In some cases you
have to make the file in PEM then convert to DER.  Plus there is no DER
way to handle cert chains as was discussed here a year ago.  So I will
be interested to see how you handle cert chains non-PEM.

> to get ecdsa certificate, you just need to change one of the above lines
> with x509KeyGen to have `-t ecdsa` specified. Want RSA-PSS certificate? do `-t
> rsa-pss`.
>
> See runtest.sh for other examples.

I will take a look.

> It is compatible with all versions of openssl since RHEL-4 (so 0.9.7), if a
> given feature is supported in that version of openssl.
>
> (while ed25519 support is not yet there, it will be in few weeks, I was
> running just basic tests of it, without involving full PKI)

Nice.  See https://github.com/rgmhtt/draft-moskowitz-ecdsa-pki

I am right now adding an algorithm variable to support ed488.

This actually does not work right with 1.1.1-pre9, as PR 6901 did not
make that build, so I have to do my command and .cnf patches still.  If
I publish prior to 9/11 (2nd day of Rosh Hashana, so I won't be doing
any work the beginning of next week), I will have to include text (that
a later draft version will remove) about this caveat.  Given what I have
to do this week, I will probably not publish until middle of next week. 
IEEE 802.1 will be meeting in Oslo, so I will be working remotely to get
a PAR going to rev 802.1AR to support EDDSA based on my work.  Now there
is a standards org that has real challenges with advances like this. 
802.1AR-2018 only supports RSA and ECDSA p256 and p384.




--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: OpenSSL version 1.1.1 pre release 9 published

OpenSSL - User mailing list
On Mon, Aug 27, 2018 at 04:38:24PM -0400, Robert Moskowitz wrote:

>
>
> On 08/27/2018 04:07 PM, Hubert Kario wrote:
> >On Monday, 27 August 2018 20:57:53 CEST Robert Moskowitz wrote:
> >>On 08/27/2018 02:33 PM, Hubert Kario wrote:
> >>>On Thursday, 23 August 2018 16:35:01 CEST Robert Moskowitz wrote:
> >>
> >>Over the years and in protocol design development, I have heard too many
> >>we can't.  So I set about with, "here is one way."  Since then I have
> >>had a few people actually thank me for making it possible for them to
> >>build an ecdsa pki for their product testing needs.  Just one justifies
> >>my effort.
> >well, I see nothing wrong with providing documentation and how-to's, I just
> >don't see that it should be elevated to an Internet Draft level...

Well, see https://datatracker.ietf.org/doc/draft-wkumari-not-a-draft/ .

> >by its very nature it needs to be constantly updated, so having it in a static
> >RFC is contrary to that
>
> that is the value of Internet Drafts that many of us IETFers have figured
> out.  draft versions can just keep on going and the tools will take you to
> the current draft.  IDs have become neat working documents, though there is
> more github work coming along.  More workgroups are doing requirements docs
> that will never be published as RFCs; they will stay as IDs.  Much better
> source of why did the wg do? than plow through the old mailing list
> archives.  The IESG is actually encouraging such a use of IDs.

Yup!  Internet-Draft is a fine terminus for some types of document.
Many TLS registries now have a registration policy that explicitly calls out
an internet-draft that is never published as anything else, as a valid specification
for getting a codepoint assignment.

-Ben
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: OpenSSL version 1.1.1 pre release 9 published

Robert Moskowitz


On 08/27/2018 04:55 PM, Benjamin Kaduk via openssl-users wrote:

> On Mon, Aug 27, 2018 at 04:38:24PM -0400, Robert Moskowitz wrote:
>>
>> On 08/27/2018 04:07 PM, Hubert Kario wrote:
>>> On Monday, 27 August 2018 20:57:53 CEST Robert Moskowitz wrote:
>>>> On 08/27/2018 02:33 PM, Hubert Kario wrote:
>>>>> On Thursday, 23 August 2018 16:35:01 CEST Robert Moskowitz wrote:
>>>> Over the years and in protocol design development, I have heard too many
>>>> we can't.  So I set about with, "here is one way."  Since then I have
>>>> had a few people actually thank me for making it possible for them to
>>>> build an ecdsa pki for their product testing needs.  Just one justifies
>>>> my effort.
>>> well, I see nothing wrong with providing documentation and how-to's, I just
>>> don't see that it should be elevated to an Internet Draft level...
> Well, see https://datatracker.ietf.org/doc/draft-wkumari-not-a-draft/ .

Warren is a riot.  I really should have put in a typo comment to him
about 'safely razor' which probably should be 'safety razor'.  But then
kind of knowing Warren, this could have been intentional so I left it
alone. :)

>
>>> by its very nature it needs to be constantly updated, so having it in a static
>>> RFC is contrary to that
>> that is the value of Internet Drafts that many of us IETFers have figured
>> out.  draft versions can just keep on going and the tools will take you to
>> the current draft.  IDs have become neat working documents, though there is
>> more github work coming along.  More workgroups are doing requirements docs
>> that will never be published as RFCs; they will stay as IDs.  Much better
>> source of why did the wg do? than plow through the old mailing list
>> archives.  The IESG is actually encouraging such a use of IDs.
> Yup!  Internet-Draft is a fine terminus for some types of document.
> Many TLS registries now have a registration policy that explicitly calls out
> an internet-draft that is never published as anything else, as a valid specification
> for getting a codepoint assignment.
>
> -Ben

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
12