Re: openssl-users Digest, Vol 63, Issue 19

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Re: openssl-users Digest, Vol 63, Issue 19

Abid Butt
plz how can automatically recover this problam

On Wed, 12 Feb 2020, 14:59 , <[hidden email]> wrote:
Send openssl-users mailing list submissions to
        [hidden email]

To subscribe or unsubscribe via the World Wide Web, visit
        https://mta.openssl.org/mailman/listinfo/openssl-users
or, via email, send a message with subject or body 'help' to
        [hidden email]

You can reach the person managing the list at
        [hidden email]

When replying, please edit your Subject line so it is more specific
than "Re: Contents of openssl-users digest..."


Today's Topics:

   1. Re: Questions about using Elliptic Curve ciphers in OpenSSL
      (Salz, Rich)
   2. Re: Questions about using Elliptic Curve ciphers in OpenSSL
      (Jason Schultz)
   3. Re: Questions about using Elliptic Curve ciphers in OpenSSL
      (Salz, Rich)
   4. sendfile (Jeremy Harris)


----------------------------------------------------------------------

Message: 1
Date: Tue, 11 Feb 2020 16:37:27 +0000
From: "Salz, Rich" <[hidden email]>
To: Jason Schultz <[hidden email]>, "[hidden email]"
        <[hidden email]>
Subject: Re: Questions about using Elliptic Curve ciphers in OpenSSL
Message-ID: <[hidden email]>
Content-Type: text/plain; charset="utf-8"

The first thing I would suggest is to separate ECDH, the session key exchange, from ECDSA, the signature.  Try to make ECDH with RSA work.  Then just load your ECDSA cert; you can load one cert of each type (RSA DSA) and the runtime will figure out what to do, depending on what the client offers.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20200211/bcbf7649/attachment-0001.html>

------------------------------

Message: 2
Date: Tue, 11 Feb 2020 17:49:13 +0000
From: Jason Schultz <[hidden email]>
To: "Salz, Rich" <[hidden email]>, "[hidden email]"
        <[hidden email]>
Subject: Re: Questions about using Elliptic Curve ciphers in OpenSSL
Message-ID:
        <[hidden email]>

Content-Type: text/plain; charset="iso-8859-1"

Rich-

Thanks for your reply. At this point I'm 99% sure I have ECDH with RSA working. My question in the previous post was just to confirm. But I have my RSA cert and key pair, and a client can successfully connect to my server using ECDHE_RSA* ciphers.

My questions are more related to ECDSA. For example, you said "just load your ECDSA cert", which is easy enough. My question is, is that all I need? For example, with DSA (which we don't really use anymore), I also needed a DH parameters file, which I read in with PEM_read_DHparams(). Do I need to do something similar with "EC params" or "ECDSA params"? I've seen references to both, and I'm not sure if and when I need them.

As I pointed out, it looks like there are "EC PARAMETERS" in my private key file. Are these needed? If so, how and when do I use them? Or do I need them in a separate file?



________________________________
From: Salz, Rich <[hidden email]>
Sent: Tuesday, February 11, 2020 4:37 PM
To: Jason Schultz <[hidden email]>; [hidden email] <[hidden email]>
Subject: Re: Questions about using Elliptic Curve ciphers in OpenSSL


The first thing I would suggest is to separate ECDH, the session key exchange, from ECDSA, the signature.  Try to make ECDH with RSA work.  Then just load your ECDSA cert; you can load one cert of each type (RSA DSA) and the runtime will figure out what to do, depending on what the client offers.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20200211/1cb043f3/attachment-0001.html>

------------------------------

Message: 3
Date: Tue, 11 Feb 2020 17:54:26 +0000
From: "Salz, Rich" <[hidden email]>
To: Jason Schultz <[hidden email]>, "[hidden email]"
        <[hidden email]>
Subject: Re: Questions about using Elliptic Curve ciphers in OpenSSL
Message-ID: <[hidden email]>
Content-Type: text/plain; charset="utf-8"

I believe you just load your ECDSA cert and the other stuff ? Dhparams!! ? is not needed.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20200211/f0333664/attachment-0001.html>

------------------------------

Message: 4
Date: Wed, 12 Feb 2020 11:08:26 +0000
From: Jeremy Harris <[hidden email]>
To: [hidden email]
Subject: sendfile
Message-ID: <[hidden email]>
Content-Type: text/plain; charset=utf-8

I see that an SSL_sendfile() is due in 3.0 :-
  https://www.openssl.org/docs/manmaster/man3/SSL_write.html

Will there be a matching SSL_recvfile() ?
--
Cheers,
  Jeremy


------------------------------

Subject: Digest Footer

_______________________________________________
openssl-users mailing list
[hidden email]
https://mta.openssl.org/mailman/listinfo/openssl-users


------------------------------

End of openssl-users Digest, Vol 63, Issue 19
*********************************************