openssl-users Digest, Vol 63, Issue 19

Abid Butt buttabid047 at gmail.com
Wed Feb 12 19:04:06 UTC 2020 

plz how can automatically recover this problam

On Wed, 12 Feb 2020, 14:59 , <openssl-users-request at openssl.org> wrote:

> Send openssl-users mailing list submissions to
>         openssl-users at openssl.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         https://mta.openssl.org/mailman/listinfo/openssl-users
> or, via email, send a message with subject or body 'help' to
>         openssl-users-request at openssl.org
>
> You can reach the person managing the list at
>         openssl-users-owner at openssl.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of openssl-users digest..."
>
>
> Today's Topics:
>
>    1. Re: Questions about using Elliptic Curve ciphers in OpenSSL
>       (Salz, Rich)
>    2. Re: Questions about using Elliptic Curve ciphers in OpenSSL
>       (Jason Schultz)
>    3. Re: Questions about using Elliptic Curve ciphers in OpenSSL
>       (Salz, Rich)
>    4. sendfile (Jeremy Harris)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Tue, 11 Feb 2020 16:37:27 +0000
> From: "Salz, Rich" <rsalz at akamai.com>
> To: Jason Schultz <jetson23 at hotmail.com>, "openssl-users at openssl.org"
>         <openssl-users at openssl.org>
> Subject: Re: Questions about using Elliptic Curve ciphers in OpenSSL
> Message-ID: <AE157C29-5E4C-4EB7-8415-3B9C98CEAC6D at akamai.com>
> Content-Type: text/plain; charset="utf-8"
>
> The first thing I would suggest is to separate ECDH, the session key
> exchange, from ECDSA, the signature.  Try to make ECDH with RSA work.  Then
> just load your ECDSA cert; you can load one cert of each type (RSA DSA) and
> the runtime will figure out what to do, depending on what the client offers.
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://mta.openssl.org/pipermail/openssl-users/attachments/20200211/bcbf7649/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 2
> Date: Tue, 11 Feb 2020 17:49:13 +0000
> From: Jason Schultz <jetson23 at hotmail.com>
> To: "Salz, Rich" <rsalz at akamai.com>, "openssl-users at openssl.org"
>         <openssl-users at openssl.org>
> Subject: Re: Questions about using Elliptic Curve ciphers in OpenSSL
> Message-ID:
>         <
> CH2PR10MB4214D81C779843835B2D13C2C7180 at CH2PR10MB4214.namprd10.prod.outlook.com
> >
>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Rich-
>
> Thanks for your reply. At this point I'm 99% sure I have ECDH with RSA
> working. My question in the previous post was just to confirm. But I have
> my RSA cert and key pair, and a client can successfully connect to my
> server using ECDHE_RSA* ciphers.
>
> My questions are more related to ECDSA. For example, you said "just load
> your ECDSA cert", which is easy enough. My question is, is that all I need?
> For example, with DSA (which we don't really use anymore), I also needed a
> DH parameters file, which I read in with PEM_read_DHparams(). Do I need to
> do something similar with "EC params" or "ECDSA params"? I've seen
> references to both, and I'm not sure if and when I need them.
>
> As I pointed out, it looks like there are "EC PARAMETERS" in my private
> key file. Are these needed? If so, how and when do I use them? Or do I need
> them in a separate file?
>
>
>
> ________________________________
> From: Salz, Rich <rsalz at akamai.com>
> Sent: Tuesday, February 11, 2020 4:37 PM
> To: Jason Schultz <jetson23 at hotmail.com>; openssl-users at openssl.org <
> openssl-users at openssl.org>
> Subject: Re: Questions about using Elliptic Curve ciphers in OpenSSL
>
>
> The first thing I would suggest is to separate ECDH, the session key
> exchange, from ECDSA, the signature.  Try to make ECDH with RSA work.  Then
> just load your ECDSA cert; you can load one cert of each type (RSA DSA) and
> the runtime will figure out what to do, depending on what the client offers.
>
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://mta.openssl.org/pipermail/openssl-users/attachments/20200211/1cb043f3/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 3
> Date: Tue, 11 Feb 2020 17:54:26 +0000
> From: "Salz, Rich" <rsalz at akamai.com>
> To: Jason Schultz <jetson23 at hotmail.com>, "openssl-users at openssl.org"
>         <openssl-users at openssl.org>
> Subject: Re: Questions about using Elliptic Curve ciphers in OpenSSL
> Message-ID: <BAA87396-FF2B-492D-9028-54D272309A9E at akamai.com>
> Content-Type: text/plain; charset="utf-8"
>
> I believe you just load your ECDSA cert and the other stuff ? Dhparams!! ?
> is not needed.
>
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://mta.openssl.org/pipermail/openssl-users/attachments/20200211/f0333664/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 4
> Date: Wed, 12 Feb 2020 11:08:26 +0000
> From: Jeremy Harris <jgh at wizmail.org>
> To: openssl-users at openssl.org
> Subject: sendfile
> Message-ID: <695c87c3-5bd6-33eb-2e53-18002be32025 at wizmail.org>
> Content-Type: text/plain; charset=utf-8
>
> I see that an SSL_sendfile() is due in 3.0 :-
>   https://www.openssl.org/docs/manmaster/man3/SSL_write.html
>
> Will there be a matching SSL_recvfile() ?
> --
> Cheers,
>   Jeremy
>
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> openssl-users mailing list
> openssl-users at openssl.org
> https://mta.openssl.org/mailman/listinfo/openssl-users
>
>
> ------------------------------
>
> End of openssl-users Digest, Vol 63, Issue 19
> *********************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20200212/69a7704f/attachment.html>

More information about the openssl-users mailing list