plz how can automatically recover this problam
On Wed, 12 Feb 2020, 14:59 , <openssl-users-request@xxxxxxxxxxx> wrote:
Send openssl-users mailing list submissions to
openssl-users@xxxxxxxxxxx
To subscribe or unsubscribe via the World Wide Web, visit
https://mta.openssl.org/mailman/listinfo/openssl-users
or, via email, send a message with subject or body 'help' to
openssl-users-request@xxxxxxxxxxx
You can reach the person managing the list at
openssl-users-owner@xxxxxxxxxxx
When replying, please edit your Subject line so it is more specific
than "Re: Contents of openssl-users digest..."
Today's Topics:
1. Re: Questions about using Elliptic Curve ciphers in OpenSSL
(Salz, Rich)
2. Re: Questions about using Elliptic Curve ciphers in OpenSSL
(Jason Schultz)
3. Re: Questions about using Elliptic Curve ciphers in OpenSSL
(Salz, Rich)
4. sendfile (Jeremy Harris)
----------------------------------------------------------------------
Message: 1
Date: Tue, 11 Feb 2020 16:37:27 +0000
From: "Salz, Rich" <rsalz@xxxxxxxxxx>
To: Jason Schultz <jetson23@xxxxxxxxxxx>, "openssl-users@xxxxxxxxxxx"
<openssl-users@xxxxxxxxxxx>
Subject: Re: Questions about using Elliptic Curve ciphers in OpenSSL
Message-ID: <AE157C29-5E4C-4EB7-8415-3B9C98CEAC6D@xxxxxxxxxx>
Content-Type: text/plain; charset="utf-8"
The first thing I would suggest is to separate ECDH, the session key exchange, from ECDSA, the signature. Try to make ECDH with RSA work. Then just load your ECDSA cert; you can load one cert of each type (RSA DSA) and the runtime will figure out what to do, depending on what the client offers.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20200211/bcbf7649/attachment-0001.html>
------------------------------
Message: 2
Date: Tue, 11 Feb 2020 17:49:13 +0000
From: Jason Schultz <jetson23@xxxxxxxxxxx>
To: "Salz, Rich" <rsalz@xxxxxxxxxx>, "openssl-users@xxxxxxxxxxx"
<openssl-users@xxxxxxxxxxx>
Subject: Re: Questions about using Elliptic Curve ciphers in OpenSSL
Message-ID:
<CH2PR10MB4214D81C779843835B2D13C2C7180@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Content-Type: text/plain; charset="iso-8859-1"
Rich-
Thanks for your reply. At this point I'm 99% sure I have ECDH with RSA working. My question in the previous post was just to confirm. But I have my RSA cert and key pair, and a client can successfully connect to my server using ECDHE_RSA* ciphers.
My questions are more related to ECDSA. For example, you said "just load your ECDSA cert", which is easy enough. My question is, is that all I need? For example, with DSA (which we don't really use anymore), I also needed a DH parameters file, which I read in with PEM_read_DHparams(). Do I need to do something similar with "EC params" or "ECDSA params"? I've seen references to both, and I'm not sure if and when I need them.
As I pointed out, it looks like there are "EC PARAMETERS" in my private key file. Are these needed? If so, how and when do I use them? Or do I need them in a separate file?
________________________________
From: Salz, Rich <rsalz@xxxxxxxxxx>
Sent: Tuesday, February 11, 2020 4:37 PM
To: Jason Schultz <jetson23@xxxxxxxxxxx>; openssl-users@xxxxxxxxxxx <openssl-users@xxxxxxxxxxx>
Subject: Re: Questions about using Elliptic Curve ciphers in OpenSSL
The first thing I would suggest is to separate ECDH, the session key exchange, from ECDSA, the signature. Try to make ECDH with RSA work. Then just load your ECDSA cert; you can load one cert of each type (RSA DSA) and the runtime will figure out what to do, depending on what the client offers.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20200211/1cb043f3/attachment-0001.html>
------------------------------
Message: 3
Date: Tue, 11 Feb 2020 17:54:26 +0000
From: "Salz, Rich" <rsalz@xxxxxxxxxx>
To: Jason Schultz <jetson23@xxxxxxxxxxx>, "openssl-users@xxxxxxxxxxx"
<openssl-users@xxxxxxxxxxx>
Subject: Re: Questions about using Elliptic Curve ciphers in OpenSSL
Message-ID: <BAA87396-FF2B-492D-9028-54D272309A9E@xxxxxxxxxx>
Content-Type: text/plain; charset="utf-8"
I believe you just load your ECDSA cert and the other stuff ? Dhparams!! ? is not needed.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20200211/f0333664/attachment-0001.html>
------------------------------
Message: 4
Date: Wed, 12 Feb 2020 11:08:26 +0000
From: Jeremy Harris <jgh@xxxxxxxxxxx>
To: openssl-users@xxxxxxxxxxx
Subject: sendfile
Message-ID: <695c87c3-5bd6-33eb-2e53-18002be32025@xxxxxxxxxxx>
Content-Type: text/plain; charset=utf-8
I see that an SSL_sendfile() is due in 3.0 :-
https://www.openssl.org/docs/manmaster/man3/SSL_write.html
Will there be a matching SSL_recvfile() ?
--
Cheers,
Jeremy
------------------------------
Subject: Digest Footer
_______________________________________________
openssl-users mailing list
openssl-users@xxxxxxxxxxx
https://mta.openssl.org/mailman/listinfo/openssl-users
------------------------------
End of openssl-users Digest, Vol 63, Issue 19
*********************************************
