Re: OpenSSL 3.0 support for Debian11

On Wed, Jan 18, 2023 at 1:19 AM David wrote: > > On Wed, 18 Jan 2023 at 10:24, Ben Lavender wrote: > > > Stable releases don't always provide the latest software, generally that > > isn't always respectively "stable". > > > > The latest seems to be available via the repositories Debian testing an

Re: OpenSSL 3.0 support for Debian11

You are correct, perhaps I shouldn't have recommended that given I'm not sure of the OP's experience with Debian. I personally run it like this with no issues. On 18/01/2023 06:18, David wrote: On Wed, 18 Jan 2023 at 10:24, Ben Lavender wrote: Stable releases don't always provide the latest

Re: OpenSSL 3.0 support for Debian11

On Wed, 18 Jan 2023 at 10:24, Ben Lavender wrote: > Stable releases don't always provide the latest software, generally that > isn't always respectively "stable". > > The latest seems to be available via the repositories Debian testing and > unstable of which you can still run on Debian 11 if you

Re: OpenSSL 3.0 support for Debian11

On Tue, Jan 17, 2023 at 11:23:41PM +, Ben Lavender wrote: > Stable releases don't always provide the latest software, generally that > isn't always respectively "stable". To be more precise, "stable" means "it doesn't change". In general, no new major versions, especially not libraries (which

Re: OpenSSL 3.0 support for Debian11

Stable releases don't always provide the latest software, generally that isn't always respectively "stable". The latest seems to be available via the repositories Debian testing and unstable of which you can still run on Debian 11 if you configure it so. https://tracker.debian.org/pkg/openssl

Re: OpenSSL 3.0 support for Debian11

On 2023-01-17 at 09:33, Shaheena Kazi wrote: > Hello Team, > > We are using Debian 11 with OpenSSL 1.1.1n > As OpenSSL 1.1.1 series is going EOL on 11th September 2023. > > We would like to know if Debian is planning to add OpenSSL 3.0 support on > Debian 11 any time soon. While I have no speci

Re: OpenSSL 3.0 support for Debian11

On Tue, Jan 17, 2023 at 08:03:23PM +0530, Shaheena Kazi wrote: > Hello Team, > > We are using Debian 11 with OpenSSL 1.1.1n > As OpenSSL 1.1.1 series is going EOL on 11th September 2023. > > We would like to know if Debian is planning to add OpenSSL 3.0 support on > Debian 11 any time soon. It s

Re: OpenSSl encrpt and decrypt a String

Hi, 16 oct. 2020 à 15:58 de philipp.ew...@digionline.de: > i try to encrypt a String with OpenSSL but its not working as i want. > > echo -n "That's the text" | openssl enc -aes-256-cbc -a -A -nosalt > I don't know if your question is just theoretical or if you have a valid use case beyond the b

Re: OpenSSl encrpt and decrypt a String

On Fri, Oct 16, 2020 at 06:24:31PM +0200, Philipp Ewald wrote: > Thank you! > > I have used this : openssl base64 -d instead of "base64 -d" .. You're welcome. Reco

Re: OpenSSl encrpt and decrypt a String

Thank you! I have used this : openssl base64 -d instead of "base64 -d" .. On 16.10.20 18:09, Reco wrote: Hi. On Fri, Oct 16, 2020 at 03:58:46PM +0200, Philipp Ewald wrote: echo -n "That's the text" | openssl enc -aes-256-cbc -a -A -nosalt gives me following "String": ttn39k7Yigle

Re: OpenSSl encrpt and decrypt a String

Hi. On Fri, Oct 16, 2020 at 03:58:46PM +0200, Philipp Ewald wrote: > echo -n "That's the text" | openssl enc -aes-256-cbc -a -A -nosalt > > gives me following "String": > ttn39k7YiglePLvmmc6s+w== Correct so far, assuming that you've entered a passphrase from the keyboard. > echo -n "tt

Re: openssl headers missing while installing psiphon on Debian 10

On 08.09.19 20:03, Tapas Mishra wrote: > On Sun, Sep 8, 2019 at 2:56 PM Ulf Volmer wrote: >> >> On 08.09.19 01:28, Tapas Mishra wrote: >> >>> configure: error: *** OpenSSL headers missing >> >> Install libssl-dev. > > Ok thanks I did install libssl-dev > sudo apt-get install libssl-dev > https://

Re: openssl headers missing while installing psiphon on Debian 10

On Sun, Sep 8, 2019 at 2:56 PM Ulf Volmer wrote: > > On 08.09.19 01:28, Tapas Mishra wrote: > > > configure: error: *** OpenSSL headers missing > > Install libssl-dev. Ok thanks I did install libssl-dev sudo apt-get install libssl-dev https://pastebin.com/EYpswMRv I got following configure: error

Re: openssl headers missing while installing psiphon on Debian 10

On 08.09.19 01:28, Tapas Mishra wrote: > configure: error: *** OpenSSL headers missing Install libssl-dev. Best regards Ulf

Re: openssl 1.1.1-1: bug?

Hi. On Fri, Oct 05, 2018 at 12:41:44PM +0200, Pétùr wrote: > Hi, > > I cannot connect to WPA2 Entreprise network (PEAP + MSCHAPv2) with > openssl 1.1.1-1 (in sid today). I can connect 1.1.0f-3+deb9u2 version > (stable). > > Is it a bug in openssl 1.1.1-1 or some kind of incompatibility b

Re: Openssl ciphers is not means SSL supported?

Hi. 2018-08-22 14:43 GMT+09:00 Reco : >> [question 1] >> 'openssl ciphers -v' output ciphers. include SSL protocol version. >> I have 'SSLv3' by 'openssl ciphers -v' >> but debian openssl package disable ssl3. by configure option. >> (see configure option in debian/rules file). >> >> my openssl do

Re: Openssl ciphers is not means SSL supported?

Hi. On Wed, Aug 22, 2018 at 02:01:23PM +0900, Miwa Susumu wrote: > Hi all. > > [question 1] > 'openssl ciphers -v' output ciphers. include SSL protocol version. > I have 'SSLv3' by 'openssl ciphers -v' > but debian openssl package disable ssl3. by configure option. > (see configure option

Re: openssl too old and what to do about it

ng0: > > I am in the position where I have to run at least one Debian > stable based server, and with the recent upgrade of a search > engine, I can no longer use its proxy functionality. > This would require a version of OpenSSL which is not available in > Debian stable at this point. Which vers

Re: openssl too old and what to do about it

On Sun, Jul 10, 2016 at 06:34:09PM CEST, ng0 said: > I am not subscribed and don't plan to - please keep me in CC when > replying. > > Hi, > > I am in the position where I have to run at least one Debian > stable based server, and with the recent upgrade of a search > engine, I can no longer use

Re: Openssl -showcerts "verify error"

Hi. On Wed, May 04, 2016 at 11:58:56PM +0100, Ron Leach wrote: > On 04/05/2016 23:22, Reco wrote: > > >Considering that https://secure.gateway.gov.uk tells me about > >*selecting* a valid certificate - it could mean that your *client* > >became expired recently. > > I wondered. The appl

Re: Openssl -showcerts "verify error"

On Thursday 05 May 2016 08:08:51 Ron Leach wrote: > On 05/05/2016 00:13, Lisi Reisz wrote: > > On Wednesday 04 May 2016 23:58:56 Ron Leach wrote: > >> But ... following some other earlier posts by folk using a web browser > >> to reach the url (and seeming to have success) > > > > Curiouser and cur

Re: Openssl -showcerts "verify error"

On 05/05/2016 00:13, Lisi Reisz wrote: On Wednesday 04 May 2016 23:58:56 Ron Leach wrote: But ... following some other earlier posts by folk using a web browser to reach the url (and seeming to have success) Curiouser and curiouser - I didn't just reach it successfully, I logged in successfull

Re: Openssl -showcerts "verify error"

On Wednesday 04 May 2016 23:58:56 Ron Leach wrote: > But ... following some other earlier posts by folk using a web browser > to reach the url (and seeming to have success) Curiouser and curiouser - I didn't just reach it successfully, I logged in successfully. Certificates weren't mentioned. :-/

Re: Openssl -showcerts "verify error"

On 04/05/2016 23:22, Reco wrote: Considering that https://secure.gateway.gov.uk tells me about *selecting* a valid certificate - it could mean that your *client* became expired recently. I wondered. The application is a Python package distributed by UK TAX authority and intended for electron

Re: Openssl -showcerts "verify error"

Hi. On Wed, 04 May 2016 17:25:40 +0100 Ron Leach wrote: > List, good afternoon, > > I'd appreciate some advice about how to fix an SSL error I'm hitting > while accessing a government website required for online filing. > Oddly, this error has just occurred, but we've been using the s

Re: Openssl -showcerts "verify error"

On Wed, May 4, 2016, at 01:54 PM, Lisi Reisz wrote: > On Wednesday 04 May 2016 18:40:01 William O'Malley wrote: > > On Wed, May 4, 2016, at 12:25 PM, Ron Leach wrote: > > > List, good afternoon, > > > > > > I'd appreciate some advice about how to fix an SSL error I'm hitting > > > while accessing a

Re: Openssl -showcerts "verify error"

On Wednesday 04 May 2016 18:40:01 William O'Malley wrote: > On Wed, May 4, 2016, at 12:25 PM, Ron Leach wrote: > > List, good afternoon, > > > > I'd appreciate some advice about how to fix an SSL error I'm hitting > > while accessing a government website required for online filing. > > Oddly, this

Re: Openssl -showcerts "verify error"

On Wed, May 4, 2016, at 12:25 PM, Ron Leach wrote: > List, good afternoon, > > I'd appreciate some advice about how to fix an SSL error I'm hitting > while accessing a government website required for online filing. > Oddly, this error has just occurred, but we've been using the service > withou

Re: OpenSSL squeeze - support TLS 1.2

On Tue, Jun 02, 2015 at 02:26:59PM +0200, For@ll wrote: Hi, > It's possible to upgrade in squeeze openssl to 1.0.x versiob, because I have > one client with this debian version who need support TLS 1.2. > Now I have only 0.9.8 openssl. I'd recommend to update to jessie instead of trying to bring

Re: openssl update?

On Fri, 6 Jun 2014 13:46:56 -0700 cono...@rahul.net (John Conover) wrote: > > I updated openssl, and none of the browsers, (firefox, chrome,) > work-they just hang. > > Did I forget something? Nor firefox nor chrome use openssl, they use nss. It is very unlikely that upgrading openssl is connec

Re: openssl update?

On Fri, 06 Jun 2014, John Conover wrote: > > I updated openssl, and none of the browsers, (firefox, chrome,) > work-they just hang. > > Did I forget something? Yeah. Probably. First, What version of Debian? What exactly did you do? Did you just 'apt-get upgrade openssl', etc? Or did you a

Re: OpenSSL Heartbleed bug, Apache still vulnerable?

On Apr 9, 2014 3:51 PM, "Sven Hartge" wrote: > > Curt wrote: > > On 2014-04-09, Jochen Spieker wrote: > > >> The repository now contains a fixed version (0.9.4.2-r413). I tested it > >> and the new version looks fine. > > > Don't mean to hijack, but is this a useful tool? > > > http://filippo.io

Re: OpenSSL Heartbleed bug, Apache still vulnerable?

Curt wrote: > On 2014-04-09, Jochen Spieker wrote: >> The repository now contains a fixed version (0.9.4.2-r413). I tested it >> and the new version looks fine. > Don't mean to hijack, but is this a useful tool? > http://filippo.io/Heartbleed/ To scan your complete network in mere seconds:

Re: OpenSSL Heartbleed bug, Apache still vulnerable?

On 2014-04-09, Jochen Spieker wrote: >> http://filippo.io/Heartbleed/ > > Yes, it is. Qualys tests for the new attack as well now: > > https://www.ssllabs.com/ssltest/ > Thank you. The ssllabs test seems quite thorough! -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a

Re: OpenSSL Heartbleed bug, Apache still vulnerable?

Curt: > On 2014-04-09, Jochen Spieker wrote: >> >> The repository now contains a fixed version (0.9.4.2-r413). I tested it >> and the new version looks fine. > > Don't mean to hijack, but is this a useful tool? > > http://filippo.io/Heartbleed/ Yes, it is. Qualys tests for the new attack as

Re: OpenSSL Heartbleed bug, Apache still vulnerable?

On 2014-04-09, Jochen Spieker wrote: > > The repository now contains a fixed version (0.9.4.2-r413). I tested it > and the new version looks fine. Don't mean to hijack, but is this a useful tool? http://filippo.io/Heartbleed/ (I'm an ignorant end user who has just woken up to the issue of ble

Re: OpenSSL Heartbleed bug, Apache still vulnerable?

Jochen Spieker: > Sven Hartge: >> >> I presume mod_spdy is not from any offical package (cannot find any >> package matching "spdy" in Debian anywhere) but a module compiled by >> yourself? > > I think I installed a .deb from Google which added the file > /etc/apt/sources.list.d/mod-spdy.list: >

Re: OpenSSL Heartbleed bug, Apache still vulnerable?

Gary Carter: > > Just curious - are you running Google's mod_spdy? If so, that was the > culprit for me - check: Yes, that was it. Thanks for the heads-up. J. -- The news at ten makes me peevish but animal hospital makes me cry. [Agree] [Disagree]

Re: OpenSSL Heartbleed bug, Apache still vulnerable?

Sven Hartge: > Jochen Spieker wrote: > >> Yes, here it is: >> https://code.google.com/p/mod-spdy/issues/detail?id=85 > >>| Note that just disabling the spdy module in Apache won't work, because >>| the SSL library itself is replaced. Easiest fix on Debian is to remove >>| the mod-spdy package fr

Re: OpenSSL Heartbleed bug, Apache still vulnerable?

Jochen Spieker wrote: > Thinking about this … what I actually use is mod_spdy which is not > linked against libssl. It probably has the same bug … > Yes, here it is: > https://code.google.com/p/mod-spdy/issues/detail?id=85 > | Note that just disabling the spdy module in Apache won't work, becau

Re: OpenSSL Heartbleed bug, Apache still vulnerable?

Hi guys, Sorry if I end up doing this wrong (don't tend to post to lists often), thread-wise, but I ran into the same issue where it seemed that despite upgrading OpenSSL to the patched version, my Apache server was still vulnerable to Heartbleed. Just curious - are you running Google's mod_spdy?

Re: OpenSSL Heartbleed bug, Apache still vulnerable?

Jochen Spieker wrote: > Thinking about this … what I actually use is mod_spdy which is not > linked against libssl. It probably has the same bug … > Yes, here it is: > https://code.google.com/p/mod-spdy/issues/detail?id=85 > | Note that just disabling the spdy module in Apache won't work, becau

Re: openssl 101-g not in packages.gz

On 2014-04-08 20:49 +0200, Hans wrote: >> It should happen with the next mirror push. For some reason neither >> jessie nor sid have seen updates this afternoon yet, at least not on >> ftp.de.debian.org. >> >> Cheers, >>Sven > Hi Sven. > > This was exactly the server I was looking at. I

Re: OpenSSL Heartbleed bug, Apache still vulnerable?

Sven Hartge: > Jochen Spieker wrote: > >> I have the most recent version and it still reports my system to be >> vulnerable. > > Are you sure you restarted the right system? (Just asking, had the same > problem today, was looking at a totally different system than the one I > thought I was looki

Re: openssl 101-g not in packages.gz

Le 08/04/2014 20:55, Erwan David a écrit : > Le 08/04/2014 20:49, Hans a écrit : >>> It should happen with the next mirror push. For some reason neither >>> jessie nor sid have seen updates this afternoon yet, at least not on >>> ftp.de.debian.org. >>> >>> Cheers, >>>Sven >> Hi Sven. >> >>

Re: openssl 101-g not in packages.gz

Le 08/04/2014 20:49, Hans a écrit : >> It should happen with the next mirror push. For some reason neither >> jessie nor sid have seen updates this afternoon yet, at least not on >> ftp.de.debian.org. >> >> Cheers, >>Sven > Hi Sven. > > This was exactly the server I was looking at. I just

Re: openssl 101-g not in packages.gz

> It should happen with the next mirror push. For some reason neither > jessie nor sid have seen updates this afternoon yet, at least not on > ftp.de.debian.org. > > Cheers, >Sven Hi Sven. This was exactly the server I was looking at. I just wondered, because someone told at heise.de f

Re: openssl 101-g not in packages.gz

On 2014-04-08 20:25 +0200, Hans wrote: > Maybe I am wrong, but it looks like the fixed openssl 101-g is in the repo, > but > not in the packages.gz of debian/jessie. > > So (if I see this correct), debian/jessie will not see and update the newest > version. It should happen with the next mirro

Re: OpenSSL Heartbleed bug, Apache still vulnerable?

Jochen Spieker wrote: >>> Am I doing anything wrong? Is the testing tool broken? I also tried the >>> one at https://gist.github.com/takeshixx/10107280 which confirms there >>> is still a problem on port 443 (HTTPS served by Apache). >> >> That test tool was updated a few hours ago to include ch

Re: OpenSSL Heartbleed bug, Apache still vulnerable?

Scott Ferguson: > On 09/04/14 00:49, Jochen Spieker wrote: >> >> as many others, I patched my machines today because of the horrible >> OpenSSL bug: >> >> $ apt-cache policy libssl1.0.0 >> libssl1.0.0: >> Installed: 1.0.1e-2+deb7u6 >> Candidate: 1.0.1e-2+deb7u6 >> Version table: >> 1.0

Re: OpenSSL Heartbleed bug, Apache still vulnerable?

Reco: > Hi. > > On Tue, Apr 08, 2014 at 04:49:13PM +0200, Jochen Spieker wrote: > >> Am I doing anything wrong? Is the testing tool broken? I also tried the >> one at https://gist.github.com/takeshixx/10107280 which confirms there >> is still a problem on port 443 (HTTPS served by Apache). > > N

Re: OpenSSL Heartbleed bug, Apache still vulnerable?

On 09/04/14 00:49, Jochen Spieker wrote: > Hi, > > as many others, I patched my machines today because of the horrible > OpenSSL bug: > > $ apt-cache policy libssl1.0.0 > libssl1.0.0: > Installed: 1.0.1e-2+deb7u6 > Candidate: 1.0.1e-2+deb7u6 > Version table: > 1.0.1g-1 0 > -10

Re: OpenSSL Heartbleed bug, Apache still vulnerable?

Hi. On Tue, Apr 08, 2014 at 04:49:13PM +0200, Jochen Spieker wrote: > Am I doing anything wrong? Is the testing tool broken? I also tried the > one at https://gist.github.com/takeshixx/10107280 which confirms there > is still a problem on port 443 (HTTPS served by Apache). No, chances are, you'r

Re: openssl without ssl2 switch

On Wed 26 Mar 2014 at 14:21:38 +0100, Veljko wrote: > On 2014-Mar-26 13:13, Brian wrote: > > > > The Squeeze libssl and openssl *do* install on Wheezy with 'dpkg -i' and > > the command to test for ssl2 works. > > Thanks for the info, Brian. Can they be installed side by side with > wheezy vers

Re: openssl without ssl2 switch

On 2014-Mar-26 13:13, Brian wrote: > On Wed 26 Mar 2014 at 11:59:21 +0100, Veljko wrote: > > > ssllabs works only with 443 port, but thanks. I guess I'll try to > > recompile openssl on some small virtual machine on which I can break > > things. > > The Squeeze libssl and openssl *do* install on

Re: openssl without ssl2 switch

On Wed 26 Mar 2014 at 11:59:21 +0100, Veljko wrote: > ssllabs works only with 443 port, but thanks. I guess I'll try to > recompile openssl on some small virtual machine on which I can break > things. The Squeeze libssl and openssl *do* install on Wheezy with 'dpkg -i' and the command to test for

Re: openssl without ssl2 switch

On 2014-Mar-26 00:32, Brian wrote: > A quick scan of the output of 'apt-cache search ssl' shows sslscan and > nikto but both depend on libssl1.0.0 (>= 1.0.1). It's possible the > Squeeze packages might install on Wheezy but that's without taking a > close look at the situation. For public servers t

Re: openssl without ssl2 switch

On Wed 26 Mar 2014 at 00:24:17 +0100, Veljko wrote: > On 2014-Mar-25 23:09, Brian wrote: > > > > Rebuild the openssl package(s) with ssl2 support? > > openssl is very important package. I wasn't sure if messing with it > would break something. I was asking if someone knows of any other tool > th

Re: openssl without ssl2 switch

On 2014-Mar-25 23:09, Brian wrote: > > As last poster on that bug number asked, they should have removed it > > from list of available options as well. > > People forget things; like not doing a search with "openssl built > without ssl2 support". Bug report? I actually find one[1] later. It was

Re: openssl without ssl2 switch

On Tue 25 Mar 2014 at 23:16:04 +0100, Veljko wrote: > On 2014-Mar-25 20:37, Sven Joachim wrote: > > On 2014-03-25 17:23 +0100, Veljko wrote: > > > > > I wanted to test if ssl2 is turned off on server, so I tried with this > > > command line on my desktop: > > > > > > openssl s_client -connect ser

Re: openssl without ssl2 switch

On 2014-Mar-25 20:37, Sven Joachim wrote: > On 2014-03-25 17:23 +0100, Veljko wrote: > > > I wanted to test if ssl2 is turned off on server, so I tried with this > > command line on my desktop: > > > > openssl s_client -connect server_ip:443 -ssl2 > > > > but I'm getting > > > > "unknown option -

Re: openssl without ssl2 switch

On 2014-03-25 17:23 +0100, Veljko wrote: > I wanted to test if ssl2 is turned off on server, so I tried with this > command line on my desktop: > > openssl s_client -connect server_ip:443 -ssl2 > > but I'm getting > > "unknown option -ssl2 > usage: s_client args" > > although displayed list of su

Re: openssl chat

S Mathias wrote: > i can use "natively" openssl for anonymous chat: Yes. But it just connects your keyboard and handles the ssl encryption part. It doesn't really know about the chat protocol. > # Chat: > # server side: > openssl req -x509 -nodes -days 365 -newkey rsa:8192 -keyout mycert.pem

Re: openssl chat

On Sun, Dec 12, 2010 at 07:20:59AM -0800, S Mathias wrote: > i can use "natively" openssl for anonymous chat: [snip] May I suggest using an openssl mailing list to ask questions about general usage of openssl. http://www.openssl.org/support/community.html -- "Religion is excellent stuff for ke

Re: openssl Vs perl encode

Hi, Bhasker C V <[EMAIL PROTECTED]> writes: > I am trying to encode using base64 to get data for SMTP > authentication which i am experimenting upon. I stumbled upon this > issue. I am not sure why this is happening. > > Say the text to be encoded is "[EMAIL PROTECTED]" > > $ perl > use MIME:

Re: openssl Vs perl encode

Bhasker C V wrote: > Hi all, > > I am sure that this is more of a security question and does not > pertain to 'debian', please advice me to re-route this mail to > appropriate list if you are offended. > > I am trying to encode using base64 to get data for SMTP > authentication which i am experim

Re: openssl vulnerability and RSA keys

Ross Boylan <[EMAIL PROTECTED]> writes: > > The recent security advisory for Debian's version of openssl says that > you should regenerate all keys, and that DSA keys should be considered > compromised. > > Does this mean that RSA keys for openssh should not be considered > compromised? If so, why

Re: openssl vulnerability and RSA keys

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 05/13/08 19:36, Nelson Castillo wrote: > On Tue, May 13, 2008 at 7:05 PM, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: >> On May 13, 2:20 pm, Ross Boylan <[EMAIL PROTECTED]> wrote: >> > Does this mean that RSA keys for openssh should not be conside

Re: openssl vulnerability and RSA keys

On Tue, May 13, 2008 at 7:05 PM, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > On May 13, 2:20 pm, Ross Boylan <[EMAIL PROTECTED]> wrote: > > Does this mean that RSA keys for openssh should not be considered > > compromised? If so, why the need to regenerate them? > > On our systems the dowkd.

Re: openssl vulnerability and RSA keys

On May 13, 2:20 pm, Ross Boylan <[EMAIL PROTECTED]> wrote: > Does this mean that RSA keys for openssh should not be considered > compromised? If so, why the need to regenerate them? On our systems the dowkd.pl script found weak DSA and RSA keys, both as host keys, and as user-generated keypairs.

Re: openssl x509 management

On Wed, Dec 05, 2007 at 07:57:19AM +1100, Alex Samad wrote: > Hi > > My ca is about to expire and I used to manually manage my certificates, just > a > bunch of scripts. > > How are other people managing their certificates, I don't have that many, > something web based would be nice. > > I ha

Re: OpenSSL version 0.9.7e ?!

On Thursday, 16.11.2006 at 21:50 +0100, Stephan Seitz wrote: > On Thu, Nov 16, 2006 at 08:25:00PM +, Dave Ewart wrote: > >to which the machine is put. Kernel bugs are normally only > >exploitable by local users; SSL bugs are most likely to be > >exploitable remotely. If > > Only partly true

Re: OpenSSL version 0.9.7e ?!

On Thu, Nov 16, 2006 at 08:25:00PM +, Dave Ewart wrote: to which the machine is put. Kernel bugs are normally only exploitable by local users; SSL bugs are most likely to be exploitable remotely. If Only partly true, I think. If you have a server application like apache, which has a bug

Re: OpenSSL version 0.9.7e ?!

On Thursday, 16.11.2006 at 12:08 -0800, Kevin B. McCarty wrote: > > I had a strong *shrug* when i noticed that my stable system > > (originally woody, upgraded to sarge without kernel change) still > > had > ^^^ > If you are running Debian-p

Re: OpenSSL version 0.9.7e ?!

Hi Nicolas, Nicolas Pillot wrote: > I had a strong *shrug* when i noticed that my stable system > (originally woody, upgraded to sarge without kernel change) still had ^^^ If you are running Debian-provided kernels, you *really* should upg

Re: OpenSSL version 0.9.7e ?!

2006/11/15, Nicolas Pillot <[EMAIL PROTECTED]>: I though that all the security fixes were included into sarge, am i wrong ? If someone could give me some details, i'd be quite happy to learn :-) After some research, it looks like the debian patch, named [openssl_0.9.7e-3sarge4.diff.gz] has a mo

Re: OpenSSL

Florian Kulzer <[EMAIL PROTECTED]>: > On Thu, Oct 12, 2006 at 11:36:52 +0200, Roger Johansen wrote: > > Hi all, > > > > system: debian 3.1 with 2.6.8-2-386 kernel. > > > > > > I am using openssl and i am wondering if it is secure to use it. When > i do a: > > > > "openssl version" it displays

Re: OpenSSL

On Thu, Oct 12, 2006 at 11:36:52 +0200, Roger Johansen wrote: > Hi all, > > system: debian 3.1 with 2.6.8-2-386 kernel. > > > I am using openssl and i am wondering if it is secure to use it. When i do a: > > "openssl version" it displays: > > OpenSSL 0.9.7e 25 Oct 2004 > > > isn't this packa

Re: openssl update

On Thu, Oct 27, 2005 at 02:54:07PM +0300, Alexei Chetroi wrote: > but in sarge it is version 0.9.7e-3, not 0.9.7e-3sarge1. Whether there's > a typo in matrix, or it wasn't uploaded to the server. Could it be > possible? Indeed strange. I see the same thing on my Sarge. A similar question is aske

Re: openssl update

On Thu, Oct 27, 2005 at 07:29:42AM -0400, Roberto C. Sanchez wrote: > Date: Thu, 27 Oct 2005 07:29:42 -0400 > From: "Roberto C. Sanchez" <[EMAIL PROTECTED]> > To: Alexei Chetroi <[EMAIL PROTECTED]>, > debian-user@lists.debian.org > Subject: Re: openssl u

Re: openssl update

On Thu, Oct 27, 2005 at 01:36:44PM +0300, Alexei Chetroi wrote: > Hi, > > Recently, there was a message in debian-security-announce, regarding > vulnerability in openssl package. I did 'aptitude update', but I don't > see updated openssl package. Here's "apt-cache policy openssl" output: > >

Re: openssl has 2gb limit ?

On Wed, 03 Aug 2005, [EMAIL PROTECTED] wrote: > today I tried to encrypt a 3.2Gb file with openssl: > > openssl enc -aes256 -e -salt -pass file:filename.pwd -in filename -out > filename.openssl > > It aborted with the error: > "Die maximale Dateigröße ist überschritten" = "Maximum file size is

Re: openssl has 2gb limit ?

On 8/3/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > Hello, > > today I tried to encrypt a 3.2Gb file with openssl: > > openssl enc -aes256 -e -salt -pass file:filename.pwd -in filename -out > filename.openssl > > It aborted with the error: > "Die maximale Dateigröße ist überschritten" = "M

Re: openssl ca

On Sun, 2003-02-09 at 23:04, [EMAIL PROTECTED] wrote: > Hi, > > I'm trying to setup MySQL's SSL using openssl command. [..] > Certificate is to be certified until Feb 10 04:01:25 2004 GMT (365 days) > Sign the certificate? [y/n]:y > failed to update database > TXT_DB error number 2 > > What could

Re: openssl Illegal instruction with sid version

On Sat, 2003-01-25 at 15:31, Rob Weir wrote: > > openssl req -new -x509 -keyout demoCA/private/cakey.pem -out > > demoCA/cacert.pem -days 3650 > > Illegal instruction > > > > So then I tried running: > > openssl version > > Illegal instruction > > > > So I figure that there is a problem with the

Re: openssl Illegal instruction with sid version

On Sat, Jan 25, 2003 at 10:43:50AM +1000, Mark Devin wrote: > I am not sure if this is a bug or I just don't have things installed > correctly. I have just installed the sid version of openssl and its > required dependencies with: > apt-get -t unstable install openssl > > But the perl script CA.p

Re: openssl Illegal instruction with sid version

On Sat, Jan 25, 2003 at 10:43:50 +1000, Mark Devin wrote: > So then I tried running: > openssl version > Illegal instruction > Does anyone have any idea what I should check next? Yes. You should check whether the 0.9.7-4 packages (currently in Incoming) fix your problem; they address http://bugs.

Re: OpenSSL suggested version

[EMAIL PROTECTED] wrote: > On the Apache web site, it recommends at least version 0.9.6e of OpenSSL > and Apache-SSL HTTP Server version 1.3.27 or later. > > But Debian only has Apache-SSSL 1.3.26 and OpenSSL 0.9.6c in stable, and > OpenSSL 0.9.6g in testing. > Debian backports security patche

Re: openssl-dev anywhere?

On Fri, 13 Sep 2002 13:24:41 +0200, "Heilig (Cece) Szabolcs" writes: >I need to compile bsdftpd-ssl on a Debian GNU/Liux box. >After configuring and running make, it drops error: <...> >I have openssl package installed, but i think, that compile >needed openssl headers. I think the place of that

Re: OpenSSL headers?

To build OpenSSH, you need libssl09-dev, libssl09, and openssl. I would assume another package would be similar or the same. You may have to point it at /usr/include/ssl instead of /usr/include/openssl for the headers, though. -Dan On Fri, May 12, 2000 at 04:10:40PM +, Nick Phillips wrote:

Re: OpenSSL headers?

> I've got OpenSSL installed (all works fine), and I'm now trying to build a > package from > source which looks for opensslv.h to detect whether or not openssl is > available. Presumably > it will also need some headers to build, but /usr/include/openssl is empty. > There also > doesn't appear