search for: deloget

...sist? The idea of removing weak ciphers from a widely used piece of software is a good one - that way, you strengthen the whole ecosystem. Going the reverse path would simply make less informed people be the weak link of the Internet, putting possibly many more at risk. Best regards, -- Emmanuel Deloget

Hello Ingo, On Fri, Jun 23, 2017 at 1:26 AM, Ingo Schwarze <schwarze at usta.de> wrote: > > Hi Emmanuel, > > Emmanuel Deloget wrote on Fri, Jun 23, 2017 at 12:26:47AM +0200: > > > * the openssl team has no real incentive to propose a shim ; > > If major application projects refuse to support their new release, > thus putting pressure on operating system distributions to not > completely switch to 1.1...

...nly the OpenSSL routines used by OpenSC have added to sc-ossl-compat.h but others defines and macro could be added.There are a few utilities that use still use a few #ifdef's during initialization. On 6/23/2017 7:15 AM, The Doctor wrote: > On Fri, Jun 23, 2017 at 01:53:24PM +0200, Emmanuel Deloget wrote: >> Hello Ingo, >> >> On Fri, Jun 23, 2017 at 1:26 AM, Ingo Schwarze <schwarze at usta.de> wrote: >>> >>> Hi Emmanuel, >>> >>> Emmanuel Deloget wrote on Fri, Jun 23, 2017 at 12:26:47AM +0200: >>> >>>> * the opens...

I'm not sure I agree with Peter in respect to his comment about "building a dependency to systemd". The only time a "dependency" would be created is when the end-user would configure it to be there with a configure time flag of --with-systemd. Just having the code available and dormant without that flag being provided builds in no dependency whatsoever and gives the

...must add or remove a function from the shim. ?Did I miss something? ?Is the community interested in having support for openssl 1.1? What should an ideal openssl 1.1 support look like? Do you have any question? Comment? How many question mark can I add in the paragraph? ?Best regards, -- Emmanuel Deloget? [1] https://github.com/openssh/openssh-portable/pull/48 [2] http://lists.mindrot.org/pipermail/openssh-unix-dev/2016-September/035378.html ?[3] http://pkgs.fedoraproject.org/cgit/rpms/openssh.git/tree/openssh-7.3p1-openssl-1.1.0.patch ? [4] https://github.com/OpenVPN/openvpn [5] http://lists.mind...

...th both, whether you like it or not. The question is then: is it up to you to be compatible with both, or is it up to distributors to provide compatibilty? When more and more softwares propose their own shim it makes the later less and less understandable. > Yours, > Ingo BR, -- Emmanuel Deloget

On 6/24/2017 11:35 AM, Emmanuel Deloget wrote: > Hello Douglas, > > On Fri, Jun 23, 2017 at 9:16 PM, Douglas E Engert <deengert at gmail.com <mailto:deengert at gmail.com>> wrote: > > OpenSC has taken a different approach to OpenSSL-1.1. Rather then writing > > a shim for OpenSSL-1.1, the OpenSC code h...

On Wed, 2023-04-19 at 19:00 -0700, Yuri wrote: > I am in the network that is behind the Zscaler firewall. > > Virtually all ports except 80 and 443 are closed. ssh through any of > ports 80 and 443 is disallowed based on protocol content analysis. > > > It would be nice if OpenSSH would have some features that would allow > the user to break out of such network. >

Hi, On Thu, Oct 19, 2017 at 09:43:41AM +1100, Damien Miller wrote: > You've got this exactly backwards. We don't want a shim that allows > OpenSSL-1.1 to present a OpenSSL-1.0 API. We want a shim that allows > us to use the OpenSSL-1.1 API when using OpenSSL-1.0, so we don't have > to maintain a forest of #ifdefs. For obvious reasons this shim cannot exist. If the

On Sat, Jan 6, 2018 at 5:38 PM, Philipp Marek <philipp at marek.priv.at> wrote: > I think we are possibly interested in switching to DIRECT IO (given that it >> bypasses any caching system including page cache) when reading *.PEM file >> > Sorry, but this makes no sense. > The data could just as well be read from the SSH process > memory space. > I think

All, I occasionally manage some APC PDU devices. I manage them via a VPN, which enforces super-heavy crypto, and their access is restricted to only jumphosts and the VPN. Basically, the only time you need to log into these is when you go to reboot something that's down. Their web UI with SSL doesn't work with modern browsers. Their CPU is...tiny, and their SSHd implementation

...igration can be postponed, but not avoided indefinitely. -- Regards, Uri Blumenthal On 10/18/17, 12:38, "openssh-unix-dev on behalf of Ingo Schwarze" <openssh-unix-dev-bounces+uri=ll.mit.edu at mindrot.org on behalf of schwarze at usta.de> wrote: Hi Emmanuel, Emmanuel Deloget wrote on Wed, Oct 18, 2017 at 05:45:40PM +0200: > Important API change between major releases is something to be > expected. Sometimes the changes are limited, sometimes thay aren't. > > The structure of the changes themselves is the reason why the openssl &...

On Sat, Oct 14, 2017 at 11:40:30AM +1100, Damien Miller wrote: > On Fri, 13 Oct 2017, Sebastian Andrzej Siewior wrote: > > more or less a year ago Kurt Roeckx provided an initial port towards the > > OpenSSL 1.1 API [0]. The patch has been left untouched [1] and it has > > been complained about a missing compat layer of the new vs the old API > > within the OpenSSL

As far as I can see, here is a summary of the situation, and there's a point to this, but I only make it in step (4), needing the first three steps to set up a background to keep my own thoughts clear: 1) Fedora (via Jakub) shows it's possible to patch OpenSSH. 2) OpenVPN (via gert) shows it's possible to build a 'shim' of sorts that allows code to work with libreSSL and

On Mon, Oct 16, 2017 at 12:40:54AM +0200, Ingo Schwarze wrote: > Colin Watson wrote on Sun, Oct 15, 2017 at 10:51:46PM +0100: > > Is it actually a requirement that an API compatibility layer be > > maintained by the OpenSSL team, or could a hypothetical group of > > external developers interested in breaking this stalemate fork > > openssl-compat.tar.gz, stick it in a

...om> Emeric Vigier <emeric.vigier@savoirfairelinux.com> Emil Goode <emilgoode@gmail.com> Emil Tantilov <emil.s.tantilov@intel.com> Emil Velikov <emil.l.velikov@gmail.com> Emilio G. Cota <cota@braap.org> Emilio López <emilio@elopez.com.ar> Emmanuel Deloget <logout@free.fr> Emmanuel Grumbach <emmanuel.grumbach@intel.com> Enric Balletbo i Serra <eballetbo@gmail.com> Enric Balletbo i Serra <eballetbo@iseebcn.com> Enrico Butera <ebutera@users.berlios.de> Eran <eran@over-here.org> Erez Shitrit <erezsh@mel...

...om> Emeric Vigier <emeric.vigier@savoirfairelinux.com> Emil Goode <emilgoode@gmail.com> Emil Tantilov <emil.s.tantilov@intel.com> Emil Velikov <emil.l.velikov@gmail.com> Emilio G. Cota <cota@braap.org> Emilio López <emilio@elopez.com.ar> Emmanuel Deloget <logout@free.fr> Emmanuel Grumbach <emmanuel.grumbach@intel.com> Enric Balletbo i Serra <eballetbo@gmail.com> Enric Balletbo i Serra <eballetbo@iseebcn.com> Enrico Butera <ebutera@users.berlios.de> Eran <eran@over-here.org> Erez Shitrit <erezsh@mel...

...om> Emeric Vigier <emeric.vigier@savoirfairelinux.com> Emil Goode <emilgoode@gmail.com> Emil Tantilov <emil.s.tantilov@intel.com> Emil Velikov <emil.l.velikov@gmail.com> Emilio G. Cota <cota@braap.org> Emilio López <emilio@elopez.com.ar> Emmanuel Deloget <logout@free.fr> Emmanuel Grumbach <emmanuel.grumbach@intel.com> Enric Balletbo i Serra <eballetbo@gmail.com> Enric Balletbo i Serra <eballetbo@iseebcn.com> Enrico Butera <ebutera@users.berlios.de> Eran <eran@over-here.org> Erez Shitrit <erezsh@mel...

...mese@gmail.com> Emil Goode <emilgoode@gmail.com> Emil Tantilov <emil.s.tantilov@intel.com> Emil Velikov <emil.l.velikov@gmail.com> Emilio G. Cota <cota@braap.org> Emilio López <emilio@elopez.com.ar> Emmanuel Benisty <benisty.e@gmail.com> Emmanuel Deloget <logout@free.fr> Emmanuel Grumbach <emmanuel.grumbach@intel.com> Enric Balletbo i Serra <eballetbo@gmail.com> Enric Balletbo i Serra <eballetbo@iseebcn.com> Enrico Butera <ebutera@users.berlios.de> Eran <eran@over-here.org> Erez Shitrit <erezsh@mel...

...mese@gmail.com> Emil Goode <emilgoode@gmail.com> Emil Tantilov <emil.s.tantilov@intel.com> Emil Velikov <emil.l.velikov@gmail.com> Emilio G. Cota <cota@braap.org> Emilio López <emilio@elopez.com.ar> Emmanuel Benisty <benisty.e@gmail.com> Emmanuel Deloget <logout@free.fr> Emmanuel Grumbach <emmanuel.grumbach@intel.com> Enric Balletbo i Serra <eballetbo@gmail.com> Enric Balletbo i Serra <eballetbo@iseebcn.com> Enrico Butera <ebutera@users.berlios.de> Eran <eran@over-here.org> Erez Shitrit <erezsh@mel...