Displaying 20 results from an estimated 24 matches for "deloget".
Did you mean:
deletet
2017 Dec 31
2
Legacy option for key length?
...sist?
The idea of removing weak ciphers from a widely used piece of software is a
good one - that way, you strengthen the whole ecosystem. Going the reverse
path would simply make less informed people be the weak link of the
Internet, putting possibly many more at risk.
Best regards,
-- Emmanuel Deloget
2017 Jun 23
2
OpenSSL 1.1 support status : what next?
Hello Ingo,
On Fri, Jun 23, 2017 at 1:26 AM, Ingo Schwarze <schwarze at usta.de> wrote:
>
> Hi Emmanuel,
>
> Emmanuel Deloget wrote on Fri, Jun 23, 2017 at 12:26:47AM +0200:
>
> > * the openssl team has no real incentive to propose a shim ;
>
> If major application projects refuse to support their new release,
> thus putting pressure on operating system distributions to not
> completely switch to 1.1...
2017 Jun 23
5
OpenSSL 1.1 support status : what next?
...nly the OpenSSL routines used by OpenSC have added to sc-ossl-compat.h
but others defines and macro could be added.There are a few utilities that
use still use a few #ifdef's during initialization.
On 6/23/2017 7:15 AM, The Doctor wrote:
> On Fri, Jun 23, 2017 at 01:53:24PM +0200, Emmanuel Deloget wrote:
>> Hello Ingo,
>>
>> On Fri, Jun 23, 2017 at 1:26 AM, Ingo Schwarze <schwarze at usta.de> wrote:
>>>
>>> Hi Emmanuel,
>>>
>>> Emmanuel Deloget wrote on Fri, Jun 23, 2017 at 12:26:47AM +0200:
>>>
>>>> * the opens...
2018 Aug 23
4
openssh 7.6 and 7.7 on Oracle Linux 7 (compiled from source) doesn't start correctly with systemd
I'm not sure I agree with Peter in respect to his comment about "building a
dependency to systemd". The only time a "dependency" would be created is
when the end-user would configure it to be there with a configure time flag
of --with-systemd. Just having the code available and dormant without that
flag being provided builds in no dependency whatsoever and gives the
2017 Jun 22
2
OpenSSL 1.1 support status : what next?
...must add or remove a function from the shim.
?Did I miss something? ?Is the community interested in having support for
openssl 1.1? What should an ideal openssl 1.1 support look like? Do you
have any question? Comment? How many question mark can I add in the
paragraph?
?Best regards,
-- Emmanuel Deloget?
[1] https://github.com/openssh/openssh-portable/pull/48
[2]
http://lists.mindrot.org/pipermail/openssh-unix-dev/2016-September/035378.html
?[3]
http://pkgs.fedoraproject.org/cgit/rpms/openssh.git/tree/openssh-7.3p1-openssl-1.1.0.patch
?
[4] https://github.com/OpenVPN/openvpn
[5]
http://lists.mind...
2017 Oct 18
3
Status of OpenSSL 1.1 support - Thoughts
...th both, whether you
like it or not. The question is then: is it up to you to be compatible
with both, or is it up to distributors to provide compatibilty? When
more and more softwares propose their own shim it makes the later less
and less understandable.
> Yours,
> Ingo
BR,
-- Emmanuel Deloget
2017 Jun 24
2
OpenSSL 1.1 support status : what next?
On 6/24/2017 11:35 AM, Emmanuel Deloget wrote:
> Hello Douglas,
>
> On Fri, Jun 23, 2017 at 9:16 PM, Douglas E Engert <deengert at gmail.com <mailto:deengert at gmail.com>> wrote:
> > OpenSC has taken a different approach to OpenSSL-1.1. Rather then writing
> > a shim for OpenSSL-1.1, the OpenSC code h...
2023 Apr 20
1
It would be nice if OpenSSH would have features to circumvent network filters, like SSL tunneling
On Wed, 2023-04-19 at 19:00 -0700, Yuri wrote:
> I am in the network that is behind the Zscaler firewall.
>
> Virtually all ports except 80 and 443 are closed. ssh through any of
> ports 80 and 443 is disallowed based on protocol content analysis.
>
>
> It would be nice if OpenSSH would have some features that would allow
> the user to break out of such network.
>
2017 Oct 19
2
Status of OpenSSL 1.1 support - Thoughts
Hi,
On Thu, Oct 19, 2017 at 09:43:41AM +1100, Damien Miller wrote:
> You've got this exactly backwards. We don't want a shim that allows
> OpenSSL-1.1 to present a OpenSSL-1.0 API. We want a shim that allows
> us to use the OpenSSL-1.1 API when using OpenSSL-1.0, so we don't have
> to maintain a forest of #ifdefs.
For obvious reasons this shim cannot exist. If the
2018 Jan 06
3
PEM file opened without DIRECT I/O which makes private key readable by attacker exploiting MELTDOWN
On Sat, Jan 6, 2018 at 5:38 PM, Philipp Marek <philipp at marek.priv.at> wrote:
> I think we are possibly interested in switching to DIRECT IO (given that it
>> bypasses any caching system including page cache) when reading *.PEM file
>>
> Sorry, but this makes no sense.
> The data could just as well be read from the SSH process
> memory space.
>
I think
2017 Dec 29
5
Legacy option for key length?
All,
I occasionally manage some APC PDU devices. I manage them via a VPN,
which enforces super-heavy crypto, and their access is restricted to only
jumphosts and the VPN. Basically, the only time you need to log into
these is when you go to reboot something that's down.
Their web UI with SSL doesn't work with modern browsers.
Their CPU is...tiny, and their SSHd implementation
2017 Oct 18
5
Status of OpenSSL 1.1 support - Thoughts
...igration can be postponed, but not avoided indefinitely.
--
Regards,
Uri Blumenthal
On 10/18/17, 12:38, "openssh-unix-dev on behalf of Ingo Schwarze" <openssh-unix-dev-bounces+uri=ll.mit.edu at mindrot.org on behalf of schwarze at usta.de> wrote:
Hi Emmanuel,
Emmanuel Deloget wrote on Wed, Oct 18, 2017 at 05:45:40PM +0200:
> Important API change between major releases is something to be
> expected. Sometimes the changes are limited, sometimes thay aren't.
>
> The structure of the changes themselves is the reason why the openssl
&...
2017 Oct 15
4
Status of OpenSSL 1.1 support
On Sat, Oct 14, 2017 at 11:40:30AM +1100, Damien Miller wrote:
> On Fri, 13 Oct 2017, Sebastian Andrzej Siewior wrote:
> > more or less a year ago Kurt Roeckx provided an initial port towards the
> > OpenSSL 1.1 API [0]. The patch has been left untouched [1] and it has
> > been complained about a missing compat layer of the new vs the old API
> > within the OpenSSL
2017 Oct 18
3
Status of OpenSSL 1.1 support - Thoughts
As far as I can see, here is a summary of the situation, and there's a
point to this, but I only make it in step (4), needing the first three
steps to set up a background to keep my own thoughts clear:
1) Fedora (via Jakub) shows it's possible to patch OpenSSH.
2) OpenVPN (via gert) shows it's possible to build a 'shim' of sorts
that allows code to work with libreSSL and
2017 Oct 16
6
Status of OpenSSL 1.1 support
On Mon, Oct 16, 2017 at 12:40:54AM +0200, Ingo Schwarze wrote:
> Colin Watson wrote on Sun, Oct 15, 2017 at 10:51:46PM +0100:
> > Is it actually a requirement that an API compatibility layer be
> > maintained by the OpenSSL team, or could a hypothetical group of
> > external developers interested in breaking this stalemate fork
> > openssl-compat.tar.gz, stick it in a
2013 Mar 18
0
[linux-linus test] 17325: regressions - trouble: broken/fail/pass
...om>
Emeric Vigier <emeric.vigier@savoirfairelinux.com>
Emil Goode <emilgoode@gmail.com>
Emil Tantilov <emil.s.tantilov@intel.com>
Emil Velikov <emil.l.velikov@gmail.com>
Emilio G. Cota <cota@braap.org>
Emilio López <emilio@elopez.com.ar>
Emmanuel Deloget <logout@free.fr>
Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Enric Balletbo i Serra <eballetbo@gmail.com>
Enric Balletbo i Serra <eballetbo@iseebcn.com>
Enrico Butera <ebutera@users.berlios.de>
Eran <eran@over-here.org>
Erez Shitrit <erezsh@mel...
2013 Mar 29
0
[linux-linus test] 17454: regressions - FAIL
...om>
Emeric Vigier <emeric.vigier@savoirfairelinux.com>
Emil Goode <emilgoode@gmail.com>
Emil Tantilov <emil.s.tantilov@intel.com>
Emil Velikov <emil.l.velikov@gmail.com>
Emilio G. Cota <cota@braap.org>
Emilio López <emilio@elopez.com.ar>
Emmanuel Deloget <logout@free.fr>
Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Enric Balletbo i Serra <eballetbo@gmail.com>
Enric Balletbo i Serra <eballetbo@iseebcn.com>
Enrico Butera <ebutera@users.berlios.de>
Eran <eran@over-here.org>
Erez Shitrit <erezsh@mel...
2013 Apr 10
0
[linux-linus test] 17612: regressions - FAIL
...om>
Emeric Vigier <emeric.vigier@savoirfairelinux.com>
Emil Goode <emilgoode@gmail.com>
Emil Tantilov <emil.s.tantilov@intel.com>
Emil Velikov <emil.l.velikov@gmail.com>
Emilio G. Cota <cota@braap.org>
Emilio López <emilio@elopez.com.ar>
Emmanuel Deloget <logout@free.fr>
Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Enric Balletbo i Serra <eballetbo@gmail.com>
Enric Balletbo i Serra <eballetbo@iseebcn.com>
Enrico Butera <ebutera@users.berlios.de>
Eran <eran@over-here.org>
Erez Shitrit <erezsh@mel...
2013 May 05
0
[linux-linus test] 17901: regressions - FAIL
...mese@gmail.com>
Emil Goode <emilgoode@gmail.com>
Emil Tantilov <emil.s.tantilov@intel.com>
Emil Velikov <emil.l.velikov@gmail.com>
Emilio G. Cota <cota@braap.org>
Emilio López <emilio@elopez.com.ar>
Emmanuel Benisty <benisty.e@gmail.com>
Emmanuel Deloget <logout@free.fr>
Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Enric Balletbo i Serra <eballetbo@gmail.com>
Enric Balletbo i Serra <eballetbo@iseebcn.com>
Enrico Butera <ebutera@users.berlios.de>
Eran <eran@over-here.org>
Erez Shitrit <erezsh@mel...
2013 May 07
0
[linux-linus test] 17916: regressions - FAIL
...mese@gmail.com>
Emil Goode <emilgoode@gmail.com>
Emil Tantilov <emil.s.tantilov@intel.com>
Emil Velikov <emil.l.velikov@gmail.com>
Emilio G. Cota <cota@braap.org>
Emilio López <emilio@elopez.com.ar>
Emmanuel Benisty <benisty.e@gmail.com>
Emmanuel Deloget <logout@free.fr>
Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Enric Balletbo i Serra <eballetbo@gmail.com>
Enric Balletbo i Serra <eballetbo@iseebcn.com>
Enrico Butera <ebutera@users.berlios.de>
Eran <eran@over-here.org>
Erez Shitrit <erezsh@mel...