search for: rsa

...searching whether or not OpenSSH is a viable commercial alternative to F-SECURE SSH or SSH.COM's ssh, but I'm not getting the kind of results that I expected from a "Non patent encumbered ssh client". When I attempt to build OpenSSH against an OpenSSL build without rc5, idea, or rsa it bombs since OpenSSL doesn't place the header files in the include dir. Now, that's fine and went away after I copied them to the appropriate location (hoping that it just *needed* the file, but that it didn't need any rc5, idea, or rsa functions exported by the OpenSSL libraries) but...

...ith much slower CPUs. It seems to be due to the vendor-supplied libcrypto being about 20x slower at bignum operations than nominally the same version of LibreSSL compiled locally. If anyone has such a machine handy, could you please run "sysctl machdep.cpu.brand_string; /usr/bin/openssl speed rsa" and post the results for comparison? $ uname -a Darwin osx-highsierra 17.6.0 Darwin Kernel Version 17.6.0: Tue May 8 15:22:16 PDT 2018; root:xnu-4570.61.1~1/RELEASE_X86_64 x86_64 $ sysctl machdep.cpu.brand_string machdep.cpu.brand_string: Intel(R) Core(TM) i5-2415M CPU @ 2.30GHz $ /usr/bin/...

...= XXX, O = XXX, OU = XXX, CN = ad-rep2.example.com verify error:num=21:unable to verify the first certificate verify return:1 ... Server certificate subject=C = FR, postalCode = 00000, ST = XXX, L = XXX, O = XXX, OU =XXX, CN = ad-rep2.example.com issuer=C = NL, O = GEANT Vereniging, CN = GEANT OV RSA CA 4 --- Acceptable client certificate CA names C = NL, O = GEANT Vereniging, CN = GEANT OV RSA CA 4 C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority C = GB, ST = Greater Manchester, L = Salford, O = Comodo CA Limited, CN = AAA Certifi...

Hi, One of our users who is running an OS (I think it's the latest beta macOS 10.14.1) with ssh version "OpenSSH_7.8p1, LibreSSL 2.7.3" is unable to use our user SSH RSA certificates to authenticate to our servers (which are running "OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017"). We see this error on the client side: debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512> ... debug1: Offering public key: RSA-CERT SHA256:xxx /pa...

...boulder uphill and asking here. :-) Damien Miller wrote: > Future deprecation notice > ========================= > > It is now possible[1] to perform chosen-prefix attacks against the > SHA-1 algorithm for less than USD$50K. For this reason, we will be > disabling the "ssh-rsa" public key signature algorithm by default in a > near-future release. Clear enough. "ssh-rsa" is being deprecated. If we see "ssh-rsa" in our authorized_keys file we should migrate away from it. Gotcha. I assume this is for both user keys and for host keys so the sa...

In setting up my new mail server, I am getting the following in the logs: Oct 11 07:10:59 kumo dovecot[5704]: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=24.53.79.10, lip=172.26.12.90, *TLS handshaking: SSL_accept() syscall failed: Success*, session=<B9OokqCUD+UYNU8K> I have tried various ssl_protocols entries, but for now have defaulted back to

...ed in this case). IMO, this would be helpful because executing openssl ciphers -v 'all:!low' would not return any cipher, but openssl ciphers -v 'ALL:!LOW' would return the expected cipher list such as ADH-AES256-SHA SSLv3 Kx=DH Au=None Enc=AES(256) Mac=SHA1 DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1 DHE-DSS-AES256-SHA SSLv3 Kx=DH Au=DSS Enc=AES(256) Mac=SHA1 AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 ADH-AES128-SHA SSLv3 Kx=DH Au=None Enc=AES(128) Mac=SHA1 DHE-RSA-AES128-...

...example.com > verify error:num=21:unable to verify the first certificate > verify return:1 > ... > Server certificate > subject=C = FR, postalCode = 00000, ST = XXX, L = XXX, O = XXX, OU =XXX, > CN = ad-rep2.example.com > > issuer=C = NL, O = GEANT Vereniging, CN = GEANT OV RSA CA 4 > > --- > Acceptable client certificate CA names > C = NL, O = GEANT Vereniging, CN = GEANT OV RSA CA 4 > C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN > = USERTrust RSA Certification Authority > C = GB, ST = Greater Manchester, L = Salford, O =...

In the source code of openssh(my source code is 6.0 for Openbsd?? The content below is Rsa.h #ifndef RSA_H #define RSA_H #include <openssl/bn.h> #include <openssl/rsa.h> void rsa_public_encrypt(BIGNUM *, BIGNUM *, RSA *); int rsa_private_decrypt(BIGNUM *, BIGNUM *, RSA *); void rsa_generate_additional_parameters(RSA *); #endif /* RSA_H */ Quest...

...st older > > OpenSSL versions due to the lack of GCM support. > > Please try this diff: > I applied the diff you supplied, along with the previous diff. The regression tests got further along, but now fail in integrity.sh: run test integrity.sh ... test integrity: hmac-sha1 @2300 RSA_public_decrypt failed: error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01. key_verify failed for server_host_key. unexpected error mac hmac-sha1 at 2300 test integrity: hmac-sha1 @2301 RSA_public_decrypt failed: error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1...

Hi, Following the fix [1] being released on 7.5, now SHA2 RSA signature methods work properly. On the other hand it is still not possible to disable SHA1 RSA alone (as an example, as SHA2-256 or SHA2-512 could also potentially be not desirable), where it is considered insecure or undesirable. I am proposing to add a mechanism, and happy to submit a patch, t...

https://bugzilla.mindrot.org/show_bug.cgi?id=3665 Bug ID: 3665 Summary: publickey RSA signature unverified: error in libcrypto to RHEL9 sshd (with LEGACY crypto policy enabled) Product: Portable OpenSSH Version: 8.7p1 Hardware: ix86 OS: Linux Status: NEW Severity: major Priority: P5...

...I used the defaults, both before and after the upgrade, cf. https://wiki2.dovecot.org/Upgrading/2.3 -> Setting default changes. The new defaults broke the connection. Jan > what are your settings? > > Mine are below and they work just fine: > > ssl_cipher_list = > ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA...

Hi, To default dovecot.conf file I added (based on found documentation): ssl = required disable_plaintext_auth = yes #change default 'no' to 'yes' ssl_prefer_server_ciphers = yes ssl_options = no_compression ssl_dh_parameters_length = 2048 ssl_cipher_list = ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA...

...H:!DSS:!EECDH:!ECDH:!SHA1:!aNULL:!eNULL:@STRENGTH This should still retain forward secrecy through the use of EDH, but this doesn't leave much in the way of allowable algorithms on my server: $ openssl ciphers -V 'HIGH:!DSS:!EECDH:!ECDH:!SHA1:!aNULL:!eNULL:@STRENGTH' 0x00,0x9F - DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD 0x00,0x6B - DHE-RSA-AES256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(256) Mac=SHA256 0x00,0x9D - AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD 0x00,0x3D - AES256-SHA256 TLSv1.2...

Hi, Has anybody produced diffs for openssh-2.3.0p1 for the rsa keyexchange problem that Core-SDI described ? ( I noticed that fix is already in openbsd tree ). -Jarno -- Jarno Huuskonen - System Administrator | Jarno.Huuskonen at uku.fi University of Kuopio - Computer Center | Work: +358 17 162822 PO BOX 1627, 70211 Kuopio, Finland | Mobile:...

I'm using the most up to date version of openssh on OL8 that I can patch to (OpenSSH_8.0p1), I've used update-crypto-policies to disallow the use of ssh-rsa, but apparently am connecting to a host that uses ssh-rsa. I've tried adding HostkeyAlgorithms +ssh-rsa,ssh-rsa-cert-v01 at openssh.com PubkeyAcceptedAlgorithms +ssh-rsa,ssh-rsa-cert-v01 at openssh.com or HostkeyAlgorithms +ssh-rsa-cert-v01 at openssh.com,ssh-rsa PubkeyAcceptedAlgorithms +ssh...

I set icecast.xmp: <listen-socket> <port>8000</port> </listen-socket> <listen-socket> <port>8443</port> <ssl>1</ssl> </listen-socket> 8000 work, 8443 not work. If set ssl to port 8000 not work nothing V V sob., 27. jun. 2020 ob 18:13 je oseba Paul Martin <pm at nowster.me.uk> napisala:

Lol! Our Security team sent out new policies that dictated turning off ssh-rsa, so *we did. turns out our Security Team doesn't necessarily follow their own dictates, so here we are. Our Linux team says that the correct way to turn off ssh-rsa is via the crypto policies, not via direct manipulation of the /etc/ssh/ssh_config, and I guess that's probably the absolute...

...or:num=21:unable to verify the first certificate >> verify return:1 >> ... >> Server certificate >> subject=C = FR, postalCode = 00000, ST = XXX, L = XXX, O = XXX, OU =XXX, >> CN = ad-rep2.example.com >> >> issuer=C = NL, O = GEANT Vereniging, CN = GEANT OV RSA CA 4 >> >> --- >> Acceptable client certificate CA names >> C = NL, O = GEANT Vereniging, CN = GEANT OV RSA CA 4 >> C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN >> = USERTrust RSA Certification Authority >> C = GB, ST = Greater Ma...