Displaying 20 results from an estimated 6000 matches similar to: "Support for ECDSA in OpenSSL?"
2013 Aug 09
1
Why libnetfilter_queue is missing from CentOS, but available in, Fedora?
I am asking this on behalf of the HIPL developers;
http://infrahip.hiit.fi/
https://launchpad.net/hipl
They have been working on getting their code consistant to the new
libnetfilter architecture. Finally have Fedora 18 and 19 available, but
have hit a stumbling block with Centos 6. They tell me they are not
finding libnetfilter_queue. Here is their message to me:
On 08/08/2013 02:03 PM,
2009 Jan 07
2
Can't yum erase/install an app
I am switching the box that I did the HIPL rpm builds over to running
from rpms built directly by the HIPL team
(http://infrahip.hiit.fi/hipl/release/1.0.4/).
I did the 'make uninstall' and then 'yum install hipl-all', but the
hipl-firewall rpm did not install. Seems like I have a mess on my
system with the various hipfw files. I 'manually' deleted a bunch of
them
2014 May 08
1
0006698: CentOS is missing libnetfilter queue related packages
I am working with HIP for Linux:
http://infrahip.hiit.fi/
We are looking to some major server support on currently Centos 6 cloud
images.
Problem is for other distros, hipl has moved on to libnetfilter_queue
which is not supported in Centos 6. See:
http://bugs.centos.org/view.php?id=6698
How can we get this as part of the standard install and maintained libs?
thank you.
2008 Jul 17
5
Problems with building an rpm
I followed the setup instructions from
http://www.owlriver.com/tips/non-root/ (link from the Centos wiki). All
this is done on another 'clean' system, so I have to read the terminal
screen there and tell what went wrong here.
I then followed my colleague's instructions to get the tar, untar,
autogen, configure, and finally make rpm.
Well it was that make rpm command that finally
2011 May 23
4
Security of OpenSSL ECDSA signatures
Dear OpenSSH devs,
I came accross this paper yesterday. http://eprint.iacr.org/2011/232
It states that they were able to recover ECDSA keys from TLS servers by
using timing attacks agains OpenSSL's ECDSA implementation.
Is that known to be exploitable by OpenSSH ? (In my understanding, it's
easy to get a payload signed by ECDSA during the key exchange so my
opinion is that it is).
2011 Feb 19
2
[Bug 1862] New: document ECDSA within the "-b" option of the ssh-keygen manpage
https://bugzilla.mindrot.org/show_bug.cgi?id=1862
Summary: document ECDSA within the "-b" option of the
ssh-keygen manpage
Product: Portable OpenSSH
Version: 5.8p1
Platform: All
OS/Version: All
Status: NEW
Severity: enhancement
Priority: P2
Component: Documentation
2020 Aug 25
2
BUG: _presence_ of valid openssl.cnf Option = 'ServerPreference' causes Dovecot submission relay FAIL: "failed: Failed to initialize SSL: ..."
I've
dovecot --version
2.3.10.1 (a3d0e1171)
openssl version
OpenSSL 1.1.1g FIPS 21 Apr 2020
, atm on Fedora32.
I configure
/etc/pki/tls/openssl.cnf
to set preferences for apps' usage, e.g. Postfix etc; Typically, here
cat /etc/pki/tls/openssl.cnf
openssl_conf = default_conf
[default_conf]
ssl_conf = ssl_sect
[ssl_sect]
system_default = system_default_sect
2008 Sep 11
3
My turn at building a custom kernel for IPsec BEET mode
Well I am working on building a kernel that will have the IPsec BEET
mode patch available from infrahip.hiit.fi.
I have some decent help, but really no one there is a seasoned Centos
kernel builder (though they work with different FC kernels), and now
they are mostly done for the day.
I have been following the wiki on building a custom kernel, got my patch
in ~/rpmbuild/SOURCES and away with
2020 Sep 16
2
ssh-ed25519 and ecdsa-sha2-nistp256 host keys
Hello.
I am running OpenSSH 7.9p1 on my client and server. ssh-keyscan shows
the server has ssh-rsa, ssh-ed25519, and ecdsa-sha2-nistp256 host
keys. My /etc/ssh/ssh_known_hosts file contains the server's
ssh-ed25519 host key. When I try to SSH to the server I get this
error:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!
2020 Sep 16
2
ssh-ed25519 and ecdsa-sha2-nistp256 host keys
Here you go:
OpenSSH_7.9p1, OpenSSL 1.1.1d 10 Sep 2019
debug1: Reading configuration data /home/ryantm/.ssh/config
debug1: /home/ryantm/.ssh/config line 4: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 13: Applying options for *
debug2: resolving "{REDACTED}" port 22
debug2: ssh_connect_direct
debug1: Connecting to
2014 Mar 19
1
Centos6 x86_64
Hi,
I just tried to generate keys for tinc.
/usr/sbin/tinc generate-keys
When generating the key, the rsa key are generated.
But ik get de following error, what does it means.
Generating ECDSA keypair:
Generating EC key failed: error:100AE081:elliptic curve
routines:EC_GROUP_new_by_curve_name:unknown groupError during key
generation!
Perry
2008 Aug 12
0
Looking for remote console on iPv6 without security layer
I am looking for a remote console program that I can run over IPv6. I
do not need it to supply its own security layer, as I will be running it
over HIP (http://infrahip.hiit.fi/).
I have discovered that VNCSERVER that comes with Centos does not support
IPv6. I would have to pay for a copy of Enterprise VNC from RealVNC for
IPv6.
I am having strange font problems wiht tightVNC (which is
2012 Apr 02
4
What I need to install Tinc 1.1pre2?
Hi to everybody,
Can anybody tell me what packages I need to install Tinc 1.1pre2 in a server that it had installed a previous version installed?
I tried to install it and when I execute the "make" it give me a lot of errors.
Best regards,
Ramses
2013 Sep 14
4
Elliptic curves in tinc
In the past 24 hours multiple persons have contacted me regarding the use of
elliptic curve cryptography in tinc 1.1 in light of the suspicion that the NSA
might have weakened algorithms and/or elliptic curves published by NIST.
The new protocol in tinc 1.1 (SPTPS) uses ECDH and ECDSA to do session key
exchange and authentication, in such a way that it has the perfect forward
secrecy (PFS)
2013 Sep 14
4
Elliptic curves in tinc
In the past 24 hours multiple persons have contacted me regarding the use of
elliptic curve cryptography in tinc 1.1 in light of the suspicion that the NSA
might have weakened algorithms and/or elliptic curves published by NIST.
The new protocol in tinc 1.1 (SPTPS) uses ECDH and ECDSA to do session key
exchange and authentication, in such a way that it has the perfect forward
secrecy (PFS)
2008 May 14
1
Possible weak keys generated by tinc on Debian (and derivates) due to a security bug in Debian's OpenSSL packages
Hello,
For those who run tinc on Debian or Debian-based distributions like
Ubuntu and Knoppix, be advised that the following security issue affects
tinc as well:
http://www.debian.org/security/2008/dsa-1571
In short, if you generated public/private keypairs for tinc between 2006
and May 7th of 2008 on a machine running Debian or a derivative, they may
have been generated without a properly
2016 Aug 05
2
HEADS-UP: OpenSSH DSA keys are deprecated in 12.0 and 11.0
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
This is a heads-up that OpenSSH keys are deprecated upstream by OpenSSH,
and will be deprecated effective 11.0-RELEASE (and preceeding RCs).
Please see r303716 for details on the relevant commit, but upstream no
longer considers them secure. Please replace DSA keys with ECDSA or RSA
keys as soon as possible, otherwise there will be issues when
2016 Aug 05
2
HEADS-UP: OpenSSH DSA keys are deprecated in 12.0 and 11.0
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
This is a heads-up that OpenSSH keys are deprecated upstream by OpenSSH,
and will be deprecated effective 11.0-RELEASE (and preceeding RCs).
Please see r303716 for details on the relevant commit, but upstream no
longer considers them secure. Please replace DSA keys with ECDSA or RSA
keys as soon as possible, otherwise there will be issues when
2008 May 14
1
Possible weak keys generated by tinc on Debian (and derivates) due to a security bug in Debian's OpenSSL packages
Hello,
For those who run tinc on Debian or Debian-based distributions like
Ubuntu and Knoppix, be advised that the following security issue affects
tinc as well:
http://www.debian.org/security/2008/dsa-1571
In short, if you generated public/private keypairs for tinc between 2006
and May 7th of 2008 on a machine running Debian or a derivative, they may
have been generated without a properly
2019 Jan 19
4
Can we disable diffie-hellman-group14-sha1 by default?
I'm not sure if collision resistance is required for DH key
derivation, but generally, SHA-1 is on its way out. If it's possible
(if there's not a very large percentage of servers that do not support
anything newer), it should be disabled.