similar to: Support for ECDSA in OpenSSL?

Displaying 20 results from an estimated 6000 matches similar to: "Support for ECDSA in OpenSSL?"

2013 Aug 09
1
Why libnetfilter_queue is missing from CentOS, but available in, Fedora?
I am asking this on behalf of the HIPL developers; http://infrahip.hiit.fi/ https://launchpad.net/hipl They have been working on getting their code consistant to the new libnetfilter architecture. Finally have Fedora 18 and 19 available, but have hit a stumbling block with Centos 6. They tell me they are not finding libnetfilter_queue. Here is their message to me: On 08/08/2013 02:03 PM,
2009 Jan 07
2
Can't yum erase/install an app
I am switching the box that I did the HIPL rpm builds over to running from rpms built directly by the HIPL team (http://infrahip.hiit.fi/hipl/release/1.0.4/). I did the 'make uninstall' and then 'yum install hipl-all', but the hipl-firewall rpm did not install. Seems like I have a mess on my system with the various hipfw files. I 'manually' deleted a bunch of them
2014 May 08
1
0006698: CentOS is missing libnetfilter queue related packages
I am working with HIP for Linux: http://infrahip.hiit.fi/ We are looking to some major server support on currently Centos 6 cloud images. Problem is for other distros, hipl has moved on to libnetfilter_queue which is not supported in Centos 6. See: http://bugs.centos.org/view.php?id=6698 How can we get this as part of the standard install and maintained libs? thank you.
2008 Jul 17
5
Problems with building an rpm
I followed the setup instructions from http://www.owlriver.com/tips/non-root/ (link from the Centos wiki). All this is done on another 'clean' system, so I have to read the terminal screen there and tell what went wrong here. I then followed my colleague's instructions to get the tar, untar, autogen, configure, and finally make rpm. Well it was that make rpm command that finally
2011 May 23
4
Security of OpenSSL ECDSA signatures
Dear OpenSSH devs, I came accross this paper yesterday. http://eprint.iacr.org/2011/232 It states that they were able to recover ECDSA keys from TLS servers by using timing attacks agains OpenSSL's ECDSA implementation. Is that known to be exploitable by OpenSSH ? (In my understanding, it's easy to get a payload signed by ECDSA during the key exchange so my opinion is that it is).
2011 Feb 19
2
[Bug 1862] New: document ECDSA within the "-b" option of the ssh-keygen manpage
https://bugzilla.mindrot.org/show_bug.cgi?id=1862 Summary: document ECDSA within the "-b" option of the ssh-keygen manpage Product: Portable OpenSSH Version: 5.8p1 Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: Documentation
2020 Aug 25
2
BUG: _presence_ of valid openssl.cnf Option = 'ServerPreference' causes Dovecot submission relay FAIL: "failed: Failed to initialize SSL: ..."
I've dovecot --version 2.3.10.1 (a3d0e1171) openssl version OpenSSL 1.1.1g FIPS 21 Apr 2020 , atm on Fedora32. I configure /etc/pki/tls/openssl.cnf to set preferences for apps' usage, e.g. Postfix etc; Typically, here cat /etc/pki/tls/openssl.cnf openssl_conf = default_conf [default_conf] ssl_conf = ssl_sect [ssl_sect] system_default = system_default_sect
2008 Sep 11
3
My turn at building a custom kernel for IPsec BEET mode
Well I am working on building a kernel that will have the IPsec BEET mode patch available from infrahip.hiit.fi. I have some decent help, but really no one there is a seasoned Centos kernel builder (though they work with different FC kernels), and now they are mostly done for the day. I have been following the wiki on building a custom kernel, got my patch in ~/rpmbuild/SOURCES and away with
2020 Sep 16
2
ssh-ed25519 and ecdsa-sha2-nistp256 host keys
Hello. I am running OpenSSH 7.9p1 on my client and server. ssh-keyscan shows the server has ssh-rsa, ssh-ed25519, and ecdsa-sha2-nistp256 host keys. My /etc/ssh/ssh_known_hosts file contains the server's ssh-ed25519 host key. When I try to SSH to the server I get this error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!
2020 Sep 16
2
ssh-ed25519 and ecdsa-sha2-nistp256 host keys
Here you go: OpenSSH_7.9p1, OpenSSL 1.1.1d 10 Sep 2019 debug1: Reading configuration data /home/ryantm/.ssh/config debug1: /home/ryantm/.ssh/config line 4: Applying options for * debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 13: Applying options for * debug2: resolving "{REDACTED}" port 22 debug2: ssh_connect_direct debug1: Connecting to
2014 Mar 19
1
Centos6 x86_64
Hi, I just tried to generate keys for tinc. /usr/sbin/tinc generate-keys When generating the key, the rsa key are generated. But ik get de following error, what does it means. Generating ECDSA keypair: Generating EC key failed: error:100AE081:elliptic curve routines:EC_GROUP_new_by_curve_name:unknown groupError during key generation! Perry
2008 Aug 12
0
Looking for remote console on iPv6 without security layer
I am looking for a remote console program that I can run over IPv6. I do not need it to supply its own security layer, as I will be running it over HIP (http://infrahip.hiit.fi/). I have discovered that VNCSERVER that comes with Centos does not support IPv6. I would have to pay for a copy of Enterprise VNC from RealVNC for IPv6. I am having strange font problems wiht tightVNC (which is
2012 Apr 02
4
What I need to install Tinc 1.1pre2?
Hi to everybody, Can anybody tell me what packages I need to install Tinc 1.1pre2 in a server that it had installed a previous version installed? I tried to install it and when I execute the "make" it give me a lot of errors. Best regards, Ramses
2013 Sep 14
4
Elliptic curves in tinc
In the past 24 hours multiple persons have contacted me regarding the use of elliptic curve cryptography in tinc 1.1 in light of the suspicion that the NSA might have weakened algorithms and/or elliptic curves published by NIST. The new protocol in tinc 1.1 (SPTPS) uses ECDH and ECDSA to do session key exchange and authentication, in such a way that it has the perfect forward secrecy (PFS)
2013 Sep 14
4
Elliptic curves in tinc
In the past 24 hours multiple persons have contacted me regarding the use of elliptic curve cryptography in tinc 1.1 in light of the suspicion that the NSA might have weakened algorithms and/or elliptic curves published by NIST. The new protocol in tinc 1.1 (SPTPS) uses ECDH and ECDSA to do session key exchange and authentication, in such a way that it has the perfect forward secrecy (PFS)
2008 May 14
1
Possible weak keys generated by tinc on Debian (and derivates) due to a security bug in Debian's OpenSSL packages
Hello, For those who run tinc on Debian or Debian-based distributions like Ubuntu and Knoppix, be advised that the following security issue affects tinc as well: http://www.debian.org/security/2008/dsa-1571 In short, if you generated public/private keypairs for tinc between 2006 and May 7th of 2008 on a machine running Debian or a derivative, they may have been generated without a properly
2016 Aug 05
2
HEADS-UP: OpenSSH DSA keys are deprecated in 12.0 and 11.0
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 This is a heads-up that OpenSSH keys are deprecated upstream by OpenSSH, and will be deprecated effective 11.0-RELEASE (and preceeding RCs). Please see r303716 for details on the relevant commit, but upstream no longer considers them secure. Please replace DSA keys with ECDSA or RSA keys as soon as possible, otherwise there will be issues when
2016 Aug 05
2
HEADS-UP: OpenSSH DSA keys are deprecated in 12.0 and 11.0
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 This is a heads-up that OpenSSH keys are deprecated upstream by OpenSSH, and will be deprecated effective 11.0-RELEASE (and preceeding RCs). Please see r303716 for details on the relevant commit, but upstream no longer considers them secure. Please replace DSA keys with ECDSA or RSA keys as soon as possible, otherwise there will be issues when
2008 May 14
1
Possible weak keys generated by tinc on Debian (and derivates) due to a security bug in Debian's OpenSSL packages
Hello, For those who run tinc on Debian or Debian-based distributions like Ubuntu and Knoppix, be advised that the following security issue affects tinc as well: http://www.debian.org/security/2008/dsa-1571 In short, if you generated public/private keypairs for tinc between 2006 and May 7th of 2008 on a machine running Debian or a derivative, they may have been generated without a properly
2019 Jan 19
4
Can we disable diffie-hellman-group14-sha1 by default?
I'm not sure if collision resistance is required for DH key derivation, but generally, SHA-1 is on its way out. If it's possible (if there's not a very large percentage of servers that do not support anything newer), it should be disabled.