similar to: [patch 1/2] use chacha20 from openssl (1.1.0+) when possible

Displaying 20 results from an estimated 100 matches similar to: "[patch 1/2] use chacha20 from openssl (1.1.0+) when possible"

2020 Jan 16
3
[patch 1/2] use chacha20 from openssl (1.1.0+) when possible
On Fri, 2019-07-12 at 15:54 +1000, Damien Miller wrote: > On Thu, 17 Jan 2019, Yuriy M. Kaminskiy wrote: > > > On some cpu's optimized chacha implementation in openssl (1.1.0+) > > is > > notably faster (and on others it is just faster) than generic C > > implementation in openssh. > > > > Sadly, openssl's chacha20-poly1305
2019 Feb 17
3
[PATCH] use ecdh/X25519 from openssl when possible (openssl-1.1.0+)
See attached: (1) patch against 7.9p1, tested with openssl 1.1.0j and openssl 1.1.1a on linux/i386; passes regression test and connects to unpatched sshd without problems; I hacked a bit regress/unittests/kex, and benchmarked do_kex_with_key("curve25519-sha256 at libssh.org", KEY_ED25519, 256); Before: 0.3295s per call After: 0.2183s per call That is, 50% speedup; assuming
2018 Jul 30
4
dovecot 2.3.x, ECC and wildcard certificates, any issues
I don't know how to get both RSA and ECC cert from letsencrypt. Aki > On 30 July 2018 at 20:43 David Mehler <dave.mehler at gmail.com> wrote: > > > Hello, > > What acme implementation do you use for your letsencrypt certificates? > If it's acme.sh how do you get both rsa and ecc certificates? What > configuration options are you using in your
2014 Jan 31
1
Wanted: smartcard with ECDSA support
Hi, I'm interested in extending OpenSSH's PKCS#11 code to support ECDSA keys, but have so far been unable to find anyone who can sell me a smartcard that supports it. They certainly exist - AFAIK it's required by the US PIV standard, but obtaining cards that support it in single digit quantities seems all but impossible. Can anybody on this list help? I'd want 2-6 cards/tokens
1999 Oct 20
3
patch for tinc-0.3
Hi tinc list members, There were some problems with Ivo's email adresses (both zarq@iname.com and zarq@spark.icicle.dhs.org) so I resent the stuff to the mailling list. ============================================= Hi Ivo, Hier is een oplossing voor een bugje in flush_queue(), en ook wat andere troepjes zoals een tincd scheduler. Dit werkt wat beter, omdat de
2018 Aug 13
8
Why still no PKCS#11 ECC key support in OpenSSH ?
On Mon, 13 Aug 2018, Blumenthal, Uri - 0553 - MITLL wrote: > Lack of time on the Open Source projects is understandable, and not uncommon. > > However, PKCS11 has been in the codebase practically forever - the ECC > patches that I saw did not alter the API or such. It is especially > non-invasive when digital signature is concerned. > > Considering how long those patches have
2019 Feb 08
3
Modifying 7.9p1 to use PAM
I deal with a large number of internal machines that have not been updated for a while and which I am not at liberty to update. They run Fedora 20 which includes openssh 6.4p1. For various reasons, I'd like to put a more recent version on these machines but, of course, no package is available for that. Trying the portable version of openssh 7.9p1, I found that I can easily make it work by
2020 Feb 19
2
OpenSSH ver.8.2p1 compilation error on AIX
On Wed, 19 Feb 2020 at 06:38, Val Baranov <val.baranov at duke.edu> wrote: > AIX 7.1 TL5, OpenSSL ver. 1.1.1d. "vac.C" version 11.0.1.23 > Compilation error " The indirection operator cannot be applied to a pointer to an incomplete struct or union " (see full log below) produced for " libressl-api-compat.c ". > No such error if compiled with OpenSSL
2018 Jul 30
0
dovecot 2.3.x, ECC and wildcard certificates, any issues
Hello, I have discovered what I believe is the issue after hearing back from Aquamail. And that is that android 7 which I'm running 7.0 that is, only supports up to the p256 ecc curve. This brings up a question to users of letsencrypt, when you revoke a certificate does it take it out on the usage as well? I've got one domain that says i've issued to many certificates for it and no
2019 May 15
2
Re: ​Building openssh7.9p1 and above against openssl1.1.1b
On Wed, 15 May 2019 at 23:14, Samiya Khanum <samiya.khanum at broadcom.com> wrote: > Hi Darren, > Thanks for quick response. > Even with openSSH8.0 version, it is not supported? 8.0p1 should work although I have not tested that specific OpenSSL version. Between 7.9p1 and 8.0p1 I had it working against what was OpenSSL head at the time. -- Darren Tucker (dtucker at dtucker.net)
2020 Feb 05
19
Call for testing: OpenSSH 8.2
Hi, OpenSSH 8.2p1 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This is a feature release. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is also available via git using the instructions at
2020 Jun 04
7
[Bug 3177] New: sshd process had became <defunct> and could not accept requests any more after many count sftp accesses.
https://bugzilla.mindrot.org/show_bug.cgi?id=3177 Bug ID: 3177 Summary: sshd process had became <defunct> and could not accept requests any more after many count sftp accesses. Product: Portable OpenSSH Version: 8.2p1 Hardware: amd64 OS: Linux Status: NEW Severity: critical
2018 Jul 30
2
dovecot 2.3.x, ECC and wildcard certificates, any issues
That is one of the reasons I do not bother since long with public CAs but rather deploy my own, including own OSCP responder. Which has of course has some drawbacks like redundancy, resilience, bandwidth provision, geographical spread, implementing CA security standards and CA trust in clients. Latter though could be easily overcome if browser and email clients were to support DNSSEC/DANE
2019 Jun 09
2
OpenSSH forcing the signature to SHA1.
Hello folks, I am new here, so please be gentle :), and any help will be appreciated. Essentially what I am trying to do is, to use Jsch ( the java implementation of SSH client). it has support for Public key based authentication. Since there is a requirement for FIPS enablement, we are trying to use the Algorithm SHA256withRSA, instead of SHA1withRSA. When the code tries to verify the
2019 Feb 14
2
Modifying 7.9p1 to use PAM
On Thu, Feb 7, 2019 at 11:16 PM Damien Miller <djm at mindrot.org> wrote: > > On Fri, 8 Feb 2019, CLOSE Dave wrote: > > > I deal with a large number of internal machines that have not been > > updated for a while and which I am not at liberty to update. They run > > Fedora 20 which includes openssh 6.4p1. For various reasons, I'd like to > > put a more
2019 Jun 19
2
OpenSSH public key authentication does not work from Windows client if private key was added to SSH agent
Hey guys, I installed OpenSSH 7.9p1 on Windows Server 2016 and generated a SSH key pair with ssh-keygen on my Windows 10 Client (OpenSSH 7.6p1). I can connect to the server with "ssh user at domain@servername -i id_rsa". But as soon as I add the private key to the SSH agent by "ssh-add id_rsa" this does not work anymore and aborts with the message "Permission denied
2018 Jun 08
4
vanilla build of 7.7p1 release on linux/4.17 fails with gcc8 @ "/usr/bin/ld: unrecognized option '-Wl,-z,retpolineplt'"
On 8 June 2018 at 11:21, PGNet Dev <pgnet.dev at gmail.com> wrote: > fyi > > add'l -- and looks unrelated -- issue > /usr/include/pthread.h:251:12: note: previous declaration of ?pthread_join? was here > extern int pthread_join (pthread_t __th, void **__thread_return); What included pthread.h? That's explicitly not supported by sshd: $ grep THREAD
2019 Jun 21
2
AW: OpenSSH public key authentication does not work from Windows client if private key was added to SSH agent
Hey Damien, thank you for your reply. I posted the debug information at https://pastebin.com/40esNPED and replaced some sensitive information before (usernames, servernames, domainnames, IP addresses). In addition I commented some lines with a message like "### <my message> ###". Patrick -----Urspr?ngliche Nachricht----- Von: Damien Miller <djm at mindrot.org> Gesendet:
2020 Sep 16
2
ssh-ed25519 and ecdsa-sha2-nistp256 host keys
Hello. I am running OpenSSH 7.9p1 on my client and server. ssh-keyscan shows the server has ssh-rsa, ssh-ed25519, and ecdsa-sha2-nistp256 host keys. My /etc/ssh/ssh_known_hosts file contains the server's ssh-ed25519 host key. When I try to SSH to the server I get this error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!
2019 Nov 01
10
U2F support in OpenSSH HEAD
Hi, As of this morning, OpenSSH now has experimental U2F/FIDO support, with U2F being added as a new key type "sk-ecdsa-sha2-nistp256 at openssh.com" or "ecdsa-sk" for short (the "sk" stands for "security key"). If you're not familiar with U2F, this is an open standard for making inexpensive hardware security tokens. These are easily the cheapest way