similar to: TLS 1.3 and openSSL 1.1.1 support

Dear all, Ed25519 public keys being as small as they are is very convenient. There is an opportunity to nudge the world towards modern algorithms. I believe choices made in OpenSSH can positively impact the wider eco-system and industry. I'd like to suggest ssh-keygen to generate an Ed25519 keypair, if invoked without any arguments. OpenSSH has supported Ed25519 since version 6.5 (January

Thomas Calderon <calderon.thomas at gmail.com> writes: > Hi, > > There is no need to add new mechanism identifiers to use specific curves. > > This can be done already using the CKM_ECDSA mechanism parameters (see > CKA_ECDSA_PARAMS > in the standard). > Given that the underlying HW or SW tokens supports Ed25519 curves, then you > could leverage it even with

See attached: (1) patch against 7.9p1, tested with openssl 1.1.0j and openssl 1.1.1a on linux/i386; passes regression test and connects to unpatched sshd without problems; I hacked a bit regress/unittests/kex, and benchmarked do_kex_with_key("curve25519-sha256 at libssh.org", KEY_ED25519, 256); Before: 0.3295s per call After: 0.2183s per call That is, 50% speedup; assuming

If anyone here is thinking about supporting TLS 1.3, every indication is that you will need openSSL 1.1.1. Fedora 29 pre-beta is still one 1.1.1-pre9, I hope to see 1.1.1 release soonish.? Hopefully Redhat will be backporting support in RHEL7 so we will have it in C7.? Part of the challenge is that there is an API change from 1.1.0 to 1.1.1.? Got to love it... Further complication is no FIPS

On 10/18/18 4:14 PM, Johnny Hughes wrote: > On 10/18/2018 12:36 PM, Walter H. wrote: >> On 18.10.2018 00:08, Johnny Hughes wrote: >>> The bottom line .. we don't make the decision whether or not to use >>> systemd or not.? We rebuild RHEL source code. >> will there come a CentOS 6.11 which will be capable of TLS1.3 or HTTP/2? >> I'm sure there will

On 10/18/18 11:06 PM, Barry Brimer wrote: > > > On Thu, 18 Oct 2018, Robert Moskowitz wrote: > >> >> >> On 10/18/18 4:14 PM, Johnny Hughes wrote: >>> On 10/18/2018 12:36 PM, Walter H. wrote: >>>> On 18.10.2018 00:08, Johnny Hughes wrote: >>>>> The bottom line .. we don't make the decision whether or not to use

On Thu, 18 Oct 2018, Robert Moskowitz wrote: > > > On 10/18/18 4:14 PM, Johnny Hughes wrote: >> On 10/18/2018 12:36 PM, Walter H. wrote: >>> On 18.10.2018 00:08, Johnny Hughes wrote: >>>> The bottom line .. we don't make the decision whether or not to use >>>> systemd or not.? We rebuild RHEL source code. >>> will there come a CentOS

On 08/31/2018 01:47 PM, Chuck Campbell wrote: > I am getting myself confused, and need someone who fully understands > this process to help me out a bot. > > I would like to obtain an ssl certificate, so I can run my own imap > server on a machine in my office. > > My domain is hosted by networksolutions, but I don't run my imap > server there. > > > I am

The attached patches fixes and cleans up the build when configured with --without-openssl. Summary: * Fix KEX_SERVER_ENCRYPT macro in myproposal.h * Fix unresolved symbols in ssh-keygen.c * Isolate openssl code and extend WITH_OPENSSL wrappers around it * Make ed25519 default key type in ssh-keygen when configured --without-openssl -------------- next part -------------- A non-text attachment was

On 10/8/2015 4:49 AM, Simon Josefsson wrote: > Mathias Brossard <mathias at brossard.org> writes: > >> Hi, >> >> I have made a patch for enabling the use of ECDSA keys in the PKCS#11 >> support of ssh-agent which will be of interest to other users. > > Nice! What would it take to add support for Ed25519 too? Do we need to > allocate any new PKCS#11

Nobody has any clues about the tls cafile ? Regards Le 04/08/2020 ? 15:18, MAS Jean-Louis via samba a ?crit?: > I have several samba servers on Debian 10 all using : > > samba 2:4.9.5+dfsg-5+deb10u1 amd64 > > I use tls cafile, tls certfile and tls keyfile with certificates from > Sectigo (https://cert-manager.com) > > And when checking my connexion from the

Hi all! I have been trying to get diablo 2 working for 3 days now and I am getting a bit frustrated. I have upgraded wine to version 9.59 I have installed restricted extras on ubuntu I have patched diablo to version 1.11 (final patch) Every time I run a video test it doesn't find anything and then when I load the program (through wine) it says: "error 22: a critical error has

If I were guessing, based on some experience with certificate usage in other apps, concatenate your certificate and intermediate certificates into a single file which is then your "tls certfile" then point "tls cafile" to your issuers proper CA or just to your distro's CA bundle, e.g /etc/pki/tls/certs/ca-bundle.crt. Nick On 06/08/2020 16:36, MAS Jean-Louis via samba

I have several samba servers on Debian 10 all using : samba 2:4.9.5+dfsg-5+deb10u1 amd64 I use tls cafile, tls certfile and tls keyfile with certificates from Sectigo (https://cert-manager.com) And when checking my connexion from the samba server, or from outside, I've got "unable to verify the first certificate" even if tls_cafile is provided in smb.conf. What is wrong

Hi Stefan, Does the combined?glusterfs.ca includes client nodes pem? Also this file need to be placed in Client node as well. -- Aravinda Kadalu Technologies ---- On Fri, 26 Jan 2024 15:14:39 +0530 Stefan Kania <stefan at kania-online.de> wrote --- Hi to all, The system is running Debian 12 with Gluster 10. All systems are using the same versions. I try to encrypt the

I'm trying to change the ring tone on my 7960 from the dialplan. I've tried the example on the wiki but it doesn't seem to work. Something like: exten => 3010,1,SetVar(ALERT_INFO=<Bellcore-dr1>) ; selects Ringer exten => 3010,2,Dial(SIP/3010,15) I'm not sure what the Bellcore-dr1 ringer is supposed to be. I've tried replacing ALERT_INFO with another ring tone

I'm confused by the following:- rcfg at q957$ ssh-add -l 256 SHA256:gl9l9m/xnYpL9P7WkL60L+FcJ0+r2c5Ci770p9VEC08 chris at q957 (ED25519) 256 SHA256:4XDYbepg8zK43pofpQ8IGxMAXkej298a0XZHWjJTIQQ chris at q957 (ED25519) 3072 SHA256:yeQw8xe9rrxHKLqICoXNwReZKKV9HI1UeTCf95QywXM chris at t470 (RSA) 256 SHA256:dluRgJeTqJ32jKxRrSdjr/cibbIOZQeq8Inlna3+Sdw chris at q957 (ED25519)

https://bugzilla.mindrot.org/show_bug.cgi?id=2388 Bug ID: 2388 Summary: build fixups for --without-openssl Product: Portable OpenSSH Version: 6.8p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: Build system Assignee: unassigned-bugs at

well i've tried everything trying to get r/w access to my linux box (debian 2.2.3 running samba 2.0.7) from win2k. can only get readonly. i'm hoping some kind sould might be able to take a look at my samba config and let me know what i'm doing wrong... # Samba config file created using SWAT # from localhost (127.0.0.1) # Date: 2001/11/01 00:39:30 # Global parameters [global]

Thread split from my previous communication. Here is the integrity logs on the platform. I had to cut this should due to the length of the logs (5Mb). ***************** failed-regress.log ************ trace: test integrity: hmac-sha1 @2900 FAIL: unexpected error mac hmac-sha1 at 2900: Bytes per second: sent 65665.7, received 55994.0. trace: test integrity: hmac-sha1 @2901 FAIL: