Questions tagged [openssl]
GENERAL USE QUESTIONS ARE OFF-TOPIC. OpenSSL is an open source software toolkit that implements the SSL/TLS protocol, as well as a general cryptographic library. Use this tag for questions about interacting with OpenSSL in a programming context.
openssl
16,706
questions
1
vote
0
answers
7
views
Why do I get a malformed supported_versions extension at ClientHello when I use openssl s_client?
What's my problem?
I'm doing tests to reach a server using TLS 1.3 with openssl s_client. I've had a lot of troubles figuring out why the server is answering with a fatal error alert and I've finally ...
1
vote
0
answers
12
views
Does the EVP_KEY created by OSSL_DECODER_CTX_new_for_pkey need to be manually freed?
Does this code (ignoring lack of error handling) leak with OpenSSL 3.0?
EVP_PKEY *pkey = NULL;
BIO *public_key_file = BIO_new_file("public.pem", "r");
OSSL_DECODER_CTX *dctx = ...
0
votes
0
answers
21
views
How do I get my M1 Macbook pro to trust Netskope cert?
My company recently installed Netskope on our machines. Now any HTTP request I make from apps I am running locally fail with the below error whether Netskope is enabled or disabled.
SSL_connect ...
0
votes
0
answers
13
views
CMAC with Swift OpenSSL 3 fails at init
I'm trying to compute a CMAC using OpenSSL 3 EVP_MAC APIs in Swift, and I am stuck at the EVP_MAC_init call, which always fails. I've tried many different combinations, without success.
If anyone ...
0
votes
0
answers
24
views
Input some PublicKey, PEM_read_bio_PUBKEY return null, Is the PublicKey wrong?
I use OpenSSL library to encrypt or decrypt the message for SMIME,now I have two PublicKey strings, and convert it to EVP_PKEY, the code is
EVP_PKEY* createPublicKey(const char* publicKeyString) {
...
0
votes
0
answers
26
views
Using openssl with FIPS mode on my own image
I have a custom image that is based on Red Hat.
OpenSSL 1.1.1 is installed, but it is not FIPS compliant, and upgrading to openssl 3+ is not possible.
For a specific app, I need FIPS compliant version ...
-3
votes
0
answers
21
views
Cryptography Performance of Ubuntu Server versions
I appreciate your help with this issue. I'm running a .NET 6.0 powered web and API application behind an Apache reverse proxy. These applications use some self-signed certificates for certain ...
0
votes
0
answers
34
views
How to decrypts ciphertexts in a single go from ciphertexts which were encrypted by separately using AES?
I try encryption-decryption using AES with 256 key on the platform of OpenSSL v3 with C++.
bool CryptographicUtils::encrypt(unsigned char* plainText, int size, unsigned char** pOutCipherText, int &...
0
votes
1
answer
42
views
Web Crypto API ECDSA and OpenSSL
I created ECDSA key pair using openssl
openssl ecparam -name prime256v1 -genkey -noout -out ecdsa_private_key.pem
openssl ec -in ecdsa_private_key.pem -pubout -out ecdsa_public_key.pem
and using ...
-2
votes
1
answer
41
views
While pushing my project to GitHub I am getting some error [closed]
I added the code and committed also, but when I am trying to push the code, it's showing an error message.
The message is
fatal: unable to access '
https://github.com/ANANYADATTA/Code-Likho.git/': ...
0
votes
1
answer
35
views
Why using SSL_peek returns duplicated data?
I made the following code to find the amount of bytes I need to read in order to reach the end of a given delimiter, by using SSL_peek.
int TcpClient::PeekEndOfDelimiter(const std::vector<unsigned ...
0
votes
0
answers
20
views
Self signed certificate doesn't apply
I have a site https://example.com. I want to add certificate when particular port is called like https://exampme.com:5000. What I do is this:
var options = {
key: fs.readFileSync('/var/www/...
1
vote
0
answers
15
views
Does the UBI 8 image not support OpenSSL versions beyond 1.1.1k?
I have a critical component that relies on OpenSSL version 1.1.1n with custom patches and fixes. Previously, this component was running on a Debian image, but now we are transitioning to UBI8. Despite ...
-2
votes
0
answers
25
views
Why TLSv1.3 encrypt data is slower than TLSv1.2
I know that TLSv1.3 handshaking is faster than TLSv1.2, so I tried to upgrade our application to support it. But after performance comparison, we found that packets delay increase obviously, Here is ...
0
votes
0
answers
14
views
armhf: openssl-libcrypto-fix: cannot execute binary file: Exec format error
I'm trying to use miniconda on a project on rpi4b but I can't get it initialized. The problem seems to be the 32-bit operating system which starts to be out of use. It's a fresh install of bookworm.
I ...