The main reason of the fork is to include ChaCha20, Poly1305, other (experimental/insecure) ciphers, and to add some extra features to s_client. It should compile 'as least as good' as the officialOpenSSL_1_0_2-stablebranch. Please note that some security restrictions have been removed ...
Some OpenSSL providers (such as SymCrypt) doesn't implement the AES CRT mode. If there is no fall back provider for AES CRT, then openssl.NewAESCipher should return an object that doesn't implement the aes.ctrAble interface. The same applies to other AES modes. Our azurelinux CI job ha...
This issue is so strange I don't know where to look next. On Debian 10 (1.1.1g-1+0~20200421.17+debian9~1.gbpf6902f) and Ubuntu 20.04.3 LTS (1.1.1f-1ubuntu2.9) , if I issue openssl s_client -connect bmbwf.gv.at:443 I always get a connecti...
In Github CI sanitizer runs there are sometimes intermittent failures in 30-test_evp_extra.t. Such as in https://github.com/openssl/openssl/pull/14067/checks?check_run_id=1831532788. # ERROR: (bool) 'EVP_DigestSignInit(mdctx, NULL, NULL,...
Please note that some security restrictions have been removed on purpose: In contrast of the official fork, this version of openssl for instance does not restrict the size of DH parameters. It also enables a lot of extra ciphers deemed insecure, so please be aware to explicity enable only ...
Snapshot for testssl.sh >2.8 from PM's fork, ready to compile, incl. IPv6 support (for Unices only). Extra featured OpenSSL with borken things and newer ciphers - testssl/openssl-1.0.2.bad
The main reason of the fork is to include ChaCha20, Poly1305, other (experimental/insecure) ciphers, and to add some extra features to s_client. It should compile 'as least as good' as the officialOpenSSL_1_0_2-stablebranch. Please note that some security restrictions have been removed ...