Incompatibility between openssl 1.0.0 and 0.9.8 which cause stunnel windows version malfunction.
I generated a pair of key and certificates with openssl 1.0.0d, and use them in stunnel 4.36. Today i upgrade it to stunnel 4.50 and it doesnot work. All configurations remain unmodified. Then i tested many versions and found, stunnel with openssl 1.00 works fine while with openssl 0.98 does not work. I use stunnel with linux server and windows client, stunnel 4.50 windows version is using openssl 0.98, so cause this problem. 4.47 is using 1.00e which i think is newer than 0.98 bundled with 4.50. So why stunnel keep changing openssl version?
Hi,
- For FIPS certification. - Yes, crypted headers of certificates are differentes from openssl 0.9.8 and 1.0.0 like this :
openssl 1.0.0 key :
-----BEGIN ENCRYPTED PRIVATE KEY----- MIIJnzBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQI0Z45oYYRJ1cCAggA MB0GCWCGSAFlAwQBAgQQF4QLI0IILDItqQFXHJeAxgSCCVBAo1Ed9BHwyhHeBzx2 rQELkAghar26CFsP7qvMwZ+vnATbArA2MvFWJWy0l2pl7/Rn7RcoztbSzg82c8IG ...
openssl 0.9.8 key :
-----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,327E4B06D51C7728
grestO9v2wfiqFwBy8bBbpNjMWpFrrc/9y8q68n6c48enCFyDsdVlyqToOQ+Razt d98I+rkTow33X83e9+Zt8rGlKJlPXn3zHTKbjNhfc7j6kk+ssWJft5OAvu5NShMx FOATl4pW97qCf1x4pFwQGm8/8MhCqOpqv2cLfjz2T4Egu1qP2sHZ35QU/gHBLHYh ...
Ludovic.
Le 21/12/2011 09:16, ayanamist a écrit :
I generated a pair of key and certificates with openssl 1.0.0d, and use them in stunnel 4.36. Today i upgrade it to stunnel 4.50 and it doesnot work. All configurations remain unmodified. Then i tested many versions and found, stunnel with openssl 1.00 works fine while with openssl 0.98 does not work. I use stunnel with linux server and windows client, stunnel 4.50 windows version is using openssl 0.98, so cause this problem. 4.47 is using 1.00e which i think is newer than 0.98 bundled with 4.50. So why stunnel keep changing openssl version?
_
I can understand it, but why does stunnel downgrade it from 1.00 to 0.98 on windows version?
On Wed, Dec 21, 2011 at 5:52 PM, Ludovic LEVET llevet@ludosoft.org wrote:
Hi,
- For FIPS certification.
- Yes, crypted headers of certificates are differentes from openssl 0.9.8
and 1.0.0 like this :
openssl 1.0.0 key :
-----BEGIN ENCRYPTED PRIVATE KEY----- MIIJnzBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQI0Z45oYYRJ1cCAggA MB0GCWCGSAFlAwQBAgQQF4QLI0IILDItqQFXHJeAxgSCCVBAo1Ed9BHwyhHeBzx2 rQELkAghar26CFsP7qvMwZ+vnATbArA2MvFWJWy0l2pl7/Rn7RcoztbSzg82c8IG ...
openssl 0.9.8 key :
-----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,327E4B06D51C7728
grestO9v2wfiqFwBy8bBbpNjMWpFrrc/9y8q68n6c48enCFyDsdVlyqToOQ+Razt d98I+rkTow33X83e9+Zt8rGlKJlPXn3zHTKbjNhfc7j6kk+ssWJft5OAvu5NShMx FOATl4pW97qCf1x4pFwQGm8/8MhCqOpqv2cLfjz2T4Egu1qP2sHZ35QU/gHBLHYh ...
Ludovic.
Le 21/12/2011 09:16, ayanamist a écrit :
I generated a pair of key and certificates with openssl 1.0.0d, and use them in stunnel 4.36. Today i upgrade it to stunnel 4.50 and it doesnot work. All configurations remain unmodified. Then i tested many versions and found, stunnel with openssl 1.00 works fine while with openssl 0.98 does not work. I use stunnel with linux server and windows client, stunnel 4.50 windows version is using openssl 0.98, so cause this problem. 4.47 is using 1.00e which i think is newer than 0.98 bundled with 4.50. So why stunnel keep changing openssl version?
_
stunnel-users mailing list stunnel-users@stunnel.org http://stunnel.mirt.net/mailman/listinfo/stunnel-users
- For FIPS certification.
Fips is writen for 0.9.8 version at begining. So migrate it to 1.0.0 take very lot of work (to many code changing) and time.
Ludovic.
Le 21/12/2011 12:12, ayanamist a écrit :
I can understand it, but why does stunnel downgrade it from 1.00 to 0.98 on windows version?
On Wed, Dec 21, 2011 at 5:52 PM, Ludovic LEVET <llevet@ludosoft.org mailto:llevet@ludosoft.org> wrote:
Hi, - For FIPS certification. - Yes, crypted headers of certificates are differentes from openssl 0.9.8 and 1.0.0 like this : openssl 1.0.0 key : -----BEGIN ENCRYPTED PRIVATE KEY----- MIIJnzBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQI0Z45oYYRJ1cCAggA MB0GCWCGSAFlAwQBAgQQF4QLI0IILDItqQFXHJeAxgSCCVBAo1Ed9BHwyhHeBzx2 rQELkAghar26CFsP7qvMwZ+vnATbArA2MvFWJWy0l2pl7/Rn7RcoztbSzg82c8IG ... openssl 0.9.8 key : -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,327E4B06D51C7728 grestO9v2wfiqFwBy8bBbpNjMWpFrrc/9y8q68n6c48enCFyDsdVlyqToOQ+Razt d98I+rkTow33X83e9+Zt8rGlKJlPXn3zHTKbjNhfc7j6kk+ssWJft5OAvu5NShMx FOATl4pW97qCf1x4pFwQGm8/8MhCqOpqv2cLfjz2T4Egu1qP2sHZ35QU/gHBLHYh ... Ludovic.
Hi Guys,
Further details are available on this page: http://www.openssl.org/docs/fips/fipsvalidation.html
Mike
On Wed, 21 Dec 2011 12:49:22 +0100, Ludovic LEVET wrote:
- For FIPS certification.
Fips is writen for 0.9.8 version at begining. So migrate it to 1.0.0 take very lot of work (to many code changing) and time.
Ludovic.
Le 21/12/2011 12:12, ayanamist a écrit :
I can understand it, but why does stunnel downgrade it from 1.00 to 0.98 on windows version?
On Wed, Dec 21, 2011 at 5:52 PM, Ludovic LEVET wrote:
Hi,
- For FIPS certification.
- Yes, crypted headers of certificates are differentes from openssl
0.9.8 and 1.0.0 like this :
openssl 1.0.0 key :
-----BEGIN ENCRYPTED PRIVATE KEY----- MIIJnzBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQI0Z45oYYRJ1cCAggA MB0GCWCGSAFlAwQBAgQQF4QLI0IILDItqQFXHJeAxgSCCVBAo1Ed9BHwyhHeBzx2 rQELkAghar26CFsP7qvMwZ+vnATbArA2MvFWJWy0l2pl7/Rn7RcoztbSzg82c8IG ...
openssl 0.9.8 key :
-----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,327E4B06D51C7728
grestO9v2wfiqFwBy8bBbpNjMWpFrrc/9y8q68n6c48enCFyDsdVlyqToOQ+Razt d98I+rkTow33X83e9+Zt8rGlKJlPXn3zHTKbjNhfc7j6kk+ssWJft5OAvu5NShMx FOATl4pW97qCf1x4pFwQGm8/8MhCqOpqv2cLfjz2T4Egu1qP2sHZ35QU/gHBLHYh ...
Ludovic.
Links: ------ [1] mailto:llevet@ludosoft.org
-
ayanamist -
Ludovic LEVET -
Michal Trojnara