16,694 questions
0
votes
0
answers
74
views
How do I use Openssl 3 with Qt 5.15.19?
I have an application that still uses Openssl 1.1.1w. I need to update that to an OpenSsl 3 version. Switching to Qt6 seems like the best way to do that, however due to the nature of the codebase we ...
- 17
-1
votes
0
answers
23
views
Zabbix "Invalid HTTP header" Response
I'm getting following errors on two different web monitoring. Has anyone encountered these specific errors before?
Invalid HTTP header field was received: frame type: 1, stream: 1, name: [keep-alive], ...
- 1
1
vote
1
answer
98
views
How to compile 64-bit binaries for latest versions of OpenSSL (3.5.x) on the Windows 10
I am trying to compile latest version of the OpenSSL on Windows 10 machine (version 3.5.4).
Prerequisites are:
I ran x64 Native Tools Command Prompt for Visual Studio 2022 Community Edition
I ...
- 1,865
0
votes
0
answers
38
views
How to achieve complete read/write thread separation for BoringSSL using BIO APIs
I'm integrating BoringSSL into my networking library for secure communication. I've observed that both SSL_read() and SSL_write() operations can potentially trigger both read and write activities on ...
- 373
1
vote
1
answer
126
views
Migrating from OpenSSL 1.1 to 3.0: How to generate DH key pair with 32-byte prime using EVP_PKEY-DH interface?
I'm migrating my Diffie-Hellman (DH) implementation from OpenSSL 1.1 to OpenSSL 3.0. Previously, I used APIs like DH_set0_pqg, but these are now deprecated. I am switching to the EVP_PKEY-DH interface ...
- 637
1
vote
0
answers
127
views
Why does EVP_PKEY_derive_set_peer cause a segmentation fault when using a peer public key reconstructed from BIGNUM in OpenSSL 3?
I'm using OpenSSL 3.0 EVP_PKEY in C to perform Diffie-Hellman key exchange. I generate Alice's and Bob's key pairs. I extract Bob's public key as a BIGNUM and try to reconstruct an EVP_PKEY for Bob's ...
- 637
1
vote
1
answer
60
views
Mise tells me openssl is not found event if it's installed on my computer [closed]
I'm trying to install PHP 8.4 with mise, but I've got an error saying that I'm missing OpenSSL.
configure: error: Package requirements (openssl >= 1.1.1) were not met:
No package 'openssl' found
...
- 2,129
1
vote
0
answers
76
views
RSA based certs failing during TLS after removal of RSA-PSS ciphers from ClientSignatureAlgorithm
For FIPS mode, I added ClientSignatureAlgorithm in opensslcnf.txt. This change was done for FIPS mode using the crypto-policies package.
The support ciphers for ClientSignatureAlgorithms are same as ...
0
votes
0
answers
65
views
Laravel 12 public and private key VAPID OpenSSl error
I'm trying to implement notifications on my system (with Laravel 12 and PHP 8.3.16) using composer require laravel-notification-channels/webpush. Everything installs correctly, but when running php ...
1
vote
2
answers
58
views
Intermittent segmentation fault in OpenSSL SHA1_Update after days of operation in multi-threaded C program
----Problem Summary----
I'm experiencing intermittent segmentation faults in a multi-threaded C program that heavily uses OpenSSL's libcrypto for cryptographic operations. The crash occurs in ...
- 11
3
votes
3
answers
263
views
No rule to make target '/opt/homebrew/Cellar/openssl@3/3.4.1/include/openssl/opensslv.h' installing php 8.4.11
Mon 17 Nov 2025 Update
I have implemented @kakaiikaka's and @orbanbalage's suggestions individually and one a time to no avail--I got same error message I've been receiving from the beginning:
make: **...
- 388
2
votes
0
answers
70
views
Using OpenSSL provider to delegate TLS_PSK_WITH_NULL_SHA256 key operations to TZ or TPM
I am developing software that uses OpenSSL for implementing a TLS client. I am developing it in the C++ language, to run in Linux for ARM 64-bit.
I intend to use the cipher TLS_PSK_WITH_NULL_SHA256.
...
- 1,569
0
votes
1
answer
58
views
Getting "FATAL FIPS SELFTEST FAILURE" when importing qwen-vl-utils
When I run
from qwen_vl_utils import process_vision_info
in my Python environment, I get
crypto/fips/fips.c:154: OpenSSL internal error: FATAL FIPS SELFTEST FAILURE
Aborted
I'm using
OpenSSL 3.3.2
...
- 351
0
votes
0
answers
55
views
AWS Kinesis Video Streams Producer JNI times out (StatusCode: 0xf) in Ubuntu container running gRPC service; REST container works
gRPC service consistently fails with KVS Producer JNI “producer stream creation time out StatusCode: 0xf” about ~15s after “Creating Kinesis Video stream”.
REST service (same repo, same JNI .so, same ...
2
votes
1
answer
85
views
Load X509 from PEM with OpenSSL 3 and a dedicated OSSL_LIB_CTX
For many methods in OpenSSL 3 there is an _ex version to create/load something with a provided OSSL_LIB_CTX*. Why is there no PEM_read_bio_X509_ex that accepts this ctx?
I don't know why, but every AI ...
- 911
0
votes
0
answers
69
views
Nodemailer :: ssl3_get_record:wrong version number
I have recently migrated the mail sending process from php (using PHPMailer) to a newer and optimized Nodejs backend (using Nodemailer).
And this was a semi-successful miragration, as for the most ...
- 95
0
votes
1
answer
170
views
encrypt using OpenSSL and RSA_public_encrypt
I need to encrypt strings using a public key contained in an X509 certificate using Delphi 10.3 and OpenSSL. The certificate is already loaded in memory using the BIO routines:
var
ptrX509: pX509;
...
- 481
0
votes
1
answer
54
views
Mono: can't access API with self-signed certificate - MonoBtlsException: Ssl error:1000007d:SSL
I have a Mono container (mono:6.12.0.182) and it has some host.testcontainers.internal:[PORT] exposed to it.
I will be using this to integration test a legacy .NET client application against a new API(...
- 385
4
votes
1
answer
177
views
Difference in flushing behavior in OpenSSL and Apple Secure Transport
I'm a volunteer for The Tor Project contributing to Arti (a Rust implementation for Tor).
In this project we implement Rust crates native-tls and tokio-native-tls. We encounter a very persistent issue ...
- 1,683
1
vote
1
answer
69
views
Why does `EVP_CIPHER_CTX_set_padding()` fail with 0?
I'm updating some code that I didn't touch for several years, and to my surprise it produces a runtime error. I'm very sure it used to work just fine.
Reproducer
#include <openssl/evp.h>
#...
- 863
1
vote
0
answers
62
views
Why does a PKCS12 truststore generated with OpenSSL (-nokeys) not work in Java, but keytool-generated one does?
I am trying to configure SSL in my Java (Thrift) client. (mTLS)
I need a truststore that contains my CA certificate, so that the client can trust the server certificate.
First I'm try to use openssl ...
- 21
-1
votes
1
answer
71
views
Can Server send sha256 cert when client asks for sha384? [closed]
I have a server using openssl and I sent a connect request using openssl as:
openssl s_client -4 -connect www.google.com:443 -sigalgs rsa_pss_rsae_sha384 -tls1_2
I expected the connection to fail ...
0
votes
0
answers
37
views
OpenSSL loading fips.dll from two separate location in same exe
I have App.exe that loads A.dll & B.dll. A.dll loads fips.dll from space c:/App/A/fips.dll B.dll loads Fips.dll from space c:/App/B/fips.dll. I see App.exe is loading both fips.dll from both ...
0
votes
0
answers
77
views
Non-blocking interleaving SSL_read, SSL_write
When working with SSL and non-blocking sockets, the read and write functions can require a retry requiring either a read or write from the socket, i.e.,
SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE.
In ...
- 970
1
vote
1
answer
117
views
How to close a Python TLS 1.3 socket cleanly (send close_notify) without unwrap()?
I’m starting with Python and I’m trying to make a simple TLS 1.3 socket, but I’m having an issue.
When the session is closed, I get a TLS error :
Alert (Level: Fatal, Description: Decode Error)
Which ...
- 21
1
vote
0
answers
236
views
Export PEM private key to DER with Delphi and OpenSSL
A brief context: in mexico there is the so called "electronic invoice". The IRS equivalent, emits a certificate/key pair (.cer, .key) in DER format, named Digital Sign Certificate to each ...
- 481
0
votes
0
answers
102
views
Using SSL certificate failed with OpenSSL error - ca md too weak. .NET 9 Docker
From MacOS everything is fine, but in docker exceptions is thrown
Unhandled exception occurred
System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner ...
0
votes
0
answers
35
views
AWS CloudFront Signed URL throws ERR_OSSL_EVP_INVALID_DIGEST in Node.js 22
I'm trying to generate signed URLs for a CloudFront distribution using the AWS SDK v3 (@aws-sdk/cloudfront-signer) in a Node.js project.
I successfully uploaded my public key to CloudFront using:
aws ...
-1
votes
1
answer
153
views
Calling PEM_read_PrivateKey causes program to crash in OpenSSL 3.x
I call PEM_read_PrivateKey to read the private key using the following code, however after calling PEM_read_PrivateKey the program crashes (exists with error code 1) on Windows 11.
std::string pem = ...
- 1,339
1
vote
2
answers
141
views
Cannot read password from powershell and give it to openssl
I'm trying to give a password to openssl from powershell :
PS>$pfxFile = "toto.pfx"
PS>$ext= ls $pfxFile | % Extension
PS>$pwd = Read-Host "Enter Import Password" -...
- 4,955
0
votes
0
answers
111
views
Python library dependency issue when trying to upgrade openssl due to Cryptography
I want to upgrade to the latest OpenSSL package 3.5.1 in a Miniconda Python virtual environment in CentOS OS. So I tried the below command:
conda update openssl
output for the above cmd:
conda update ...
- 99
0
votes
0
answers
41
views
TPM2 Openssl verification Fails
I am experimenting with TPM. I am using windows sdk libs (pre-installed) to generate and export keys. Then i use the same appraoch to create a detached hash for a file.
Key Generation:
bool ...
- 325
0
votes
0
answers
51
views
SSL: A super strange question:'error:1408F10B:SSL routines:ssl3_get_record:wrong version number'
I encountered a strange SSL issue that is completely different from common problems. I have consulted a lot of information, and almost all of the errors are caused by SSL version mismatch or HTTPS ...
- 33
0
votes
1
answer
53
views
System (PID 4) listens on my port after I close the listening socket
On Windows Server 2022 I'm running a custom HTTPS server (part of a larger app). The service binds, listens and then accepts on port 81 for a while and netstat -abn shows:
TCP 0.0.0.0:81 ...
- 4,707
1
vote
1
answer
214
views
Why WebTransport cannot connect to my server?
When I'm trying to make a simple QUIC connection via new WebTransport('https://localhost') this request never reaches my server and immediately terminating in Chrome with Failed to establish a ...
0
votes
0
answers
206
views
certutil commands to check certificate and verify hash equivalent to openssl
I use two openssl commands to verify a certificate file:
openssl x509 -in <CERT_FILE> -noout
and verify a signature file:
openssl cms -verify -binary -content <INPUT_FILE> -inform PEM -...
- 1,098
0
votes
0
answers
64
views
Unable to load tcnatve openssl in native image
I have a Spring Boot webflux app, running Netty. When enabling SSL performance hurts more than expected, and I want to check if using native OpenSSL (netty-tcnative) helps.
I think I have everything ...
- 1
2
votes
1
answer
117
views
C++ OpenSSL 3.0.8 private key decryption with EVP_PKEY_decrypt failed
I haven't find solution by myself and need help.
I'm writting simple client-server encrypted chat programm using OpenSSL 3 library.
Client's and server's socket parts both inherited via '...
0
votes
0
answers
98
views
How to create a x509 certificate without Subject name but with Subject Alternative Name?
I read that a machine certificate can be created without a subject name if it has a subject alternative name. My use case is to generate such a certificate and use it for certificate chain ...
3
votes
0
answers
78
views
How to send S/MIME email with MIME headers set to smime.p7m but actual attachment filename as timestamped .edi in PHP?
I'm trying to send a secure EDI email to the ABF via SMTP using PHP. The content must be encrypted and signed using S/MIME (PKCS#7).
Here's what ABF requires:
The MIME headers of the attachment must ...
1
vote
1
answer
92
views
python can't connect, but openssl can
I am trying to connect to a legacy (windows server 2008R2) server using python / winrm. I am seeing an issue where openssl can establish the ssl socket cleanly, but python and winrm can't. I am ...
- 16k
0
votes
0
answers
40
views
yocto compilation for weston is creating error in nss-3.103
I am building yocto styhead for a custom board. However, it chokes on nss-3.10. I am not sure why only I am getting this issue. Iam building on Docker container running ubuntu 24.04. How do I debug ...
- 1,619
0
votes
0
answers
38
views
Openssl 1.1.1k build failures while building client code using libssl.so object
Compiler : gcc-toolset-9
OS : 5.15.0-306.177.4.el8uek.aarch64 (Centos 8) ARM
Version : Openssl 1.1.1k
Build Issue : Yes
This is not a build issue with openssl source itself but when we are using built ...
0
votes
0
answers
42
views
Netty : Difference in JDK vs OpenSSL
We are using Apache Artemis messaging broker which uses netty (io.netty.handler.ssl.SslContext) for SSL handshake to allow certificate based authentication to broker.
When we are using JDK as provider ...
-1
votes
1
answer
82
views
OpenSSL x509 certificate chain verification fails with error 53
I have three certificates, rootca.pem, intermediate.pem and VPN_Client_Test_Certificate.pem. OpenSSL verification fails with error 53. Not sure what syntax error is happening. Kindly help. Certs are ...
1
vote
1
answer
268
views
Conflicting OPENSSL versions under Linux
I'm building a project linking both with QtNetwork (Qt6) and Python library (3.8).
At runtime, I get the error:
my_prg_bin: symbol lookup error: /lib64/libk5crypto.so.3: undefined symbol: EVP_KDF_ctrl,...
- 21.9k
0
votes
0
answers
42
views
Running openssl on multiple files located within multiple directories
My controller runs a fetch that reaches out to 500 hosts and retries a cert-status-request (CSR) and puts them in directories named for the host the CSRs came from. How can I run the openssl command ...
0
votes
0
answers
105
views
MIFAR DesFire EV3 2K3DES - SessionKey and algo
I am trying to implement on Nodejs / typescript the MIFAR DesFire EV3 and I am struggling right after authentication, trying to get the card uid.
I am using this impl. https://github.com/andrade/...
- 1
-3
votes
1
answer
99
views
Not able to send the cert details output to file using openssl command in perl without pressing enter manually
I am trying to capture the certificate information of a particular site and send it to a file in windows using perl. To achieve this, I wrote the below code in certextract.pl:
$commandToExecute = &...
- 4,709
0
votes
0
answers
32
views
downloading openssl for python 3.10/kivy 2.3.1 throws http 404 error on MacOS
when doing buildozer android debug in python 3.10.16/kivy 2.3.1/buildozer 1.5.0/pyjnius 1.6.1 on MacOS, it keeps throw http 404 when downloading openssl as python 3.10 still tried to download the ...
- 10.3k