zhu qun-ying wrote:
>
>
> Thank you for your clearence. There are still some information that I want to
> know. Is the default setting to PKCS12_create() will be sufficient? Or do I need
> to increase the mac_iter and nid_cert ciper to 3DES-CBC?
>
They should be sufficient. Certificates are usually public knowledge
anyway so using weak or no encryption on them is harmless but if you
want to use strong encryption on it you can, however some of the older
export browsers wont import 3DES encrypted certificates.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
