Shirish Rai wrote:
Hi, I am new to NSS and am trying to port an application from SSLeay to
NSS. When I call SSL_ForceHandshake, it fails with abort at:
Assertion failure: numPresent 0 || numEnabled == 0, at ssl3con.c:425
t@9 (l@4) signal ABRT (Abort) in __sigprocmask at 0xff0e9bf0
Chaitanya Laxminarayan wrote:
does psm support SSL2?
-chaitanya
yes.
--
Nelson Bolyard (at home)Speaking only for myself.
Netscape 4.x is not open source. We do not discuss the source code to
Netscape 4.x in this (or any other) public newsgroup. Sorry.
--
Nelson Bolyard (at home)Speaking only for myself.
Jeff Wollschleager wrote:
Know next to nothing about crypto, have looked at some of info on
Mozilla.org pages about PSM NSS and I'm having a hard time
understanding what the heck is going on. My big question would be-Why
does PSM require internet access to view secure web sites? (run a
Frank Hecker wrote:
John Gardiner Myers wrote:
Why are FIPS ciphers listed under TLS? I thought they were only
relevant to SSLv3.
That's correct to the best of my knowledge. If the protocol being used
is TLS 1.0 (as opposed to SSL 3.0) then there should be no FIPS
ciphersuites
"Nelson B. Bolyard" wrote:
Hence the UI should NOT be designed to give the user the idea that it is
possible to enable a given ciphersuite separately for SSL3 and for TLS.
I just looked at
http://people.netscape.com/lord/psm/images/cipher-viewer-tls.gif
and believe it i
ccage wrote:
I have the SSLSample code building on the Mac, but not sure how
to supply all of the arguments. Could someone provide an
example of the args they would pass to this sample program?
One more thought about this. NSS's SSL __server__ code doesn't support
the Mac. Specifically,
shankar srinivasan wrote:
I have worked with IE certificates and used crpto API for accesing the
certificate from the store, signing , encryption and verification. Could
anyone tell me how to access the netscape certificate and do all kinds of
cryptographic operations. I guess we can use
Bob Lord wrote:
In older versions of Communicator, there was a step in the certificate
enrollment process where the user was asked to name his/her newly issued
certificate. Although this gave the user some flexibility, it mostly
casued problems. Users would sometimes choose
Ben Bucksch wrote:
Bob Lord wrote:
I'll have to ponder this one some more. The CM manages your certs,
and the DM manages (among other things) your smart cards. I suppose
we could have a "Certificate and Device Manager" by adding a new tab
to the current CM called "Devices". Is
Isn't this feature set commonly known as S/MIME?
--
Nelson Bolyard Sun / Netscape Alliance
Disclaimer: I speak for myself, not for Netscape
Bryman wrote:
Hello all,
I am a lab administrator and I have recently developed a tight
permissions/profile scheme to try to protect the machines from the users.
Everything works very well except when I try to log on to secure sites
(SSL?) under my user profile in Netscape6. Under
When Mozilla or Netscape 6 does https (or SSL for any other reason),
it runs another program named psm. I think it's psm.exe on windows.
psm uses at least 3 files. The 3 I know of are cert7.db, key3.db and
secmod.db, and it needs r/w permissions on all those files.
There are probably
Dan Mosedale wrote:
So one thing that would be helpful to those of us working on LDAP in
the browser is the ability to get access to some of the NSS
functionality for the LDAP C SDK to use.
LDAP in the browser consists of an XPCOM wrapper around the LDAP C
SDK, which does all the
Ben Bucksch wrote:
relyea wrote:
In fact the
hard part of S/MIME support isn't displaying pkcs #7 data, it's including
all the relevent UI associated with sending and identifying signed and
encrypted mail.
Really? I don't think so. You just need
- in the Composer
- 2
This posting has nothing to do with crypto, as far as I can see.
Please post inquiries about JPEG in the appropriate newsgroup.
--
Nelson Bolyard
Here's a replay of a message I originally sent back on "Bush Harbor" day,
Sept 7, 2000. I hope the PIP developers will seriously consider this idea.
Since PSM is being rewritten, now seems like the perfect opportunity.
Javier Delgadillo wrote:
That leaves the following bugs
* 44320
Doug,
I'm writing about cases where dialogs need to be displayed to the user,
where the user must take some action, such as dialogs for selecting the
user's client certificate. Timeouts don't indicate these cases.
But while we're discussing the silent restarting of SSL connections,
that
Steve Parkinson wrote:
Hmm - this document used to be on the Netscape Devedge site. Now I can only
find it internally. It's not important what the extension is, but you have to
send it with the right mime type.
The official repository for that document is
John Gardiner Myers wrote:
With PIP, we won't have the problem where the client times out its
connection with PSM. Client-side timeouts become irrelevant. The only
problem would be servers timing out.
Silently restarting the connection will be difficult in STARTTLS
protocols such as
Richard Cardona wrote:
Interested readers,
In Nov 2000, I posted a message about a TLS handshake incompatibility
between Netscape 6.0 and IBM HTTP Servers (IHS). Netscape 6.0 was not
handshaking with IHS because of a defect in the IBM SSL libraries. IBM
has since fixed the problem
Brian Ryner wrote:
I don't think this would be incredibly hard to implement, especially now
that we can get at the channel from the UI callback code.
I agree that we shouldn't restart the connection automatically though,
only if the socket has been closed on the other side. Can we
Mitchell Stoltz wrote:
Bagus Mahawan wrote:
And one last question,
Is it possible for an attacker to read key3.db and cert7.db ? I would be
happy if there is any docs explaining the format of those *.db files (to see
if they can be read easily by an attacker or not).
If an
Today, one of the P1 must-have tasks for NSS 3.3 was completed.
Dr. Steven Henson's contribution of an implementation of Diffie-Hellman
Ephemeral ciphersuites for the client side of SSL3 and TLS has been
checked into the NSS tree. (Thanks, Steve!)
Support for DHE cipher suites on the server
A few comments:
First, to do the encryption (at least with S/MIME) you need more than the
public key, you need the entire public key certificate chain.
There's a certificate database (cert*.db) that contains public key certs,
including trusted CA certs; and there's an encrypted private key DB
Patrick wrote:
My app is a custom NSS-enabled app. It does call CERT_VerifyCertNow in my
certificate authentication callback function (specified by
SSL_AuthCertificateHook). And this function does not take a time argument.
So how can my app take responsibility for passing in the right time?
John Gardiner Myers wrote:
Nelson B. Bolyard wrote:
Inadequacies of SSL_SecurityStatus:
12. It reports 3DES as having 168 bits of effective strength when it has
only 112.
Sadly there is more than one definition of effective key size.
More on this below.
Would it be reasonable
In light of recent suggestions, I have made a couple of new proposals for
this API. Both are now recorded in
http://bugzilla.mozilla.org/show_bug.cgi?id=78959
Here's a quick synopsis:
Proposal 2:
typedef struct SSLChannelInfoStr {
PRUint32 length;
PRUint16
Jasper CS Chow wrote:
Anyone successfully build NSS 3.2.1 on WINNT platform using gmake
nss_build_all?
Works for me.
I follow the instruction on
http://www.mozilla.org/projects/security/pki/nss/buildnss_32.html
and I am using Netscape's wintools, but I run into errors when building
nss
Subhash Chopra wrote:
Outputs from SSLDump with Mozilla and various other browsers (ie IE,Opera
etc) revealed the following facts:
In case of a HTTPS request for a web site with say 4 gifs, mozilla opens up 4
TCP connections and do the SSL handshake including the clientkeyexchange,
.
-Subhash
Nelson B. Bolyard [EMAIL PROTECTED] wrote:
Was this with PSM 1.x? or PSM 2.0 ? or ??
--
Nelson Bolyard Sun / Netscape Alliance
Disclaimer: I speak for myself, not for Netscape
Subhash Chopra wrote:
Outputs from SSLDump with Mozilla
Patrick wrote:
I decided to use PR_Read and PR_Write to read the file and then write to a
socket. I think the problem with PR_TransmitFile I was experiencing may have
been the same one I saw with PR_Read when reading from a socket:
I doubt it. The behavior you describe, known as short
Carl Bergudden wrote:
As I'm not at all experienced with either Netscape (aka Iplanet) web
server or proxy server this may well have been discussed here already, and
I just didn't understand it while browsing the earlier posts (not all of
them though).
(I was 'redirected' to this news group
corinne dive-reclus wrote:
Hello,
I am trying to configure iPlanet to work with my hardware PKCS#11 token.
For that, I have to use modutil to add my token.
Unfortunately lots of shared libraries located into server4/https/lib
were not found and I had to copy them in different
Eric Greenberg wrote:
Also, note that, on the server-side, the maximum amount of time a server
cache's a session ID is typically configurable. In the earlier Netscape
servers we used a default cache timeout of 30 seconds. Later, the default
was increased to 24 hours. So the cache timeouts
Yannick Koehler wrote:
This make me suspect that our function that checks in which context a
packet come from is broken.
Which side has the responsability to ask for a re-negotiation
of the session ID / Keys? Is it the client or the server or both? I
would expect the server to be in
Yannick Koehler wrote:
And what are the reason for Mozilla to re-negotiate new session ID?
It appears that the cause of this bug has been found and fixed.
The bug was in the IPv6 emulation code in NSPR.
It caused the wrong IP addresses and port numbers to be given to SSL when
SSL asked
If you succesfully build mozilla on Alpha OSF1 V4.0D, please email me
the output of your build for mozilla/dbm. I'd like to know how you get
src/h_page.c to build. Thanks.
--
Nelson Bolyard Sun / Netscape Alliance
Disclaimer: I speak for myself, not for Netscape
Mike Belshe wrote:
I recently ran into some similar problems with several types of ptrs in
functionlists being bogus...
I traced it down to this little nasty in pkcs11p.h pkcs11u.h:
#if defined(XP_WIN)
#if defined(_WIN32)
#pragma warning(disable:4103)
#pragma
Colin Blake wrote:
OpenVMS has pipes, but not named pipes.
Don't need named pipes. Need unnamed pipes.
Sounds like you should just add OpenVMS
to the list of O/S's that should have this functionality stubbed.
I just checked in sslmutex.h and sslmutex.c on the trunk, in
Christian Barmala wrote:
Hi,
I consider PGP more secure than S/MIME, because you have more control over
each step and you get the source. However most ordinary users don't
understand how to operate it and therefore prefer S/MIME (if any encryption
at all).
Nelson B. Bolyard [EMAIL
Jung-Ho Ahn wrote:
Hello,
While I am trying to use NSS (actually JSS) in our HTTP server,
I found that I could not a server socket which is
waiting for a new connection, since a socket
is locked during the 'accept' call.
Is there any way to close that socket in another thread?
Thanks
Jung-Ho Ahn wrote:
Hello,
While I am trying to use NSS (actually JSS) in our HTTP server,
I found that I could not a server socket which is
waiting for a new connection, since a socket
is locked during the 'accept' call.
Is there any way to close that socket in another thread?
Jung-Ho
NSS presently builds a program named cmsutil.
It is used in NSS's test scripts. It may also be used by other projects.
I propose to rename it smimetool, and to change the test scripts in
security/nss/test that use it to use the program by the new name.
Unless I receive some reasonable
Alexander Kuit wrote:
Hi,
we plan to develop a PKCS#11 module for use with NSS/SSL. I've had a look
at the documentation and sources. The docs are quite good, but what I
couldn't find is a tutorial on how to develop PKCS#11 modules for NSS. Is
there any documentation out there or do I
This can happen if you have set the SSL_ENABLE_FDX flag on the SSL
socket, but do not have threads reading and writing simultaneously.
Have you set SSL_ENABLE_FDX?
--
Nelson Bolyard Netscape
Disclaimer: I speak for myself, not for Netscape
Robert Joop wrote:
i've discovered that mozilla up to 0.9.5 (build 2001101202) can't
connect to some https-sites netscape navigator 4.77 can connect to,
for example https://me.in-berlin.de/.
with mozilla 0.9.5 i get an unknown SSL error (-8101),
Well, first of all, you should be getting a
Mike Oliver wrote:
Nelson B. Bolyard [EMAIL PROTECTED] wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
This can happen if you have set the SSL_ENABLE_FDX flag on the SSL
socket, but do not have threads reading and writing simultaneously.
Have you set SSL_EN
Alexander Kuit wrote:
Is it possible to use NSS in the traditional SSL way, that means without a
PKCS#11 module?
NSS includes the only PKCS#11 modules that it needs. There is no need to
have any others. But NSS does need one or more of the modules that come
with it.
Thanks,
Alex
--
Robert Joop wrote:
On 01-10-30 05:13:46 CET, Nelson B. Bolyard wrote:
For future reference ...
error numbers in the range [-12k .. -11K] are SSL errors.
Their values and symbolic names are defined in
http://lxr.mozilla.org/mozilla/source/security/nss/lib/ssl/sslerr.h
Ian McGreer wrote:
Steven,
Unfortunately, certutil will not work in the manner you are attempting.
Historically, NSS had separate utilities for doing key generation
and certificate generation. You had to generate the keys, and then
reference them by the first few bytes of the
Jeffery L. Thomas wrote:
Hello,
I am trying to build NSS for Win32 and I am not having much luck.
I downloaded build NSS 3.3.1 and moz_tools.
I have everything building fine until I get to the BSAFE glue section then I
get a ton of compiler error (Sorry, I don't have the errors I am
Patrick wrote:
Ok agreed. However in my case, I don't expect the handshake to be redone
(or restarted) . My NSS-enabled apps connect, exchange data, and then
disconnect.
Right. That's how _your_ apps behave. How do the bad guy's apps behave?
There's no multiple connections, just
Patrick wrote:
Well, I'd be curious to know if you could use any of those acpkcs.dll with
an NSS-enabled client app and successfully use a cert off an ActivCard
smartcard for SSL client auth?
So would I. I've got two readers and all the drivers, but no cards for the
readers. Our IT
Victor Probo wrote:
I was trying to load a key encipherment(20) certificate I obtained from a
LDAP server. [snip]
As to loading it into the Mozilla store; that is a puzzle. I downloaded the
cert and stored it as a .cer file. I then attempted to open it using the
file open option of the
Patrick wrote:
Nelson wrote:
If you've got an SSL connection going and the peer application requests a
handshake, libSSL will do that handshake transparently to you (except that
if you've registered any callbacks, they will get called as appropriate
during the handshake). You can
Jennifer Glick wrote:
Benjamin Johnson wrote:
It seems like an addition option of:
Send encrypted to recipients with certificates and unencrypted to
recipients without certificates would be useful
Agree, but according to security team, that functionality is not currently
Patrick wrote:
Hello,
How does one get error messages when using NSS3.3? The only NSS3.3
public function which could help is PORT_GetError, however it seems
limited to NSPR type opreations. What about NSS/SSL error messages?
The correct function to use is PR_GetError().
The same error
Finn Fonnaas wrote:
Hi,
I've used Signtool 1.3 under win95 to create an object signing
certificate.
Communicator reports the Certificate as verified.
Signtool -l tells it good for signing objects, but
signtool -Z reports: Certificate extension not found
What is wrong???
Well, IMO,
Patrick wrote:
Nelson,
I don't have a libsectool.a anymore since NSS 3.3 now provides only 3 shared
libs (nss3.dll, smime3.dll, ssl3.dll)
Ah, then apparently you're not building NSS yourself from sources.
Do I need to build a custom NSS 3.3 to export functions that are now
internal?
Uriel Ginsburg wrote:
There is an assertion failure when freeing an arena in cmsutil, when signing
a message.
I wanted to know whether this is a known bug, or should I check whether I
used the wrong RTL or something... this bug occures after having built nss
from scratch, without any code
John Gardiner Myers wrote:
Nelson B. Bolyard wrote:
I don't see any way that SSL_ResetHandshake can return
SEC_ERROR_UNKNOWN_ISSUER
The poster said that SSL_ForceHandshake was the function that returned
SEC_ERROR_UNKNOWN_ISSUER.
You're right. I read
SSL_ResetHandshake fails
Uriel Ginsburg wrote:
Okay, I've developed a testing application and insofar it works great. Well,
in the debug build anyway. Converting to the optimized build, there is a
memory access violation which occures in certificate-related functions... I
wanted to ask whether this is a known issue
Patrick wrote:
Jamie Nicolson [EMAIL PROTECTED] wrote
[snip]
Run dumpasn1 on file #2 (the one containing the signature) and make sure
it is valid ASN.1. [snip]
The signature bytes are binary. They're not ASN1 encoded. (BTW, when you
say dumpasn1 tool, I suppose you mean the
Victor Probo wrote:
Nelson;
Your response is probably an over-generalization:
AFAIK, a text/x-vcard is not a certificate. So, it's no surprise that
Netscape browsers don't load it as if it were one.
(see below for context)
When I access the very same LDAP and card
The RijnDael cipher is now officially the Advanced Eencryption Standard
(AES), Federal Information Processing Standard (FIPS) 197.
The FIPS document, including the announcement, the specification,
and several appendices, may be seen at
Victor Probo wrote:
Nelson;
In collecting data for this reply, I found that you are correct.
(blush)
On the screen are two links (so to speak). One is an Address Card
icon and the other is a Download link. The link has a number of LDAP
args and ends with the
Patrick wrote:
Ok thanks.
About trust flags:
What if I do keep the intermediate CAs in my apps' cert db and I do flag
them as Valid CA (trust flags = c,, )
There's no need to give them any trust flags at all. c is a trust flag.
- With the understanding that I don't need to trust them
Scott Drumm wrote:
The Setup: I created a new CA certificate signed by root on my Linux box
and exported as a DER for the purpose of configuring SSL encrypted POP3
services from a RedHat v7.2 Server to Win9x workstations.
The Problem: Installation of the CA certificate into IE 5.0 was
Patrick wrote:
Update on my NSS + PKCS11 troubles:
I finally got my NSS client app to work with the PKCS11 crypto module and
the smartcard, and use the client cert on the card for SSL client auth.
Congratulations!
Speaking of SSL handshakes, when and why is SSL_ResetHandshake used? Is
Patrick wrote:
About certutil and how it does say Trusted CA to certs (only server certs
for ssl) when I use it against my cert7.db:
I use the regular command-line arg to see this output, i.e., certutil -L -d
c:\mycertdbdir, where mycertdbdir is the directory where my cert7.db lives.
OK.
hooway wrote:
We are making a PKCS11 token dll for CMS server. But we met some problems.
and cause windows shut down. We want to debug our dll to find the reason.
But how to do it under CMS server. It's always working as a NT Service. Is
there any method to force it working not in Service
Patrick wrote:
This is a repeat (not sure what happened to original):
I was able to use a cert which has keyEncipherment key usage only (no there
key usages especially *no digitalSignature*) for SSL client
authentication...I thought NSS would not permit this to happen, i.e. the
client
Patrick wrote:
If I have a customized callback method in my NSS app, where I do some cert
checks, and I now have a new reason for rejecting the incoming peer cert,
but how can I make that new reason available to the peer on the other end
of the connection? As it stands now, the peer gets
Wan-Teh Chang wrote:
Patrick wrote:
Hello,
I noticed JSS lists 5 TLS ciphers versus NSS listing 2. Why does NSS not
list as many? Does it support all 5 and the docs are not up to date?
Are you referring to the list here?
Eric Murphy wrote:
Bob,
I tried it again using a brand new database. Same error
certutil: unable to find issuer with nickname mozdev.org: Certificate
extension not found.
certutil: could not obtain certificate from file: Certificate extension
not found.
Any time you call a public
I just discovered a NASTY problem with S/MIME in Communicator 4.7x.
I certainly hope Mozilla's S/MIME will get this right.
8 days ago, I sent a signed and encrypted email to someone. After he
received it, he had a hard disk crash, and lost his email folders.
Fortunately, his private keys and
I understand the motivation for the behavior of __attempting__ to decrypt
the message, and then re-encrypt it.I don't have a problem with that.
But when the attempt fails because the local program does not have access
to the necessary private key, what should the program do?
Suppose that
Patrick wrote:
Hello,
Given a 100 bytes of data being sent over a network, how can I estimate or
calculate the corresponding number of bytes it would take to send the same
100 bytes in encrypted form using NSS?
In order words, how many bytes are sent during:
1. the SSL handshake
D wrote:
I'm a real novice in Mozilla's source code and trying to use NSS to
sign a string given the following:
1. String to sign
2. Serial number of certificate to sign string with
3. Issuer name of certificate to sign string with
I've done this using Microsoft Crypto API using the
Rob Allen wrote:
Is it possible to disable the error about different domains (preferably
on a per-site basis)?
Yes and no. The first time that you visit a site and get the hostname
mismatch error, if you click OK (or continue or whatever it is), it
should remember that you've OKed that
Robert Wagner wrote:
Let me see if I am following you here... if you have more than one
slot in your environment then you'll have modules declared in
secmod.db...
A module may contain multiple slots. All the slots for a certain type
of device will typically be in one module. A module
Martin Leung wrote:
Hi,
Is there any difference between the requirement of pkcs11 modules for
Commnicator 4.7 and Mozilla?
Yes. Communicator 4.7 only used a small subset of the capabilities defined
for a PKCS11 module. Mozilla uses a much larger subset. So a module that
implemented
Christian Emig wrote:
what does ssl-error -5985 mean? (Could not establish encrypted connection to
site).
It's an NSPR error code. See
http://lxr.mozilla.org/mozilla/source/nsprpub/pr/include/prerr.h#89
What has exactly happend to cause a -5985 ?
Some piece of code, somewhere inside
Patrick wrote:
I'm using gmake to build NSS on Windows but it looks like the build script
were not tested with gmake?
I build nss with gmake on Windows every day. I've never seen this problem.
--
Nelson B
Disclaimer: I speak for myself, not for Netscape
Kai Engert wrote:
Andrew Perry wrote:
I tried sending email with the first letter caps ([EMAIL PROTECTED]) and it
says I dont have a cert .. but if I put [EMAIL PROTECTED] ... it works just
fine .. I wouldn't have thought that case would have to do anything with
it ..
I'm not
Patrick wrote:
[...] I get an
error when doing a SEC_ASN1EncodeItem(0, result, sdrResult, template); the
error has something to do with the template used
(SECOID_AlgorithmIDTemplate)...Can't figure it out (had no problem on Unix
with this).
Patrick,
You have run into a fundamental
I should correct something I wrote in that last reply. I wrote:
Patrick wrote:
I had to use NSS_Get_SECOID_AlgorithmIDTemplate instead of
SECOID_AlgorithmIDTemplate in order to get the code to compile:
static SEC_ASN1Template template[] = {
{ SEC_ASN1_SEQUENCE, 0, NULL, sizeof
Patrick wrote:
Update on this:
the change you propose seems to work fine except that the problem seems to
be with successive encoding/decoding operations. That is to say, I can
encode/decode *once*, but when I do another successive encode/decode in same
program, I get the original error
Jim wrote:
I wrote a program to view CRLs in the DB (similar to crlutil) but it
doesn't work in all situations. I'm aware that there was a problem
with previous versions of NSS that didn't support CRLs greater than
64KB. I'm using NSS-3.3.2 and NSPR-4.1.2 to compile my program.
Listed
Patrick wrote:
Ok thanks. Lets step back. The change I made was:
SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate)
static SEC_ASN1Template template[] = {
[snip]
{ SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(SDRResult, alg),
SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
[snip]
{ 0 }
};
bonny joy wrote:
I am working in the ASN module in mozilla's NSS code.
What work are you doing in that module?
From the study i did i
came to analyse that SEC_ASN1EncodeItem is the top level function.
It is _a_ top level function. There are others.
SECItem *
SEC_ASN1EncodeItem
As I understand the problem, the user has a Solaris box running a version
of Solaris in which the program /usr/bin/passwd uses iPlanet's LDAP SDK
library to communicate with LDAP and LDAPS servers for user authentication.
LDAP SDK, in turn, uses NSS when communicating with LDAPS (LDAP over SSL)
Dave Roberts wrote:
[snip] I've just received an opaque signed message from an Outlook user.
Mozilla is happy to display the contents of the e-mail, however it
claims that the mail was encrypted - when it was not. Mozilla does
*not* import the persons certificate for me, so I cannot
Patrick wrote:
This is to follow up on a previous posting where:
[snip]
Nelson Bolyard responded saying that instead of doing:
[snip]
I should do:
SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate)
static SEC_ASN1Template template[] = {
{ SEC_ASN1_SEQUENCE, 0, NULL, sizeof (SDRResult) },
{
Jamie Nicolson wrote:
The NSS software PKCS #11 provider has two tokens, a crypto token and
a database token. Some algorithms that are supported by the crypto
token are not supported by the database token. This is determined by the
list of algorithms in
Ben Bucksch wrote:
Victor Probo wrote:
Darned if I can find the SSL specs I downloaded from Netscape so long ago.
http://www.openssl.org/related/ssl.html
The link given on that page is for the very first draft of the SSL v3
protocol spec. That draft does not represent the final
Christian Schulte wrote:
Hi!
I posted a very long article to this newsgroup describing some
misbehavior off the certificate management in mozilla and now after
driving home I must see, that my posting disappeared from this
newsgroup! Why did that happen ? Why was it deleted at all ?
The
Last week, Steven [EMAIL PROTECTED] wrote 4 brief messages about
related subjects:
Steven wrote:
Subject: How can I get Certificate chain with communication use SSL?
THX
Steven wrote:
Subject: More than One Cert?
I had more than one cert in wy client certdb,How can i send the client
Mark Douglas Corner wrote:
I am new to the code, please bear with me.
Welcome!
I have a question about how NSS handles temporary/session keys. In
particular I am concerned with the pre-master, master, write_mac_key,
write_key etc. These keys are generated using PK11_Derive,
1 - 100 of 170 matches
Mail list logo