Re: What US companies need to know about RSA

HI! Please, can we stop the off-topic discussion here? We have enough to read all day. Ciao, Michael. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL

Re: slow authentication - session caching?

On Tue, Sep 28, 1999 at 08:43:37AM +0200, Heiko Nardmann wrote: Since I have a slow authentication I would like to use session caching but I am not clear of what to do for it. Do I have to provide code for every session caching callback (I read ssleay.txt) or is this there a setting which

RE: What US companies need to know about RSA

Hi there, We should just be thankful that the considerable work of Fermat, Poincare and others existed in a time where nobody had found a way to own a plot of algebra. Without their work, or with an inability to use their work, R, S, and A would have been unlikely to derive the simple algebraic

Re: a task that I'm sure someone has solved

Craig Idler wrote: Has someone done something like this in the past? It seems an ssl enabled telnet program could do this. It's so easy to use basic telnet talking to port 80, but using something that communicates with port 443 is a different story. Try "openssl s_client". This is similar

RE: a task that I'm sure someone has solved - And a newbie question to boot!

Hi All, I've doing the same task, and have found it easiest using the simple client example in the demos\ssl directory - s_client is reasonably complex for what is a reasonably simple task. What I don't understand is how to authenticate the server once the secure connection has been established

pkcs7 enc-dec

Hi I tried to play with PKCS7 encryption - decryption (enveloped-data content type). I notices that 1) neither crypto/pkcs7/enc.c nor crypto/pkcs7/dec.c can be compiled because "PEM_read_bio_*" functions now have an extra "char **u" parameter 2) after adding an extra ",NULL" to the

Re: What US companies need to know about RSA

I think this is right on topic. This discussion is why I am on the list at all. Michael Ströder wrote: HI! Please, can we stop the off-topic discussion here? We have enough to read all day. Ciao, Michael. __

Re: a task that I'm sure someone has solved

On Mon, Sep 27, 1999 at 01:48:03PM -0600, Craig Idler wrote: I would like to use the OpenSSL library with an application to send http method requests to a ssl enabled web server. In addition, I must be able to interact with the server to provide user:password information. Hi, I assume you

MSIE5 and Netscape client certificates

Hi all, I posted the same problems a few weeks back, I have only succesfully installed both the CA and the client certificate in both Netscape and MSIE 5 (Just follow the PKCS#12 FAQ): FOR THE CA: 1. Went to a new directory and did: CA.sh -newca. This created a demoCA directory that has the

Re: pkcs7 enc-dec

Mikhail Blinov wrote: Hi I tried to play with PKCS7 encryption - decryption (enveloped-data content type). I notices that 1) neither crypto/pkcs7/enc.c nor crypto/pkcs7/dec.c can be compiled because "PEM_read_bio_*" functions now have an extra "char **u" parameter 2) after

Re: What US companies need to know about RSA

"Spector, Brian" wrote: Greetings Lee, Umm. maybe we should talk. Maybe you should quit talking???... So your mother raised a thief? You know stealing intellectual property is the same as shoplifting your local Circle K? No distinction at all, regardless of whatever rational

SSL library error follows

Hello! Hello! I'm trying to use Apache with mod_ssl but there is error, which Apache get from OpenSSL library. The problem is: I've got signed certificates from Thawte, but Apache doesn't start, when these .key.crt used. There are such messages in the error: [Sun Sep 26 09:42:38 1999]

Netscape CMS certs, Apache and OpenSSL

Hi, Platform: hpux-11, Apache-1.3.6, OpenSSL-0.9.3a, modssl-2.3.11 I'm trying to use Netscape CMS (cert management system) to generate some user certs for SSL authentication. I've updated ca-bundled.crt with my CA detailes. My CA key is 2048. My apache works fine in SSL mode if client cert is

RE: a task that I'm sure someone has solved

Arrgh, sorry. Consider this a request to stop putting Reply-To! -Original Message- From: Salz, Rich [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 28, 1999 2:09 PM To: '[EMAIL PROTECTED]' Subject: RE: a task that I'm sure someone has solved very nice job!

RSAREF2 on snapshots.

Is it broken, or am I the biggest moron alive? :) -- Jeffrey H. Johnson, [EMAIL PROTECTED] The Web Site Factory, http://www.websitefactory.net __ OpenSSL Project http://www.openssl.org User

certificate renewal with MSIE 5

I'm having difficulty to install a new certificate after a certificate renewal w/ MSIE 5. Our certification authority have been tested during some time, now we have generated new CA's key pairs. In fact MSIE doesn't "refresh" the new certificate. (Same tests with Communicator 4.61 works fine

Re: SSL library error follows

Vladimir Litovka [EMAIL PROTECTED]: [Sun Sep 26 09:42:38 1999] [error] OpenSSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch What does it mean? Possible you installed the CA certificate instead of the certificate created for your server (use "openssl

DH key exchange security

There's a thread on one of the other lists about DH security where several people have said that 1024 bit DH has a strength of about 80 bits. But in SSL3 1024 bit ephemeral DH is used to protect the keys for 168 bit 3DES (EDH-RSA-DES-CBC3-SHA and EDH-DSS-DES-CBC3-SHA ciphers). Are those ciphers

DH key exchange security

There's a thread on one of the other lists about DH security where several people have said that 1024 bit DH has a strength of about 80 bits. But in SSL3 1024 bit ephemeral DH is used to protect the keys for 168 bit 3DES (EDH-RSA-DES-CBC3-SHA and EDH-DSS-DES-CBC3-SHA ciphers). Are those ciphers

Re: What US companies need to know about RSA

-Original Message- From: Spector, Brian [EMAIL PROTECTED] To: '[EMAIL PROTECTED]' [EMAIL PROTECTED] Cc: '[EMAIL PROTECTED]' [EMAIL PROTECTED]; '[EMAIL PROTECTED]' [EMAIL PROTECTED] Date: Monday, September 27, 1999 2:55 PM Subject: RE: What US companies need to know about RSA snip So

RE: a task that I'm sure someone has solved - server authentication

I've doing the same task, and have found it easiest using the simple client example in the demos\ssl directory - s_client is reasonably complex for what is a reasonably simple task. me too... What I don't understand is how to authenticate the server once the secure connection has

RE: MSIE5 and Netscape client certificates

5. I also convert the demoCA/cacert.pem to PKCS#12: openssl pkcs12 -export -in demoCA/cacert.pem -inkey private/cakey.pem -name "MY_ORG CA" -certfile demoCA/cacert.pem -out thecacert.pfx DO NOT DO THIS! If you do this with users you end up giving them the CA private key!! They can

Re: a task that I'm sure someone has solved

boy rich arent we getting cynical in our old age I'll drop you a line tomorrow to see what's up - as I've been lying really low - had to for what i'm doing Andrew ex OSF'er - i refuse to recognise the open group. __ OpenSSL

Re: MSIE5 and Netscape client certificates

Hector Jimenez Pensado wrote: 5. I also convert the demoCA/cacert.pem to PKCS#12: openssl pkcs12 -export -in demoCA/cacert.pem -inkey private/cakey.pem -name "MY_ORG CA" -certfile demoCA/cacert.pem -out thecacert.pfx DO NOT DO THIS! If you do this with users you end up

Re: What US companies need to know about RSA

At 01:09 PM 9/17/99 -0700, Aaron D. Turner wrote: This RSA library license that you recieve with Stronghold, etc, can not be legally transfered to another piece of software, because the license requires you to use the RSA approved implimentation of the RSA algorithm. The other option is to