Hi Prabhu.
Have you checked that your're not running into any concurrency problems?
Best regards,
Jurko Gospodnetić
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
I want to use the openssl on uClinux, and use the engine for openssl. But my
uClinux does not support the dynamic linking, anyone could provide me a good
solution please? There is no dl.h
Dear list,
One of my responsibilities is to ensure that GlobalSign's roots are embedded
within devices and operating systems. Recently a major browser provider
indicated the following:-
However, for the most part we integrate with third party SSL/TLS libraries.
On these devices we do
Prabhu S wrote:
On 2/20/08, *David Schwartz* [EMAIL PROTECTED]
mailto:[EMAIL PROTECTED] wrote:
But, the application code tries to clear out/shutdown existing
SSL session with orderly bi-directional alerts. Once shutdown it
creates a new SSL object 'ssl' [ssl = SSL_new
Hi,
I want to get the CSR file to purchase an ssl certificate for securing SMTP
on Sendmail, OS=Redhat ES5 I ran the following:
1. to generate the private key: *openssl genrsa -des3 -out server.key 1024*
then i inserted my passphrase
*2. *to generate CSR: *openssl req -key server.key -out
Hi Jurko,
For each client the SSL_CTX object is unique. And when the application
starts, callback functions are set for multi threaded support. And when the
app tries to do SSL_connects in non persistent connections[ a new TCP for
each SSL session], all sessions are successful even under high
Hi Jimmy,
I think some details of my system would explain better.
When the client connects to the server, the server opens another connection
to a host server. The data that is sent by client is passed on to the host
servers. The host servers responds to client requests via server. The
Hi Prabhu.
For each client the SSL_CTX object is unique. And when the application
starts, callback functions are set for multi threaded support. And when
the app tries to do SSL_connects in non persistent connections[ a new
TCP for each SSL session], all sessions are successful even under
Prabhu S wrote:
Hi Jimmy,
I think some details of my system would explain better.
When the client connects to the server, the server opens another
connection to a host server. The data that is sent by client is passed
on to the host servers. The host servers responds to client requests via
Yes, Jurko. By callback functions I meant CRYPTO_set_locking_callback() and
CRYPTO_set_id_callback().
2008/2/21 Jurko Gospodnetić [EMAIL PROTECTED]:
Hi Prabhu.
For each client the SSL_CTX object is unique. And when the application
starts, callback functions are set for multi threaded
Jimmy,
You are right.The cryptographic negotiation of SSL takes
much longer than any TCP handshake. And I do agree with you on significance
of improvement. I haven't quantified yet the gain in doing connection in
persistent TCP.
But server as persistent TCP feature. Some client may wish to
This issue has been gratefully resolved by Tim Hudson. (See Below)
-Original Message-
From: Tim Hudson [mailto:[EMAIL PROTECTED]
Sent: 21 February 2008 11:28
To: Andrew Bryce
Subject: Re: SSL3_BUFFER Problem
This is a header file include order issue.
Edit HOSTCONNECTION.h (i.e.
What you are describing is a performance issue. You are
assuming that the bottleneck is OpenSSL, but do you have
proof? Are your sessions autonomous or do the clients
manage them? If each client searches thru a linked list,
then that is a likely source of the problem.
You need data. The gcc
Hello,
I want to get the CSR file to purchase an ssl certificate for securing
SMTP on Sendmail,
OS=Redhat ES5 I ran the following:
1. to generate the private key: openssl genrsa -des3 -out server.key
1024
then i inserted my passphrase
2. to generate CSR: openssl req -key server.key
Hello,
One of my responsibilities is to ensure that GlobalSign’s roots are
embedded within
devices and operating systems. Recently a major browser provider
indicated the following:-
“However, for the most part we integrate with third party SSL/TLS
libraries. On these
devices we do
This is nearly impossible to do. It's possible that you did it correctly,
but very unlikely. The basic problem is this -- when you call 'read' to
get
the last message of the first session, how do you make sure you also
don't
get all or part of the first message of the second session?
I do
TCP Connection: (4 bytes)
SYN
SYN/ACK
ACK
TCP TearDown: (3 bytes)
FIN/ACK
ACK
7 bytes were considered overhead and optimized on a channel that needs an
SSL session.
seems hardly worth it...IMO
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of David Schwartz
Hi.
TCP Connection: (4 bytes)
SYN
SYN/ACK
ACK
TCP TearDown: (3 bytes)
FIN/ACK
ACK
7 bytes were considered overhead and optimized on a channel that needs an
SSL session.
seems hardly worth it...IMO
On the other hand it might make sense in case stuff like firewalls
between client and
What makes sure that the last 'read' for the first session doesn't get some
of the data for the second session? Either something makes absolutely sure
this can't happen, or it can happen, and your design is broken.
SSL's bidirectional shutdown protocol probably makes sure there is no
..I mentioned overhead not in terms of data bytes, but the time. Considering
that in the system each session should not last not more than 3-4 seconds,
and client wanting to make multiple SSL session with server, persistence can
offer performance improvement.
Also each client that the application
20 matches
Mail list logo