Kyle Hamilton wrote:
You're looking at the User Guide. This isn't the right thing to look
at; the relevant document (and indeed the controlling document) is the
Security Policy, http://openssl.org/docs/fips/SecurityPolicy-1.2.pdf ,
and the relevant section is Appendix A, Installation
Hi Kevin,
here is a good howto:
http://wiki.cacert.org/wiki/CSRGenerator?action=showredirect=VhostsApache
The best thing is to use the SubAltName Way to set up a vhost because
most browser support this.
Cheers,
Thomas
Kevin Murphy wrote:
Hi OpenSSL Users,
I am setting up an Ubuntu 8.10
On Fri, Jan 9, 2009 at 8:18 AM, Dr. Stephen Henson st...@openssl.org wrote:
So either use a box supporting SSE2 or use a pure C build (no-asm) which
will have poorer performance.
config with,
./Configure shared --prefix=/usr/local/ssl --openssldir=/usr/local/ssl \
linux-generic32 no-asm
Config:
./config --prefix=/usr/local/openssl zlib
make completed successfully, as well as make test.
For some reason, make all attempted (why?) to install FIPS:
making install in crypto/pqueue...
making install in fips...
making install in fips/sha...
making install in fips/rand...
making
I am a new user of openssl. I wonder if there is a implementation in openssl
library about the schnorr signature, thank you!
PGNet wrote:
On Fri, Jan 9, 2009 at 3:29 PM, Kyle Hamilton aerow...@gmail.com wrote:
If you read it, you too will see this. :)
Actually, I HAD already read section 4.2.1 of the UserGuide for *v1.2*,
4.2.1Building the FIPS Object Module from Source
The specification of any other
On Sun, Jan 11, 2009 at 7:11 AM, Steve Marquess
marqu...@oss-institute.org wrote:
As an uncontrolled document the User Guide can contain extraneous detail and
can be amended as often as necessary, and I try hard to keep it as technically
complete and accurate as possible. So yes, the Security
With the addition of fips object to the 'mix' of available build
options, is openssl configure with
./Configure ... enable-rc5 enable-mdc2 fips
(iiuc, CHANGES' stmt that 'idea' *is* enabled by default still holds?)
sufficient to enable _all_ available algorithms, with the option to
disable
Which source code package are you using? You cannot make a non-FIPS
version from the FIPS sources.
-Kyle H
On Sat, Jan 10, 2009 at 9:19 PM, Val Baranov val.bara...@duke.edu wrote:
Config:
./config --prefix=/usr/local/openssl zlib
make completed successfully, as well as make test.
For
PGNet wrote:
With the addition of fips object to the 'mix' of available build
options, is openssl configure with
./Configure ... enable-rc5 enable-mdc2 fips (iiuc, CHANGES' stmt that
'idea' *is* enabled by default still holds?)
sufficient to enable _all_ available algorithms, with the
Hi Steve,
On Sun, Jan 11, 2009 at 10:14 AM, Steve Marquess
marqu...@oss-institute.org wrote:
Here you are presumably using a FIPS compatible standard OpenSSL
distribution, i.e. 0.9.8j.
yes,
openssl version
OpenSSL 0.9.8j-fips 07 Jan 2009
The fips option means find and reference the ...
FIPS-capable builds are not subject to any restrictions as to the
algorithms they can implement. The only restriction is that, while in
FIPS mode (enabled by FIPS_mode_set()), the code within the
fipscanister is used for all cryptographic operations (including
encryption, decryption, hashing, and
lampa lampa2...@gmail.com writes:
Hello All:
At first , I make SSL connection By OpenSSL ,and then ,I want IE can share
this connection ,which means that IE do not need SSL authentication again
,so IE can connect the WEB server on the SSL tunnel.
Now,SSL connection is built by OpenSSL. But
Frans,
The mistake in your original code is largely due to the
BIO_set_mem_eof_return(mem, 0);
call at the start as that one prevents the bio chain from signaling
'should retry' upon error conditions (such as BIO_mem becoming empty,
due to BIO_read pulling the data out of it).
Instead, things
PGNet wrote:
...
Ok.
So , e.g. (reading the UserGuide now ...), to ensure that all ssh -
ssh comms between boxes were limited correctly to fips-only algo
usages, in openssl.cnf, I'd specifically add:
# Openssh section
openssh_conf = openssh_options
...
[ openssh_options ]
alg_section =
On Sun, Jan 11, 2009 at 3:42 PM, Steve Marquess
marqu...@oss-institute.org wrote:
Long story short, OpenSSH really needs some source mods to gracefully invoke
and run in FIPS mode.
Hrm ... I'd have thought that openssh would be amoong the 1st/best @ compliance.
Several people, myself
I hope I'm coming to the right place for this. I installed OpenSSL
on my Vista box and found after I uninstalled that SSL no longer
worked on any of my apps besides Firefox (https on I.E., WebEx, etc).
I found this odd, but I haven't yet found a way to fix it. Is this
something easy I've simply
Ben Dimick wrote:
I hope I'm coming to the right place for this. I installed OpenSSL
on my Vista box and found after I uninstalled that SSL no longer
worked on any of my apps besides Firefox (https on I.E., WebEx, etc).
I found this odd, but I haven't yet found a way to fix it. Is this
OpenSSL is a library and, as such, doesn't come with its own installer
(at least not the official distribution), so question is where / what
you ran to 'install and UNinstall OpenSSL'.
On Win32/64 platforms, the problem you describe generally stems from
some uninstaller (for application XYZ)
Thanks for the tips. I thought this seemed strange, but it was the
only culprit I could produce. I had previously tried reinstalling
the binaries and had no success. I decided to try again because I
think it was the light installed I tried the second time. I did
the full install and it seems
20 matches
Mail list logo