On 2009.05.15 at 21:16:12 +0200, Lasse Kliemann wrote:
Ok. There is another thing that I do not understand. The output
of 'openssl smime -verify ...' is rather sparse in case that
verification is successful. How can I know which certificate was
responsible? I cannot see why verification
Hello,
Does anybody has any experience with generating a certificate from a
certificate request, by signing it with an nCipher HSM (the CA key being
stored on the HSM), through the nCore API?
I am specifically interested by the actual data stream that I need to
provide to the HSM for it to sign.
-
What this article says is this: if you *received* data from TCP
connection it will be without duplication or losing data. It doesn't
say: if you *send* data it will be received correctly by other host.
It's impossible to garantee.
--
Andrey Koltsov
With TCP you basically don't know
Hi everyone
I just start to work on openssl using command window utility . I want to
work on Reverse SSL where the roles of client and server will be exchanged .
I wanna know how to get openssl source code as well as how can i modifiy the
code so that now server encrypt the key and client decrypt
Wikipedia is right in principle, but doesn't cover the case of TCP
hijacking. By reliable delivery guarantee, it means the transport layer,
once the data has left the application layer (i.e when is placed on the
wire). Of course no guarantees are offerred for the application layer, where
the
* Nikos Balkanas wrote on Mon, May 18, 2009 at 15:29 +0300:
Wikipedia is right in principle, but doesn't cover the case of TCP
hijacking.
I think this is out of scope,
TCP is said to be reliable, not neccesarily secure.
oki,
Steffen
--[ end of message
Hi ,
I am getting problem in configuring ssl on tomcat 5.5
I genrated private key and certificate using openssl then i copied these in
top directory of tomcat. And enable the 8443 connector in server.xml file in
following way
Connector port=8443
maxThreads=150 minSpareThreads=25
João wrote:
TCP does not provide delivery assurance. If the application needs
to know
the data got through, it must use application-level
ackwowledgements. SSL
does not change this and provides the same set of guarantees and
assurances
TCP does.
I'm sorry to disagree but TCP,
Hello,
Does anybody has any experience with generating a certificate from a
certificate request, by signing it with an nCipher HSM (the CA key being
stored on the HSM), through the nCore API?
I am specifically interested by the actual data stream that I need to
provide to the HSM for it to
On Sun, May 17, 2009 at 8:22 PM, João Távora joaotav...@gmail.com wrote:
Maybe I didn't really fully explain myself, the problem is not really
ensuring secrecy and integrity, it's ensuring delivery.
[...]
In this case the attacker would have tampered with the delivery assurance of
TCP but none
On Mon, May 18, 2009 at 6:26 PM, David Schwartz dav...@webmaster.com wrote:
[...]
Whoops. I was writing my response while David's made it already
across. His is shorter and saying exactly the same.
ACKs are not important. There's message, there's stream and the
security breach. The latter does
2009/5/18 Nikos Balkanas nbalka...@gmail.com:
It would require a lot of effort, but a transparent proxy, can rewrite IP
source headers, sequence numbers, ACKs and if it has followed all algos and
key exchanges, even regenerate those. HMAC is nothing more than a glorified
CRC encoded with some
This is an Apache Tomcat question, not an OpenSSL question. Please
direct your request to the appropriate Apache support group. (I will
note that it'll be easier for them to diagnose it if you tell them the
exact error message you're getting, instead of simply saying it
doesn't work.)
-Kyle H
On Mon, May 18, 2009 at 10:24:55AM -0700, Kyle Hamilton wrote:
'reverse SSL'?
You get the OpenSSL source code from http://www.openssl.org/source/ .
You can 'exchange' the role of client and server by having the client
connect a TCP session to the listener and then passing that descriptor
On Mon, May 18, 2009, Kyle Hamilton wrote:
Both of which are described as hard problems. It's not known
whether they qualify as NP-complete, but they definitely qualify as
NP-hard (NP meaning 'nonpolynomial time', or 'the amount of time
required to do it is logarithmic with how much
* Victor Duchovni wrote on Mon, May 18, 2009 at 13:53 -0400:
On Mon, May 18, 2009 at 10:24:55AM -0700, Kyle Hamilton wrote:
'reverse SSL'?
In other words, the TCP initiator and passive listener are not
necessarily also the SSL client and server respectively.
I think stunnel already
David,
I think we're drifting a little bit from my original question here. I
certainlly don't mean to imply that there's anything wrong with SSL or
the OpenSSL's implementation, I just want to discover if it does what
I want.
TCP specifically does *not* communicate ACKs up to the
Joao Tavora wrote:
Certainly! I never said it did. TCP ensures delivery to the host,
not the application. But it does ensure it up to the host, or if
that cant be achieved the peer host is appropriately notified.
Right, none of which has any application-level consequences. These are all
Thanks for suggestion but may be i didnt put my query in right way . I want
that client initiate the request and server listen the request but the
roles of server and client get exchanged during the key genration to
offload the server from key decryption operation.
On Mon, May 18, 2009 at 11:23
On Tue, May 19, 2009 at 09:44:23AM +0530, Neetu Agrawal wrote:
Thanks for suggestion but may be i didnt put my query in right way . I want
that client initiate the request and server listen the request but the
roles of server and client get exchanged during the key genration to
offload the
You mean that client should do the encryption??
On 5/19/09, Neetu Agrawal agrawal.nee...@gmail.com wrote:
Thanks for suggestion but may be i didnt put my query in right way . I want
that client initiate the request and server listen the request but the
roles of server and client get exchanged
Hi All,
I'm having a bit of an issue with OpenSSL and blank shells. This is
kind of a cross-product issue, but I'll do my best to describe.
Basically, I'm working with a product called RealBasic. It has a
SHELL class that allows direct access to the local system's shell
(whether it be
Thanks for the answer. The API is not very specific about this operation.
Please see inline comment.
2009/5/18 d...@deadhat.com
Hello,
Does anybody has any experience with generating a certificate from a
certificate request, by signing it with an nCipher HSM (the CA key being
stored on
23 matches
Mail list logo