Le 28/04/2013 20:26, redpath a écrit :
When an x509 is created using the openssl command it creates a default serial
number if one not supplied
How is this serial number created (algorithm) in general.
A 64bits random number.
openssl req -x509 etcetera
The default serial number is quite
Hi OpenSSL Users,
I am using OpenSSL 1.0.1c with OpenSSL FIPS module 2.0.2. I need a API
similar to AES_wrap_key() and AES_unwrap_key() in crypto/aes/aes_wrap.c
that will work in FIPS mode. The functions in aes_wrap.c use low level AES
functions ( and not EVP ) that are not supported in FIPS
Hi Jakob,
I am using Openssl 1.0.1e compiled against FIPS 2.0.2.
Thanks a lot! That was some great information. we will upgrade to 2.3.x
since we need OCSP support as well.
Any idea which is the stable version in 2.3.x?
Hi Viktor,
/And then protocols here. Which do you want, the protocol or the
Please refer to http://httpd.apache.org for the current version
numbers. Note that 2.3.x was a beta series for the current 2.4.x releases.
On 4/29/2013 2:22 PM, Cipher wrote:
Hi Jakob,
I am using Openssl 1.0.1e compiled against FIPS 2.0.2.
Thanks a lot! That was some great information. we
-Original Message-
From: sajualways
But what Use Case does this have, where client tells the server to resume
the ssl session on the same tcp connection.
The use case is changing the keys for securing long-standing connections. Of
course this is in the server's responsibility, but
In the Simple PKI example, step 5.4 View PKCS#7 bundle, the -in option
points to ca directory, but the bundle was created in step 4.3 Create
PKCS#7 bundle in the certs directory. I.e.:
Step 4.3:
openssl crl2pkcs7 -nocrl \
-certfile ca/signing-ca.crt \
-certfile ca/root-ca.crt \
-out
Good evening everyone,
Please excuse me if it has already been asked but is there a way to
make openssl s_client use my directory with every certificates (as with
-CApath) once and for all ?
Claws-mail is relying on it and doesn't manage to automatically asses
good certificates whereas