On Mon, Jun 29, 2015 at 05:48:05AM +, Srinivas wrote:
Thanks. Makes sense.
But then why are the DES ciphers not listed in the supported cipher list for
TLSv1.2
here?https://www.openssl.org/docs/apps/ciphers.html#TLS-v1.2-cipher-suites
Those are all ciphers that require at least TLS
Do you use nameConstraints or have specified IP in subjectAltName?
Because OpenSSL can't handle that correctly.
2015-06-29 22:51 GMT+02:00 David Li dlipub...@gmail.com:
Hi,
As a test, I have created a rootCA, a subCA (signed by the rootCA) and
a client cert (signed by the subCA). Now I want
The subCA has nameConstraints in the subCA configuration file:
[name_constraints]
permitted;DNS.0 = example.com
client configuration file has subjectAltName:
subjectAltName = DNS: www.cs.com
So is this a mismatch? How come s_client/s_server test was okay?
On Mon, Jun 29, 2015 at 2:12 PM,
On 26/06/2015 21:41, Walter H. wrote:
Hello,
has anybody got a reliable source or knowledge about which
mail clients - especially which Thunderbird release - should be
capable of verifying such mails correctly?
I believe GlobalSign has a knowledge base article
listing this as far as they
Yes, because nameConstraints are inherited.
I don't know exactly where the bug lies but I strongly advise NOT to
use nameConstraints because while there is a standard nobody has
implemented full or correctly working support for it. I ran various
tests some weeks ago and the result was horrible.
