On 26/07/2017 20:58, Jakob Bohm wrote:
On 25/07/2017 19:00, Salz, Rich via openssl-users wrote:
If you want to use those ciphers, you need to set SECLEVEL=0 when you
specify the ciphers.
When did TLS_RSA_WITH_AES_128_CBC_SHA256 and higher become
"low security"?
It looks like the client is
On 25/07/2017 19:00, Salz, Rich via openssl-users wrote:
If you want to use those ciphers, you need to set SECLEVEL=0 when you
specify the ciphers.
I have no idea how to do that for the OpoenSSL C# binding. Maybe post
an issue on openssl-net?
When did TLS_RSA_WITH_AES_128_CBC_SHA256
Tx.
So, what should be the command line to use in order to obtain the same key?
openssl genrsa
openssl req -nodes -newkey rsa:2048 some_extra_parameters
Michele MAsè
On Wed, Jul 26, 2017 at 6:29 PM, Benjamin Kaduk wrote:
> On 07/26/2017 10:13 AM, Michele Mase'
On 07/26/2017 10:13 AM, Michele Mase' wrote:
> During the generation of x509 certificates, both commands give the
> same results:
>
> Command "a": openssl req -nodes -newkey rsa:2048 -keyout example.key
> -out example.csr -subj "/C=GB/ST=London/L=London/O=Global
> Security/OU=IT
During the generation of x509 certificates, both commands give the same
results:
Command "a": openssl req -nodes -newkey rsa:2048 -keyout example.key -out
example.csr -subj "/C=GB/ST=London/L=London/O=Global Security/OU=IT
Department/CN=example.com"
Command "b": openssl genrsa -out example.key
Hello *,
Even if no one know what to do, has anyone ever used OpenSSL Server? and if so,
is there any configuration parameters that I should take care of in case of
OpenSSL Server?
I hope to hear positive response from you guys.
Best Regards,
Amr
From: Hegazi, Amr
Sent: Tuesday, July 25,
No idea on OpenVPN, I guess you could ask them directly : )
> On 26 Jul 2017, at 18:38, SaAtomic wrote:
>
>
> Thank you for the elaboration and the link.
> One more follow-up question :)
>
> With OpenVPN, when I configure a TLS cipher suite like
>
Thank you for the elaboration and the link.
One more follow-up question :)
With OpenVPN, when I configure a TLS cipher suite like
`TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256`, I never manually created an ECC
private key.
You mentioned that this is required for such cipher suites. Does in this
> On 26 Jul 2017, at 16:21, SaAtomic wrote:
>
> The subject is much clearer to me now, thank you.
>
> The EC key you mentioned is not created manually, correct?
> This key is a result of ECC, which is done by OpenSSL.
>
> So if I set up a server offering TLS connections
The subject is much clearer to me now, thank you.
The EC key you mentioned is not created manually, correct?
This key is a result of ECC, which is done by OpenSSL.
So if I set up a server offering TLS connections and only offer ECDH/ECDHE, no
additional data has to be generated manually,
> On 26 Jul 2017, at 15:56, SaAtomic wrote:
>
> Thanks for the reply.
> I'm still not sure I understand this correctly.
>
> So the length of modulus is the essential part, determining the security of
> the DH, right?
Mostly.
> With ECC, this is defined by the used
Thanks for the reply.
I'm still not sure I understand this correctly.
So the length of modulus is the essential part, determining the security of
the DH, right?
With ECC, this is defined by the used curves.
Without ECC, this is determined by the DH parameters (from the .pem file I
mentioned).
The ‘key size’ concept is usually referred to the length of modulus. (In public
key crypto area)
For DH and ECDH, it (the size) ’s generated and defined in the ‘parameters’, as
you pasted. Parameters are not exactly the final ‘keys’, they are the
‘materials’ to produce keys (both private ones
I'm trying to comprehend the security impact of the different DH
implementations on TLS.
The main differences between the implementations are:
DHDHEECDHECDHE
Where the ephemeral DH provides forward secrecy, thus provides additional
security.
I'm not really sure how the elliptic curves
14 matches
Mail list logo