Have you submitted a bug report for Apache (not honouring server config
cipher order) if one doesn't exist?
As for resistant to quantum computers, given the current aim is for systems
that can calculate things that would currently take the age of the universe
to calculate, resistance is futile ;)
hi,
> 2) How can i get the list of ciphers supported by openssl 01.01.0f ?
openssl ciphers -v ???
> These question looks to be very basic but i could not find any concrete
> information regarding the same googling.
Google provides the answers if your question is well formed. or you
could
https://github.com/google/easypki ,
http://pki.fedoraproject.org/wiki/PKI_Main_Page etc etc - we wrote a
simple similar system when using OpenVPN years ago. it was (IMHO) very
good but the powers that be decided that OpenVPN wasn't the way to go
and so money was spent on a (inflexible and
confirmed, i've seen dozens on one cert - far more preferable to do
that and have such numbers than a single wildcard cert (which has
issues on all sorts of platforms
for various purposes).
alan
On 26 April 2017 at 18:24, Blumenthal, Uri - 0553 - MITLL
wrote:
> > It’s been
+1 for keeping the features (I use AmiSSL ;) )
alan
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
hi,
Will client respond for heart beat request even if server doesn't support
heart beat . ?
no. both systems need to have some heartbeat code present.
Which version of ssl this heart beat in introduced ?
same as all the original advisories have said 1.0.1 - fixed in 1.0.1g but
patches to
It seams that there is another difference between the two openssl
versions then only the heartbleed bugfix.
err, yes. The g release is a new minor release. I'd ALWAYS advise reading the
changelog before deploying. .. You'd then have seen the new features (this is
why vendors such as redhat
https://www.openssl.org/news/changelog.html
1.0.1 introduced the heartbeat support.
1.0.0 and earlier are fortunate in that they didnt have it.but then they
didnt have things to stop you from being BEASTed so some you win, some you
lose. ;)
alan
...or take the upstream fix...apply to your older version and keep the
heartbeat functionality. Which is what I believe the very latest redhat/centos
patches do
Alan
But its the apps that need these features. The app should either have the
option to disable features of not needed. .. or be coded to not accept such
extensions if it doesn't utilise them (which I believe is the correct way)
alan
Use Google? ;)
mount_msdosfs -u x -m 700 /dev/usbdevice /mnt/
where -u is the uid of your required user.
alan
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
Hi
Likely to be already using it and you can verify this by running some
benchmarks - this is on a massive host and not virtualised platform? I guess a
related question is how to ensure that those functions are used by openssl
whenever possible. ... eg required openssl config in software that
Hi,
I am not criticising the documentation for openssl, and will not; but I
would encourage those who are responsible for maintaining and improving
openssl to not neglect the documentation. It would be a mistake to leave
it is an Open Source project - thus there is also an onus on
Hi,
Nonsense. No-one knows better how the code ought to be working than the
folk who developed it. I begin with the assumption that all my coders are
i'd cite the cathedral and the bazaar ...or the 'many eyes make all bugs
shallow'
views - if you are given the API and the documents,
The wildcard is for a particular domain (* is value for any host within it) .
If your other server is in a different domain, then it won't work.
alan
hi,
this isnt OpenSSL or its config - this is an application question. you need
to check your squid.conf configuration file - if you were already doing
CA verification with old cert, the old config will be there - otherwise
you will need to check with the squid documentation on how to do it.
Hi,
I just compiled openssl-1.0.0g on a Win7 box using MingW. All went well,
except I got a virus alert from Avira for 'TR/Graftor.10418.101' found
in the file .../openssl-1.0.0g/test/asn1test.exe. That virus was added
to the Avira VDF file on 2012-01-18.
Avira denies access to it, so that
Hi,
In an application that you use or one that you've written? Ie where is this low
cipher being seen?
alan
hi,
you are using cryptodev with that Atom rather than just using software-only
OpenSSL?
alan
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
Hi,
Hey List,
I am using Openssl for experimenting with the cryptographic accelerator
on Sun machine. I am using this command
openssl speed -engine pkcs11 -evp aes-128-cbc
to have the results and this gives me number of bytes that are
communicated between the processor and
Hi,
Thank you! But now I'm spending my time with another issue with this: I
cannot create certificate longer than I month:
This is my CA certificate validity:
...
Not Before: Aug 3 10:07:14 2011 GMT
Not After : Aug 2 10:07:14 2012 GMT
...
This
Hi,
Thanks for the input guys, however the 15 second pause exists even if i
explicitly disable reverse lookups in apache 'Hostnamelookups Off' in
httpd.conf and my server is operating on an internal network in a company so
although i cant say for sure i doubt there is much IPV6 stuff
Hi,
On 04/26/11 3:06 AM, Matthew Fletcher wrote:
I've come to this list in search of help with slow https conenctions (via
the subversion, apache and finally mod_ssl lits).
There is a 15 second ish delay whenever a client connects using https,
15 seconds sounds to *me* like a DNS
Hi,
I’m new as can be with creating SSL certificates on my own. I downloaded
the openssl binary and installed it. The instructions and tutorials on
the website don’t help me much in terms of steps A,B,C; this could also be
due to a lack of familiarity with technical terms used
Hi,
Hi,
Since we are on the subject of hardware enhanced cryptography, does the
HiFn chips used in the Soekris devices, have support in openssl?.
yes - for some time now. i happen to have a vpn1401 next to me which I used in
a FreeBSD box
alan
Hi,
Hello everybody,
The AMD Geode LX800 CPU has an on-chip AES 128-bit crypto accelerations
block and a true random number generator, but OpenSSL is not using it.
Please see the below link for test reports and openssl outputs
http://debian.pastebin.com/faeff2a3
Is there anybody that
hi,
your pkcs11 on the Sparc system is fast(!) its just the verification
that seems a little b0rked/slow :-|
alan
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
27 matches
Mail list logo