On 20 May 2014 06:40, The Doctor,3328-138 Ave Edmonton AB T5Y
1M4,669-2000,473-4587 doc...@doctor.nl2k.ab.ca wrote:
Found that strndup would not work.
I had to add
#if !HAVE_STRNDUP
#include stdio.h
#include string.h
#include sys/types.h
#include malloc.h
/* Find the length of STRING,
On 20 May 2014 15:17, Ken Goldman kgold...@us.ibm.com wrote:
On 5/20/2014 7:24 AM, Ben Laurie wrote:
There is already a strndup replacement: BUF_strndup(). Switching to
use that would be better.
However
- if that function points to strndup, don't you still have the problem if
strndup
On 13 November 2013 10:35, Igor Sverkos igor.sver...@googlemail.com wrote:
According to RFC 3280, which defines
X.509 certficates, these entries, if they exist, must not have
an empty value.
FWIW, RFC 3280 has been obsoleted by RFC 5280.
I couldn't find where it said this in RFC 5280.
On 3 October 2013 22:14, Jeff Trawick traw...@gmail.com wrote:
E.g., run
echo GET / | openssl s_client -connect host:port
It does the handshake then stalls until you press a key (which will be
left unused in the buffer when openssl exits), then it sends the input. I
guess the kbhit() in
On 21 August 2013 03:19, Patrick Pelletier c...@funwithsoftware.org wrote:
On 8/15/13 11:51 PM, Patrick Pelletier wrote:
On Aug 15, 2013, at 10:38 PM, Nico Williams wrote:
Hmm, I've only read the article linked from there:
http://android-developers.**blogspot.com/2013/08/some-**
Try
write_data( file_, data, strlen(data) + 1, mykey);
On 16 August 2013 03:34, Ztatik Light ztatik.li...@gmail.com wrote:
ps, yes, line 29 is a mistake and should read: char new_filename[strlen(
filename ) + 5];
But even with that fix i get the same results
On Fri, Aug 16, 2013 at
On 24 July 2013 08:57, Lionel Estrade lionel.estr...@myriadgroup.com wrote:
Hello,
I am looking for a SSL/TLS stack for a project based on CVP2 and I need to
know if the following RFCs (which are required by CVP2) are fully/partially
implemented in OpenSSL.
RFC 4680 - TLS Handshake
On 18 April 2013 00:17, Jakob Bohm jb-open...@wisemo.com wrote:
This sounds like a gross violation of the Postel principle.
A principle that should be pretty much universally violated.
__
OpenSSL Project
On 6 March 2013 03:55, Nayna Jain naynj...@in.ibm.com wrote:
Hi all,
Are RAND_seed(), RAND_add() NIST SP 800-151A compliant ?
800-151 does not appear to exist, got a link?
__
OpenSSL Project
On 20 January 2013 00:09, Jeffrey Walton noloa...@gmail.com wrote:
Hi All,
How does one specify and architecture for Configure?
I don't think there is an approved way to do it in general. Probably
you have to edit Configure to specify a new target.
However, your problem appears to be that you
On 19 January 2013 16:31, Jeffrey Walton noloa...@gmail.com wrote:
On Sat, Jan 19, 2013 at 9:17 AM, Ben Laurie b...@links.org wrote:
On 26 December 2012 20:07, Jeffrey Walton noloa...@gmail.com wrote:
On Wed, Dec 26, 2012 at 9:57 AM, Ben Laurie b...@links.org wrote:
On Tue, Dec 25, 2012 at 1
On 26 December 2012 20:07, Jeffrey Walton noloa...@gmail.com wrote:
On Wed, Dec 26, 2012 at 9:57 AM, Ben Laurie b...@links.org wrote:
On Tue, Dec 25, 2012 at 1:35 PM, Jeffrey Walton noloa...@gmail.com wrote:
I fetched `makedepend` from FreeDesktop.org
(http://xorg.freedesktop.org/releases
The sharp-eyed will have already noticed we're moving to git.
Well, it looks like that's actually happened now. We're also shifting
pretty much everything to new infrastructure.
So, there may be outages, unexpected changes and general weirdness for
a little while.
We'll let you know when we're
On Fri, Jan 4, 2013 at 9:58 AM, Tayade, Nilesh
nilesh.tay...@netscout.com wrote:
Hi,
The RSA_private_decrypt() function is proved to be costlier on my system.
I will try for some hardware cards (PCI or over the network), which will help
me perform asymmetric decryption in case of
On Wed, Jan 2, 2013 at 8:34 AM, Jeffrey Walton noloa...@gmail.com wrote:
On Mon, Dec 31, 2012 at 7:00 AM, Ben Laurie b...@links.org wrote:
On Mon, Dec 31, 2012 at 11:39 AM, Jeffrey Walton noloa...@gmail.com wrote:
On Sun, Dec 30, 2012 at 3:20 PM, jb-open...@wisemo.com wrote:
On 30-12-2012 21
On Mon, Dec 31, 2012 at 11:39 AM, Jeffrey Walton noloa...@gmail.com wrote:
On Sun, Dec 30, 2012 at 3:20 PM, jb-open...@wisemo.com wrote:
On 30-12-2012 21:01, Jeffrey Walton wrote:
Hi All,
While working on Apple with Mac OS X and iOS, I found I needed to
patch OpenSSL 1.0.1c's Makefile.
On Tue, Dec 25, 2012 at 1:35 PM, Jeffrey Walton noloa...@gmail.com wrote:
I fetched `makedepend` from FreeDesktop.org
(http://xorg.freedesktop.org/releases/individual/util/). It would not
build due to missing dependencies. Ad infinitum.
$ port search makedepend
makedepend @1.0.4 (x11, devel)
On Tue, Nov 13, 2012 at 6:34 PM, Sanford Staab sanfo...@gmail.com wrote:
I have been struggling with openssl for a few months now writing batch
scripts on windows trying to make a .net web client with a client
certificate work with 2-way ssl against an apache web server.
Do you guys just want
On Wed, Oct 17, 2012 at 9:52 AM, Brent Evans brentevan...@gmail.com wrote:
Hi,
I'm currently trying to use the openSSL library to perform DES3 encryption
on a string. The result from this encryption then has a base64 operation
performed on it, before this is passed to a Java application to
On Sat, Oct 6, 2012 at 2:52 PM, Charles Mills charl...@mcn.org wrote:
I have recently written a product that incorporates SSL/TLS server code that
processes client certificates. I designed what I thought made sense at the
time but now I am wondering if what I did was best.
In the product's
On Fri, Aug 24, 2012 at 2:18 AM, Jeffrey Walton noloa...@gmail.com wrote:
On Thu, Aug 23, 2012 at 9:06 PM, Paulo Roberto bad_boy_...@hotmail.com
wrote:
Hello, I am using the package libssl-dev on ubuntu in my beagleboard xm, and
I have to run two C algorithms using the openSSL library..
On Tue, Aug 21, 2012 at 2:14 PM, Charles Mills charl...@mcn.org wrote:
Actually, there IS *almost* a general solution to this problem.
The input consists of characters from some set of 'n' characters. (Perhaps
'n' is 94 -- 0x21 through 0x7e inclusive -- but it does not matter.) You need
to
On Tue, May 22, 2012 at 9:55 AM, Simner, John
john.sim...@siemens-enterprise.com wrote:
Dear all,
I am working on an embedded product which currently uses OpenSSL 0.9.8w with
FIPS support.
I'm curious: what product is this? I had a quick poke around and
couldn't find any mention of OpenSSL on
demos/state_machine
demos/tunala
On Tue, May 8, 2012 at 2:17 PM, Marcin Głogowski m.glogow...@bossa.pl wrote:
Hello,
I have to write non blocking SSL/TLS server based on the OpenSSL library.
I couldn't find any example/tutorial with this.
Please write me where can I find some client/server
On Sat, May 12, 2012 at 12:15 AM, scott...@csweber.com wrote:
Ahhh!
So, a 15 byte block (or ends with a 15 byte after multiples of 16 bytes)
would use a 0x01 in the last position...?
And a whole multiple of 16 blocks would have an extra block filled with
0x0f's...?
0x10, actually.
My
On Mon, Apr 30, 2012 at 12:45 PM, Dr. Stephen Henson st...@openssl.org wrote:
On Sun, Apr 29, 2012, Mike Hoy wrote:
We use McAfee to scan our website for vulnerabilities. They claim the
following:
Configure SSL/TLS servers to only use TLS 1.1 or TLS 1.2 if supported.
Configure SSL/TLS
...@quantum.com
Preserving the World's Most Important Data. Yours.T
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Ben Laurie
Sent: Monday, April 30, 2012 1:32 AM
To: openssl-users@openssl.org
Subject: Re: McAfee Claims TLS
On Sun, Apr 29, 2012 at 10:40 PM, Mike Hoy mho...@gmail.com wrote:
We use McAfee to scan our website for vulnerabilities. They claim the
following:
Configure SSL/TLS servers to only use TLS 1.1 or TLS 1.2 if supported.
Configure SSL/TLS servers to only support cipher suites that do not use
On Thu, Mar 29, 2012 at 5:40 AM, Prashanth kumar N
prashanth.kuma...@gmail.com wrote:
Thanks Ken for pointing out the mistake... after changing to
AES_Decrypt(), it worked but i still see issue when i print the
decrypted output as it has extra non-ascii characters in it.
Below is the input
On Tue, Mar 27, 2012 at 8:26 PM, Ken Goldman kgold...@us.ibm.com wrote:
On 3/27/2012 3:51 PM, Jakob Bohm wrote:
On 3/27/2012 9:37 PM, Dr. Stephen Henson wrote:
You should really be using EVP instead of the low level routines.
They are well documented with examples.
Where, precisely?
I
On Tue, Feb 21, 2012 at 5:47 PM, Chris Dodd d...@csl.sri.com wrote:
On 02/19/2012 07:36 PM, anthony berglas wrote:
Exactly. So you need about 112 bits of entropy / Pass Phrase to
generate a good 2048 bit key. Remember that the vast majority of 2048
bit numbers are not valid key pairs.
On Tue, Feb 21, 2012 at 7:04 PM, Ben Laurie b...@links.org wrote:
On Tue, Feb 21, 2012 at 5:47 PM, Chris Dodd d...@csl.sri.com wrote:
On 02/19/2012 07:36 PM, anthony berglas wrote:
Exactly. So you need about 112 bits of entropy / Pass Phrase to
generate a good 2048 bit key. Remember
On Sat, Jan 7, 2012 at 4:12 PM, Manish Jain invalid.poin...@gmail.com wrote:
Hello Michael/Anyone Else,
Can you be kind enough to please point me to some place/URL where I can get
a bit more information about how the key is negotiated upon ?
I have gone through a a couple of write-ups on
On Fri, Sep 23, 2011 at 4:54 PM, Dr. Stephen Henson st...@openssl.org wrote:
On Fri, Sep 23, 2011, Jakob Bohm wrote:
Is openssl running out of bit values for SSL_OP_ constants?
Well more ran out of contants. When a new flag was needed for TLS v1.2 all 32
bits were used but fortunately two
On Wed, Sep 21, 2011 at 3:48 PM, Thomas J. Hruska
shineli...@shininglightpro.com wrote:
The Register published an article yesterday that some people here might be
interested in on TLS 1.0 being cracked:
http://www.theregister.co.uk/2011/09/19/beast_exploits_paypal_ssl/
The Register points
The offender was removed from the list earlier today :-)
On Wed, Sep 14, 2011 at 3:41 PM, Jakob Bohm jb-open...@wisemo.com wrote:
WARNING: The automatic vacation response mail system used by your coworker
Mr. Lau
is spamming a public mailing lists with its automatic responses. You may
want
Rodney Thayer wrote:
I've tried one of the 0.9.8 snapshots and make test is failing, after
running for an enormous amount
of time. (openssl-0.9.8-stable-SNAP-20050613.tar.gz)
Two questions:
1. what's the output supposed to look like, these days? Specifically,
is it supposed to run a long
Richard Levitte - VMS Whacker wrote:
This kind of question should go to openssl-users@openssl.org, which is
why I only send the response there.
I'm surprised you bothered, given that he spammed every email address he
could find.
--
http://www.apache-ssl.org/ben.html
Medi Montaseri wrote:
ThanksI was particularly interested in FreeBSD amd64 which currently
Configure does not
support. I have since found that FreeBSD.org has a patch and they claim
that OpenSSL code
maintainers have been notified but openssl community has not included
that on their recent
Peter 'Luna' Runestig wrote:
On Fri, 14 Jan 2005 21:10 pm, Eduardo Pérez wrote:
Do you know if it's possible to use SSL (or some other protocol) over
UDP running totally in user space.
The OpenVPN project http://openvpn.net/ runs OpenSSL over UDP, works
great.
No, it doesn't. It uses SSL do
Henry Su wrote:
Try to find some source code for EAP-TTLS or EAP-PEAP, these use mem BIO and
SSL. You can try to read some source code FreeRadius or Open.1X. Good luck.
Or mod_ssl in Apache 2.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
There is no limit to what a man can
Joseph Bruni wrote:
On Apr 11, 2004, at 1:44 PM, Garrett Kajmowicz wrote:
They don't do quite the same thing. RSAPrivateKey_dup() et al. do not
accept a
const RSA*, they accept a RSA*. The i2d function, however, does accept a
const RSA*, so I've resorted to that pair.
I believe that the
Steven Reddie wrote:
Hi Steve,
I take it that dynamically linking the FIPS OpenSSL into an executable
means that the FIPS certification is void for that application. So as
you have stated, static linking is required. However, if I'm producing
a security library that uses OpenSSL and I
Boyle Owen wrote:
-Original Message-
From: Ben Laurie [mailto:[EMAIL PROTECTED]
I disagree.
I've lost the thread... You want to limit posting to subscribers only or
you don't?
I don't.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
There is no limit to what a man
Rich Salz wrote:
I think I misunderstood that question. I honestly don't know what we
would lose. Maybe a sense of openness.
In the past -- at least, say, 2-3 years ago -- we had a couple of
anonymous posters who made very worthwhile contributions. Haven't
seen that recently. Also, it used
Jin Zhao wrote:
Looks like openssl tar balls are signed with a different PGP key for
each source tar ball.
For example, openssl-0.9.7b.tar.gz was signed using a key with key id
E06D2CB1 and openssl-0.9.7c.tar.gz was signed with key id 49A563D9.
My question is why not sign the released tar ball
Rich Salz wrote:
we got ahold of an AEP1000 crypto accelerator for testing purposes. I am
stumped. The numbers look horrible.
The openssl speed program is not good for testing anything other than
the openssl software implementations. It does a repeated
single-threaded call to RSA_sign, etc.
Tal Mozes wrote:
Hi,
I just ran into this article
(http://www.gcn.com/vol1_no1/daily-updates/24504-1.html) which title is
OpenSSL gets FIPS certification. There was also a link to the article
on the last SANS NewsBites (Vol.5 Num.52, see http://portal.sans.org/).
From what I read in the websites
Rich Salz wrote:
reversible compression hash alogorithms out there?
I'm not a mathematical cryptographer, but that phrase sounds like an
implausability to me.
It is, of course, trivial to prove that anything with arbitrary length
input and fixed length output is not reversible. I missed the
Mathias Brossard wrote:
On Fri, 2003-09-05 at 19:59, Ben Laurie wrote:
Mathias Brossard wrote:
- Asymmetric: DSA, RSA, ECDSA
Not my understanding. Anyway, DSS only. RSA can't be, and ECDSA we
aren't doing.
It's a little disappointing that RSA is not part of the process
Mathias Brossard wrote:
On Fri, 2003-09-05 at 11:55, Ben Laurie wrote:
- What version of OpenSSL does it correspond to? 0.9.7b?
Yes, and the FIPS specific routines will be carried forward in future
OpenSSL releases. Only the cryptographic module containing the
relevant cryptographic module
Chris Brook wrote:
If I read your reply right, responsibility for DAC and Known Answer Test
checking is the responsibility of the app developer, though you will provide
the DAC checksum for the crypto module. Have you also included the KATs,
since they essentially exist the OpenSSL test
I'm coming close to the end of the work to get OpenSSL FIPS-140ed. So,
if people have comments/changes/concerns, they'd better get a move on
and clue me in, because once its done we can't change it.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
There is no
I expect a release to follow shortly.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit. - Robert Woodruff
OpenSSL v0.9.7a and 0.9.6i vulnerability
Joe Rhett wrote:
So, say you have a server which listens on both port 443 for SSL
and 80 for HTTP, does access on port 80 get blocked at the same
time as access on port 443 gets blocked.
Yes. Not 'blocked' -- TCP connects happen, but the server doesn't reply
for up to the Timeout period. It
Rich Salz wrote:
Or use the trick we created for Identrus: make the nonce be the hash of
the document that made you first do the OCSP query.
That doesn't prevent a replay attack, in general, of course.
If the document isn't public, then it's as good as arbitrary random bytes.
If the
The project leading to this advisory is sponsored by the Defense
Advanced Research Projects Agency (DARPA) and Air Force Research
Laboratory, Air Force Materiel Command, USAF, under agreement number
F30602-01-2-0537.
The patch and advisory were prepared by Ben Laurie.
Advisory 2
Richard Levitte - VMS Whacker wrote:
In message [EMAIL PROTECTED] on Tue, 9 Jul 2002 11:43:04 +0300,
Vadim Fedukovich [EMAIL PROTECTED] said:
vf please consider to include this code into distribution
Thanks and forgive me for being a nuisance...
Errr...
a) This should be on
Bill Sommerfeld wrote:
As others have pointed out, the DNS already has the capability
to store certs. So you could use the DNS as a publication
method. But is this the only thing a PKI needs? How would
one revolke a cert that was in the DNS? How can you update
[EMAIL PROTECTED] wrote:
I have, for two days, been banging my head on trying to install this
apache server with mod_ssl. I keep having problems. I have tried
absolutely everything I can think of to try to fix this. I have searched
all of the postings and tried their solutions. Nothing
Patrick Li wrote:
Thanks for the information. Does that mean there is no longer restrictions
on using any of the cipher suites specified by TLS or SSL outside of the US?
There never were restrictions on _using_ them, only on exporting.
Sorry for a simple question. But is it still the
[EMAIL PROTECTED] wrote:
-Original Message-
From: Ben Laurie [mailto:[EMAIL PROTECTED]]
Sent: 14 February 2001 13:25
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: echoping 4.1 released : a tool to test SSL servers
[EMAIL PROTECTED] wrote:
This is just
Joseph Ashwood wrote:
I've found a problem with BN_mod_inverse, in particular when it is called
many times in quick succession when verifying DSA signatures. Originally
this showed up when use DSA_do_verify, so I wrote my own, and I've isolated
the problem as being in BN_mod_inverse. It
[EMAIL PROTECTED] wrote:
Further to my previous message, I have not only received my Cryptoswift
card, but I actually have it working. I'm seeing a speed improvement of
around 20x on a Dual Pentium 166.
Hmmm ... so we can expect about 3x on a single P3/1GHz. How much do
these things cost?
Lutz Jaenicke wrote:
On Sun, Jan 21, 2001 at 07:03:07PM -0500, Greg Stark wrote:
sorry for the misinformation. I misunderstood a thread I had read in the
archives. Just out of curiousity, what do the following functions do:
SSL_CTX_set_session_cache_mode( );
Shridhar Bhat wrote:
Hi,
We are trying to deploy multiple SSL-based servers
in a cluster. We want to share the session cache of each
of these servers so that connections from same client
(with session id reuse) can be handled by any server in
the same cluster. The scheme is simple:
Marco Russo wrote:
- Original Message -
From: "Ben Laurie" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, January 17, 2001 7:18 PM
Subject: Re: BN_rand question
Marco Russo wrote:
I need to generate a random polynomial in Zp, with p very large
Marco Russo wrote:
I need to generate a random polynomial in Zp, with p very large (1024-2048
bits).
Sorry for my math...:-(,
but I think that with your method the problem is that the numbers in [0,
p-1] are equally likely only if
(2^(n - 1))mod p = 0, where n is the number of bits in
David Schwartz wrote:
David Schwartz wrote:
That is not a restriction on the right to "copy, distribute or modify",
now is it?
Yes, it is.
All it restricts is your ability to advertise: i.e. if you
advertise yourself, you must also advertise us. A bit like a GPL for the
Bernard Dautrevaux wrote:
-Original Message-
From: David Schwartz [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, November 29, 2000 12:26 PM
To: [EMAIL PROTECTED]
Subject: RE: Looking for an HTTPS client for NT C/C++
Ben Laurie wrote:
I'm not convinced by your
Shridhar Bhat wrote:
[EMAIL PROTECTED] wrote:
On 24 Nov, Jean-Marc Desperrier wrote:
Shridhar, a tool that incorporates OpenSSL code can hardly be released as
GPL, because OpenSSL itself is not GPL.
As I understand the BSD license, BSD licensed code can be rereleased
under the
John Casu wrote:
For example, mod_ssl is released under the GPL, and links
with openSSL and Apache.
Actually, I believe mod_ssl is BSD-licenced, as is Apache-SSL.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
"There is no limit to what a man can do or how far he can go if he
doesn't
Richard Levitte - VMS Whacker wrote:
From: Achim Spangler [EMAIL PROTECTED]
spangler The error message is as follows:
spangler cc -I.. -I../../include -std1 -tune host -O4 -readonly_strings -c
spangler bss_fd.c
spangler cc: Error: /usr/include/sys/signal.h, line 486: In the declaration
Richard Levitte - VMS Whacker wrote:
[I'm cc:ing [EMAIL PROTECTED], because questions about this
are getting there over and over...]
There's a problem that several people who installed OpenSSL to be able
to uyse OpenSSH have faced:
Could not find working SSLeay / OpenSSL libraries,
Richard Levitte - VMS Whacker wrote:
ben I don't recall how SSLeay was installed, but for OpenSSL, there's a
ben glitch in the way it tries to find the libraries. The following fix
ben works for me:
ben
ben Its looking for an uninstalled version, handy for developers, not so
ben handy
"Wilder, John" wrote:
The openssl has utilities to generate DSA and RSA encrypted keys.
Is there anyway to generate 56bit DES keys? If not by openssl, how?
Just pick a random number.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
Hakan Lindh wrote:
Look at Arcot Systems, Inc. for a smart-card solution without the physical
smart card www.arcot.com
I've heard some pretty bloody stupid things in my time, but this really
does take the biscuit.
--
SECURE HOSTING AT THE BUNKER: http://www.thebunker.net/hosting.htm
Does anyone have a copy of the RSA flier going about with a picture of a
car on the front, in which the scurrilous claim that free software is
not supported or maintained is made?
I had one, but its, err, in use by the ASA. :-)
Cheers,
Ben.
--
SECURE HOSTING AT THE BUNKER!
Jeffrey Altman wrote:
Richard Levitte - VMS Whacker [EMAIL PROTECTED] ,in message 2202220
[EMAIL PROTECTED], wrote:
I think the real problem is that an attempt is made to compile stack.c
as a C++ file, not a C one. What should be done is to tell the
compiler that it
"Paulo S. L. M. Barreto" wrote:
Greetings.
I'm implementing elliptic curve software on top of OpenSSL Bignum
library. When testing it on NIST's standard curves, I found a problem that
seems not to be in my code: Bignum reports that NIST's 384-bit prime is not
prime! I've checked the
Radovan Semancik wrote:
hello!
I'm interested in SET (Secure Electronic Transactions) protocol support
in OpenSSL.
Is there such a best? Is there plan to add SET implementation to
OpenSSL?
Is there any other open SET implementations?
No, no and not as far as I know. I'm vaguely
M wrote:
[Perhaps I ought to know this already, but...]
RFC 2246 says "The differences between [TLS 1.0] and SSL 3.0 are not dramatic, but
they are significant enough that TLS 1.0 and SSL 3.0 do not interoperate (although
TLS 1.0 does incorporate a mechanism by which a TLS implementation
jackie wrote:
Will you tell me what fields I must fill in my certificate that
are different from client certificate or normal certificate?
There aren't any that are different, but leaving any blank makes
Netscape throw hissy fits.
Cheers,
Ben.
Ben Laurie wrote:
a) Use the latest
Rodney Thayer wrote:
you should be able to go to at least 2049, as the PKIX limit
is around 2050. I know some vendors have tested this.
PKIX is not limited to 2050, it simply changes format at that point. The
problem is, presumably, that the date calculation is not carried out in
an
Michael Sierchio wrote:
Ben Laurie wrote:
Permit me to quote from RFC 2246 (TLS):
The Internet
Standards Process as defined in RFC 2026 requests that a statement be
obtained from a Patent holder indicating that a license will be made
available to applicants under
Vin McLellan wrote:
I also believe in SW patents, .. but the current farce with RSA, even you
have to admit, is stupid! Why cannot developers purchase a license (I do
not call $100,000 a license fee for ANYONE)? Why has RSA abandoned RSAREF?
1. People who own something (and a
Michal Otoupalik wrote:
Hi,
I have tried to compile OpenSSL 0.9.4 on OpenBSD and when compilation was in
directory crypto/comp
then it stopped with error:
+gcc -shared -o libcrypto.so.1 -Wl,-S,-soname=libcrypto.so.1 -Wl,--whole-archive
libcrypto.a
ld: No reference to __DYNAMIC
Does
Michael Robinson wrote:
Patrik Carlsson [EMAIL PROTECTED] writes:
You could remove your key passphrase - but it's not recommended for obvious
security reasons!
Everyone says that, but I've never seen anyone elucidate on the so-called
"obvious" reasons.
The key file is protected by
Maurice klein Gebbinck wrote:
Hi all,
This weekend I read the SSL spec and I am wondering about the following.
Suppose I am a the owner of an e-shop and I have a secure webserver. In
order to make sure that all product orders I get are for real, I require
that clients present a valid
Rich Salz wrote:
To the
best of my recollection, the following is a direct quote from one
of the NSA folks:
... we call that crypto-with-a-hole and we don't allow
that to be exported
Hmm ... thought it was the DoC that wrote the export rules. :-)
Cheers,
Ben.
--
Nicolas Roumiantzeff wrote:
Could you describe this "meet-in-the-middle" attack on the 3-DES?
OK, well, it's a known-plaintext attack. You encrypt the known plaintext
with all 2^56 possible keys for the first step, and store the results.
You then decrypt the ciphertext with all 2^112 possible
Bruno Treguier wrote:
Ben:
Is that true keylength or effective keylength? 3DES has an effective
keylength of 112 bits.
Well, first of all I have to present my apologies to the list for my
double posting the other day. Seems that I slipped on the "send" key
before finalizing my
Jeffrey Altman wrote:
What is the purpose of global CAs such as
Verisign if I can't trust the certificates to identify an end user?
That is indeed the question. At least the part before the "if" :)
At least now you can have a single value (subject,issuer,serial#)
to map "global
Roddy Strachan wrote:
Hi,
I managed to get a certificate up and running, but whilst running
with apache-ssl, i get :
[Thu Nov 11 11:18:50 1999] [debug] apache_ssl.c(355): Random input
/dev/urandom(1024) - 1112
[Thu Nov 11 11:18:50 1999] [debug] apache_ssl.c(928): Generating 512
Gustavo Pérez wrote:
Subject: Could not read server certificate (-8174)
Date: Wed, 27 Oct 1999 12:12:27 +0200
From: Gustavo [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Please, find bellow the error we have as soon
John Farrell wrote:
Yes, I noticed the existence of SSLRequireSSL, but eschewed it because the
documentation suggests that it has a granularity of: directory, whereas I
believe there should be a way to specify SSL _only_ for even a specific
file, which may be in a directory that is not SSL
CJ Holmes wrote:
Eh? You can already point OpenSSL at a file and tell it to read bytes.
What's the problem?
Ben, I am talking about functionality beyond pointing OpenSSL at a file.
OpenSSL ought to include the code to generate that file using a sound
card or other device/scheme, and
Terrell Larson wrote:
Would it make any sense to build a card?
Somebody already has, but I keep forgetting who.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to
Paul Khavkine wrote:
-BEGIN PGP SIGNED MESSAGE-
OpenSSL is a continuatin of SSLeay project done initially in australia
It is an SSL developpement toolkit NOT an apache module.
If you want to get a SSL module for apache go to:
http://www.modssl.org
or http://www.apache-ssl.org,
Trickett Mark wrote:
Please could you help we are urgently upgrading several and we are having
trouble locating any Y2K compliance information for the following products
:-
Openssl - 1.03
That'll be because there isn't any. There isn't a version 1.03, either.
1 - 100 of 138 matches
Mail list logo