-6458714-3717315
Neither of these books is wholly satisfactory. Harkins and Doraswamy
is old and was always a bit thin. Yuan and Strayer is rather academic
for my taste.
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED]]
Author of SSL and TLS: Designing and Building Secure
. I'm generally a lot more interested
in the latter (though there's a bigger market in the former so
maybe I should have targetted SSL and TLS differently :))
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED]]
http://www.rtfm.com
event-sinks for a SMTP-server. Where can
I ask some technical questions concerning authentication-issues.
Thank you very much for the help,
Ulrichts Erik
Software engineer
Hypertrust NV
Belgium
Eric Daigneault
Administrateur Systemes
Vacances Air Canada
-- Play with the best, die like the rest
-in-the-middle attacks is by having the
client check the server's certificate against a trusted CA. If you're
using self-signed certificates and the client doesn't have any
independent knowledge of the server's certificate you certainly are
vulnerable to a man-in-the-middle attack.
-Ekr
--
[Eric
Venugopal Panchamukhi [EMAIL PROTECTED] writes:
I've modified the client code in such a way that reading and writing
is done in a single thread. But my basic problem was not cleared. When
i'm calling select() it is returning the read condition after which the
read_SSL() method is returning
Matthew Fleming [EMAIL PROTECTED] writes:
I would appreciate your help with the following, although it is not
strictly (or not only) and OpenSSL problem.
I am trying to connect a Pocket PC to a Linux server. The Pocket PC uses
Schannel (which on the PPC apparently includes SSLv2 and SSLv3
approach is to look and see what errors the
client and server are generating. Failing that, use ssldump
http://www.rtfm.com/ssldump to watch the traffic and see what's
going wrong.
-Ekr
[Eric Rescorla [EMAIL PROTECTED]]
http://www.rtfm.com
Ludovic Courtès [EMAIL PROTECTED] writes:
This is pretty confusing. Are you trying to connect to an OpenSSH
server with SSL? That won't work.
Ok. I am getting a bit confused with secure protocols, and i guess i didn't get
it at all... ;)
It's a little confusing because OpenSSH uses
Richard Booth [Web Developer] [EMAIL PROTECTED] writes:
When performing a post from a non-secure sever to a secure server is the
connection made secure before any data passes through?
It's not clear what you mean here. Servers don't typically post
to other servers. Perhaps you mean when a
, SSL and TLS: Designing and Building
Secure Systems (see my .sig for a link)
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED]]
Author of SSL and TLS: Designing and Building Secure Systems
http://www.rtfm.com/sslbook
ISVs use Open SSL for
their products?
Any example will be very helpful for us. Your respones will be highly
appreciated.
Thank you very much for your help.
Best,
Eric Maruta
__
OpenSSL Project
revcommend inserting a
zero-length spacer before the dot, e.g.:
\*(L\.pem\*(R appended.
--
a href=http://www.tuxedo.org/~esr/;Eric S. Raymond/a
..every Man has a Property in his own Person. This no Body has any
Right to but himself. The Labour of his Body, and the Work of his
Hands, we
julien Bournelle [EMAIL PROTECTED] writes:
I try to developp a client/server application using TLS...
My client.c file is like this :
first : initialize_ctx();
tcp_connect6(); - I use IPv6 socket
SSL_new();
BIO_new_socket()
SSL_set_bio()
SSL_connect()
Rich Salz [EMAIL PROTECTED] writes:
SSLv3 is a defacto, industry standard, devised by the best cryptanalyst
we have. It is represented only by an expired Internet Draft. TLS is a
committee effort. You be the judge.
That is unfair, misleading, and wrong.
All IETF standards are
julien Bournelle [EMAIL PROTECTED] writes:
Hi,
as part of my thesis I must developp an application which uses
TLS. I use OpenSSL on FreeBSD 4.2. The problem is that I don't know how to
create a TLS connection between a client and a server. I searched on
google and other FAQs but I
Endre Meckelborg Rognerud [EMAIL PROTECTED] writes:
I'm trying to write a client in Java that should connect to an OpenSSL
server through a SSLConnection. I have tried to write it with the JSSE
package from Sun, but I've had a lot of problems. The first problem
was related to the message 'no
Wirta Ville [EMAIL PROTECTED] writes:
Yes, there is someone listening. And the whole thing works if client
doesn't use non blocking sockets. For some reason non blocking
BIO_do_connect doesn't send anything with it's first few attempts (it's
fourth or fifth time that makes things work)
Nancy Pawlowski [EMAIL PROTECTED] writes:
Does anyone recognize this error?
I've had jsse with tomcat configured under linux - and it is running ok;
but am having problems running it under windows2000.
This isn't an OpenSSL issue. Why are you posting it here?
-Ekr
Ruby Cruiser [EMAIL PROTECTED] writes:
Also,
SSL_read does not return at all... I don't know
what's going on.
What does Blocking and non_blocking IO mean??
Blocking I/O means that when you ask to read or write
on the socket and there's no data or buffer space available
the call won't return
to the server. Whether
sockets or CPU time is more precious to the server depends on
the server.
-Ekr
[Eric Rescorla [EMAIL PROTECTED]]
Author of SSL and TLS: Designing and Building Secure Systems
http://www.rtfm.com
Neff Robert A [EMAIL PROTECTED] writes:
I loved your book. Ordered it from BN as soon as
I saw it. Helped me overcome some early initial
mindblocks when first integrating with OpenSSL.
For those of you reading this, Erik's book is
titled: SSL and TLS - Designing and Building
Secure
Jeremy Smith [EMAIL PROTECTED] writes:
Also, the documentation refers to the concept of a BIO all over the places, but
never defines it anywhere that I can find. Is BIO some kind of universally
understood concept that I have only just heard of? In any case, where can I go to
learn about
Michael Sierchio [EMAIL PROTECTED] writes:
Eric Rescorla wrote:
There are a number of situations where one wishes to authenticate
clients based on their DNS names:
(1) SMTP/TLS.
(2) Secure remote backup.
In such cases the clients often (though not always) have fixed IPs
Götz Babin-Ebell [EMAIL PROTECTED] writes:
And how gets he the connection IP-Address - FQDN ?
-He uses DNS.
I think you need to reread his message since that's not
what he says.
If he wants to allow user XYZ presenting certificate C_XYZ to
do some things, all he has to do is look in an
[EMAIL PROTECTED] writes:
Been doing some searching and cannot find the SSL v2.0 specification.
I've found v3 and TLS v1 but I would like to get a copy of just SSL v2.0.
Does anyone know where the SSL v2.0 specifications are at?
http://www.netscape.com/eng/security/SSL_2.html
-Ekr
[Eric
and that it should generate an error if one is not received
(i.e. a clean way to do s-state=SSL_ST_ACCEPT). However, it's
important to realize that such a call is only useful in
certain circumstances.
-Ekr
[Eric Rescorla [EMAIL PROTECTED]]
http
Chen, Qiming [EMAIL PROTECTED] writes:
4.Then I saved cert.pem as client.key and signed_req.pem as client.crt, and
use client.key and client.crt in client.c 's
function:SSL_CTX_use_certificate_file(). My client can see and display
server 's certificate, but server complaint about client side
Eric Rescorla [EMAIL PROTECTED] writes:
Tom Biggs [EMAIL PROTECTED] writes:
OK, so I'm not very maths-literate...
I was just wondering what the odds are of a modular exponentiation
returning a result of zero in any OpenSSL usage of the modexp.
Yes, it's technically possible. Consider
you're MD5ing Hola\n
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED]]
http://www.rtfm.com/
__
OpenSSL Project http://www.openssl.org
User Support Mailing
chirs charter [EMAIL PROTECTED] writes:
Hello,
I am using imaps to retrieve my mail. My IMAP server
has both a public IP address and a non-routable adress
that we use here on the local LAN. From outside the
network users at home are able to retrieve mail
without problem. However here on
CJ Holmes [EMAIL PROTECTED] writes:
I get the same error connecting from other client machines using Netscape
4.7, but not if I use 4.7.5. There's clearly a bug in Netscape 4.7 and
earlier versions, but why is it just affecting our implementation of
OpenSSL?
That's a good question.
I'll
Chen, Qiming [EMAIL PROTECTED] writes:
Hi, when I use ssldump to watch my server and client communication in linux,
client sent certificate to server, but server always said: bad certificate.
Anyone know how do I make a client certificate that server will accept?
Thanks a lot!
You need to
Michael Sierchio [EMAIL PROTECTED] writes:
Chen, Qiming wrote:
Hi, when I use ssldump to watch my server and client communication in linux,
client sent certificate to server, but server always said: bad certificate.
Anyone know how do I make a client certificate that server will
Bodo Moeller [EMAIL PROTECTED] writes:
On Fri, Sep 07, 2001 at 11:06:06AM +0300, Andrew Popov wrote:
We need to set timeout on SSL_accept()
Seting with SSL_CTX_set_timeout(SSL_CTX *ctx, long t) has no effect
No, this function is not about connection timeouts (it is about the
session
Aslam [EMAIL PROTECTED] writes:
I have a general question about :
If while in ssl/tls handshake, one encounters an error, whether to send
alert that time only or let the handshake get complete and then send an
alert to the peer for closing the session..
Consider server authentication
Michael Sierchio [EMAIL PROTECTED] writes:
Eric Rescorla wrote:
RSA required a prohibition on reverse engineering as part of the
pass-through license which they imposed on their licensees (at least
they did for us). Thus, whoever reverse engineered the code likely
violated the license
, is getting the cert to work properly. IE
won't load the page, something about unable to verify signing authority.
I suspect I need to hang the signing CERT out on a web page for
verification. I'm not sure though
***
Eric Nevalainen
is in newcert.pem
I'm missing the boat on something hereI've followed the instructions
on:
http://www.pobox.org.sg/home/ngps/m2/howto.ca.html
Are there any other good documents out there on establishing/running a CA
using openssl?
TIA
Eric
Bill @ Rebey.com [EMAIL PROTECTED] writes:
I have a pair of programs that work fine (they can communicate with one
another) in clear (non-SSL mode), but when I switch them to use SSL, the
SSL_write hangs, as does the SSL_read on the other end. ( selecting for
Read on the reader's handle
Aslam [EMAIL PROTECTED] writes:
Hi..
man SSL_CTX_set_cipher_list
Yeah, read the man page. Check out the documents on www.openssl.org
but what should be the string format for the last parameter of above
function call..
This is described in the ciphers man page.
-Ekr
to such an attacker.
There's quite a bit more information about this in Chapter 5
of SSL and TLS.
-Ekr
[Eric Rescorla [EMAIL PROTECTED]]
Author of SSL and TLS: Designing and Building Secure Systems
http://www.rtfm.com
Aslam [EMAIL PROTECTED] writes:
Is PEM password encrypted private keys different from the PKCS8 password
encrypted private keys???
Yes, it's a slightly different key derivation function and
different formatting.
-Ekr
__
Bill @ Rebey.com [EMAIL PROTECTED] writes:
No, I haven't tried ssldump. What is it? Is it a utility? A build option?
A function that I can call? What's it do?
It's an SSL protocol sniffer. See http://www.rtfm.com/ssldump
-Ekr
Bill @ Rebey.com [EMAIL PROTECTED] writes:
Is there anywhere to get an ssldump binary for WinNT?
Not that I know of. If someone has done a port I'd love
to have a copy.
-Ekr
__
OpenSSL Project
Michael Wojcik [EMAIL PROTECTED] writes:
Just use buffered I/O.
I'd be interested to hear if this works (ie. if in practice it generally
manages to coalesce adjacent sends). I imagine it would, but I haven't
tested it yet. Of course, this will involve a buffer copy.
I have tested it. It
programming evil.
-Ekr
[Eric Rescorla [EMAIL PROTECTED]]
http://www.rtfm.com/
__
OpenSSL Project http://www.openssl.org
User Support Mailing
a partial record.
OTOH, if you were using non-blocking I/O you'd need to be willing
to handle SSL_ERROR_WANT_READ anyway.
-Ekr
[Eric Rescorla [EMAIL PROTECTED]]
http://www.rtfm.com
Michael Shanzer [EMAIL PROTECTED] writes:
I am writting a simple application that needs to talk
to a IIS web server using client authentication. I
cannot seem to get client authentication to work. I
have tried:
1) the cert in browser and it works OK.
2) turning off the required client
Dr S N Henson [EMAIL PROTECTED] writes:
Michael Shanzer wrote:
Is there a select equivlant or is my work around good
enough (if SSL_read returns -1 check the return value
of SSL_get_error, and if it returns 2, try again...).
If you mean retry SSL_read then that will work
Larry Ellis [EMAIL PROTECTED] writes:
I am trying to evaluate whether SSL (specifically openssl), would be a suitable
choice in securing my application. I am having trouble finding the best combination
of algorithms and parameters that will serve my needs. Here are the rules:
1. I'd like
Robert Pungello [EMAIL PROTECTED] writes:
I am trying to code client- and server-initiated rehandshakes to refresh
the encryption keys.
Why? Unless you're moving a truly enormous amount of data,
this is likely to be of minimal security value.
What threat are you concerned to counter?
My
Toms,Vincent [EMAIL PROTECTED] writes:
We have a certificate that was signed by Verisign, and we are
migrating web servers and can't remember the password on the cert.
Does any one know a way to pull the password so that we don't have to
get a new cert.
How did you start your web
Joseph Su [EMAIL PROTECTED] writes:
Hello there,
Please excuze me for a simple question. For all intents and purposes, please
refer to the sample server program included in the OpenSSL package. My
questions is: why do we need to *CLOSE* the TCP/IP listening socket, i.e.,
closesocket
Cory Winter [EMAIL PROTECTED] writes:
If a client implements it's own verify callback and that callback prompts
the user for input. (ie. Yes/No to allow connection) Is there a mechanism
which would prevent this action from blocking the server? Currently my
server which accepts all connections
and TLS: Designing and Building Secure
Systems.
-Ekr
[Eric Rescorla [EMAIL PROTECTED]]
Author of SSL and TLS: Designing and Building Secure Systems
http://www.rtfm.com
Nithya Rachamadugu [EMAIL PROTECTED] writes:
I are trying to Openssl- SSLv2 on Win32.
Does openssl- SSLv2 support dsa keys?
SSLv2 is RSA-only.
-Ekr
__
OpenSSL Project
Hieu Nguyen [EMAIL PROTECTED] writes:
[1 text/plain; iso-8859-1 (7bit)]
I want to use SSLv23_method to create SSL_CTX for my client program. I
worked OK if the server supports SSLv3 or TLS 1.0.
However, if the server only supports SSLv2 (as one of our current server)
it seems that my
Eric Rescorla's book, as the other poster did,
as a good book about the SSL/TLS protocol and implementations.
Thanks. :)
2. Having this said: unlike write() SSL_write() will only return with
success, when the complete buffer was written. Partial writes are
not supported. Thus
Vivian Cancio [EMAIL PROTECTED] writes:
In the 'dsaparam' manual the following parameter is described ...
numbits
this option specifies that a parameter set should be
generated of size numbits. It must be the last option.
If this option is included
are ready, they're not. There's
pretty extensive discussion of the details of using select() with
OpenSSL in Chapter 8 of my book, which also (of course) includes
extensive documentation of the aforementioned sample code.
-Ekr
[Eric Rescorla [EMAIL PROTECTED
Francis DeLaMaza [EMAIL PROTECTED] writes:
Greg,
Based on what I've discovered so far, and your feedback, it seems that the
best approach is to tweek the default keylegth of the RC4/SHA ciphersuite.
This cipher method comes standard under SSL v3/TLS1 at 56-bit and 128-bit
functionality.
. Sounds like a flushing problem. I'll
look into it.
-Ekr
[Eric Rescorla [EMAIL PROTECTED]]
http://www.rtfm.com/
__
OpenSSL Project http://www.openssl.org
sl instead of assuming
that it is correct.
If you can't find a good test program, then write one!
- Eric B
P.S. If that is indeed the problem, then look into the convertToBytes()
method. (I don't have my Java Almanac handy to offer better info. Darn.)
-Original Message-
From: Sabyasachi Gup
x509 -in ca2.crt -text -noout
% openssl x509 -in ca3.crt -text -noout
Haven't tried the rest of your stuff. Good luck!
- Eric B
-Original Message-
From: Patrick Li [mailto:[EMAIL PROTECTED]]
Sent: Thursday, March 22, 2001 10:58 PM
To: [EMAIL PROTECTED]
Subject: Re: Server sending
An assertion is a failure of an internal test. Something happened that
actually never should happen.
I have seen exactly this assertion with early versions of prngd, when I
was (incorrectly) calling RAND_add() from a signal handler, while another
RAND_add() might be active.
Got the following error during "make test." Does that mean I should
not install openssl until the issue is solved? The build itself seemed
to finish without any errors or warnings.
-- begin error message --
./randtest
assertion "md_c[1] == md_count[1]" failed: file "md_rand.c",
We just compiled ANDIrand under Solaris 8/INTEL and it works fine.
On Tue, 6 Feb 2001, Ricardo Stella wrote:
What solution is out there for the Intel port of Solaris 7 or 8 ?
Thanks...
--
--
Ricardo Stella
SUNWski is Solaris 2.5.1/2.6 only, last I heard. I tried it under 7 and
it does run (in 32-bit mode), though not correctly and not in 64-bit mode
at all.
Under Solaris, ANDIrand is a better choice.
On Tue, 6 Feb 2001, Ricardo Stella wrote:
I downloaded the 105710 patch to install the
[EMAIL PROTECTED] writes:
On 10 Jan, Itay Zandbank wrote:
However, Lutz's comment from before was correct. It's hard to do it for
EVERY protocol, since some protocols require the server to speak first. It
might even be impossible, because OpenSSL might actually SEND something to
the
alain rousseau [EMAIL PROTECTED] writes:
I am trying to sign a long digest using DSA_sign method.
I have a problem if the data I am signing is longer than 20 bytes:
DSA_do_sign:data too large for key size:dsa_ossl.c:152
There is indeed a size limit : min(size(q),50).
I have 2
Has anyone attempted to accept a new certificate authority (we run our
own) into Windows CE?
It appears that we can't and, consequently, Windows CE users can't access
pages or SSL services we've signed.
Any ideas?
Thanks!
Wyman Miles
Senior Systems Administrator, Rice University, Texas.
ating over an existing connection (e.g. if the server
sends a HelloRequest then the entire handshake will be encrypted).
-Ekr
[Eric Rescorla [EMAIL PROTECTED]]
Author of "SSL and TLS: Designing and Building Secure Systems"
be accessed only
after getting proper key, but again it should prevent copying or
decryption of codes ..
No such thing.
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED]]
http://www.rtfm.com
egitimate way to extract the destination host
from within an SSL clientHello? Relatedly, I would then need
the session_id from the responding serverHello at which point
I could build a hash table within the gateway service to manage
the rest of the session.
No. The informatio
Lutz Jaenicke [EMAIL PROTECTED] writes:
Are there any web browsers out there that support the HTTP Upgrade
spec to upgrade to TLS/SSL? (so far I've only had a chance to try
Netscape 4.x and MSIE 5.0 and 5.5)
As far as I know there has no browser been released using this technique.
Maybe
Richard Levitte - VMS Whacker [EMAIL PROTECTED] writes:
From: Eric Rescorla [EMAIL PROTECTED]
ekr Not as far as I know. It was never really expected that this
ekr technique would replace HTTPs for web pages, only for other
ekr HTTP/TLS uses. (Though frankly I doubt that as well.)
Uhmm
that page.
There's a lot more on this topic in Chapter 5 of "SSL and TLS".
-Ekr
[0] There are a few downgrade-to-export attacks which require
being able to crack export-grade keys in real time. AFAICT, this
isn't what he's talking about.
[Eric Rescorla [EMAI
tentially brute-force search the session key
and recover the password.
This isn't a MITM attack, however.
-Ekr
[Eric Rescorla [EMAIL PROTECTED]]
Author of "SSL and TLS: Designing and Building Secur
Michael Sierchio [EMAIL PROTECTED] writes:
Eric Rescorla wrote:
This isn't a MITM attack, however.
Sorry, Eric -- if you don't know or trust the signer, then you only
know that the presenter (could be a MITM) has the private key associated
with the pubkey in the cert. This means
to
connect to such sites.
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED]]
http://www.rtfm.com/
__
OpenSSL Project http://www.openssl.org
User Support
Michael Sierchio [EMAIL PROTECTED] writes:
Eric Rescorla wrote:
A MITM attack WOULD be possible if the browser didn't check the
server's certificate against the expected identity.
A check against the expected identity is only useful if the
binding of the pubkey to the identity
perly used. If improperly used, no security system
is safe.
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED]]
http://www.rtfm.com/
__
OpenSSL Project
"J. Chong" [EMAIL PROTECTED] writes:
I am terribly sorry I have to bother you alll with this question
again. Well I am a bit confused about SSL and SET. Does SET applies SSL
protocol?
No. It's an entirely different protocol.
Can I use OpenSSL to develop a payment system and put it on
redit card transactions
clearing. It has seen almost no deployment.
-Ekr
[Eric Rescorla [EMAIL PROTECTED]]
__
OpenSSL Project http://www.openssl.org
User Support Ma
Jeffrey Ricks [EMAIL PROTECTED] writes:
If I run (note that I'm using the same certs/keys as above):
openssl s_client -connect voodoo:443 -cert /tmp/s_client2.crt -key
/tmp/s_client2.key -CAfile /tmp/s_clientCA.crt -tls1 -cipher
DES-CBC3-SHA -state
with client authentication off at the
the certificate read happens just
fine and I get the peer information. It always fails when using SSLv3
with bad certificate (I tested with both a self signed and a Thawte
certificate).
Eric
[EMAIL PROTECTED]
S/MIME Cryptographic Signature
it looks to me like change was made in OpenSSL
0.9.6, so if you install 0.9.6 you should be OK. You could also maybe
get a Step-Up only certificate in which case IE will do Step-Up. This
seems like more work and lamer anyway :)
There's more on this in Chapter 4 of my book.
David Walgamotte [EMAIL PROTECTED] writes:
I tried 0.9.6 and it didn't work either.
Interesting. I've never actually tested SGC with OpenSSL so
I don't know that it works :)
Did OpenSSL report any errors?
-Ekr
__
OpenSSL
Carlos Vicente [EMAIL PROTECTED] writes:
Thanks again.
Another question:
Why woudn't a browser complain about a certificate with "*" as CN?
Aren't they supposed to compare the CN with the server's name?
* is a wildcard.
-Ekr
--
[Eric Rescorla
.
-Ekr
[Eric Rescorla [EMAIL PROTECTED]]
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager
"Scott Goodwin" [EMAIL PROTECTED] writes:
Eric,
I get a file not found from your link below. I track hacking on the URL and
no luck.
Doh! My web site is hosted by my ISP and they seem to have
temporarily hosed the virtual servers. I'd try again in a couple
of days. S
Sorry if people get this twice. I've been having mailer problems.
"Scott Goodwin" [EMAIL PROTECTED] writes:
Eric,
I get a file not found from your link below. I track hacking on the URL and
no luck.
Doh! I just finished experiencing multiple single points of failure.
My ISP ch
le
different protocol. It's like telling it to treat an ftp://
URL as if it were http://
-Ekr
[Eric Rescorla [EMAIL PROTECTED]]
__
OpenSSL Project http://w
treat an https:// URL as
if it were http://. That doesn't make any sense. It's a whole
different protocol. It's like telling it to treat an ftp://
URL as if it were http://
-Ekr
[Eric Rescorla [EMAIL PROTECTED]]
__
ANNOUNCE: ssldump: an SSL protocol analyzer
Version 0.9b1
http://www.rtfm.com/ssldump/
RTFM, Inc. is pleased to announce the availability of ssldump 0.9b1.
ssldump is an SSLv3/TLS network protocol analyzer. It identifies TCP
connections on the chosen network interface and attempts to interpret
there's any data on the socket but there's still data in
the SSL pipe.
I believe s_client/s_server handle this case correctly. There's
also some somewhat more minimal sample code on my web site at
http://www.rtfm.com/sslbook/examples
The relevant file is 'sclient.c'.
-Ekr
[Eric Rescorla
.
ssldump is released under a BSD-style license and is available
from
http://www.rtfm.com/ssldump
-Ekr
[Eric Rescorla [EMAIL PROTECTED]]
__
OpenSSL Project
David Lang [EMAIL PROTECTED] writes:
the problem is that TLS is not widly deployed on browsers. until it is
trying to use it for name-based secure servers will be very
problematic. for crying out loud people are still running into problems
with name based normal srvers and that just requires
Looks good to me.
-Ekr
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
Here are the step I used to built and configure OpenSSL:
1)perl Configure VC-WIN32
2)ms\do_ms
3)nmake -f ms\ntdll.mak
Is it enough detailed?
Regards,
Eric Korsia
Gilian Technologies
-Original Message-
From: Richard Levitte - VMS Whacker [mailto:[EMAIL PROTECTED]]
Sent: Sunday
201 - 300 of 339 matches
Mail list logo