The client sends a ClientHello message with the protocol version in this case
3.1.
The server sends a ServerHello message with the protocol it supports.
The client reads the ServerHello and checks the protocol version.
You can test by running the following commands.
openssl s_server
Read the Configure file.
Victor
I am still have issues with
the default ECDH parameters in 1.0.0c.
The key generation with NIST Prime-Curve P-192 crashes.
static void nist_cp_bn(BN_ULONG *buf, BN_ULONG *a, int top)
{
int i;
BN_ULONG *_tmp1 = (buf), *_tmp2 = (a);
for (i = (top); i != 0; i--)
*_tmp1++ =
, December 03, 2010 10:43 AM
Subject: nist_cp_bn issue
On Fri, Dec 03, 2010 at 09:10:41AM -0800, Marcus Carey wrote:
I am still have issues with the default ECDH parameters in 1.0.0c.
kEECDH handshakes appear to work.
The key generation with NIST Prime-Curve P-192 crashes.
How do you reproduce
@openssl.org
Sent: Friday, December 03, 2010 1:18 PM
Subject: Re: nist_cp_bn issue
On Fri, Dec 03, 2010 at 12:06:22PM -0800, Marcus Carey wrote:
openssl ecdhtest
What is openssl ecdhtest?
Must use the -no_ecdhe flag.
openssl.exe s_server -no_ecdhe
With what cert/key? Any other options? What
Windows XP Service Pack 3
OpenSSL version 1.0.0a 1 Jun 2010
C:\openssl-1.0.0a\out32dllopenssl s_server
Loading 'screen' into random state - done
Using default temp DH parameters
Using default temp ECDH parameters After this message I get a pop a window
saying openssl has encountered a problem
: Sunday, November 14, 2010 8:32 AM
Subject: Re: s_server crashes in version 1.0.0a
On Sun, Nov 14, 2010, Marcus Carey wrote:
Windows XP Service Pack 3
OpenSSL version 1.0.0a 1 Jun 2010
C:\openssl-1.0.0a\out32dllopenssl s_server
Loading 'screen' into random state - done
Using default temp DH
malformed key. Can you please check that?
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 11/14/2010 8:57 PM, Marcus Carey wrote:
I tried the latest snap shot before I sent the first email.
OpenSSL 1.0.1-dev xx XXX .
Also, when I ran the test, they all passed. However
In a command window type:
set OPENSSL_CONF=c:\openssl\openssl.conf
change c:\openssl\openssl.conf to the path of your configuration file.
Or open up the control panel and open the system dialog. Click on the
environment button and add new system variable. Reboot the computer and run
your
It works! I was compiling the application with header files from an earlier
distribution.
Marcus
- Original Message -
From: Marcus Carey
To: openssl-users@openssl.org
Sent: Friday, August 14, 2009 10:03 PM
Subject: Re: RSA_print_fp still crashes using Windows MD library
OpenSSL 1.0.0-beta3 July 2009
I have compiled the mkcert.c example in the distrubtion with the MD library on
Win XP using VCStudio NET and it still crashes. I also included the applink.c.
Unhandled exception at 0x10001d36 in mkcert.exe: 0xC005: Access violation
writing location
);
}
- Original Message -
From: Marcus Carey
To: openssl-users@openssl.org
Sent: Friday, August 14, 2009 6:30 PM
Subject: RSA_print_fp still crashes using Windows MD library
OpenSSL 1.0.0-beta3 July 2009
I have compiled the mkcert.c example in the distrubtion with the MD library
on Win XP
First create a CA key using the following command.
openssl genrsa -des3 -out ca.key 1024
Assuming your config file is located in the openssl root directory you can
create a CA cert using the following command.
openssl req -config openssl.conf -new -x509 -key ca.key -out ca.cer
I am getting error messages about system variables not being defined windows CE.Does this matter if I am configuring OpenSSL for Win32? %OSVERSION%%TARGETCPU%C:\opensslperl Configure VC-WIN32Configuring for VC-WIN32 no-camellia [default] OPENSSL_NO_CAMELLIA (skip dir) no-gmp
r
clients. Potentially there could be 250 Registration Authorities offering
digital certificates signed by the OpenSSL Certificate Authority.
To achieve this I am willing to make an investment.
Marcus Carey
void main(void)
{
X509 *cert = NULL;
BIO *certBio = NULL;
X509_EXTENSION *keyUsage = NULL;
STACK_OF (X509_EXTENSION) *exts = NULL;
ASN1_STRING *strUsage = NULL;
void *Usage = NULL;
X509V3_EXT_METHOD *method;
STACK_OF(CONF_VALUE) *nval = NULL;
CONF_VALUE
Using MS VC++ .NET PEM_read_X509(fp,NULL,NULL,NULL); fails.
I have narrowed it down to the BIO_gets()
fucntion.
int BIO_get(BIO *b, char *in, int inl){
/* . . . */
i=b-method-bgets(b,in,inl);
/* . . . */
}
An Application Error dialog reports "The memory
cannot be writting"
http://www.openssl.org/related/
http://www.iconsinc.com/~agray/ossldev/
- Original Message -
From: ahmad hassan [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, June 04, 2004 8:24 AM
Subject: Openssl on windows vc++ project
Hello,
I would like to know that is it possible to
Email Replication
Certificate Request Agent
Key Recovery Agent
Private Key Archival
Lifetime Signing
File Recovery
How do I create a client certificate which has only the folowing two
usage values?
Proves your identity to a remote computer
Protects e-mail messages
Thank You!
Marcus Carey
I am using the the BIO_set_conn_ip() macro to set
the local loop back address 127.0.0.1.
However I am getting the following errors.
The file bss_conn.c shows the host to be
49.50.55.46 although I set it to
127.0.0.1.
** C:\Client\Client.c:38 Error connecting to remote
VeriSign claims its 128-bit $889 Secure Site Pro
Certificate is the strongest encryption available. Is this true?
If so how is it possible to create a 1024 bit or
greater RSA private key with OpenSSL?
Also what's the maximum bit value that OpenSSL
supports?
Marcus
---Outgoing mail
So when generating a key, how do I determing the size?
If the bits paramater in RSA_generate_key fuction equals 128, does this mean
I have created a 128 bit key?
RSA_generate_key(bits,RSA_F4,NULL,NULL);
Marcus
- Original Message -
From: Rich Salz [EMAIL PROTECTED]
To: Marcus Carey
Sebastian
Use their public key to encrypt the data. When they receive the data they
will use the same key to decrypt the data. So all you need is their private
key.
Marcus
- Original Message -
From: Sebastian Muñiz [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Cc: Marcus Carey [EMAIL
I had this same problem using MS VC++. With this compiler you must compile
with Multithread DLL. I don't know how Borland builds its runtime
libraries.
Look under the FAQ at the OpenSSL site for more info.
- Original Message -
From: Jasper Spit [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Edward
Try this URL
http://www.openssl.org/docs/crypto/EVP_EncryptInit.htm1#
also look at the examples in the demos/maurice directory in the OpenSSL
distribution.
- Original Message -
From: Edward Chan [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, November 01, 2002 10:30 PM
Set up a BIO socket and use the BIO_gets() function. Below is a modified
example that I got from Eric Rescorla to solve this problem.
#define BUFSIZE 1024
BIO *bio_err;
int Http_Read(void)
{
BIO *io;
BIO *sbio;
BIO *ssl_bio;
SSL *ssl;
SSL_CTX *ctx;
int i;
int c;
PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, October 22, 2002 10:52 PM
Subject: Re: anybody using EGADS?
Ah, thanks Marcus. We're talking bits, not bytes, I
see. In that case, I'm using way too big a number.
Thanks,
Ed
--- Marcus Carey [EMAIL PROTECTED] wrote:
Ed
See the book
Ed
See the book Network Security with OpensSSL.
With 4 bits of entropy, an attacker has 1 in 16 chances of guessing the
right seed.
If you're creating 128-bit keys you should use 128 bits of entropy anything
less than 64 bits may not be secure enough.
I am not sure how nBytes is read. To get
oing wrong ? Thanks for advise
again..
Regards,
Mikael Larsson
-Ursprungligt meddelande-Från: Marcus Carey
[mailto:[EMAIL PROTECTED]]Skickat: den 5 september 2002
16:36Till: [EMAIL PROTECTED]Ämne: Re: can´t
compile
Your trying to compile using assem
George
Check out the following link.
http://www.openssl.org/support/faq.html#PROG10
Call the SSL_CTX_set_verify() function with
SSL_VERIFY_PEER mode.
Marcus
- Original Message -
From: "George Lind" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, April 19, 2001 12:23 PM
run
the application.
Marcus
- Original Message -
From: "Lutz Jaenicke" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, April 16, 2001 12:18 PM
Subject: Re: Problem compiling s_client and s_server
On Mon, Apr 16, 2001 at 10:58:39AM -0700, Marcus Carey wrote:
I am trying
Joshua
I am trying to install your new release Crypt-SSLeay but makefile.pl is
trying to locate SSLeay.exe instead of Openssl.exe. Is this a problem?
No OpenSSL installation found, usually in /usr/local/openssl
Which OpenSSL build path do you want to link against? c:\bin
Apparently no SSLeay
32 matches
Mail list logo