Re: [openssl-users] Fwd: Does TLSv1.2 support 3DES

2017-08-09 Thread haris iqbal
May be my email subject is a little confusing. I'll put my question directly. If I configure my server with the string "HIGH+TLSv1.2:!MD5:!SHA1", will it support 3DES? On Wed, Aug 9, 2017 at 11:45 PM, Viktor Dukhovni wrote: > On Wed, Aug 09, 2017 at 04:07:30PM +,

Re: [openssl-users] Fwd: Does TLSv1.2 support 3DES

2017-08-09 Thread Salz, Rich via openssl-users
> May be my email subject is a little confusing. I'll put my question directly. > > If I configure my server with the string "HIGH+TLSv1.2:!MD5:!SHA1", will it > support 3DES? No, as I showed. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Fwd: Does TLSv1.2 support 3DES

2017-08-09 Thread Salz, Rich via openssl-users
> From [this][1] link I can see that TLS1.2 does not have 3DES in their > available > cipher list. So I guess it does not support? Right: ; ./apps/openssl ciphers -v HIGH+TLSv1.2:!MD5:!SHA1 | grep DES ; ./apps/openssl ciphers -v TLSv1.2:!MD5:!SHA1 | grep DES ; ./apps/openssl ciphers -v TLSv1.2

Re: [openssl-users] Fwd: Does TLSv1.2 support 3DES

2017-08-09 Thread Viktor Dukhovni
On Wed, Aug 09, 2017 at 04:07:30PM +, Salz, Rich via openssl-users wrote: > > From [this][1] link I can see that TLS1.2 does not have 3DES in their > > available > > cipher list. So I guess it does not support? > > Right: > > ; ./apps/openssl ciphers -v HIGH+TLSv1.2:!MD5:!SHA1 | grep DES >

Re: [openssl-users] Fixed-size digest using EVP with algos ECDSA+SHA256

2017-08-09 Thread Dr. Stephen Henson
On Mon, Aug 07, 2017, Daniel Andrade wrote: > Hi all, > > I'm writing functions to create a digest of a data buffer using > ECDSA+SHA256. I've been trying to work with only the high-level EVP > interface, and not use the low-level interfaces. > > My understanding is that the resulting digest is

[openssl-users] Fwd: Does TLSv1.2 support 3DES

2017-08-09 Thread haris iqbal
Hi, I wanted to know if I configure my openssl server to explicitly use TLSv1.2, the do I have to also mention not to use 3DES (by adding "!3DES" to the string), or the expicit use of TLSv1.2 remove the support of 3DES. >From [this][1] link I can see that TLS1.2 does not have 3DES in their

[openssl-users] Howto to create a PKI with Openssl command line

2017-08-09 Thread Robert Moskowitz
I want to build a PKI structure of a root CA, intermediate CA(s), and user and server certs. So I went looking for some guidance and found: https://jamielinux.com/docs/openssl-certificate-authority/create-the-root-pair.html Anything else out there? The certs will all be ECDSA, P256 SHA256.

Re: [openssl-users] Howto to create a PKI with Openssl command line

2017-08-09 Thread Salz, Rich via openssl-users
https://www.openssl.org/~rsalz/pki.tgz but only a root and end-entity. Adding an intermediate should not be incredible difficult :) -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Howto to create a PKI with Openssl command line

2017-08-09 Thread Robert Moskowitz
Thanks Rich, I will take a look at this also. Bob On 08/09/2017 09:49 AM, Salz, Rich via openssl-users wrote: https://www.openssl.org/~rsalz/pki.tgz but only a root and end-entity. Adding an intermediate should not be incredible difficult :) -- openssl-users mailing list To unsubscribe: