Hello list gurus,
for my embedded system, I want to have an OpenSSL lib with only the
barely necessary functionality to speak with its home station. So I
decided to only support TLSv1, and (in accordance with Rescorla's
recommendation on p.142) only RSA, RC4 and SHA-1.
Now the OpenSSL
Hello,
for my embedded system, I want to have an OpenSSL lib with only the
barely necessary functionality to speak with its home station. So I
decided to only support TLSv1, and (in accordance with Rescorla's
recommendation on p.142) only RSA, RC4 and SHA-1.
Now the OpenSSL Configure
On Friday 23 February 2007 15:32:54 Bernhard Froehlich wrote:
Bruno Costacurta schrieb:
Hello,
as a newbie, I have some assumptions / questions hereafter about OpenSSL
and certificates. Many thanks to correct / confirm me.
- a certificate is a public key with metadata
- metadata
Hi dear fellows,
I would like to know if there is any function(s) in OpenSSL that handles
public key validation for ECDSA.
Given a point (public key) and a curve, I would like to test if this
point is a valid public key for this curve.
There is a function EC_POINT_is_on_curve() for
Hi,
I am about to upgrade to the latest OpenSSL baselevel,
but I have one question: Which one should I choose 0.9.7M or 0.9,8E?
I am currently running 0.9.7E with the security patches applied. 0.9.7M
would be less work and give me FIPS, but I'm assuming 0.9.8E would
also provide
Bruno Costacurta schrieb:
[...]
- serial information within the certificate is useless
If you are still talking of only the serial number you are correct. But
if you also know the issuing CA you can uniquely identify the
certificate. A CRL (Certificate Revocation List) for example
Kevin:
First OpenSSL has received FIPS certification (See Cert #733 at
http://csrc.nist.gov/cryptval/140-1/1401val2007.htm)
Second, if you require a version of OpenSSL that is FIPS capable, then you must
stick with the 0.9.7 stream. You must first build openssl-fips-1.1.1 according
to the
One thing should be noticed..
If your product uses a FIPS-validated OpenSSL and wants to be claimed as a
FIPS-validated product, then you cannot make any changes to the OpenSSL code.
Many vendors I've seen use OpenSSL as the code base but have to make certain
changes to OpenSSL or add other
Hi All
I have a hard time to understand Diffie-Hellia Key agreement. This is a
DH structure
Typedef structure dh_st
{
BEGIUM *p;
BEGIUM *q;
BEGIUM *pub_key;
BEGIUM *priv_key;
}
According to Openssl Book p and q, each pair chooses a random large
integer priv_key member. A value for
Here is how DH works:
1. server determines p, q, sends p and q to client.
2. server selects a random number priv_key_s, computes pub_key_s =
q^priv_key_s mod p, sends pub_key_s to client.
3. client selects a random number priv_key_c, computes pub_key_c =
q^priv_key_c mod p, sends
Thank You very much Xiaoyu
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Xiaoyu Ruan
Sent: Thursday, March 01, 2007 15:30
To: openssl-users@openssl.org
Subject: RE: Question about Diffie-Hellma
Here is how DH works:
1. server determines p, q,
On 2007.03.01 at 14:12:55 -0600, Dinh, Thao V CIV NSWCDD, K72 wrote:
Questions:
1) each peer can independently compute the shared secrete What is
meant ?? Client has one shared key, Server has different shared key???
It is meant that only public keys are transferred over
I'm trying to set up a CA, following the guidelines in:
Network security with OpenSSL, and checking with the latest
documentation that comes with 0.9.8e.
I've managed to:
- generate a root CA certificate and corresponding private key
- generate a certificate request
The problem arises when
Hello all,
Why the data transfer speed of the OpenSSL client and server is nearly 10
times slower then when using the regular sockets? The code of the standard
samples of client and servers are used.
The code for client is:
char host[MAX_PATH];
BIO *out;
char buf[1024*10],*p;
SSL_CTX
Hi,
I got the overall build to work - FIPS as well as the latest OpenSSL
snapshot. It took a while and I had to alternate somewhat between MinGW and
Cygwin.
Anyway, I was trying to build the example in the appendix (hmac) but it
won't work. I used the very same makefile and source but here
Erik Leunissen schrieb:
I'm trying to set up a CA, following the guidelines in:
Network security with OpenSSL, and checking with the latest
documentation that comes with 0.9.8e.
I've managed to:
- generate a root CA certificate and corresponding private key
- generate a certificate request
Sergey S. Levin wrote:
Why the data transfer speed of the OpenSSL client and server is nearly
10 times slower then when using the regular sockets? The code of the
standard samples of client and servers are used.
Are you also measuring the time it takes to setup the SSL connection or
are you
17 matches
Mail list logo
