We are currently experiencing some scaling problems on our webservers
(nginx). They are terminating SSL connections and passing the requests
to backend servers.
After some testing, it appears that scaling is no problem, when the
kEDH cipher is disabled by passing !kEDH to openssl.
Can someone
Hello,
the kEDH set of cipher suites provide so called perfect forward
secrecy, for a description of this term see e.g.
http://en.wikipedia.org/wiki/Perfect_forward_secrecy.
Ciao,
Richard
Am 26.04.2012 13:23, schrieb Jack Bauer:
We are currently experiencing some scaling problems on our
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL version 1.0.1b released
===
OpenSSL - The Open Source toolkit for SSL/TLS
http://www.openssl.org/
The OpenSSL project team is pleased to announce the release of
version 1.0.1b of our open source
We are currently experiencing some scaling problems on our webservers
(nginx). They are terminating SSL connections and passing the requests
to backend servers.
After some testing, it appears that scaling is no problem, when the
kEDH cipher is disabled by passing !kEDH to openssl.
Can someone
On 4/26/2012 5:10 AM, OpenSSL wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL version 1.0.1b released
===
Heads up warning: This archive under 7-Zip 9.20 (latest stable)
displays a There are no trailing zero-filled records error dialog but
Hello-
I am running Apache 2.2.22 with OpenSSL 1.0.1 on Windows (XP for dev and
server 2003 for production)
The site requires client (CAC) certificates.
I am getting FAILED:unable to get local issuer certificate errors in my
log file from Windows 7 clients. Digging suggested that I check the
Supplemental note:
The kEDH suites do a few extra cryptographic operations and
a few extra back-and-forth cryptographic operations for each
connection. This is not usually a performance problem
(except that very short connections will feel the increased
traffic/load more in percent).
However 3
On Thu, Apr 26, 2012, Jack Bauer wrote:
We are currently experiencing some scaling problems on our webservers
(nginx). They are terminating SSL connections and passing the requests
to backend servers.
After some testing, it appears that scaling is no problem, when the
kEDH cipher is
I don't see this as an Apache issue. The site has required client certs for
years now and Apache was configured to require client certificates.
I have intermediate DOD certs on the server but OpenSSL sees my DoD Root
certificate as un-trusted self-signed so the chain is broken. From
Am 26.04.2012 15:15, schrieb Tammany, Curtis:
Hello-
I am running Apache 2.2.22 with OpenSSL 1.0.1 on Windows (XP for dev and
server 2003 for production)
The site requires client (CAC) certificates.
I am getting FAILED:unable to get local issuer certificate errors in my
log file from Windows
Am 26.04.2012 15:58, schrieb Tammany, Curtis:
I don't see this as an Apache issue. The site has required client certs for
years now and Apache was configured to require client certificates.
I have intermediate DOD certs on the server but OpenSSL sees my DoD Root
certificate as un-trusted
On 04/26/2012 03:58 PM, Tammany, Curtis wrote:
I don't see this as an Apache issue. The site has required client certs for
years now and Apache was configured to require client certificates.
I have intermediate DOD certs on the server but OpenSSL sees my DoD Root
certificate as un-trusted
In my htaccess file I have the following:
SSLRequireSSL
SSLVerifyClient require
SSLVerifyDepth 5
SSLOptions +ExportCertData
In my httpd.conf file, I have the following:
SSLCACertificatePath conf/certs/
SSLCACertificateFile conf/certs/DOD_EMAILCerts.crt
DOD_EMAILCerts.crt contains the root cert
The openssl-1.0.1b.tar.gz file seems corrupted.
Anyone else have the same problem?
...
drwxr-xr-x 0 00 Apr 26 06:44:35 2012 openssl-1.0.1b/VMS/
-rwxrwxr-x 0 0 1856 Mar 19 05:47:19 2011
openssl-1.0.1b/VMS/install-vms.com
-rw-rw-r-- 0 015140 Oct 30 07:40:56 2011
On 04/26/2012 05:20 PM, Tammany, Curtis wrote:
In my htaccess file I have the following:
SSLRequireSSL
SSLVerifyClient require
SSLVerifyDepth 5
SSLOptions +ExportCertData
In my httpd.conf file, I have the following:
SSLCACertificatePath conf/certs/
SSLCACertificateFile
... Just put all the CA certificates into one file and remove the
SSLCACertificatePath
and just keep the
SSLCACertificateFile
All of the certs are in one file... with the root cert being the first one in
the file.
They all begin with -BEGIN CERTIFICATE-
and end with -END
They are not test certificates. No- I cannot send them.
Sorry.
Curtis
From: Sergio NNX [mailto:sfhac...@hotmail.com]
Sent: Thursday, April 26, 2012 14:07
To: Tammany, Curtis
Subject: RE: How to trust a 'root' certificate
Running openssl version -d returns OPENSSLDIR: c:/openssl-1.0.1/ssl.
Do
From: owner-openssl-us...@openssl.org On Behalf Of Johansen Daniel
Sent: Wednesday, 25 April, 2012 08:13
Having this weird problem when connecting to a SFTP server.
OpenSSH_5.9p1, OpenSSL 1.0.1 14 Mar 2012
snip
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(102410248192) sent
debug1: expecting
On 26-04-2012 15:05, Thomas J. Hruska wrote:
On 4/26/2012 5:10 AM, OpenSSL wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL version 1.0.1b released
===
Heads up warning: This archive under 7-Zip 9.20 (latest
stable) displays a There
(Adding some supplemental information I found after sending)
On 27-04-2012 01:36, jb-open...@wisemo.com wrote:
On 26-04-2012 15:05, Thomas J. Hruska wrote:
On 4/26/2012 5:10 AM, OpenSSL wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenSSL version 1.0.1b released
On Fri, Apr 27, 2012, jb-open...@wisemo.com wrote:
This is not limited to 7-Zip, see also the post by Mr. Bergeron
of IBM.
I have looked closer at the tar.gz file (my download matches the
checksums and digital signature from Dr. Henson), and the file
is not valid according to the tar file
21 matches
Mail list logo
