When connecting to a TLS1.2 webserver that uses a weak 512 bit DH key,
I noticed that browsers select
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
(chrome, firefox)
and openssl due to the ciphers list selects
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
openssl s_client -connect 112.175.90.160:443
PM, Bogdan Harjoc har...@gmail.com wrote:
Was trying to see why openssl doesn't like to connect to
elink-http8.bankofamerica.com.
Seems it sends an alert (fatal) Unrecognized name because the server
sends back an empty server_name extension, rightly so according to rfc
6066.
Reproduce using
Was trying to see why openssl doesn't like to connect to
elink-http8.bankofamerica.com.
Seems it sends an alert (fatal) Unrecognized name because the server
sends back an empty server_name extension, rightly so according to rfc
6066.
Reproduce using (1.0.1j):
openssl s_client -connect
How does the newly introduced [1] support for the Downgrade SCSV stop
an attacker from removing the SCSV from an outgoing ClientHello ? Am I
missing something, or is there no hash to ensure that the ClientHello
received by the server has not been tampered with ?
[1]
I updated to openssl 1.0.1k from 1.0.0d and I get a NULL pointer
dereference when I call SSL_get_certificate on a valid SSL object.
Backtrace:
ssl_set_cert_masks:1845
ssl_get_server_send_pkey:2117
ssl_get_server_send_cert:2175
SSL_get_certificate:2605
ssl_get_server_send_pkey calls
Hello,
openssl.exe s_client -connect services.gmf.fr:443
exits with the message missing export tmp rsa key
The server selects RSA_EXPORT_WITH_DES40_CBC_SHA and sends an 1024bit RSA
key. If I increase the RSA key size limits like below:
- #define SSL_EXPORT_PKEYLENGTH(a) (SSL_IS_EXPORT40(a) ?