Does anyone have solid numbers on the perfomance of OpenSSL's SHA-1
on 32-bit vs. 64-bit platforms?
Thanks,
-Ekr
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
if there
is a protocol which uses the first four bytes of the packet
as the length of the remaining data. Such a protocol will
block indefinitely when handed an SSL client hello.
All the client can do in this case is time out.
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED
David Schwartz [EMAIL PROTECTED] writes:
On 03 Feb 2003 22:00:08 -0800, Eric Rescorla wrote:
David Schwartz [EMAIL PROTECTED] writes:
You nearly always need non-blocking, even if it's just for
timeouts.
Depends. If you're just setting some global timeout, you
can use blocking I/O
in the SSL buffers but not on the network socket.
These issues are discussed quite extensively in SSL and TLS as well as
in my Introduction to OpenSSL Programming, available at
http://www.rtfm.com/openssl-examples
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED
Tim Regovich [EMAIL PROTECTED] writes:
*always* operate in non blocking mode. The code may
be slightly more complex but will *always* work
better.
I don't agree with this. Getting non-blocking code correct
with OpenSSL is quite tricky. If you don't need non-blocking,
there's no reason to do
David Schwartz [EMAIL PROTECTED] writes:
On 03 Feb 2003 19:01:53 -0800, Eric Rescorla wrote:
Tim Regovich [EMAIL PROTECTED] writes:
*always* operate in non blocking mode. The code may
be slightly more complex but will *always* work
better.
I don't agree with this. Getting non-blocking
this is or is not are simply best
guesses without much evidence to back them up.
Certainly guessing is all I've been doing.
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED]]
http://www.rtfm.com
to be ported to kernel 2.4, which is
what I'm currently doing. As I said, I have a semi-usable port
but it's got some problems.
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED]]
http://www.rtfm.com
would stall all server processes. Could you put a debugger on
one of the stalled processes and see where it is?
Thanks,
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED]]
http://www.rtfm.com
unaffected
children.
That's one possibility... Another would be clogging of access to the
session cache. In the first case, it's hard to understand how OpenSSL
could be the cause of the problem.
Here's a question: do you lose HTTP access or just HTTPS access?
-Ekr
--
[Eric Rescorla
gets blocked.
Thanks,
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED]]
http://www.rtfm.com/
__
OpenSSL Project http://www.openssl.org
User Support
it contacts it.
Now consider what happens if you're running 512 virtual servers (IPs)
with 256 child processes. If Slapper contacts all of them, it will
freeze all your children and you're frozen until the timeouts
happen. Joe, do you have more virtual servers than children?
-Ekr
--
[Eric Rescorla
Eric Rescorla [EMAIL PROTECTED] writes:
Now consider what happens if you're running 512 virtual servers (IPs)
with 256 child processes. If Slapper contacts all of them, it will
freeze all your children and you're frozen until the timeouts
happen. Joe, do you have more virtual servers than
however is; what
*exactly* is the problem?
I don't think it matters. Just open a connection and spit out a
partial SSL message. This ought to stall the server till the network
timeouts are done.
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED]]
http
Stephen Amadei [EMAIL PROTECTED] writes:
On Tue, 17 Dec 2002, Eric Rescorla wrote:
Now consider what happens if you're running 512 virtual servers (IPs)
with 256 child processes. If Slapper contacts all of them, it will
freeze all your children and you're frozen until the timeouts
I'd like to announce the availability for downlaod of the following
paper.
Security holes... Who cares?
Eric Rescorla
RTFM, Inc. http://www.rtfm.com/
We report on an observational study of user response following
of confused myself. :)
If you have the private key for the server, the easiest thing
to do is use ssldump (http://www.rtfm.com/ssldump). Then you
don't need a proxy, just the key and the ability to sniff.
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED]]
http
in particular, the private key is generally
kept in memory for the life of the process. If it's not zeroed,
there's not a lot of point in zeroing other keys, since compromise
of the private key is usually sufficient to reveal all other keys.
-Ekr
--
[Eric Rescorla [EMAIL
implementations don't coalesce
user writes, in order to avoid confused programmers :)
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED]]
http://www.rtfm.com/
__
OpenSSL Project
network flushes.
[1] In some implementations, you can add buffering BEFORE
the SSL code, but this is a different story.
--
[Eric Rescorla [EMAIL PROTECTED]]
http://www.rtfm.com
ANNOUNCE: ssldump: an SSL protocol analyzer v 0.9b3
Version 0.9b3
http://www.rtfm.com/ssldump/
RTFM, Inc. is pleased to announce the availability of ssldump 0.9b3
ssldump is an SSLv3/TLS network protocol analyzer. It identifies TCP
connections on the chosen network interface and attempts to
Le-Vazquez, Thuy [EMAIL PROTECTED] writes:
I've written an SSL server, will the server communicate with SSH client?
If not, does anyone know how to hook this two together?
You don't. They're different protocols.
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED
necessary, so I can SSL_write if needed. Can I
select on the raw socket descriptor?
Yes, but it's tricky.
There's extensive coverage of this topic, complete with
source code, in my article: An Introduction to OpenSSL Programming
at:
http://www.rtfm.com/openssl-examples
-Ekr
--
[Eric Rescorla
Paul L. Allen [EMAIL PROTECTED] writes:
Eric Rescorla wrote:
I've watched my Java client connecting to my OpenSSL server using
ssldump. I can see the server's cert going over to the client. The
client does not send its own cert over to the server, and the server
confirms
Paul L. Allen [EMAIL PROTECTED] writes:
Eric Rescorla wrote:
Hmmm... When I watch a demo client and server with client
authentication,
I see the client's cert going over the wire. I wonder why I don't see
it in the case of my real code? Would mis-matching the BIO on the
server side
very much doubt you have an SSLv1 anything since AFAIK
no production implementations of SSLv1 were ever released, being
as it was riddled with security flaws.
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED]]
http://www.rtfm.com
:)
--
[Eric Rescorla [EMAIL PROTECTED]]
http://www.rtfm.com/
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
?
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED]]
http://www.rtfm.com/
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
110 is normal POP. Try
telnetting to port 110 to see if you get the POP banner. If so
that's what's going on.
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED]]
http://www.rtfm.com
the server generate an ephemeral RSA private key for each SSL
connection, or just once for the lifetime of the process which it uses
across all clients?
Typically the latter, though some regenerate it on a time scale of hours
to days.
-Ekr
--
[Eric Rescorla [EMAIL
that are as secure as SSL are
no faster. On the other hand, if you're willing to live with a lower
security level (or if you have a lot of different authentication
mechanisms to support) than SASL may be better for you.
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED]]
Author of SSL
for data expansion and the record header.
That said, some implementations (Microsoft) violate this limit.
In any case, since TCP segments are typically 1500 bytes long,
most records will span multiple TCP segments.
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED
/
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED]]
http://www.rtfm.com/
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
[EMAIL PROTECTED] writes:
Did Test this link. Finding problem that there is no implementation for
NO-Padding option from this provider.
Any Idea as to how to resolve this?
Can you be a little more specific about what the problem is?
-Ekr
--
[Eric Rescorla
.
PureTLS and JSSE are both complete implementations and so they take care
of the padding internally. You should not need to do anything along these
lines.
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED]]
http://www.rtfm.com
to achieve? It doesn't sound like
you're trying to do SSL, so you just want some JCE implementation.
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED]]
http://www.rtfm.com/
__
OpenSSL Project
[EMAIL PROTECTED] writes:
We were trying to have JCE implementation only. I think you are getting to
the point.
Could you provide some more info on this?
Try Cryptix: www.cryptix.org
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED]]
http
--
[Eric Rescorla [EMAIL PROTECTED]]
http://www.rtfm.com/
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
the entire record to give you
your data, no matter how many bytes you ask for
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED]]
http://www.rtfm.com/
__
OpenSSL Project
it. This is fine for testing but lousy for security.
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED]]
http://www.rtfm.com/
__
OpenSSL Project http
when you built it.)
(2) You want ssldump to read the server's private key (not certificate).
There's no need to read the server's certificate. All you need to do for
this is convert it into an OpenSSL keyfile. It's not clear what
kind of keyfile you're starting with here...
-Ekr
--
[Eric
or JSSE.
How to do all of these is documented at:
http://jakarta.apache.org/tomcat/tomcat-3.3-doc/tomcat-ssl-howto.html
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED]]
http://www.rtfm.com
--
[Eric Rescorla [EMAIL PROTECTED]]
http://www.rtfm.com/
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
Chris Cleeland [EMAIL PROTECTED] writes:
On 30 Apr 2002, Eric Rescorla wrote:
Right. Good point. However, for some reason I remember that we had problems
with JSSE doing RSA properly, too. But memory is fuzzy anymore.
That could be. I've heard such reports but never really verified them
40-bit crypto40-bit crypto
Newer Export 40-bit cryptoSGC/Step-Up to strong
New Export/Domestic Strong cryptoStrong crypto
There is no way to tag an X.509 certificate in such a way that
it is 40-bit only.
-Ekr
--
[Eric Rescorla
--
[Eric Rescorla [EMAIL PROTECTED]]
http://www.rtfm.com/
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
all new certificates. The
certificates are set to expire in a year but the problem occurs within
weeks/months of deployment and continues to happen. Does anyone have any
insight on how this could be happening? Thank you for your time.
What does ssldump say?
-Ekr
--
[Eric Rescorla
-s 8192 -w' if that
helps at all.
In general, this sort of thing is very difficult to diagnose
without either ssldump traces or OpenSSL logging info.
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED]]
http://www.rtfm.com
exchange). The client ENCRYPTS the PreMasterSecret under
the server's public key. This necessitates knowing the public key.
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED]]
Author of SSL and TLS: Designing and Building Secure Systems
http://www.rtfm.com
Tobias Mattsson [EMAIL PROTECTED] writes:
Well it might not be such a good design,
but what I asked initially was only if it is possible to restrict apache from giving
the cert out, and if that somehow can stop people from connecting to the server
without having the certificate.
No. This
Michael Sierchio [EMAIL PROTECTED] writes:
It's also the case that the client may send a 'Hello request' instead
of a client hello, in order to see what the server supports...
HelloRequests may only be sent by the server
(See RFC 2246 S 7.4.1.1).
-Ekr
--
[Eric Rescorla
how to do it. The need for this is to
use only
112bit key length because of 128bit key export restriction.
Which country has such an export restriction? Not the US.
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED]]
http://www.rtfm.com
a linux client running on the same machine as the proxy, so the code is
basically correct. I've written into the newgroup 2 times, but nobody has
been able to answer my problem.
If all you want to do is sniff, why not just use ssldump
http://www.rtfm.com/ssldump.
-Ekr
--
[Eric Rescorla
.
There's no need to pose as the server. Decrypting the traffic
requires, as you say, the private key, but not the certificate.
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED]]
http://www.rtfm.com
is running the https-proxy-sniff utility from Net_SSLeay.pm ) ?
No idea.
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED]]
http://www.rtfm.com/
__
OpenSSL Project
?
Kevin,
SSL really doesn't know how to work with raw private keys.
Your best bet is to use self-signed certificates, which
have the same security properties but fit the SSL operations
model better.
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED]]
http
security protocol, so if you don't have any networking,
it's not clear why you'd want it.
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED]]
http://www.rtfm.com/
__
OpenSSL Project
documentation for something not suited for my purpose.
Is this the case?
I believe so.
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED]]
http://www.rtfm.com/
__
OpenSSL Project
it
will be fastest solution but I'm newbie and don't sure . Can you help me ?
Why would you want to do this?
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED]]
http://www.rtfm.com/
__
OpenSSL
Protocol
Stunnel is one such proxy.
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED]]
Author of SSL and TLS: Designing and Building Secure Systems
http://www.rtfm.com
if the attacker can control the
IV. There's only a very small performance benefit to using a digest
instead of HMAC so I would advise doing it.
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED]]
http://www.rtfm.com
00837 ; e6 11 2a ce 5c 1b fc 26 76 34 d7 33 94 23 b5 d5..*.\..v4.3.#..
00853 ; 5e 0a 60 bd b7 ce a0 ^.`
00860 ; d7 82 a7 cd 1 PRIVATE 23, 42957 octets =
error: pre-mature EOF decoding definite length value
-Ekr
--
[Eric Rescorla
be handled automagically on the client side, or if not,
how do I know I have to shake hands with the server and what do I do?
Sometimes :). This is discussed in the article as well.
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED]]
http://www.rtfm.com
behavior are you seeing that leads you to believe
that this is a problem?
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED]]
http://www.rtfm.com/
__
OpenSSL Project
Adam Wosotowsky [EMAIL PROTECTED] writes:
On Mon, Jan 14, 2002 at 09:26:22AM -0800, Eric Rescorla wrote:
SSL does not require that the client and server have synchronized
clocks, except in the loose sense that a certificate verifier's
clock should have some relation to the real time
--
[Eric Rescorla [EMAIL PROTECTED]]
http://www.rtfm.com/
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
his own public key on the server.
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED]]
Author of SSL and TLS: Designing and Building Secure Systems
http://www.rtfm.com/
__
OpenSSL Project
Michael Sierchio [EMAIL PROTECTED] writes:
Jeffrey Altman wrote:
A passphrase consisting of human readable/typable text provides
approximately 2 bits of entropy per character.
English text contains approx. 3.5 bits of entropy per character.
This seems high, considering that only 6
Michael Sierchio [EMAIL PROTECTED] writes:
Eric Rescorla wrote:
That said, it's not clear how these results apply to passwords.
The entropy of short chunks of text is lower.
No. The entropy of short chunks of text, without syntax, is
higher.
That's what I meant, higher :)
That's why
Vadim Zaliva [EMAIL PROTECTED] writes:
On 6 Jan 2002, Eric Rescorla wrote:
I would like to thank everybody who responded to my previous messages.
This can't be done with SSL exactly the way you want to do it. The
only way that SSL knows how to carry public keys is via certificates
Krishnaswamy R. [EMAIL PROTECTED] writes:
Is there is any maximum size defined in TLS for a server's
certificate sent to the client?
Yes, but it's ridiculously large.
No single certificate can be longer than 2^24 bytes.
-Ekr
--
[Eric Rescorla [EMAIL
as a whole are limited to 2^24-1 bytes. In practice
the limit is 5-10 bytes longer because no handshake message can
be longer than 2^24-1 bytes and so when you factor in the
size of various length bytes and such you get a little shrinkage.
-Ekr
--
[Eric Rescorla
for the digest
in question).
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED]]
http://www.rtfm.com/
__
OpenSSL Project http://www.openssl.org
User Support
. Otherwise, you should probably check out PureTLS which is (as
far as I know) equally capable to JSSE and is Open Source.
PureTLS can be found at http://www.rtfm.com/puretls
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED]]
http://www.rtfm.com
at least it's technically possible to find them by brute
force, since the birthday attack is 2^64 hard.
This doesn't mean that the use of MD5 in SSL is insecure. The
only property that SSL really requires of MD5 is irreversibility
which is 2^128 hard.
-Ekr
--
[Eric Rescorla
--
[Eric Rescorla [EMAIL PROTECTED]]
Author of SSL and TLS: Designing and Building Secure Systems
http://www.rtfm.com/
__
OpenSSL Project http
-6458714-3717315
Neither of these books is wholly satisfactory. Harkins and Doraswamy
is old and was always a bit thin. Yuan and Strayer is rather academic
for my taste.
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED]]
Author of SSL and TLS: Designing and Building Secure
. I'm generally a lot more interested
in the latter (though there's a bigger market in the former so
maybe I should have targetted SSL and TLS differently :))
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED]]
http://www.rtfm.com
-in-the-middle attacks is by having the
client check the server's certificate against a trusted CA. If you're
using self-signed certificates and the client doesn't have any
independent knowledge of the server's certificate you certainly are
vulnerable to a man-in-the-middle attack.
-Ekr
--
[Eric
Venugopal Panchamukhi [EMAIL PROTECTED] writes:
I've modified the client code in such a way that reading and writing
is done in a single thread. But my basic problem was not cleared. When
i'm calling select() it is returning the read condition after which the
read_SSL() method is returning
Matthew Fleming [EMAIL PROTECTED] writes:
I would appreciate your help with the following, although it is not
strictly (or not only) and OpenSSL problem.
I am trying to connect a Pocket PC to a Linux server. The Pocket PC uses
Schannel (which on the PPC apparently includes SSLv2 and SSLv3
approach is to look and see what errors the
client and server are generating. Failing that, use ssldump
http://www.rtfm.com/ssldump to watch the traffic and see what's
going wrong.
-Ekr
[Eric Rescorla [EMAIL PROTECTED]]
http://www.rtfm.com
Ludovic Courtès [EMAIL PROTECTED] writes:
This is pretty confusing. Are you trying to connect to an OpenSSH
server with SSL? That won't work.
Ok. I am getting a bit confused with secure protocols, and i guess i didn't get
it at all... ;)
It's a little confusing because OpenSSH uses
Richard Booth [Web Developer] [EMAIL PROTECTED] writes:
When performing a post from a non-secure sever to a secure server is the
connection made secure before any data passes through?
It's not clear what you mean here. Servers don't typically post
to other servers. Perhaps you mean when a
, SSL and TLS: Designing and Building
Secure Systems (see my .sig for a link)
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED]]
Author of SSL and TLS: Designing and Building Secure Systems
http://www.rtfm.com/sslbook
julien Bournelle [EMAIL PROTECTED] writes:
I try to developp a client/server application using TLS...
My client.c file is like this :
first : initialize_ctx();
tcp_connect6(); - I use IPv6 socket
SSL_new();
BIO_new_socket()
SSL_set_bio()
SSL_connect()
Rich Salz [EMAIL PROTECTED] writes:
SSLv3 is a defacto, industry standard, devised by the best cryptanalyst
we have. It is represented only by an expired Internet Draft. TLS is a
committee effort. You be the judge.
That is unfair, misleading, and wrong.
All IETF standards are
julien Bournelle [EMAIL PROTECTED] writes:
Hi,
as part of my thesis I must developp an application which uses
TLS. I use OpenSSL on FreeBSD 4.2. The problem is that I don't know how to
create a TLS connection between a client and a server. I searched on
google and other FAQs but I
Endre Meckelborg Rognerud [EMAIL PROTECTED] writes:
I'm trying to write a client in Java that should connect to an OpenSSL
server through a SSLConnection. I have tried to write it with the JSSE
package from Sun, but I've had a lot of problems. The first problem
was related to the message 'no
Wirta Ville [EMAIL PROTECTED] writes:
Yes, there is someone listening. And the whole thing works if client
doesn't use non blocking sockets. For some reason non blocking
BIO_do_connect doesn't send anything with it's first few attempts (it's
fourth or fifth time that makes things work)
Nancy Pawlowski [EMAIL PROTECTED] writes:
Does anyone recognize this error?
I've had jsse with tomcat configured under linux - and it is running ok;
but am having problems running it under windows2000.
This isn't an OpenSSL issue. Why are you posting it here?
-Ekr
Ruby Cruiser [EMAIL PROTECTED] writes:
Also,
SSL_read does not return at all... I don't know
what's going on.
What does Blocking and non_blocking IO mean??
Blocking I/O means that when you ask to read or write
on the socket and there's no data or buffer space available
the call won't return
to the server. Whether
sockets or CPU time is more precious to the server depends on
the server.
-Ekr
[Eric Rescorla [EMAIL PROTECTED]]
Author of SSL and TLS: Designing and Building Secure Systems
http://www.rtfm.com
Neff Robert A [EMAIL PROTECTED] writes:
I loved your book. Ordered it from BN as soon as
I saw it. Helped me overcome some early initial
mindblocks when first integrating with OpenSSL.
For those of you reading this, Erik's book is
titled: SSL and TLS - Designing and Building
Secure
Jeremy Smith [EMAIL PROTECTED] writes:
Also, the documentation refers to the concept of a BIO all over the places, but
never defines it anywhere that I can find. Is BIO some kind of universally
understood concept that I have only just heard of? In any case, where can I go to
learn about
Michael Sierchio [EMAIL PROTECTED] writes:
Eric Rescorla wrote:
There are a number of situations where one wishes to authenticate
clients based on their DNS names:
(1) SMTP/TLS.
(2) Secure remote backup.
In such cases the clients often (though not always) have fixed IPs
Götz Babin-Ebell [EMAIL PROTECTED] writes:
And how gets he the connection IP-Address - FQDN ?
-He uses DNS.
I think you need to reread his message since that's not
what he says.
If he wants to allow user XYZ presenting certificate C_XYZ to
do some things, all he has to do is look in an
[EMAIL PROTECTED] writes:
Been doing some searching and cannot find the SSL v2.0 specification.
I've found v3 and TLS v1 but I would like to get a copy of just SSL v2.0.
Does anyone know where the SSL v2.0 specifications are at?
http://www.netscape.com/eng/security/SSL_2.html
-Ekr
[Eric
and that it should generate an error if one is not received
(i.e. a clean way to do s-state=SSL_ST_ACCEPT). However, it's
important to realize that such a call is only useful in
certain circumstances.
-Ekr
[Eric Rescorla [EMAIL PROTECTED]]
http
Chen, Qiming [EMAIL PROTECTED] writes:
4.Then I saved cert.pem as client.key and signed_req.pem as client.crt, and
use client.key and client.crt in client.c 's
function:SSL_CTX_use_certificate_file(). My client can see and display
server 's certificate, but server complaint about client side
1 - 100 of 169 matches
Mail list logo