The OpenSSL library includes two very similar functions:
int X509_digest(
X509 *cert,
const EVP_MD *digest,
unsigned char *md,
int *len);
int X509_pubkey_digest(
const X509 *cert,
On Wed, Jan 23, 2013 at 09:12:41AM -0500, Ken Goldman wrote:
My experience is that you should not expect binary compatibility.
Since errors will often be in little used corner cases, it's safer
to always recompile.
Please do not spread FUD, the OpenSSL project made a commitment a
while back
On Wed, Jan 23, 2013 at 09:51:08AM -0500, Jeffrey Walton wrote:
Binary compatibility can be tricky, and it brings up all the old
wounds of Microsoft's COM. Are you claiming there is binary
compatibility among tool vendors? For example, can I build the base
with GCC, and then build patches
On Wed, Jan 23, 2013 at 10:12:36AM -0500, Ken Goldman wrote:
On 1/23/2013 9:51 AM, Jeffrey Walton wrote:
Binary compatibility can be tricky, and it brings up all the old
wounds of Microsoft's COM. Are you claiming there is binary
compatibility among tool vendors? For example, can I build the
On Thu, Jan 24, 2013 at 02:49:25PM +0100, Dr. Stephen Henson wrote:
This is a rather non-obvious interface, and X509_get_X509_PUBKEY() is
not documented.
I make no claim this is obvious but...
It should be possible to do this in a single call using the ASN1_item_verify
interface
On Thu, Jan 24, 2013 at 05:25:48PM +, Tovey, Dwight (LaserJet RD FW Eng.)
wrote:
On Jan 23, 2013, at 4:18 PM, kap...@mizera.cz wrote:
I have build the whole pub-key (in DER) from yours pubkey.bin by adding
public key header - as wrote w...@omnigroup.com
If I did not make error,
On Fri, Jan 25, 2013 at 04:13:02PM +, Ken Allen wrote:
Hi All, I'm having a bit of a problem. I need to load a private
key (EC, but I'm having the same problem with RSA) from an unecrypted,
der encoded, PKCS8 memory buffer. I'm just trying to get it to work
loading from a file for now and
On Fri, Jan 25, 2013 at 05:10:03PM +, Viktor Dukhovni wrote:
On Fri, Jan 25, 2013 at 04:13:02PM +, Ken Allen wrote:
Hi All, I'm having a bit of a problem. I need to load a private
key (EC, but I'm having the same problem with RSA) from an unecrypted,
der encoded, PKCS8 memory
On Wed, Jan 30, 2013 at 05:29:51PM +1300, T J wrote:
How does one obtain the session key from a SSL structure after a
successful TLS handshake?
You don't, but, you shold instead obtain the tls-unique channel
binding data ( https://tools.ietf.org/html/rfc5929#section-3 ) and
run the result
With aRSA ciphers we see that the new TLS 1.2 ciphers with SHA-2 MACs
are by default preferred over the older TLS 1.1 SHA-1 ciphers. For
example, looking at just the AES subset we see groups of 3 in which
the first is always GCM, the second SHA-2 and the 3rd SHA-1:
$ openssl ciphers -v
On Wed, Jan 30, 2013 at 07:03:09PM +0100, Jakob Bohm wrote:
You don't, but, you shold instead obtain the tls-unique channel
binding data ( https://tools.ietf.org/html/rfc5929#section-3 ) and
run the result through a KDF (HKDF should work well) on both ends
to obtain a suitable key for a
On Fri, Feb 01, 2013 at 10:05:15AM +1300, T J wrote:
These are sufficient to generate a session unique key via a suitable KDF
salted with an application-specific string.
OK, great. So I get the master key and run it through the a KDF and
I get a 256 bit encryption key for use in my
On Fri, Feb 01, 2013 at 01:46:46PM +, Nathan Smyth wrote:
Is it possible to have null, untrusted, or shared certificates,
to simplify deployment for apps that don't care about SSL?
Absolutely. On all servers that don't require client certificates
(can't ask for client certs when using an
On Fri, Feb 01, 2013 at 03:22:11PM +, Viktor Dukhovni wrote:
On Fri, Feb 01, 2013 at 01:46:46PM +, Nathan Smyth wrote:
Is it possible to have null, untrusted, or shared certificates,
to simplify deployment for apps that don't care about SSL?
Absolutely. On all servers that don't
On Fri, Feb 01, 2013 at 04:24:47PM +, Nathan Smyth wrote:
On all servers that don't require client certificates
(can't ask for client certs when using an anonymous ciphersuite)
enable anonymous ciphers,?
Is it possible to both - in the sense you can check the peer's
certificate IF
On Fri, Feb 01, 2013 at 07:22:52PM +, Nathan Smyth wrote:
In our current implementation, we assume every process has a
certificate associated with it, and thus, from a TLS perspective,
clients will validate server certificates, and servers will request
and validate client certificates for
On Thu, Jan 31, 2013 at 05:11:59PM +0100, Alexandru Gheorghe wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hey guys,
I've tried openssl s_client -connect host:port -starttls smtp
- -crlf and I always get 8564:error:140770FC:SSL
routines:SSL23_GET_SERVER_HELLO:unknown
On Thu, Feb 07, 2013 at 11:12:13AM +1300, T J wrote:
Sorry to keep hammering away at this, but I think I am missing
something here.
OpenSSL does all this for a TLS connection anyway right? I mean,
after a handshake, encryption keys, IV's etc are generated so that
the TLS connection can use
On Thu, Feb 07, 2013 at 08:00:42PM +1300, Trevor Jordan wrote:
It is bad practice to clone keys. You should also not depend on
OpenSSL negotiating a particular algorithm. OpenSSL's key are
for the OpenSSL session only. Keys for your application should
be the result of a suitably independent
On Mon, Feb 11, 2013 at 12:01:49AM -0500, Jeffrey Walton wrote:
I'm trying to extract a public key (subjectPublicKeyInfo) form an X509
certificate.
from apps/x509.c in the openssl source:
EVP_PKEY *pkey;
pkey=X509_get_pubkey(x);
This is not the
On Wed, Feb 13, 2013 at 07:46:10PM -0800, Matthew Hall wrote:
Hello,
I tried to figure out how to create a certification request which has an
empty
CN and only uses SANs, in line with the recommendations of the latest PKIX
RFC
5280.
I tried various permutations of commenting out
On Thu, Feb 14, 2013 at 04:11:33AM +, Viktor Dukhovni wrote:
You'll naturally need to add the requisite subjectAltName extensions.
A more complete example:
$ cat openssl.cnf
[ req ]
distinguished_name = dn
req_extensions = san
[ dn ]
[ san ]
subjectAltName
On Tue, Feb 19, 2013 at 03:57:00AM -0500, Nick wrote:
I see EVP_EncodeUpdate adds a newline char after every 64 chars of
output (presumably to wrap the output). Can this be disabled?
No, but the EVP_EncodeBlock() function does not generate any newlines.
You must pass it a multiple of 3-bytes
On Tue, Feb 26, 2013 at 11:30:18PM +0530, Nayna Jain wrote:
Both server and client authenticate each other. And so client also sends
the certificate.
Here client certificate has RSA 512 bits and md5. Server certificates has
RSA 1024 bits and md5.
Bottom-line: DO NOT use 512-bit RSA moduli,
On Wed, Feb 27, 2013 at 12:49:55AM +0530, Thulasi Goriparthi wrote:
Or use another hash type for signature which can produce not more than 53
bytes of hashed data. (i.e MD5, SHA1, SHA256, SHA384) while using 512-bit
keys. OpenSSL by default uses SHA512 hash for signature. Change the code to
On Wed, Feb 27, 2013 at 01:55:24AM +0530, Thulasi Goriparthi wrote:
Interestingly enough, it is in fact SHA384 that fails with RSA-512. The
client and server agree on:
ECDHE-RSA-AES256-GCM-SHA384
Signature Hash type is not controlled by the CipherSuite and can be
dynamically
On Wed, Feb 27, 2013 at 11:18:19PM +0530, Nayna Jain wrote:
I had asked few questions related to SSLv23_xxx_method API to understand
its internals.
http://stackoverflow.com/questions/3938824/what-books-will-help-me-learn-everything-i-can-about-ssl-pki
--
Viktor.
On Wed, Mar 06, 2013 at 08:37:06PM +0100, Peter Sand wrote:
I currently can save the SSL_SESSION in RAM and reuse it as SSL Session ID
when reconnecting.
The idea is to save it in Flash and reuse after power on again.
I've looked at saving the Session like it is done in
s_client -sess_out
On Sat, Mar 09, 2013 at 11:04:06AM -0600, Ian Pilcher wrote:
It's becoming pretty clear that OpenSSL doesn't provide a simple way to
do this today. (X509_V_FLAG_PARTIAL_CHAIN will probably enable this,
but it will be years before that makes its way into slower moving
distributions.)
On Tue, Mar 12, 2013 at 10:23:20AM +, Nathan Smyth wrote:
Just wondering - if SSL_VERIFY_PEER is set on a connection, if
the verification locations have not been loaded
(SSL_CTX_load_verify_locations has not been set) - does the connection
fail? Or continue as unverified?
This is
On Thu, Mar 14, 2013 at 11:34:12AM +0800, cellecial wrote:
I'm frustrated that I can't get correct result from such a simple API(on
openssl 1.0.1c),just like below.
md = EVP_get_digestbynid(NID_ecdsa_with_SHA256); //NID_md5
This is because ECDSA-WITH-SHA256 is a signature algorithm, and
On Thu, Mar 14, 2013 at 01:05:25PM +0800, cellecial wrote:
but I tried md = EVP_get_digestbynid(NID_md5), still NULL
PBKAC?
$ cat md.c
#include openssl/ssl.h
#include openssl/evp.h
#include stdio.h
int main()
{
int nids[] = {
On Fri, Mar 15, 2013 at 09:44:13AM +0100, Zbyn?k Krej??k wrote:
I tried this some 2yrs ago what seemed to work (at least wins showed the
strings in cert correctly)
in
[ req ]
...
distinguished_name= req_distinguished_name
attributes= req_attributes
string_mask =
On Sun, Apr 07, 2013 at 11:57:26PM +0800, Hailei Hu wrote:
hi,everyone!
I am trying to compile a x64 version of openssl 1.0.1e on Ubuntu 12.10
x64. I use the following command:
./Configure linux-generic64
Try a more sensible target:
$ ./Configure LIST | grep '^linux.*64'
On Wed, Apr 17, 2013 at 07:24:23AM +, Joan Moreau wrote:
2013-04-17T09:17:36.573675+02:00 server postfix/smtpd[16725]:
warning: TLS library problem: 16725:error:140D308A:SSL
routines:TLS1_SETUP_KEY_BLOCK:cipher or hash
unavailable:t1_enc.c:597:
2013-04-17T09:17:36.573971+02:00 server
On Wed, Apr 17, 2013 at 04:40:55PM +, Joan Moreau wrote:
No. Install a fresh O/S image on new hardware and use that as your
mail server. If a fresh install with the default Postfix for the
O/S does not work, come back to the Postfix-users list for help.
You've already consumed a lot of
On Sun, Apr 21, 2013 at 10:17:31PM -0400, Dave Thompson wrote:
scanf(%s,password);
This also mishandles passwords containing whitespace. The code
looks so poor that my guess is that someone is asking us to do
their homework.
--
Viktor.
My previous post generated an auto-response from what is likely a
malware auto-response bot. Best bet is to not follow the links.
This has been reported to Hotmail via spamcop.
[ Looks like Hotmail does not implement RFC 3834 as yet. ]
-- Suspected malware response below --
Return-Path:
On Wed, Apr 24, 2013 at 03:18:45PM +, Nikola Vassilev wrote:
We are currently analyzing and understanding the security strength
of the openSSL internal implementation to certify the products.
In version 0.9.8d, TLSv1.0 alone is supported. Can you please
answer the following or provide me
On Tue, Apr 23, 2013 at 10:17:54AM -0700, Vijaya Venkatachalam wrote:
So at the time of openssl connection establishment, the certificate is valid.
But while the connection is still up, the certificate expires.
The certificate was valid at the time it was verified, this is sufficient.
Is the
On Wed, Apr 24, 2013 at 01:55:36PM -0700, d...@deadhat.com wrote:
On Wed, Apr 24, 2013 at 03:18:45PM +, Nikola Vassilev wrote:
We are currently analyzing and understanding the security strength
of the openSSL internal implementation to certify the products.
In version 0.9.8d,
On Wed, Apr 24, 2013 at 10:35:04PM -0400, Dave Thompson wrote:
I am assuming RSA though I would like to do ECDSA.
These APIs will use any privatekey for which a signature
scheme is available; that's RSA DSA ECDSA (or pedantically
EC; openssl uses the same EC_KEY struct for ECDSA and
On Thu, Apr 25, 2013 at 04:40:12AM -0700, Cipher wrote:
For FIPS work, we are planning to support only TLSv1.2 ciphers. Is there a
configuration option to use *only* TLSv1.2 ciphers?
You say ciphers here.
we are using apache/mod_ssl engine(v 2.2.16). *SSLProtocol* directive does
not
Has anyone seen the type of problem reported on the postfix-users list today?
http://archives.neohapsis.com/archves/postfix/2013-05/0158.html
(and earlier posts upthread).
TLS handshakes without session resumption succeed, while resumed
sessions always fail, with the server sending a
On Thu, May 09, 2013 at 12:11:38AM +, Viktor Dukhovni wrote:
Has anyone seen the type of problem reported on the postfix-users list today?
http://archives.neohapsis.com/archves/postfix/2013-05/0158.html
(and earlier posts upthread).
TLS handshakes without session resumption
On Thu, May 09, 2013 at 05:58:14PM +0200, Dr. Stephen Henson wrote:
However disabling TLS extensions in the client does. With no-tlsext,
the server does not resume past sessions. Perhaps the server's
implementation of session tickets is the culprit. Has anyone else
observed such
On Thu, May 09, 2013 at 04:54:33PM +, Viktor Dukhovni wrote:
So I'm more interested in any leads about which servers are prone
to this misbehaviour. Did any past OpenSSL versions mishandle
session tickets and acccept the session only to then fail to
negotiate correctly (zero length
On Thu, May 09, 2013 at 08:13:57PM +0200, Dr. Stephen Henson wrote:
One of the servers is:
OpenSSL 0.9.9-dev 09 May 2008
built on: NetBSD 5.1_STABLE
platform: NetBSD-x86_64
options: bn(64,64) md2(int) rc4(1x,char) des(idx,cisc,4,int)
blowfish(idx)
On Fri, May 10, 2013 at 11:26:35AM -0400, Ken Goldman wrote:
a) get the der encoded value of tbsCertificate field
b) hash it
c) apply pkcs1 padding and sign it
d) put the signature on asn1 form
e) add NIDs and other parameters to the cert_info field you identified.
I spent a lot of time
On Fri, May 10, 2013 at 01:00:21PM -0600, Salz, Rich wrote:
What is the difference between SSL_CTX_SET_cipher_list and
SSL_CTX_set_preferred_cipher_list?
Which version of OpenSSL has the preferred version? I don't see
this in master.
When and why would I use the preferred version?
I
On Sat, May 11, 2013 at 10:49:40AM +0200, Stefan H. Holek wrote:
On 10.05.2013, at 18:48, no_spam...@yahoo.com wrote:
openssl verify -check_ss_sig -CAfile ./my-ss-cert.pem ./my-ss-cert.pem
I get the following error:
error 20 at 0 depth lookup:unable to get local issuer certificate
On Wed, May 15, 2013 at 12:58:37AM +, Santhosh Kokala wrote:
I have a use case where an admin can configure the Ciphers from
UI. I have this code in the backend that tries to set the cipher
meth = TLSv1_client_method();
ctx = SSL_CTX_new(meth);
sslretval =
On Tue, May 14, 2013 at 09:42:08PM -0500, Salz, Rich wrote:
Viktor gave some excellent advice. I'd tweak it by removing
'export' as something to support. And perhaps use weak, good,
strong -- whatever, keep the number of choices very small. I'd
suggest to not use default since folks will
On Wed, May 15, 2013 at 01:07:23PM +0200, Jakob Bohm wrote:
If the underlying choices need to be configurable, that should
generally not be via the UI, rather via a configuration file of
some sort.
This assumes your users are normal users, not SSL protocol testers
who want fine-grained
On Wed, May 15, 2013 at 09:59:52AM -0600, Salz, Rich wrote:
I was talking about a user interface to specify settings without requiring
a rebuild of the applications.
And on this, we completely agree :)
+1 for no application rebuilds. Hard-coded cipherlists is not what
I had mind, if
On Mon, May 20, 2013 at 05:58:43PM +0200, Per Edlund wrote:
Is there a way with openssl to create a key/csr with SN attribute?
[dn_req]
surname = Smith
Likewise with the -subj option use:
-subj /surname=Smith.
or
-subj /SN=Smith.
As I can see, only CN, O, OU etc are
On Tue, May 21, 2013 at 10:14:27AM -0600, Phillip Hellewell wrote:
Good news, I found the bug! I got thinking, why is x86_64-gf2m the
only one giving me a problem? So I compared x86_64-gf2m.pl to the
others and found that it has this line:
open STDOUT,| \$^X\ $xlate $flavour $output;
On Thu, May 23, 2013 at 06:12:39PM +0200, Erwann Abalea wrote:
Le 23/05/2013 17:41, Craig White a ?crit :
I want to be able to view CSR's with subjectAltName's but I
can't figure out any way to make it happen. I have poured over the
man pages and googled it to death already.
openssl req
I've implemented DANE support for Postfix, but want to make the
implementation a bit more robust in the face of possible future
changes in OpenSSL.
I want to use SSL_CTX_set_cert_verify_callback() to how certificate
verification is performed. I need to be able to selectively
add/remove from the
On Mon, Jun 03, 2013 at 11:32:31PM +, Viktor Dukhovni wrote:
I want to use SSL_CTX_set_cert_verify_callback() to customize how
certificate verification is performed. I need to be able to selectively
add/remove from the set of untrusted additional certificates in
X509_STORE_CTX
On Tue, Jun 04, 2013 at 04:38:42PM +0200, Dr. Stephen Henson wrote:
Note, to implement DANE, I using 1.0.0 or later only. So if with
1.x.y there is a reasonable expectation that libcrypto versions
with the same SONAME don't vary in the offset of the untrusted
member in X509_STORE_CTX,
On Wed, Jun 12, 2013 at 12:02:52PM -0700, anu.engineer wrote:
Just before signing the certificate the code executes this fragment
pktmp=X509_get_pubkey(ret);
if (EVP_PKEY_missing_parameters(pktmp)
!EVP_PKEY_missing_parameters(pkey))
EVP_PKEY_copy_parameters(pktmp,pkey);
On Sun, Jun 16, 2013 at 09:35:58PM -0400, David Geib wrote:
I am trying to implement functionality similar to what ssh does with
authorized_keys. I have a list of valid public keys (really public key
fingerprints in my case) and I want to verify whether the peer has one of
the valid keys.
On Tue, Jun 18, 2013 at 04:50:06PM -0400, Dave Thompson wrote:
From: owner-openssl-us...@openssl.org On Behalf Of Carl Young
Sent: Tuesday, 18 June, 2013 07:10
Sorry for top-post - webmail :(
In TLS, the server should not send the root certificate - it
sends the chain up to, but
On Wed, Jun 26, 2013 at 02:57:15PM +0200, Marios Makassikis wrote:
By enabling debug information in the program, I was able to obtain
these error messages:
pppd[2236]: EAP-TLS SSL error stack:
pppd[2236]: error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib
and
On Wed, Jun 26, 2013 at 05:29:52PM +0200, Marios Makassikis wrote:
By enabling debug information in the program, I was able to obtain
these error messages:
pppd[2236]: EAP-TLS SSL error stack:
pppd[2236]: error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP
lib
and
On the IETF dane mailing list I reported some issues with the
initial DANE TLSA implementation in the OpenSSL 1.0.2 development
branch. Are there any plans to address these? Who should I reach
out to move this forward?
http://www.ietf.org/mail-archive/web/dane/current/threads.html#05712
--
From 44a9138f1aa3a815abdf32021cc4c38adfaaef3b Mon Sep 17 00:00:00 2001
From: Viktor Dukhovni postfix-us...@dukhovni.org
Date: Thu, 11 Jul 2013 10:33:17 -0400
Subject: [PATCH 1/1] Don't clear starttls_proto.
It may be needed for reconnect. See PR1766.
---
apps/s_client.c |4
1 file
On Thu, Jul 25, 2013 at 07:08:30PM +0200, Dr. Stephen Henson wrote:
openssl verify -CAfile root.pem -untrusted allcerts.pem ee.pem
where allcerts.pem is the complete peer chain and ee.pem is the peer
certificate. I'd be interested to see what that commands produces for
different version. If
On Tue, Aug 06, 2013 at 09:20:06AM -0500, Rodney Beede wrote:
Why can't we get a simplified version of TLS that has only one option of
the most secure cipher and isn't vulnerable to things like BEAST, CRIME, or
BREACH?
These are not TLS problems, these are a special case of cross-site
On Fri, Aug 16, 2013 at 07:17:22AM -0700, Thomas J. Hruska wrote:
I think a lot of the init logic heralds from the original SSLeay
days. There seems to be intent that initialization is supposed to
happen in main() in the application and libraries shouldn't be
calling initialization routines
On Mon, Aug 26, 2013 at 12:29:21PM -0400, Salz, Rich wrote:
Suppose I have a three-length chain: rootCA, interCA, userCert.
If I call X509_verify with depth 1 and only interCA in the trusted
list, will that pass?
Yes, with the as yet unreleased 1.0.2 development branch. No with 1.0.1e
or
On Thu, Aug 29, 2013 at 04:38:17PM -0700, Erich Weiler wrote:
I was wondering if there was also a way to quickly create a certificate and
key file in a similar fashion while also designating SubjAltName options on
the openssl command line?
The bash script below uses inline command file
On Fri, Aug 30, 2013 at 09:46:11AM -0400, The Phoenix wrote:
I am newbee to openssl stuff. My application just need to run only on
TLSv1.2 protocol. Which one is the correct way of implementing it:
When you say only, do you mean only this specific version, or
TLSv1.2 or later (when someday
In:
http://archives.neohapsis.com/archives/postfix/2013-09/0003.html
Peer Heinlein reports that some Exim SMTP clients fail to establish
a TLS session with Postfix SMTP servers because Exim enforces a
minimum prime size of 2048-bits for MODP EDH. My reply in:
On Sun, Sep 01, 2013 at 07:24:24PM +, Viktor Dukhovni wrote:
http://archives.neohapsis.com/archives/postfix/2013-09/0003.html
Peer Heinlein reports that some Exim SMTP clients fail to establish
a TLS session with Postfix SMTP servers because Exim enforces a
minimum prime size
On Tue, Sep 03, 2013 at 03:16:06PM +0200, Dr. Stephen Henson wrote:
Incidentally, I just noticed the undocumented
SSL_CTX_set_tmp_ecdh_callback(), which has the same interface as
SSL_CTX_set_tmp_dh_callback(3) and it seems is also called with
keylength equal to either 512 or 1024. What
On Tue, Sep 03, 2013 at 04:53:52PM +0200, Dr. Stephen Henson wrote:
The SSL_CONF_cmd interface in OpenSSL 1.0.2 and later might be
useful too. It's designed to provide a common format for configuration.
Thanks, I'll take a look at that when I get a chance. [ I'm still
concerned about the
On Mon, Sep 23, 2013 at 10:54:04AM -0400, Salz, Rich wrote:
Another option is to use LDAP's STARTTLS support on port 389.
It seems the config to require it is a bit obscure;
http://www.openldap.org/lists/openldap-technical/201202/msg00414.html
might be useful.
Note, the above is for
On Mon, Sep 23, 2013 at 11:27:06AM -0400, Salz, Rich wrote:
Note, the above is for enforcing STARTTLS on the server. If the
decision is left to the client, the configuration is less opaque.
And less secure. :)
If policy is to use SSL/TLS, then the server must enforce it;
trusting the
On Fri, Sep 27, 2013 at 07:49:06AM -0700, Roger Miller wrote:
My initial call to 'connect' was returning 'WSAEWOULDBLOCK' (to
be expected on a non-blocking socket).
At that point the appropriate thing to do is to select the socket
for write in your event loop. Once the socket reports ready
On Tue, Oct 08, 2013 at 02:52:33PM +0530, Mithun Kumar wrote:
I am getting the following error from openssl. Any inputs where things are
going wrong?
error:140A4044:SSL routines:SSL_clear:internal error
int SSL_clear(SSL *s)
{
if (s-method == NULL)
{
On Tue, Oct 08, 2013 at 06:00:39AM -0700, Rahul Tolani wrote:
I'm signing a CSR that is generated by Windows Phone.
But in that CSR I have a null character in the subject property.
You're not signing the CSR, the phone did that, which is why you
can't modify it. You're trying to issue a
On Wed, Oct 09, 2013 at 07:54:34PM -0700, Jeremy Friesner wrote:
If you're interested in trying to reproduce the fault yourself,
let me know and I can upload the code I'm testing with.
Are you using SSL_pending(), BIO_pending() or anything similar
anywhere in your code?
With SSL sessions
On Wed, Oct 09, 2013 at 10:46:35PM -0700, Jeremy Friesner wrote:
With SSL sessions created via SSLv23_method(), use of this primitive
will lead to the failure in question when invoked before the SSL
session has switched to SSLv3, TLSv1, ?
Aha! Yes, that appears to be my problem. As a
On Sun, Oct 20, 2013 at 02:00:27PM +0100, Michael Zintakis wrote:
Viktor Dukhovni wrote:
You left out the first three lines of the command which starts with:
$ (sleep 2; printf QUIT\r\n) | 2/dev/null \
openssl s_client -showcerts -starttls smtp -connect smtp.gmail.com:587
On Thu, Oct 24, 2013 at 11:52:36PM -0700, Patrick Pelletier wrote:
(For EC, the specified curve must also be acceptable to client(s) per
ClientHello extension,
which encourages using the callback or choosing a popular curve like P-256.)
So, my understanding is that if the tmp_ecdh is set to
On Fri, Oct 25, 2013 at 06:35:08AM -0700, LN wrote:
I mean in a typical usage of OpenSSL is it mandatory to call
SSL_CTX_set_tmp_dh() if I call SSL_CTX_use_certificate()
and SSL_CTX_use_PrivateKey().
No, this is optional.
I know that for RSA keys, for example, the session key exchange is
On Mon, Oct 28, 2013 at 11:48:22PM +0100, Luis Rocha wrote:
+ Filename topsecret.txt which only contains the character 'a'
+ Encrypt it with DES using CBC mode with key and iv = 0 produces the
result '32ea a0fa 4f77 fb92'
user@debian:~$ openssl enc -des-cbc -K 0 -iv 0 -nosalt -in
On Tue, Oct 29, 2013 at 03:18:44PM +0100, Luis Rocha wrote:
In the cryptool I'm only able to introduce the 8 bytes key and not the IV.
The documentation from CrypTool says CBC mode is used with zero
initialization vector and X.923 padding.
user@debian:~$ openssl enc -des-cbc -K
On Tue, Oct 29, 2013 at 03:54:50PM +0100, Luis Rocha wrote:
The X.923 padding attaches to a complete message block another block of
zeros: A = 00 00 00 00 00 00 00 00
I would expect the last padding byte to be 08, not 00, since 8 padding
bytes were added. PKCS#7 padding for the same complete
On Tue, Oct 29, 2013 at 05:26:39PM +0100, Luis Rocha wrote:
btw a interesting phenomenon where encrypting with the same key reveals the
plaintext.
There are two such keys among the 4 weak DES keys:
0101010101010101
fefefefefefefefe
1f1f1f1f1f1f1f1f
e0e0e0e0e0e0e0e0
On Wed, Oct 30, 2013 at 06:13:51PM +, Paul Suhler wrote:
Note that SHA-1 is being deprecated by NIST for generating new
signatures. You may want to consider a SHA-2 algorithm (e.g.,
SHA-224 or SHA-256). In principle it's still okay to *validate*
legacy signatures, e.g., SHA-1.
On Fri, Nov 01, 2013 at 09:56:10PM +0100, Walter H. wrote:
Which one of the following two is better (1) or (2)?
(1)
SSL_CIPHER=DHE-RSA-CAMELLIA256-SHA
$ openssl ciphers -v DHE-RSA-CAMELLIA256-SHA
DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA1
(2)
$ openssl ciphers -v DHE-RSA-CAMELLIA256-SHA
DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(256)
Mac=SHA1
$ openssl ciphers -v AES128-SHA256
AES128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(128)
Mac=SHA256
Does your application need to
On Sun, Nov 03, 2013 at 06:18:38PM +0100, Walter H. wrote:
how would I define forward-secrecy on Apache webserver?
If the server negotiated both ciphers, it already supports
forward-secrecy (aka PFS) if the client does too.
What about a browser that shows this
SSL_CIPHER=RC4-MD5
On Thu, Nov 07, 2013 at 12:29:13PM +, Ben Arnold wrote:
I am using SSL_CTX_set_client_cert_cb to provide the client
certificate when needed. I have a problem in that OpenSSL 1.0.1e
does not trigger this callback for all websites that I expect it
to, only some. Instead on the failing
On Thu, Nov 07, 2013 at 03:51:38PM -0500, Dave Thompson wrote:
To support the (four original) SHA-2 hashes as such, yes.
But: if you want to sign (and I think verify?) SHA2 and DSA or ECDSA,
you need the new signature/hash mechanism in 1.0.0, and if
you want TLSv1.2 suites using
On Fri, Nov 08, 2013 at 01:37:21PM +0200, Serhat Sevki Dincer wrote:
On windows 7 with OpenSSL 1.0.1e, I get the following output:
$ openssl.exe genpkey -out priv.pem -aes128 -algorithm EC -pkeyopt
ec_paramgen_curve:secp224r1
parameter setting error 3512:error:06089094:digital envelope
On Fri, Nov 08, 2013 at 01:37:21PM +0200, Serhat Sevki Dincer wrote:
what's the correct commandline?
You can alternatively generate ec keys with ecparam(1):
$ umask 077
$ openssl ecparam -genkey -name prime256v1 |
openssl pkey -aes128 -out priv.pem
--
Viktor.
1 - 100 of 1328 matches
Mail list logo
