On Tue, 2008-12-23 at 07:55 -0500, John A. Sullivan III wrote: > Hello, all. We're in a bit of a panic here this morning. After working > through various issues, we were delighted to be ready to move OpenCA > 1.0.2 into production. However, in this morning's testing, we found the > PKCS#12 packages we issued for use with OpenVPN failing. > > The error from OpenVPN is: > TLS_ERROR: BIO read tls_read_plaintext error: error:04067069:rsa > routines:RSA_EAY_PUBLIC_DECRYPT:pkcs1 padding too short > > >From the little we've been able to find, this could be a key length > error. In version 0.9.2, we simply told it to use a key length of 1024. > In 1.0.2, I gather that is now a function of the combination of LOA and > key strength. We chose Low and Base assuming that gave us a 1024 key. > When we check the key, it claims to be 1024. The 0.9.2 packages are > working just fine. Any idea what changed and how to fix it? Thanks - > John I should mention we are using server side key generation - John -- John A. Sullivan III Open Source Development Corporation +1 207-985-7880 jsulli...@opensourcedevel.com
http://www.spiritualoutreach.com Making Christianity intelligible to secular society ------------------------------------------------------------------------------ _______________________________________________ Openca-Users mailing list Openca-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-users
