On Tue, 2002-06-04 at 09:26, Umesh wrote: > Hi, > > I am using openssl-0.9.6d to establish a secure web server. I am having > some > problems with the DES-CBC3-SHA (TLS_RSA_WITH_3DES_EDE_CBC_SHA)cipher > suite. Details below: > > Platform: Unix. > - openssl req -x509 -new -keyout srvkey.pem -out srvcert.pem -days 365 > -newkey rsa:1024 -nodes > > - openssl s_server -cert srvcert.pem -key srvkey.pem -cipher > DES-CBC3-SHA -WWW > (I intend to use only one cipher suite, DES-CBC3-SHA). Run this command with the "-state" argument as well and include the output in the email. That would give a better indication as to what went wrong.
> > - I create/copy a html file (say temp.html) to the directory where I ran > the above commands. > > - I tried to connect from a browser using https://IP > ADDRESS:PORT/temp.html > > (PORT=default)In Internet Explorer I get an error: "The page cannot be > displayed". > I get this error even after I install the certificate. In Netscape, I am > able to install the certificate and successfully open the html page. > > This problem does not arise in openssl-0.9.6b version. > This problem does not arise in openssl-0.9.6d, if I am using low > encryption > strengths (128 bit or 40 bit). > > I have read the CHANGES document (from 0.9.6b to 0.9.6d) and it mentions > some > changes (from 0.9.6b to 0.9.6c) for block cipher padding. I read the > details > of the new padding method in http://www.openssl.org/~bodo/tls-cbc.txt, > but that > didn't help much. > > Can anyone suggest a solution for my problem? > > -Umesh > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
