Re: [twsocket] Disabling SSLv2 for PCI compliance
I am not sure. I just need the ability to force the SSL client to avoid using SSLV2. Regards, SZ On Fri, Jan 29, 2010 at 8:55 PM, Arno Garrels wrote: > Fastream Technologies wrote: > > Hello, > > > > In version ICS-SSLv6, this was working well with the same app code > > but in latest ICSv7, customers are unable to disable SSLv2 for PCI > > compliance (a security standard from VISA). Does anybody have any > > tested code for this? > > I found this issue and posted it to the OpenSSL mailing list in Oct. 2009, > with no reply, it's probably the same issue: > > "My client uses sslv23_method() with SSL_OP_NO_SSLv2 in > SSL_CTX_set_options. > Since I upgraded to v0.98k the handshake with one particular server fails > with error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert > handshake > failure. With OpenSSL v0.98i and earlier no problem at all." > > -- > Arno Garrels > -- > To unsubscribe or change your settings for TWSocket mailing list > please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket > Visit our website at http://www.overbyte.be > -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] TnEmulVT: How to assign the FLogFileName dynamically or from object
> How do I accomplish this? The line below appears to override > attempts to set the property at run time. > > FLogFileName := 'EMULVT.LOG'; // angus V6.01 That line simple sets the default file name, which can then be changed by the LogFileName property, before calling the Log property to start logging. What is your actual problem? Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] TnScript: Changes needed to make it work with Delphi2010?
I have some utilities based on TnScript that work fine with Delphi-7 and the latest ICS. The same program when compiled with Delphi2010 does not recognize the add event strings in the telnet session. I'm assuming this is another case where judicious application of ansiString is needed to accommodate the unicode changes in Delphi2010? Please be more specific in describong: "does not recognize the add event strings in the telnet session". Which error, which source code ? -- francois.pie...@overbyte.be The author of the freeware multi-tier middleware MidWare The author of the freeware Internet Component Suite (ICS) http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Disabling SSLv2 for PCI compliance
Fastream Technologies wrote: >> I found this issue and posted it to the OpenSSL mailing list in Oct. >> 2009, with no reply, it's probably the same issue: >> "My client uses sslv23_method() with SSL_OP_NO_SSLv2 in >> SSL_CTX_set_options. >> Since I upgraded to v0.98k the handshake with one particular server >> fails with error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 >> alert handshake >> failure. With OpenSSL v0.98i and earlier no problem at all." > I am not sure. I just need the ability to force the SSL client to > avoid using SSLV2. Yes that's it, this used to work against all servers with OpenSSL v0.98i and earlier, however fails against _some_ with v0.98k. -- Arno Garrels -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Disabling SSLv2 for PCI compliance
Anyway, any workaround for this? On Sat, Jan 30, 2010 at 11:16 AM, Arno Garrels wrote: > Fastream Technologies wrote: > > >> I found this issue and posted it to the OpenSSL mailing list in Oct. > >> 2009, with no reply, it's probably the same issue: > >> "My client uses sslv23_method() with SSL_OP_NO_SSLv2 in > >> SSL_CTX_set_options. > >> Since I upgraded to v0.98k the handshake with one particular server > >> fails with error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 > >> alert handshake > >> failure. With OpenSSL v0.98i and earlier no problem at all." > > > I am not sure. I just need the ability to force the SSL client to > > avoid using SSLV2. > > Yes that's it, this used to work against all servers with OpenSSL > v0.98i and earlier, however fails against _some_ with v0.98k. > > -- > Arno Garrels > > > -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Disabling SSLv2 for PCI compliance
Fastream Technologies wrote: > Anyway, any workaround for this? No. I simply moved back to v0.98i. You could try latest ICS v7 with v0.98k and the HTTPS demo and see whether that fixes the issue. In latest ICS v7 support for "Tickets" was disabled, that _might_ have fixed it. -- Arno Garrels -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be