You can leave out some of the ciphers during configuration using something like
e.g.:
./Configure gcc no-err no-bf no-camellia no-cast no-dsa no-idea no-krb5 no-md4
no-rc2 no-rc4 no-ripemd no-ripemd160 no-ec no-sha0 no-sha512 no-hw no-comp
- Matthias
This elect
The expiration time is checked by the client. If you want to turn checking off,
you have to modify the client. But this is what you wanted to avoid.
So the best thing you can do right now is to create a new certificate, this
time with a long expiration time, e.g. 100 years.
Matthias
__
this create some security risks?
What is the advantage of using session tickets instead of session IDs?
Can SSL session tickets be used with some kind of external cache?
Thanks,
Matthias Meixner
-Ursprüngliche Nachricht-
Von: owner-openssl-us...@openssl.org [mailto:owner-openssl
Hello!
When upgrading to version 0.9.8r my system stopped supporting session
resumption.
It looks like session tickets are the reason for this.
I was using some external session cache to support session resumption on a
cluster
of servers where it should be possible that each server in the clu
r this information, I will see how far I get.
- Matthias Meixner
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated L
Hello Lou,
my program should behave just like a browser, i.e. it should be capable of
accepting certificates without having to install the root CA cert.
- Matthias Meixner
Von: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
Im Auftrag
ly the brute force way of using the verify callback, reading all the
certificates from CAfile and comparing them manually with the server
certificate?
Regards,
Matthias Meixner
__
OpenSSL Project