Self signed cert
Hi all Out of interest, is there anyone on this list using a self sighned cert with a mailserver on the internet, using TLS. The reason I ask this, is because I dont want to have to pay verislim and co, for something I know I can do myself. If anyone is using / doing this, have had any problems / or bad experiences by using TLS with mail delivery Just Something I was thinking. Kind Regards Brent Clark __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
"MEDIUM" keyword in ciphers
Hi, There is a question about openssl command option "ciphers". When I used a "MEDIUM" keyword, ciphersuites of AES128bit were included in a list of ciphersuites in OpenSSL0.9.7g. -- C:\openssl-0.9.7g\out32>.\openssl.exe OpenSSL> version -v OpenSSL 0.9.7g 11 Apr 2005 OpenSSL> ciphers -v MEDIUM ADH-AES128-SHA SSLv3 Kx=DH Au=None Enc=AES(128) Mac=SHA1 DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1 DHE-DSS-AES128-SHA SSLv3 Kx=DH Au=DSS Enc=AES(128) Mac=SHA1 AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1 DHE-DSS-RC4-SHA SSLv3 Kx=DH Au=DSS Enc=RC4(128) Mac=SHA1 IDEA-CBC-SHASSLv3 Kx=RSA Au=RSA Enc=IDEA(128) Mac=SHA1 RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1 RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 ADH-RC4-MD5 SSLv3 Kx=DH Au=None Enc=RC4(128) Mac=MD5 IDEA-CBC-MD5SSLv2 Kx=RSA Au=RSA Enc=IDEA(128) Mac=MD5 RC2-CBC-MD5 SSLv2 Kx=RSA Au=RSA Enc=RC2(128) Mac=MD5 RC4-MD5 SSLv2 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 However, ciphersuites of AES128bit were not included in a list of ciphersuites after OpenSSL0.9.7h. When I used a "HIGH" keyword instead, ciphersuites of AES128bit were included in a list of ciphersuites. -- C:\openssl-0.9.7i\out32>.\openssl.exe OpenSSL> version -v OpenSSL 0.9.7i 14 Oct 2005 OpenSSL> ciphers -v MEDIUM DHE-DSS-RC4-SHA SSLv3 Kx=DH Au=DSS Enc=RC4(128) Mac=SHA1 IDEA-CBC-SHASSLv3 Kx=RSA Au=RSA Enc=IDEA(128) Mac=SHA1 RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1 RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 ADH-RC4-MD5 SSLv3 Kx=DH Au=None Enc=RC4(128) Mac=MD5 IDEA-CBC-MD5SSLv2 Kx=RSA Au=RSA Enc=IDEA(128) Mac=MD5 RC2-CBC-MD5 SSLv2 Kx=RSA Au=RSA Enc=RC2(128) Mac=MD5 RC4-MD5 SSLv2 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 OpenSSL> ciphers -v HIGH ADH-AES256-SHA SSLv3 Kx=DH Au=None Enc=AES(256) Mac=SHA1 DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1 DHE-DSS-AES256-SHA SSLv3 Kx=DH Au=DSS Enc=AES(256) Mac=SHA1 AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 ADH-AES128-SHA SSLv3 Kx=DH Au=None Enc=AES(128) Mac=SHA1 DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1 DHE-DSS-AES128-SHA SSLv3 Kx=DH Au=DSS Enc=AES(128) Mac=SHA1 AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1 EDH-RSA-DES-CBC3-SHASSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1 EDH-DSS-DES-CBC3-SHASSLv3 Kx=DH Au=DSS Enc=3DES(168) Mac=SHA1 DES-CBC3-SHASSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1 ADH-DES-CBC3-SHASSLv3 Kx=DH Au=None Enc=3DES(168) Mac=SHA1 DES-CBC3-MD5SSLv2 Kx=RSA Au=RSA Enc=3DES(168) Mac=MD5 -- Will this be specifications change? In addition, in a manual of OpenSSL it is described that MEDIUM is ciphersuite which used a 128bit code. >From http://www.openssl.org/docs/apps/ciphers.html# -- MEDIUM ``medium'' encryption cipher suites, currently those using 128 bit encryption. -- Takurou Saitou __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: X509_verrify_cert worked in 0.9.7c but not in 0.9.8
Well. I figured this out. The problem is, we were using the system header files (OpenSSL-0.9.7e) to build the binary, but we were linking in the 0.9.8a static library. I added the 0.9.8a header files to the include path, and the problem went away. On Wed, 2005-09-28 at 17:58 -0600, Jeff Davey wrote: > On Thu, 2005-09-29 at 01:50 +0200, Dr. Stephen Henson wrote: > > Sorry I must have missed that. Can you send a report to RT? Do you get the > > same problems using the verify utility? That should pretty much make the > > same > > calls. If you do please include the certificates and the command line you > > used. > > > I'll spend some time tomorrow trying to replicate this problem using the > verify utility (end of the day here at the office). > > I'm not sure what you mean by "Can you send a report to RT?" > > > > > __ > OpenSSL Project http://www.openssl.org > User Support Mailing Listopenssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] > > __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
[EMAIL PROTECTED]: Help on OpenSSL]
Forwarded to the openssl-users list. Best regards, Lutz - Forwarded message from Adnan Shaheen <[EMAIL PROTECTED]> - X-Original-To: [EMAIL PROTECTED] X-Original-To: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=p77PJvZkutOs9vYdjJPWlImR5B1wRhbAcykGprpV0LyzJB4RXi90Y7/4h+Ugb4MXoGjLTn5AEdxJ0hpA8t3Yk4JGIa2M+W2jULvhX5KjV2smsdZBY/W6YmQgvsy3kmKryRAu81Y8Kh0tgs/FaUM3YtRgUbqqS86h5Q3jK6Ziuu4= Date: Tue, 15 Nov 2005 23:29:48 -0800 From: Adnan Shaheen <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Help on OpenSSL X-Virus-Scanned: by amavisd 0.1 X-Virus-Scanned: by amavisd 0.1 Hello! This is a new developer, and I want some help in adding the openssl project in my Project. I have written a makefile for my project, what should I do to add the OpenSSL to my project. Remember I am working on SuSE Linux. -- Regards: Adnan Shaheen. +92-333-962-7637 Islamabad, Pakistan. - End forwarded message - -- Lutz Jaenicke [EMAIL PROTECTED] http://www.aet.TU-Cottbus.DE/personen/jaenicke/ BTU Cottbus, Allgemeine Elektrotechnik Universitaetsplatz 3-4, D-03044 Cottbus __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]