Re: SUIT-B supported cert/keys
anyone? -- View this message in context: http://openssl.6102.n7.nabble.com/SUIT-B-supported-cert-keys-tp45753p46006.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
SUIT-B supported cert/keys
Hi all, Please guide me how to negotiate over SUIT-B supported cipher (TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384) in a TLS based connection. What sort or keys and certs are required to make it possible? Is there any specific criteria? and how can i achieve this with openssl? Thanks to all -- View this message in context: http://openssl.6102.n7.nabble.com/SUIT-B-supported-cert-keys-tp45753.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Any issue in these instruction?
Thankyou Dave Thompson for your detailed answer. Being new with openssl stuff, i have very little knowledge of what these instruction were actually doing. I have extracted set of these instruction from a script doing rsa with SHA1, and i wanted it to convert to ECC with SHA256 based encryption and that's is all. So, i just thought to change key type (EC) , at first and then move on with sha256. Can you give me an example how can i acquire the desired results from those instructions? -- View this message in context: http://openssl.6102.n7.nabble.com/Any-issue-in-these-instruction-tp45673p45705.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Installing openssl-devel-1.0.1e
After wasting 9 hours, i tried yum --enablerepo=axivo install openssl-devel and thats all! -- View this message in context: http://openssl.6102.n7.nabble.com/Installing-openssl-devel-1-0-1e-tp45647p45671.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Any issue in these instruction?
openssl ecparam -name secp160r2 -out CA_CURVE.pem openssl req -out cacert.pem -new -x509 -keyout cakey.pem -newkey ec:CA_CURVE.pem -nodes -days 600 -sha1 openssl req -new -out TMPFILE.req -newkey ec:CA_CURVE.pem -keyout TMPFILE.key -nodes -sha1 openssl x509 -req -CAkey cakey.pem -CA cacert.pem -CAcreateserial -in TMPFILE.req -out TMPFILE.crt -days 600 -sha1 Any problem here? -- View this message in context: http://openssl.6102.n7.nabble.com/Any-issue-in-these-instruction-tp45673.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Installing openssl-devel-1.0.1e
Hi , I have installed openssl 1.0.1e, using rpm -ivh --nosignature http://rpm.axivo.com/redhat/axivo-release-6-1.noarch.rpm yum --enablerepo=axivo update openssl Now i need to install devel package too. when i do yum install openssl-devel. i see warnings and log such as: Protected multilib versions: openssl-1.0.0-27.el6_4.2.i686 != openssl-1.0.1e-1.el6.x86_64. My repo trying to insyall openssl-1.0.0, but it is in conflict with 1.0.1e version. what is the clean way to sort this issue. -- View this message in context: http://openssl.6102.n7.nabble.com/Installing-openssl-devel-1-0-1e-tp45647.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Problem with cipher suite ECDHE-ECDSA-AES256-SHA384
Hi, Could you help where do i need to change the method from TLSv1_2_server_method() to SSLv23_server_method() . Which files(s) need to be addresses? -- View this message in context: http://openssl.6102.n7.nabble.com/Problem-with-cipher-suite-ECDHE-ECDSA-AES256-SHA384-tp42229p45461.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Restricting ciphers list to RSA only in Client Hello
hi Kshirsagar, I am into the same scenario, can you tell me at which end you are setting the cipher list? Do we have to make changes on client application end ? The parameters you mentioned, SSL_DEFAULT_CIPHER_LIST, can be seen on server end , into openssl ssl.h file. Could you describe what changes can be done on server end to get the required cipher ? I have Linphone at app end, openssl version 1.0.0 And SIP Server | openssl 1.0.1c. -- View this message in context: http://openssl.6102.n7.nabble.com/Restricting-ciphers-list-to-RSA-only-in-Client-Hello-tp28933p45378.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
SUIT-B implementation
Hi all, i am very new to openssl, or you can say not a user of openssl. I am facing a scenario where SSL encryption is required at TLS layers for security purposes. This belongs to VoIP systems where signalling has to be encrypted. I have a requirement of doing all encryption in SUIT-B standard. By now, i have a pre-built scripts that use openssl to generates certs and keys:, The script is attached gentls_cert http://openssl.6102.n7.nabble.com/file/n45318/gentls_cert Default set to: Signature Algorithm: sha1WithRSAEncryption Public Key Algorithm: rsaEncryption What do i have to do in order to make encryption according to SUIT-B standard, and where do i need to look upon. Thank Looking forward -- View this message in context: http://openssl.6102.n7.nabble.com/SUIT-B-implementation-tp45318.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org