Hi!
Some manual pages about SSL_CTX_load_verify_locations() and friends.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel
ce hpux-parisc-$CC
> with many consequences.
> despite the correct finding that my machine is a
> "Operating system: 9000/42T-hp-hpux"
Who in hell stops you from calling
perl Configure hpux-cc
(-gcc)???
Regards,
Lutz
--
Lutz Jaenicke
hown here "Missing library symbol table in ../libssl.a"
doesn't seem to be related to "-ldl". I would rather say, that something
strange happened during an "ar" run (as ranlib on HP-UX is no-op).
Please check whether you see something strange during the c
't be able to write this manual page
before 0.9.6 release date..]
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +
and added SSL_CTX_set_ssl_version.
Best,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-030
Hi!
copying pages as skeleton to new ones is not always the best idea...
Please find attached two typos and two new pages.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke
Another small chunk of manual pages,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044
Appended two corrections, one extension and one new manpage.
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
X 9.X targets I left untouched. It is a long time ago I have seen one
and moemory is slowly fading.
Hopefully, somebody else will go over it add his 0.02 Swedish Krona
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU
sible combination.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus
Hi!
I have just finished some manual pages about SSL_CIPHER handling to be
added to doc/ssl.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik
ot; for HP-UX 10 and 11, not for 9.x
So probably we should differentiate between 9.x (which has its own
targets anyway without -D_REENTRANT) and the 10/11.x targets which will
get the -D_REENTRANT fix inside Configure and ./config will leave it
alone in the future!?
Best regards,
Lutz
--
set verify_result=1.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus
change the title to
SSL_clear - Reset SSL to allow another connection
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel.
ges being ready and a list being prepared...
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus
good one, and with the
side effect given on windows (a startup time of a client of 1 minute as you
described is not acceptable) I think that it will be reconsidered.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.T
n enough entropy added via RAND_add().
There would be another way in simply not using implicit seeding at all and have
RAND_status() and RAND_bytes() do what it should in this case: fail.
But this of course would further increase the amount of confused people on the
mailing list asking for t
1,16,long) idea(int)
blowfish(idx)
compiler: gcc -DTHREADS -DDSO_DL -D_REENTRANT -O3 -DB_ENDIAN -DBN_DIV2W
***
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgem
regarded it as
> anomalous and wouldn't be sorry to see this changed.
I am not sure whether my knowledge of this part of the code is intimate
enough to propose a change. I will have a look into the source anyway.
Best regards,
Lutz
--
Lutz Jaenicke
documenting these things.
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69
have a look into your rand_egd.c changes, I don't don't have the
slightest clue of Perl, though :-) (So in a certain sense we complement
each other :-))
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.
ed to 0 in ssleay_rand_cleanup().
Impact: probably small, since RAND_bytes() is probably called directly
after RAND_cleanup() only under test conditions.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-
debian package was not specially compiled).
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetspl
"openssl verify" does not give a full list of its options, especially
the [-purpose] is missing (-purpose is listed in the manpage).
Make usage information consistent with manpage.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
B
es into the
TLS-engine and what goes out on both sides of the TLS-engine.
Best regards,
Lutz
PS. Following actual statements on this list the discussion should be
moved to openssl-users!
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http:/
s blocking behaviour.
Details have been discussed on the openssl-* mailings lists in the recent
past. Please check the mailing-list archives and search for "non-blocking"
or e.g. SSL_ERROR_WANT_READ (a typical state that occurs during non-blocking
I/O).
Best regards,
Lutz
--
ree(TLScontext->network_bio);
with the sequencing (SSL_free() or BIO_free() first) being of no importance...
Did I get this right?
Best regards,
Lutz
PS. To be part of Postfix/TLS-0.6.10, to be released after straightening
out this issue.
--
Lutz Jaenicke
...
client_version
The latest (newest) version supported by the client. This is
used to detect version roll-back attacks. ...
I have also crosschecked with the latest SSLv3 specifications found at
Netscape and the corresponding paragraph is the same.
Hence, the Stalker imp
On Tue, May 16, 2000 at 02:30:51PM +0200, Bodo Moeller wrote:
> On Tue, May 16, 2000 at 09:05:16AM +0200, Lutz Jaenicke wrote:
>
> > The absolut minimum amount of seed is 16 bytes. If EGD is not drained, one
> > call to RAND_egd() will give you 255 bytes.
> > So depending
; > is not yet aware of that change. Please contact Michal and kindly ask him
> > for an update of his widly used package.
>
> Thanks very much, I'll try that tonight...
Good luck,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Co
indicate the changes needed
> to be there (I don't see any RAND_seed() or RAND_add() calls at all in the
> stunnel sources).
I don't know about Michal Trojnara's intentions.
The release of stunnel 3.8 predates the release of OpenSSL 0.9.5 (the first
release forcing correct seed
set in the request, so yes, openssl ca
is on the save side.]
As I always tend to say to my students: I am not interested in what you
believe, your religion is free, I am interested in what you know :-)
Thanks for the clarification,
Lutz
--
Lutz Jaenicke [EMAIL PR
msg_info("%lu:%s:%s:%d:%s:", es, ERR_error_string(l, buf),
file, line, data);
else
msg_info("%lu:%s:%s:%d:", es, ERR_error_string(l, buf),
file, line);
}
}
[end of snippet]
with msg_inf
u probably have weak RAM in your system...
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetspla
1024-RC4-SHA:EXP1024-DES-CBC-SHA:EXP-RC4-MD5:EXP-RC2-CBC-MD5
CIPHER is RC4-MD5.
Then use your client to compare the result.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl All
On Wed, Apr 05, 2000 at 01:31:07PM +0200, Lutz Jaenicke wrote:
> The client _can_not_ successfully cache sessions. The reason is, that
Ooh, this was not expressed very clear. I wanted to say: the OpenSSL
LIBRARY can not automatically supply a client session from the cache.
The client APPLICAT
ation is responsible to make that choice.
Store the session externally and then use the SSL_set_session() call to
choose the session just before the SSL_connect().
(There was an answer about how to retrieve sessions from Geoff Thorpe earlier
today.)
Best regards,
Lutz
--
Lutz Jaenicke
sible choice on the seeding. I use EGD on HP-UX, please
make sure to only use the latest version 0.7, it was just discovered, that
older versions had a bug so that the available entropy was not used as
intended.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECT
e seperate file mentioned above...
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D
e.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus
return (-1);
> printf ("Session len : %d value : %s\n", retval, buf);
>
Here, prepare another
p = &buf;
and it should work.
> new_session = d2i_SSL_SESSION (&new_session, &p, retval);
>
Just been there myself. If you check carefully
our/egd-socket read 255 > $HOME/.rnd
for initial seeding. The problem will be gone in future.
(Of course check for error messages in the file.)
Maybe future versions of OpenSSL will also have the "-rand" option for
s_server...
Best regards,
Lutz
--
Lutz Jaenicke
On Wed, Mar 01, 2000 at 05:25:47PM -, Anonymous remailer wrote:
> Lutz Jaenicke wrote:
> > After having applied the patch and recompiled the necessary items,
> > I am now proud owner of both a +O3 +Oall and a +O4 +Oall share library set.
>
> It might be interesting to
On Wed, Mar 01, 2000 at 05:25:47PM -, Anonymous remailer wrote:
> Lutz Jaenicke wrote:
> > After having applied the patch and recompiled the necessary items,
> > I am now proud owner of both a +O3 +Oall and a +O4 +Oall share library set.
>
> It might be interesting to
-> libssl.so.1
-r-xr-xr-x 1 root sys 283806 Mar 1 13:38 libssl.so.1
-r--r--r-- 1 root sys 341268 Mar 1 13:38 libssl_pic.a
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.ae
quot; message per line, but well, I don't
do it that often. There is another warning about building shared libraries
with optimization > +O2 anyway :-)
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbu
-DMD32_XARRAYBN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
This is the same target as in hpux-parisc-cc, but +O3 replaced with +O4.
I cannot work around it with Configure call, since the flags passed
are _prepended_ and so the +O3 in Configure would win...
Best regards,
Lu
to seed the PRNG.
Hey, OpenSSL maintainers, please put a big red sticker onto the HTML-pages
or even let an extra window pop up with this hint :-)
Otherwise I already predict the major topic in the OpenSSL mailing lists
for the next days...
Best regards,
Lutz
--
Lutz Jaeni
; Out of curiosity, which version of HP-UX?
10.20
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
yes, I know its old :-)
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044
-DBN_DIV2W
-DMD32_XARRAY
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044
)
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax.
tot+=RAND_egd(n);
tot+=RAND_load_file(n,1024L*1024L);
Hence, "tot" will yield "-1":
ws01 222: ./openssl genrsa -out somekey.pem -rand /does/not/exist
-1 semi-random bytes loaded
Generating RSA private key, 512 bit long modulus
...
Best regards,
Lutz
--
Lutz Jaeni
uer before before signing.
(I just started experimenting with dNSName usage and don't feel confident
enough to already provide a patch myself).
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/pe
Maybe you can include the script and makefile into shlib/ or decide to
implement a "contrib/" hierarchie.
Best regards,
Lutz
PS. And don't forget, that the basic idea is from anonymous, not mine :-)
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cot
On Wed, Feb 23, 2000 at 06:45:46PM +0100, Bodo Moeller wrote:
> On Wed, Feb 23, 2000 at 02:32:32PM +0100, Lutz Jaenicke wrote:
> > I have just tried it with latest SNAPSHOT on HP-UX 10.20.
> > Could reproduce the problems.
>
> www.rsasecurity.com does not count because th
gt; a single byte in return to the Client Hello (same problem with OpenSSL
> 0.9.4, and with Netscape).
Hi,
I have just tried it with latest SNAPSHOT on HP-UX 10.20.
Could reproduce the problems.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU
e macro like
#define RAND_POOL_LENGTH 1024
to rand.h.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Unive
quite uncomfortable with OpenSSL since the openssl.cnf file
must be changed according to the certificate you want to generate. One
can have more than one dNSName field, but then the cnf file must have the
number of dNSName fields reserved!?
Best regards,
Lutz
--
Lutz Jaenicke
is based on) return 0?
I tracked it down this morning, it is in x509_d2.c.
Please check for a mail in openssl-dev named
[BUG] Reading CAfile returns wrong result with more than one cert
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus
ed, an erronous
error is reported.
Proposed fix: change the failure condition to
if (X509_LOOKUP_load_file(lookup,file,X509_FILETYPE_PEM) <= 1)
return(0);
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus h
querying it being quite simple.
a. Could you thing of including EGD support into the apps/?
b. Can you give recommondations on the number of bytes needed to seed
the PRNG? Consider me using EGD
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED
and s_server seem to work (next thing to try will be Postfix/TLS).
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 6
*x)
{ return ASN1_STRING_data(x); }
Probably there was meant:
{ return M_ASN1_STRING_data(x); }
???
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotech
On Mon, Feb 14, 2000 at 09:58:43PM +0100, Ulf Möller wrote:
> On Sun, Feb 13, 2000 at 08:27:13PM +0100, Lutz Jaenicke wrote:
>
> > tomorrow morning. I typically call Configure directly, because the "perl"
> > in the default path is perl4 and a "perl5 Config
BTW, what are
> you used to, config or Configure? Note that there're new unified config
> lines, namely hpux-parisc-cc, hpux-parisc-gcc and hpux64-parisc-cc.
Ok, I have just checked hpux-parisc-cc and it does compile without problem.
Best regards,
Lutz
--
Lutz Jaenicke
enssl with shared libraries. I have
extended it a bit so that I run +O4 shared libs and apps with +O3 static
libs, since the shared libs are optimized while building the libs, so the
actual linking to applications is fast. It might take some minutes more
tweaking before I can re-publish
_XARRAY
in "Configure" so that the mechanism is visible and documented. My experience
with "magically" obtained machinery/compiler properties are not the best
and tracing through the source and/or a "machdep.h" to find out what
alternative of the code is used dep
s in SHA_ARRAY at rmd_dgst.c:295, including
your respective comment... As of now the "ccom" has spend 12 minutes
on this file, I will leave it running for some more time. Maybe it will
terminate, but I guess it won't.
Best regards,
Lutz
--
Lutz Jaenicke
sult as of now: +O3 and +O4 do not work on HP-UX 10.20 (and probably
with 11.0) as of the latest snapshots, even with tons of memory.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/perso
?? Otherwise the default should not be
+O4 or +O3 in order to avoid complaints...
Best regards,
Lutz
PS. I checked my archive, similar information was posted by "anonymous" on
Date: Mon, 8 Nov 1999 17:59:37 +0100 (CET)
Message-Id: <[EMAIL PROTECTED]>
From: Anonymous <[EMAIL PR
Hi,
in crypto/pkcs7/Makefile.ssl a "make clean" leaves over the testapps
"enc", "dec", "sign", and "verify".
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-
names beginning with "ADH", e.g.
"ADH-DES-CBC-SHA". The length must also be checked.
Please find attached the fixed version B.04.
Best regards,
Lutz Jaenicke
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU
n evaluation of the available
certs, because this further restricts the available certificates, see
ssl3_choose_cipher().
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
into an endless loop.
Reproduce with "openssl s_server -cipher DEFAULT:=aRSA".
I have appended the README for the complete patch and attached the patch
itself and its PGP signature file.
Regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus
On Tue, Dec 14, 1999 at 01:58:17PM +0100, Ulf Möller wrote:
> On Tue, Dec 14, 1999 at 10:20:47AM +0100, Lutz Jaenicke wrote:
>
> > - There is (unfortunately) no "official" way to submit bug reports or patches
> > listed. There is openssl-bugs, which is however gate
ook me longer to reverse engineer the old function than rewriting it...
- Then AUDIT the complete OpenSSL package itself :-) Since I write software
using the OpenSSL library and the documentation (users/API) is ... thin,
I have to go directly to the code sometimes: I don't want to have to
ch was partly inspired by Ben Laurie in private communication.
Best regards,
Lutz Jaenicke
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik
fig no-asm does nothing. using an updates RH 6.0 box
On my SuSE 6.2 I have:
/usr/include/asm -> ../src/linux/include/asm-i386
So the kernel sources must be installed. Probably the same is true for
RH 6.0 (even though my errno.h and bits/errno.h seem to be different
and to not require asm/er
ded in CAfile are listed to the client as
available for checking. You can however influence this list using the
SSL_CTX_set_client_CA_list() call.
(From memory, hopefully I got it right :-).
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Co
e() and a lot of other
similar routines, where you of course have to take care of your pointers
yourself.
Regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik
break binary compatibility (and this should be done
as seldom as possible), I would like to hear opinions and maybe proposals
for further improvements/enhancements.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU
On Thu, Oct 14, 1999 at 10:54:12AM +0100, Ben Laurie wrote:
> Lutz Jaenicke wrote:
> SSL_IS_EXPORT checks for either, so this isn't the problem.
Ok, spend some more hours walking through ssl_ciph.c and I think by now
I do know what is going on :-)
When assembling the list of ciphers,
g into it even deeper, sigh.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplat
On Thu, Oct 14, 1999 at 10:32:20AM +0200, Lutz Jaenicke wrote:
> From the source code I think, part of the problem is the "exportable" check
> with SSL_IS_EXPORT (and derivatives of this macro), since there is a
> EXPORT56 check macro available, but I don't see it actuall
On Wed, Oct 13, 1999 at 06:29:32PM +0200, Lutz Jaenicke wrote:
> > Speaking of which, now that Netscape (at least) ship a client that
> > supports the new 56/1024 bit ciphersuites, should we switch them on?
>
> Hmm, I tried them and they did work with Netscape.
> I however a
1:24 ws01 postfix/smtp[26638]: TLS connection established: TLSv1 with
cipher EXP1024-RC4-SHA (56/128 bits)
Oct 7 19:01:24 ws01 postfix/smtp[26638]: 4C18F82BB: to=<[EMAIL PROTECTED]>,
relay=serv01.aet.tu-cottbus.de[141.43.132.161], delay=1, status=sent (250 Ok: queued
as DBB0
using one of the available OpenSource RFC2487
implementations.
You can start with mine at
http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls
and by having a look into my references you can check the others.
Regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTE
"+O4" it during the finale link stage.
And, please patch up your compiler to the latest patchlevel. You can
download the patches for free and I really had problems at high optimization
levels that went away with the latest patchlevels.
Best regards,
Lutz
--
Lutz Jaenicke
.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax
t stuff can download the patch at
ftp://ftp.aet.tu-cottbus.de/pub/postfix_tls/related/openssl-patch/
Best regards,
Lutz Jaenicke
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allge
701 - 791 of 791 matches
Mail list logo
