We have got FIPS 140-1 certification using the OpenSSL crypto library and I
believe there are other VPN vendors who have done this. A lot of it is
documentation. On the code side, you must use only approved encryption and
hash algorithms: 3DES (DES) and SHA-1 (not MD5). AES obviously has been
Openssl-0.9.6g on WindowsXP/Windows2000 + MS Visual Studio 6.0 SP5
I created everything with
perl Configure VC-WIN32 no-threads (used ActiveState ActivePerl 5.6)
ms\do_ms
nmake -f ms\ntdll.mak
If I try
cd out32dll
..\ms\test
I get
ideatest.exe: unable to find ordinal 879 in libeay32.dll
Openssl-0.9.6g on WindowsXP/Windows2000 + MS Visual Studio 6.0 SP5
I created everything with
perl Configure VC-WIN32 no-threads (used ActiveState ActivePerl 5.6)
ms\do_ms
nmake -f ms\ntdll.mak
If I try:
..\bin\openssl ca -days 3650 -policy policy_anything -out
.\dealer\newcert.pem -infiles
Any chance of making progress on this?
As a reminder, the issue is that the Kerberos ciphersuites in OpenSSL do
not use the IDs defined in RFC2712, which obviously has negative effects
on interoperability.
Thanks,
Andreas.
On Mon, Sep 30, 2002 at 10:01:35AM -0500, Ben Lindstrom wrote:
As I say before.. Don't know about OpenSSL group, but I believe the slogan
for the OpenSSH group is.
Show me the patch.
Perferable one patch per logical fix/patch. So it is easier for us to
decide which ones we
I'm surprised that you are using IRIX. I would not have thought IRIX
would have gotten FIPS rating. AIX or Solaris Trusted would not have
surprised me. Guess I'll have to have a chat with a buddy
over there. =)
See http://niap.nist.gov/cc-scheme/CCEVS-CC-VID401-SGI_IRIX.html
for
As I say before.. Don't know about OpenSSL group, but I believe the slogan
for the OpenSSH group is.
Show me the patch.
Perferable one patch per logical fix/patch. So it is easier for us to
decide which ones we like or don't like.
No one has said.. F*ck off =) Just me asking
Jeffrey Altman writes:
Suggestion. Do not wait until you establish your first connection to
call RAND_poll(). Initializae the PRNG as part of the startup of your
app or in a background thread.
Yes; I have already done this, and it helps, but this is just a
band-aid.
The bottom line is,
Raghavendra Kote via RT [EMAIL PROTECTED] wrote:
I am getting the following errors:
Building OpenSSL
cl /Fotmp32dll\cryptlib.obj -Iinc32 -Itmp32dll /MD /W3 /WX
/G5 /Ox /O2
/Ob2 /Gs0 /GF /Gy /nologo -DWIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN
-DDSO_WIN32 /
Fdout32dll /GD -D_WINDLL
Hi ALL:
I installed Microsoft Certificate server on Active Directories in a development environmentto act as a stand alone CA. I tested LDAP over AD using ldap.exe tool from resource kit to listen to LDAPS port at 636. On Windows Client I was able to generate a Certificate singed by the CA which I
Once you make the SSL_COMP_add_compression_method() call to turn on
zlib compression, how do you turn it off? It appears that if you
have OpenSSL static linked, once you turn it on, the only way to get
rid of it is to exit the application. From what I can tell, none of
the normal cleanup
Hi -
Our code has been working pretty well with the 0.9.6c release
(Windows DLL). I recently upgraded to the 0.9.6g release and
started getting an intermittent processor fault. Using the address
and register dump, I discovered that the problem is on line 1242
of s3_lib.c, in ssl3_shutdown. In
Hi
Can any one help out with this error.
# make
+ rm -f libcrypto.so.0
+ rm -f libcrypto.so
+ rm -f libcrypto.so.0.9.6
+ rm -f libssl.so.0
+ rm -f libssl.so
+ rm -f libssl.so.0.9.6
making all in crypto...
cc -I. -I../include -KPIC -DTHREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H
-xtc
13 matches
Mail list logo