Hello.
I start OCSP server for testing. I use command:
openssl ocsp -index index.txt -port -rkey ocsp_resp_pkey.pem -rsigner
ocsp_resp_cert.crt -CA cacert.crt –text
After I got the message “Waiting for OCSP client connections...” I see that process openssl.exe listen only TCPv6 port
On 10 Oct 2012, at 4:58 AM, Vladimir Belov wrote:
After I got the message “Waiting for OCSP client connections...” I see that
process openssl.exe listen only TCPv6 port , no TCPv4.
How to set up OCSP responder to handle IPv4-connections? Or the only way is
to use only IPv6-connection
On Mon, Oct 8, 2012 at 5:13 PM, Tomas Hoger tho...@redhat.com wrote:
Hi!
Are there any plans to apply any changes to OpenSSL related to the
recent CRIME attack? Unlike other libraries (e.g. GnuTLS or NSS),
OpenSSL enables zlib by default. Is there a plan to change the default
in response
OCSP server responds to TCPv6 connections(AF_INET6 socket), I have tried. But if I use standard TCPv4 socket(for example
BIO_do_connect or manually created AF_INET socket) it doesn't respond and I see openssl errors:
2992:error:0200274D:system
I mean the following: RAND_poll is called only once and stirring of the pool is made only once. After these operations
no more data is adding to the global state buffer. Global state buffer is only 1023 bytes long, and although data is
always mixing by md5 and xored we have only 1023 bytes of
So, I'm curious, if anyone has compiled (or wants to volunteer pieces
of) a list of mistakes that developers make when using libopenssl (for
SSL/TLS). I mean source code issues, not
operational/evironmental/PKI.
If that's not available, I'm sure I can develop one from reading a
well-written
Suggestions from my experience:
-Failing to verify the certificate after calling SSL_accept()
-Failing to verify minimum cipher strength for the application
-Failing to understand that the NULL suites give nothing and only take
extra bytes
-Misunderstanding that DN=CN:CA1;DN=CN:you does NOT match
