known against SSL v2.0).
Best Regards Good luck,
David Maurus
Jason A. Pfeil wrote:
Greetings List!
My apologies for cross-posting this request, however since I have
receved exactly zero replies to this or my previous message, I fear that
my choice of list to send this to was wrong. To try
Michael Sierchio wrote:
Completely. If we have confidence in the cipher and the secrecy
of the key, make the nonce all zeroes. There's good reason for not
doing this in the case of IPsec, but not for SSL/TLS.
In theory, you may be right ;-). But: For one, I think that it can't
hurt NOT to
Steven,
Stephen Sprunk wrote:
Thus spake David Maurus [EMAIL PROTECTED]
I assume that 'number /nonce/' should mean the result of the
concatenated parts of the IV.
No, in the proposal to NIST (by Lipmaa, Rogaway and Wagner), 'nonce' refers
to the top 64 bits and 'ctr' refers to the lower
Gtz Babin-Ebell wrote:
The application specifies 4 datas:
1. a step size
2. a bit mask.
3. a (optional) pointer to a function that is called if the
step bits that are not in the bit mask:
4. a (optional) pointer to a function doing the counting;
if (pCounter-Range)
return
Stephen Sprunk wrote:
In the specification of CTR mode, as proposed for AES, you will find the
statement The number /nonce/ is incremented following each encryption. I
interpreted this to mean that the top 2^64 bits are to be incremented for
each successive block, and this is how I implemented
Thierry Boivin [EMAIL PROTECTED] said:
Thierry.Boivin My understanding of this one is (in a practical perspective) is :
Thierry.Boivin calling programs maintain a 64 bit long nonce counter.
This is not correct - to quote from the (btw excellent) new book from Bruce
Schneier and Neils Fergusson
Michael Sierchio wrote:
Using AES Counter Mode With IPsec ESP - This mandates a 32-bit counter,
requiring rekeying after 2^48 octets of stream material.
Ah, this is interesting. Considering that OpenSSL is not only used for
SSL / TLS encryption, and the mentioned RFC proposes to use a 32 bit
Disclaiemr: I can't by any means give an authorative answer, since I am not part
of the development team
But I think you should consider the following:
- if you are in the US, you should send every source code contribution in CC to
[EMAIL PROTECTED]
- I think that it's not so nice to include
Disclaiemr: I can't by any means give an authorative answer, since I am not part
of the development team
But I think you should consider the following:
- if you are in the US, you should send every source code contribution in CC to
[EMAIL PROTECTED]
- I think that it's not so nice to include
in the CipherSpec.
Warning: The ability to send Version 2.0 client hello messages will be
phased out with all due haste. Implementors should make every
effort to move forward as quickly as possible. Version 3.0
provides better mechanisms for moving to newer versions.
Best Regards,
David Maurus
Mark W. Webb wrote:
I am working on an application that will implement PKI between a server
and a client.
That sentence is somewhat wrong: between clients and servers (i.e. 2
computers) you will need to use a protocol they adhere to when speaking to
each other. PKI (Public Key Infrastructure)
for a BAD RECORD
MAC SSL error sent in the server hello msg, after my JSSE SSL client sent an
incorrect finish msg...
Best Regards,
David Maurus
Kevin Regan
Technical Lead
Houston UNIX Team
Office: 2200
Phone: 713-548-1767
the cause for a BAD RECORD MAC
SSL error sent in the server hello msg, after my JSSE SSL client sent an
incorrect finish msg...
Best Regards,
David Maurus
__
OpenSSL Project http://www.openssl.org
it. Then you'll find these libraries in the lib
subdirectory of your ssl install directory (you can set this directory
with the --prefix option of ./configure)
Best Regards,
David Maurus
__
OpenSSL Project
Leonid Frog wrote:
I am trying to run test.bat file and I am getting error messages which
refer to *.pem files in CERT folder.
Do you have any idea where I can find names of PEM files which has to be in
CERT folder so I can compare it to what I have? Thanks a lot for your
help.
The
"perl
Configure VC-WIN32" at the command prompt, etc.).
You can find some documentation on how to use OpenSSL here:
http://www.openssl.org/docs/
There's a lot you can do with the commandline utility openssl, and even more when you
link to the libraries.
- David Maurus
PS: I`ve got the b
16 matches
Mail list logo
