> For a discussion of ephemeral RSA vs. ephemeral DH: I don't know. When
> switching from SSH-1 to SSH-2, RSA session keys were replaced with DH
> ones, but that may have been for patent reasons. Maybe somebody else
> can spread mor light on this point.
There's a bit of a discussion in _SSL and T
Hi,
In the openssl library code, i notice that the array of SSL_CIPHER
structures in s3_lib.c is what determines the order in which cipher
suites are searched when processing a client hello. Is that right? would
this mean, that if i want to give preference to DES-CBC-SHA over
EDH-RSA-DES-CBC-SHA,
>>But when I comment out the key length line, and truncate the key
>>so it's only 16 bytes instead of 32, it returns the same ciphertext.
>>
>>Is it not possible with EVP to change the key size??
>>I've checked the return code of EVP_CIPHER_CTX_set_key_length, and
>>everything looks like it shou
>>char iv[]={ 1, 2, 3, 4, 5, 6, 7, 8 };
>>
>>int do_crypt(char *source, long src_len, char *target, char *key)
>>{
>> int outlen, tmplen;
>> EVP_CIPHER_CTX ctx;
>> EVP_CIPHER_CTX_init(&ctx);
>> EVP_EncryptInit(&ctx, EVP_bf_cbc(), key, iv);
>> /* let's try to extend the key length used!!!
On Fri, May 24, 2002, Fiel Cabral wrote:
> When pkcs12 is passed the -cacerts option, is it
> supposed to print out only CA certificates?
> It seems like the -cacerts option does not check if
> the certificate contains basicConstraints CA:TRUE. Is
> this the correct behavior or is it a bug?
> Tha
On Fri, May 24, 2002, Brad House wrote:
> Ok, I looked at the openssl documentation stating that
> blowfish accepts a variable key length. But it also says
> to use the EVP method of encryption for Applications because
> it provides a more generic way to use multiple algorithms, etc...
>
> Anyh
When pkcs12 is passed the -cacerts option, is it
supposed to print out only CA certificates?
It seems like the -cacerts option does not check if
the certificate contains basicConstraints CA:TRUE. Is
this the correct behavior or is it a bug?
Thanks.
Fiel Cabral
___
yes!
On Fri, 24 May 2002 Eric Rescorla wrote :
>"shalen chhabra" <[EMAIL PROTECTED]> writes:
>
> > I am writing a tutorial on
> > How to write applications using OPENSSL for the OPENSSL.
> > People it would be great if you can give me some examples
> > Thanking YOu
>You mean aside from the examp
Ok, I looked at the openssl documentation stating that
blowfish accepts a variable key length. But it also says
to use the EVP method of encryption for Applications because
it provides a more generic way to use multiple algorithms, etc...
Anyhow, I can't set a different key length for blowfish
u
On Fri, May 24, 2002 at 10:14:40AM -0600, Joel Daniels wrote:
> >From what I understand Ephemeral Keys will keep someone who steals my
> private key from being able to decrypt my SSL communication. He can still
> use a man-in-the-middle attack of course.
>
> The SSL_CTX_set_options documentation
On Fri, May 24, 2002 at 06:58:40PM +0100, Chris Plant wrote:
> On Sun, 2002-05-19 at 13:23, Lutz Jaenicke wrote:
> > On Sun, May 19, 2002 at 10:11:20AM +0100, Chris Plant wrote:
> > > I have established a connection (using SSL_accept), and sent and
> > > received data over it, before the connectio
How do you "know" there are 200 bytes in the buffer? Are you calling ioctl with
FIONREAD to get the number of bytes in the socket? If so, then that value is the
ciphertext count, including padding, SSL headers, MACs and other "stuff". It is not
what's available to read from the SSL_read functio
On Fri, May 24, 2002 at 06:37:30PM +0100, Chris Plant wrote:
> I know I posted this the other day, but if I ask for 60bytes, and there
> is 200 in the buffer, why is SSL_read() removing it all ?
Are you sure it does? I doubt that any larger application using the
OpenSSL library would actually be
Chris Plant <[EMAIL PROTECTED]> writes:
> On Sun, 2002-05-19 at 13:23, Lutz Jaenicke wrote:
> > On Sun, May 19, 2002 at 10:11:20AM +0100, Chris Plant wrote:
> > > I have established a connection (using SSL_accept), and sent and
> > > received data over it, before the connection is dropped and the
On Sun, 2002-05-19 at 13:23, Lutz Jaenicke wrote:
> On Sun, May 19, 2002 at 10:11:20AM +0100, Chris Plant wrote:
> > I have established a connection (using SSL_accept), and sent and
> > received data over it, before the connection is dropped and the server
> > reports the error (using ERR_get_erro
On Fri, May 24, 2002, Mads Rasmussen wrote:
>
> Looking at the AuthenticatedSafe type:
>
> AuthenticatedSafe ::= SEQUENCE OF ContentInfo
> -- Data if unencrypted
> -- EncryptedData if password-encrypted
> -- EnvelopedData if public key-encrypted
>
> Is the EnvelopedData ev
I know I posted this the other day, but if I ask for 60bytes, and there
is 200 in the buffer, why is SSL_read() removing it all ?
Chris
__
OpenSSL Project http://www.openssl.org
User Support Mai
"shalen chhabra" <[EMAIL PROTECTED]> writes:
> I am writing a tutorial on
> How to write applications using OPENSSL for the OPENSSL.
> People it would be great if you can give me some examples
> Thanking YOu
You mean aside from the examples in this tutorial?
http://www.rtfm.com/openssl-examples
I am writing a tutorial on
How to write applications using OPENSSL for the OPENSSL.
People it would be great if you can give me some examples
Thanking YOu
Shalen
_
Click below to visit monsterindia.com and review jobs in India or
Abroad
http
By default SHA will provide binary output. You should convert the data
in the output buffer to hex (i.e. printable characters). For an example
look in $OPENSSLDIR/apps/dgst.c at the bottom of the file. Here is the
code fragment.
if(binout) BIO_write(out, buf, len);
else
>From what I understand Ephemeral Keys will keep someone who steals my
private key from being able to decrypt my SSL communication. He can still
use a man-in-the-middle attack of course.
The SSL_CTX_set_options documentation says:
SSL_OP_EPHEMERAL_RSA
Always use ephemeral (temporary) RSA key w
Hello,
Sorry dear community, I had to jump up on this,
Ok, Gary, OpenSSL is a open source library for SSL and cryptography.
That said, you can download the source code and port to your Unix flavor if
its
not already ported.
There would be a Support Agreement if you were dealing with a software
de
Hi,
Can you enlighten me regarding the use of open ssl and secure shell
utilities on the above platform. From what I have seen on the web sites
there does not appear to be a reference to its use on the DGUX platform as
described above.
Can you verify whether we can use these utilities on this p
Hello,
On Fri, 24 May 2002, Stella Power wrote:
> I'm having problems with SHA1() and I'm hoping some of you might be able to
> help me out.
>
> I want to calculate the sha1 checksum of a file which i have mapped into
> memory (char *mapped_encrypted_file;). I use strlen on that to get its
> le
Is there any benefit to creating my own BIO and using SSL_set_bio as
apposed to SSL_set_fd, if I am trying to associate the SSL object with a
file descriptor anyway?
- Joel Daniels
__
OpenSSL Project
Hi,
I'm having problems with SHA1() and I'm hoping some of you might be able to
help me out.
I want to calculate the sha1 checksum of a file which i have mapped into
memory (char *mapped_encrypted_file;). I use strlen on that to get its
length (unsigned long maplength;). I also malloc space fo
At 12:01 24.05.2002 +0100, you wrote:
>When a browser connects to a https site, does it include some sort of
>token in the header to enable the server to equate two or more requests
>to the same ssl session? Some thing to hash on ...
See RFC 2246, p. 31.
Ciao,
Richard
--
Dr. Richard W. Könning
Looking at the AuthenticatedSafe type:
AuthenticatedSafe ::= SEQUENCE OF ContentInfo
-- Data if unencrypted
-- EncryptedData if password-encrypted
-- EnvelopedData if public key-encrypted
Is the EnvelopedData ever used? - the signed integrity mode seems to
involve a unwante
28 matches
Mail list logo