Re: How to link user application with FIPS-2

Hi Steve, thanks for the quick reply! Are you sure you really want to try calling FIPS_*() functions directly? Well, probably not. Let me describe what I want. I'm trying to model (and understand the operation) of the upcoming RdRand instruction: http://en.wikipedia.org/wiki/RdRand In one

Cipher setting error

I have written a simple program to test available ciphers. And of course I have a problem with some of them. I installed openssl--1.0.0e by following commands 1. ./config 2. make 3. make test 4. make install I used an api for this * int* *SSL_CTX_set_cipher_list(* *SSL_CTX* *ctx,

CRL checks on x509 certificate using get_crl callback vs manually calling store-check_crl

Hi, We are using openssl in our application for secure socket communications. What is the best way to check for revocation status of an x509 certificate using CRLs. 1) Register a callback to store context's get_crl function . In the call back function, load the crl and return. 2) Let openssl

Re: id-RSASSA-PSS question

Hi, there's currently a mistake in the SOD, I'll probably be able to send it when it's fixed. Thx, Stef On 09/13/2011 12:07 AM, Dr. Stephen Henson wrote: Can you include the DER format message itself instead of the ASN1 dump? This will be very useful when CMS+PSS is implemented.

Problem using EXPORT1024 ciphers

Hi, I am trying to use EXPORT1024 ciphers (e.g., EXP1024-RC4-SHA) in my application. But I am unable to set them in the client. The following is what I have done, 1. Downloaded openssl-1.0.0d 2. Modified ssl/tls1.h and changed the value of TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES

How to use Blowfish

Hi, I have a use case for one of the product that I work on. I need to know if the passwords on the unix machines are weak. The passwords are hashed using blowfish algorithm. I shall be doing dictionary encryption using blowfish API to find the weak passwords. I am using openssl/blowfish for

Re: How to use Blowfish

On Tue, Sep 13, 2011 at 5:53 AM, Mrunal Nerpawar p.mru...@gmail.com wrote: I have a use case for one of the product that I work on. I need to know if the passwords on the unix machines are weak. The passwords are hashed using blowfish algorithm. I shall be doing dictionary encryption using

Re: Creating AES Key for encryption in server side and share the key

On 9/13/2011 1:46 AM, Dave Thompson wrote: From: owner-openssl-us...@openssl.org On Behalf Of Jakob Bohm Sent: Monday, 12 September, 2011 03:52 On 9/9/2011 10:13 PM, krishnamurthy santhanam wrote: snip: unclear about key transport or maybe derivation The normal way to do this is: 1. On the

Re: How to use Blowfish

On Tue, Sep 13, 2011 at 6:49 AM, Jeffrey Walton noloa...@gmail.com wrote: On Tue, Sep 13, 2011 at 5:53 AM, Mrunal Nerpawar p.mru...@gmail.com wrote: I have a use case for one of the product that I work on. I need to know if the passwords on the unix machines are weak. The passwords are hashed

Issues with Creating a Certificate With Multiple Hostnames

Hi, This is the setup I would like to have. LDAP clients _|___ | __LoadBalancer1_ | | | ldap1.example.com ldap2.example.com My challange is I never did this kind of

Is there a better way to set the SKI in the OpenSSL API?

I'm writing code to modify the subject key identifier for a cert. I've noticed that when the new SKI is written out that it doesn't have the ASN1 tag for the OCTET_STRING prepended to the data (0x0414 for the SKI). I've written the following code to work around that but it seems overly

Re: Issues with Creating a Certificate With Multiple Hostnames

You can give it a try with wildcard CN=*.example.com Ciprian Sent from Vodafone BlackBerry -Original Message- From: pradyumna dash neomatrix...@gmail.com Sender: owner-openssl-us...@openssl.org Date: Tue, 13 Sep 2011 23:26:52 To: openssl-users@openssl.org Reply-To: