Hi,
I want to add a specific OID to the extended key usage. How do I need to
change the openssl.conf file for this?
--
Somdas Bandyopadhyay
M.Tech(CSE) - Second year
IIT Bombay
Mob no- 09920915176
If I have an SSL certificate, it is possible to create a CSR with that
certificate’s subject and public key?
-F
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
On 15/05/13 18:37, Felipe Gasper wrote:
If I have an SSL certificate, it is possible to create a CSR with that
certificate’s subject and public key?
A certificate request is signed by the private key so no, its not possible.
On Wed, May 15, 2013, Santhosh Kokala wrote:
Hi All,
I have a use case where an admin can configure the Ciphers from UI. I have
this code in the backend that tries to set the cipher
meth = TLSv1_client_method();
ctx = SSL_CTX_new(meth);
sslretval =
On 5/15/2013 3:27 AM, Viktor Dukhovni wrote:
On Wed, May 15, 2013 at 12:58:37AM +, Santhosh Kokala wrote:
I have a use case where an admin can configure the Ciphers from
UI. I have this code in the backend that tries to set the cipher
meth = TLSv1_client_method();
ctx =
Yes, good point. You need the private key also, but if the idea is just to
use the certificate as a template to generate a new request for a key that
you do own (I think the most common case when you want a new requisiton
with the same data), it is possible.
openssl x509 -x509toreq -in
On 5/15/2013 1:48 PM, Cristian Thiago Moecke wrote:
Yes, good point. You need the private key also, but if the idea is just
to use the certificate as a template to generate a new request for a key
that you do own (I think the most common case when you want a new
requisiton with the same data),
Hi all,
I have a self-signed certificate installed on a server with the following
extensions fields.
=
Key Usage:Digital Signature, Key Encipherment (a0)
Hi all,
I have a self-signed certificate installed on a server with the following
extensions fields.
=
Key Usage:Digital Signature, Key Encipherment (a0)
Thank you, HTH, for the suggestions!
Yes, patching gcc's connect2 file fixed my problem.
Consider this issue closed.
KT
- Original Message -
From: Dave Thompson
To: openssl-users@openssl.org
Sent: Tuesday, May 07, 2013 9:03 PM
Subject: RE: Undefined Symbol _fini Building
As a knowledgeable user, I despise user interfaces like that
As a knowledgeable user, you are in the minority and it is certainly your right
to complain if your choices are restricted.
and tend to recommend against such products even for novices.
I firmly believe this is wrong.
A good user
On Wed, May 15, 2013 at 01:07:23PM +0200, Jakob Bohm wrote:
If the underlying choices need to be configurable, that should
generally not be via the UI, rather via a configuration file of
some sort.
This assumes your users are normal users, not SSL protocol testers
who want fine-grained
On 5/15/2013 4:38 PM, Salz, Rich wrote:
As a knowledgeable user, I despise user interfaces like that
As a knowledgeable user, you are in the minority and it is certainly your right
to complain if your choices are restricted.
and tend to recommend against such products even for novices.
I
Hi list,
I'm having trouble getting a TLS 1.2 with EC F_p certificates to run.
This is my setup:
Server: openssl 1.0.1e compiled from source, Debian squeeze
Client: openssl 1.0.1c from Gentoo tree
On the Server, i get
$ openssl ciphers -v
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA
On Wed, May 15, 2013 at 8:26 AM, Viktor Dukhovni openssl-us...@dukhovni.org
wrote:
OpenSSL cipherlists are not for novices.
Like everything else about an old API that grew organically, it has too
much surface area. It's unreasonable to rely on expert performance to
prevent errors - it should
I was talking about a user interface to specify settings without requiring a
rebuild of the applications.
And on this, we completely agree :)
--
Principal Security Engineer
Akamai Technology
Cambridge, MA
__
OpenSSL
On 5/15/2013 5:26 PM, Viktor Dukhovni wrote:
On Wed, May 15, 2013 at 01:07:23PM +0200, Jakob Bohm wrote:
If the underlying choices need to be configurable, that should
generally not be via the UI, rather via a configuration file of
some sort.
This assumes your users are normal users, not SSL
On Wed, May 15, 2013 at 09:59:52AM -0600, Salz, Rich wrote:
I was talking about a user interface to specify settings without requiring
a rebuild of the applications.
And on this, we completely agree :)
+1 for no application rebuilds. Hard-coded cipherlists is not what
I had mind, if
I suppose you are talking about the OpenSSL command? Then yes:
http://www.sslshopper.com/article-most-common-openssl-commands.html
--
Cristian Thiago Moecke
Em 15/05/2013, às 05:37, Felipe Gasper fel...@felipegasper.com escreveu:
If I have an SSL certificate, it is possible to create a CSR
Hi All,
I have a question about FIPS mode and Integrity check.
1)I built FIPS 2.0.2 module, libcrypto.1.0.0 with FIPS and dynamically
linked against *sshd* and installed on target machine, which is working
fine.
2)I cleaned up the libraries, build FIPS module and libcrypto.so.1.0.0 again
and
From: owner-openssl-us...@openssl.org On Behalf Of isshed
Sent: Wednesday, 15 May, 2013 08:25
I have a self-signed certificate installed on a server with
the following extensions fields.
Key Usage:Digital Signature, Key Encipherment (a0)
Basic Constraints : Subject Type=End Entity,
From: owner-openssl-us...@openssl.org On Behalf Of Johannes Bauer
Sent: Wednesday, 15 May, 2013 11:49
I'm having trouble getting a TLS 1.2 with EC F_p certificates to run.
This is my setup:
Server: openssl 1.0.1e compiled from source, Debian squeeze
Client: openssl 1.0.1c from Gentoo tree
On 15.05.2013 17:48, Johannes Bauer wrote:
Server: openssl 1.0.1e compiled from source, Debian squeeze
Client: openssl 1.0.1c from Gentoo tree
Additional info: Just upgraded the Client to 1.0.1e (Gentoo) and have
the same issue. Something is *seriously* wrong here. That's what the
server says
On 15.05.2013 20:52, Dave Thompson wrote:
I can't easily test at the moment (even assuming your client is OpenSSL),
but I speculate that in SSL3 mode the client doesn't send (Client)Hello
extensions for SupportedCurves and SupportedPointFormats,
Correct.
and in TLS
mode(s?) it does.
Hi,
Could somebody tell me what names I should use in EVP_get_cipherbyname() to
return the AES_128_GCM and AES_256_GCM ciphers? I looked into openssl code but
got lost.
Thanks a lot,
-binlu
On 15.05.2013 21:17, Johannes Bauer wrote:
Only sect/secp are included curiously although my openssl client
does internally also know, for example, about the wap-wsg and X9.62
curves. But those are not included in the Client Hello request.
And there's definitely no unnamed generic type
On Wed, May 15, 2013, Johannes Bauer wrote:
Does this mean that communication with TLS1.2 with curves other than the
SEC-curves has actually never worked with OpenSSL (because it couldn't
have worked as this would require the explicit curve type why doesn't
appear to be implemented as of
On 15 May 2013 20:15, Bin Lu b...@juniper.net wrote:
Hi,
Could somebody tell me what names I should use in EVP_get_cipherbyname() to
return the AES_128_GCM and AES_256_GCM ciphers? I looked into openssl code
but got lost.
aes-128-gcm and aes-256-gcm
Matt
28 matches
Mail list logo