Hi guys
i have server certificate used in company Radius server , i how can check
wheather its a md5 sign cert or sha sign certificate .
which attribute that indicate whether its md5 sign or sha sign ? is
iSignature Algorithm: sha1WithRSAEncryptiot " attribute
Please advice
Thank You
John
At 12:59 9/23/2013 -0700, Michael Sierchio wrote:
>
>I'll repeat myself - the fact that the
>/dev/random implementation you're using
>blocks is a serious design flaw.
Convince Linus, the GPG developers et al.--not me.
Till then I respect their view as embodied
by the latest implementation of rand
On Mon, Sep 23, 2013 at 12:59 PM, wrote:
> At 20:27 9/23/2013 +0200, Richard Könning wrote:
>>/dev/random is a PRNG which blocks when the (crude)
>>entropy estimation of the entropy pool falls below a
>>limit. Besides this there are afaik no big
>>differences between /dev/random and /dev/urando
Dear all,
I wrote a function like this:
DLL_INT ECryptEncryptData(char* certFile, char* dataFile, char*
encryptedFile, char* errMsg, int errMsgLen)
{
static char* func = "ECryptEncryptData";
int rc = 0;
char msg[MSG_LEN];
BIO *in = NULL, *out = NULL;//, *tbio = NULL;//, *dout = N
Thank you so much, I would never have figured that out in a million years!
It works perfectly following those instructions. And always good to know
the "how" in case I trip over it again, much appreciated.
Apologies for the richtext, I blame Google for that one...
On 23 September 2013 22:25, Da
Sorry for top-posting but you apparently posted richtext and my new
"improved" Outlook
can no longer impoverish text correctly nor reply inline to richtext. Bah.
You don't need the full chain(s), only the root(s), since both servers send
chain as they should.
The difference is that the sumol
At 20:27 9/23/2013 +0200, Richard Könning wrote:
>/dev/random is a PRNG which blocks when the (crude)
>entropy estimation of the entropy pool falls below a
>limit. Besides this there are afaik no big
>differences between /dev/random and /dev/urandom.
In the sense that all TRNG outputs are run
th
It depends on the type of key used.
(Asymmetric) digital signature “algorithms” (schemes) consist of 2 or 3 parts:
- the digest algorithm applied to the data
- for RSA only, the padding applied to the digest
- the public-key algorithm used (RSA, DSA, ECDSA)
Commandline dgst allows you to sp
First, your question is really about a *connection* not a session.
For many familiar protocols these are pretty much the same thing,
but for SSL they are not. In SSL the session can and often but not
always does continue to exist after a connection is closed, and
can be reused by subsequent c
Hi everyone,
I'm hitting a "unable to get local issuer certificate" error on a specific
SSL certificate, and I was wondering how I can best debug this? It's via
NXLog which uses OpenSSL so a bit disconnected from the underlying library
at the moment, and I'm not too familar with OpenSSL.
I've exp
Am 22.09.2013 19:27, schrieb starlight.201...@binnacle.cx:
No /dev/urandom is a PRNG. /dev/random
is a TRNG. Read the code
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/drivers/char/random.c?id=272b98c6455f00884f0350f775c5342358ebb73f
/dev/random is a PRNG which blocks
From: Viktor Dukhovni
To: "openssl-users@openssl.org"
Date: 09/23/2013 10:40 AM
Subject:Re: TLS authentication for ldap
Sent by:owner-openssl-us...@openssl.org
On Mon, Sep 23, 2013 at 11:27:06AM -0400, Salz, Rich wrote:
> > Note, the above is for enforcing STARTTLS
On Mon, Sep 23, 2013 at 11:27:06AM -0400, Salz, Rich wrote:
> > Note, the above is for enforcing STARTTLS on the server. If the
> > decision is left to the client, the configuration is less opaque.
>
> And less secure. :)
>
> If policy is to use SSL/TLS, then the server must enforce it;
> trus
From: "Salz, Rich"
To: "openssl-users@openssl.org"
Date: 09/23/2013 10:29 AM
Subject:RE: TLS authentication for ldap
Sent by:owner-openssl-us...@openssl.org
> Note, the above is for enforcing STARTTLS on the server. If the
> decision is left to the client, the confi
> Note, the above is for enforcing STARTTLS on the server. If the
> decision is left to the client, the configuration is less opaque.
And less secure. :)
If policy is to use SSL/TLS, then the server must enforce it; trusting the
clients to do the right thing is bad.
/r$
--
Principa
Viktor Dukhovni wrote:
> On Mon, Sep 23, 2013 at 10:54:04AM -0400, Salz, Rich wrote:
>
>>> Another option is to use LDAP's "STARTTLS" support on port 389.
>>
>> It seems the config to require it is a bit obscure;
>> http://www.openldap.org/lists/openldap-technical/201202/msg00414.html
>> might be
From: Viktor Dukhovni
To: "openssl-users@openssl.org"
Date: 09/23/2013 10:10 AM
Subject:Re: TLS authentication for ldap
Sent by:owner-openssl-us...@openssl.org
On Mon, Sep 23, 2013 at 10:54:04AM -0400, Salz, Rich wrote:
> > Another option is to use LDAP's "STARTTLS"
On Mon, Sep 23, 2013 at 10:36:34AM -0400, Salz, Rich wrote:
> > I can use the showcerts command on port 636 and see the certs
> > but wheh I try to do this on port
> > 389 to use TLS I get the following error.
>
> 389 is the "plaintext" LDAP port; 636 is for LDAP over SSL/TLS
> so your system is
> Another option is to use LDAP's "STARTTLS" support on port 389.
It seems the config to require it is a bit obscure;
http://www.openldap.org/lists/openldap-technical/201202/msg00414.html might be
useful.
/r$
--
Principal Security Engineer
Akamai Technology
Cambridge, MA
__
On Mon, Sep 23, 2013 at 10:54:04AM -0400, Salz, Rich wrote:
> > Another option is to use LDAP's "STARTTLS" support on port 389.
>
> It seems the config to require it is a bit obscure;
> http://www.openldap.org/lists/openldap-technical/201202/msg00414.html
> might be useful.
Note, the above is fo
> I can use the showcerts command on port 636 and see the certs but wheh I try
> to do this on port
> 389 to use TLS I get the following error.
389 is the "plaintext" LDAP port; 636 is for LDAP over SSL/TLS so your system
is doing the right thing. If you want to force SSL/TLS, then you'll hav
We are trying to put in place a high availability instance of openLDAP
using a 3-node n-way multi master setup. I can telnet to our instance and
each individual node through ports 389 and 636. I can use the showcerts
command on port 636 and see the certs but wheh I try to do this on port
389 to
22 matches
Mail list logo
