RE: Friendly name

Possibly do an asndump on a cert that has a friendly name and see what it's really doing? -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Hopkins, Nathan Sent: Thursday, December 01, 2011 4:36 PM To:

The best way to limit cipher strength

What is the correct way to limit cipher suite strength, as in get rid of weak ciphers? I am contemplating building an openssl version with no support for export ciphers, and no support for SSLv2 cipher suites. I tried the config args of no-ssl2 and no-export, and got half the intended result.

RE: The best way to limit cipher strength

asked - limit the library to just strong ciphers - most correctly? From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Diffenderfer, Randy Sent: Wednesday, August 18, 2010 12:43 PM To: openssl-users@openssl.org Subject: The best way to limit cipher strength

Verbosity Level Tweak?

Folks, Am trying to sort out mysterious TLS setup failures within sendmail. Are there any runtime symbols I can twiddle to cause the library to be more forthcoming about what it's doing? Have wandered through sendmail and he pretty much treats the openssl calls as a black box, with very little

RE: Unable to locate the keystore/certificate store or private key

Title: Message I don't see the execution platform given here. Perhaps you might consider doing an 'strace' (if linux)? Anything that is opened and "secretly" imported into the program should be discernible from this. Just a thought... rnd -Original Message-From: [EMAIL

RE: Hiding headers for OpenSSL

Title: Message Folks, For the sake of closure (and finality, one would hope :-) ), the relevant Apache configuration parameter is "ServerTokens". There is also a spiffy module available to do just about anything you might desire here: modsecurity. Works for me... rnd -Original

The *right* way to get -g in compiler options

Title: The *right* way to get -g in compiler options Folks, This should be easy! What is the *right* way to include the -g option in CFLAG when building openssl-0.9.8b? I have several undoubtedly *wrong* ways I can choose, but I'd rather take the high road here Thanks, rnd

FW: The *right* way to get -g in compiler options

Title: FW: The *right* way to get -g in compiler options It would appear that the *right* way is to simply stick the '-g' option in the config argument list, ./config -g I thought it would be easy :-) rnd -Original Message- From: Diffenderfer, Randy Sent: Monday, June 05

Random errors in openssl apps

Title: Random errors in openssl apps Folks, Using RedHat ES3.0 stock openssl RPM, for which openssl version yields 'OpensSSL 0.9.7a Fed 19 2003, I get random SEGVs while doing pk7out or verify operations using openssl smime -pk7out or openssl smime -verify. The discouraging thing about

FW: Using OpenSSL Command Line Apps To Generate Signed Digests

) was that *an ASN1 structure* was what was encoded, not just the raw digest info. Hadn't run across the DigestInfo structure before in my travels. Now I know. Hope this helps the next n00b! :-) rnd -Original Message- From: Diffenderfer, Randy Sent: Thursday, March 16, 2006 11:29 AM