Possibly do an asndump on a cert that has a friendly name and see what it's
really doing?
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Hopkins, Nathan
Sent: Thursday, December 01, 2011 4:36 PM
To:
What is the correct way to limit cipher suite strength, as in get rid of
weak ciphers? I am contemplating building an openssl version with no support
for export ciphers, and no support for SSLv2 cipher suites. I tried the config
args of no-ssl2 and no-export, and got half the intended result.
asked - limit the library to just strong ciphers - most correctly?
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Diffenderfer, Randy
Sent: Wednesday, August 18, 2010 12:43 PM
To: openssl-users@openssl.org
Subject: The best way to limit cipher strength
Folks,
Am trying to sort out mysterious TLS setup failures within sendmail.
Are there any runtime symbols I can twiddle to cause the library to be
more forthcoming about what it's doing? Have wandered through sendmail
and he pretty much treats the openssl calls as a black box, with very
little
Title: Message
I
don't see the execution platform given here. Perhaps you might consider
doing an 'strace' (if linux)? Anything that is opened and "secretly"
imported into the program should be discernible from this.
Just a
thought...
rnd
-Original Message-From:
[EMAIL
Title: Message
Folks,
For
the sake of closure (and finality, one would hope :-) ), the relevant Apache
configuration parameter is "ServerTokens". There is also a spiffy module
available to do just about anything you might desire here:
modsecurity.
Works
for me...
rnd
-Original
Title: The *right* way to get -g in compiler options
Folks,
This should be easy!
What is the *right* way to include the -g option in CFLAG when building openssl-0.9.8b?
I have several undoubtedly *wrong* ways I can choose, but I'd rather take the high road here
Thanks,
rnd
Title: FW: The *right* way to get -g in compiler options
It would appear that the *right* way is to simply stick the '-g' option in the config argument list,
./config -g
I thought it would be easy :-)
rnd
-Original Message-
From: Diffenderfer, Randy
Sent: Monday, June 05
Title: Random errors in openssl apps
Folks,
Using RedHat ES3.0 stock openssl RPM, for which openssl version yields 'OpensSSL 0.9.7a Fed 19 2003, I get random SEGVs while doing pk7out or verify operations using openssl smime -pk7out or openssl smime -verify. The discouraging thing about
) was that *an ASN1 structure* was what was encoded, not just the raw digest info. Hadn't run across the DigestInfo structure before in my travels. Now I know.
Hope this helps the next n00b! :-)
rnd
-Original Message-
From: Diffenderfer, Randy
Sent: Thursday, March 16, 2006 11:29 AM
10 matches
Mail list logo