Re: [openssl-users] openssl-101m server and openssl-101q client TLS1.2 failure

Group/OU=FOR TESTING PURPOSES ONLY/CN=OpenSSL Test Intermediate CA Thanks, Jayadev. On Wed, Dec 23, 2015 at 9:19 PM, Matt Caswell <m...@openssl.org> wrote: > > > On 23/12/15 15:20, Jayadev Kumar wrote: > > Hi, > > > > When i run openssl-1.0.1m server with > &

Re: [openssl-users] openssl-101m server and openssl-101q client TLS1.2 failure

Thanks for responding. But In my case replacing the client side binary built with openssl-101m this issue goes away. So wondering could this be a bug in openssl code ? On Wed, Dec 23, 2015 at 8:55 PM, Salz, Rich wrote: > Try

Re: [openssl-users] openssl-101m server and openssl-101q client TLS1.2 failure

Thanks Matt. Jayadev. On Wed, Dec 23, 2015 at 9:34 PM, Matt Caswell <m...@openssl.org> wrote: > > > On 23/12/15 15:54, Jayadev Kumar wrote: > > routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small:s3_clnt.c:3415: > > Ah. The above line is the critical bit. This is

[openssl-users] openssl-101m server and openssl-101q client TLS1.2 failure

Hi, When i run openssl-1.0.1m server with ./openssl101m s_server -accept 443 -msg and openssl-1.0.1q client with following command ./openssl101q s_client -connect x.x.x.x:443 I see server is failing with error >>> TLS 1.2 Handshake [length 0004], ServerHelloDone 0e 00 00 00 <<< TLS 1.2

Re: [openssl-users] DH-RSA and DH-DSS certificate creation

Thanks Matt ! On Tue, Nov 3, 2015 at 4:29 PM, Matt Caswell <m...@openssl.org> wrote: > > > On 03/11/15 23:33, Jayadev Kumar wrote: > > Hi, > > > > Can i create DH-RSA and DH-DSS certificate using openssl ? > > Yes. > > > > > If yes, Wh

[openssl-users] DH-RSA and DH-DSS certificate creation

Hi, Can i create DH-RSA and DH-DSS certificate using openssl ? If yes, Which openssl version has the support for it ? Can i use DH-RSA and DH-DSS certificate with 'openssl s_server' application ? Right now i am using openssl-1.0.1m and it is not working for me. Thanks, Jayadev.

openssl support for ALPN

Hi, Do we have a patch for ALPN extension ? Thanks, Jayadev

Re: multilevel CA wont load private key -help

./CA.sh -newca (Script on a fresh directory creates demoCA directory with RootCA and Privatekey) ./CA.sh -newreq (creates a new cert request, with newcert.pem and newkey.pem) ./CA.sh -signCA (Sign the new req as CA, with RootCA). You can find the CA.sh in 'openssl-1.0.1h/apps' directory.

Re: multilevel CA wont load private key -help

/private/cakey.pem -out crl01.pem openssl crl -in crl01.pem -text (Here config file is taken from default location). On Tue, Aug 12, 2014 at 4:45 PM, Jayadev Kumar jayadev.ku...@gmail.com wrote: ./CA.sh -newca (Script on a fresh directory creates demoCA directory with RootCA

Re: SSL Library Error: error:2D06D075:FIPS routines:fips_pkey_signature_test:test failure (Type=RSA SHA1 X931)

check 'ldd mod_ssl.so' for proper linkage. -Jayadev. On Tue, Aug 12, 2014 at 7:01 PM, Abdul Anshad ab...@visolve.com wrote: Thank you for the response. I already have a SHA-256 self signed certificate with a bit size 2048 but still ended up with the same error. I used the following

Re: empty certificate-messag

If you did not use, SSL_CTX_use_certificate(), SSL_use_certificate() and set the certificate SSL client responds with no_cert if cert request comes from the server. -Jayadev. On Mon, Aug 11, 2014 at 6:24 PM, Sanju Gurung sanju.gur...@gmail.com wrote: How to send empty certificate-message

Is there any certificate store in openssl.

In a C program, I want to store and lookup server certificate/key based on SubjAltName/dNsNames and common name. Is there any existing data structures available in openssl i can use this for purpose? any examples ? Thanks, Jayadev.