Richard Levitte wrote:
In message 54015.92296...@web121406.mail.ne1.yahoo.com on Tue, 21 Dec 2010 22:53:07
-0800 (PST), S Mathias smathias1...@yahoo.com said:
smathias1972 http://help.godaddy.com/article/1054
smathias1972
smathias1972 # Set up SSL protection on your website.
smathias1972
JongAm Park wrote:
Hello, I am just a beginner at using OpenSSL library.
I write in C/C++ and Objective-C. After looking up the OpenSSL web
site, I found out that there was no document for studying how to use it.
Is there any good source like sample codes, tutorial and so on?
Kenneth Goldman wrote:
Is there sample code anywhere for how to construct X509 certificates
programmatically, through the API, not the command line?
The documentation includes the serialization API's, but?
little else.
I assume, since it can be done from the command line, that
the code exists
Lidia Fernández wrote:
Butwhe i type the command 'openssl enc -a -aes128 -in file.txt -out
file.enc -pass pass:1234567'
i don't specify the ivand in the sample code there is:
unsigned char iv[] = {1,2,3,4,5,6,7,8};
EVP_EncryptInit_ex(ctx, EVP_bf_cbc(), NULL, key, iv);
I have to do
Rick King wrote:
Hello List!
I have a client that is using openssl version, 0.9.7a
Feb 19 2003. Recently, he ran a security audit on his
machine, and the report came back stated the
following:
Vulnerability -- imaps (993/tcp) - 21643Synopsis
: The remote service supports the use of weak
[EMAIL PROTECTED] wrote:
You have two good books:
Eric Rescorla, SSL and TLS, Designing and Building Secure Systems, Addison
Wesley, 2001.
This one explains the things the OP asked explicitly for.
John Viega, Matt Messier, Pravir Chandra
Network Security with OpenSSL Cryptography for
ravi shankar wrote:
We have a SSL client and we are having issues while connecting to some oracle
application servers which does not support TLS. By default, our client tries
TLS and the server sends an alert message for the client hello instead of
sending server hello. If we disable TLS and
Bhagya Prasad wrote:
Hi
I am using the following version of openssl -
openssl-0.9.8b-8.3.tlsext in the CentOS 5 environment. Whenever
non-local user logs into the box [ not a system created user ] and
logs out sshd segfaults with the following message in
/var/log/messages.
sshd[9250]: segfault
Jim Wong wrote:
I'm developing an application in which we're using AES to encrypt files as
they're transferred from another system and saved to disk. We'd like to
provide the ability for the application to resume a transfer that was
interrupted mid-stream, but the encryption throws a bit of a
Darryl Miles wrote:
Sergey S. Levin wrote:
1. If i use FileZilla and SSL connection - it works on 100% of speed.
I dont know what FileZilla is, but which SSL implementations is used and
what key exchange protocol and what symmetric cipher did it choose ?
FileZilla uses also OpenSSL.
Sergey S. Levin wrote:
I dont see any timing code in the middle to separate the timings for
the SSL cryptographic setup phase from the application data transfer
phase. I think you are doing a piggybacked connection setup so your
first application data write is performing the SSL connection
Sergey S. Levin wrote:
But which cpu types/frequencies are involved on both sides of the
connection and which cipher suite do you use?
Server - Celeron 2GHz, Cient - Intel PIV 2GHz.
As to the second question - I'm not changing the defaul values in the
sources code. I had taken the saccept.c
Olivier Mascia wrote:
Are there searchable archives of this mailing-list?
I'd like to look them up before posting questions.
See http://www.openssl.org/support/ at the bottom.
Ciao,
Richard
--
Dr. Richard W. Könning
Fujitsu Siemens Computers GmbH
Erik Leunissen wrote:
Is there a uniform way to detect that the OpenSSL PRNG has not been
seeded? Uniform is uniform over the various platforms because I want
Call RAND_status() (see http://www.openssl.org/docs/crypto/RAND_add.html#).
Ciao,
Richard
--
Dr. Richard W. Könning
Fujitsu Siemens
David Schwartz wrote:
To the extent that there is no affirmative act of agreement to the EULA,
Microsoft will have a hard time enforcing it. I have seen laptops that, on
first customer boot, require you to accept a Microsoft EULA.
I think Microsoft would have hard time
Ted Mittelstaedt wrote:
- Original Message -
From: David Schwartz [EMAIL PROTECTED]
To: openssl-users@openssl.org
Sent: Tuesday, August 22, 2006 2:04 PM
Subject: RE: related license question
Certainly. Nothing in the OpenSSL licenses requires you to allow
redistribution of any
Ryan Shon wrote:
In particular, we are unclear as to what redistribution rights
the OpenSSL license would grant to customers who purchase
our OpenSSL variant. Would they be allowed to redistribute
our optimized library?
The license enumerates the conditions which have to be met for
Ryan Shon wrote:
My boss hopes to sell this OpenSSL variant as a product. Because
of this, he would not want customers who buy this product to be
free to redistribute it on their own. If we were only to modify
existing OpenSSL, then I assume our entire product would be subject
to free
Frank Büttner wrote:
So I found out that SSL don't take teh data from the socket:(
The Qt buffer will grow and grow, but SSL don't read the data:(
It seems to me that you have an architecture problem. As i understand your
descriptions you have OpenSSL and Qt accessing a socket in *parallel*,
Frank Büttner wrote:
Non blocking is not possible because Qt returns only an non blocking fd.
What is the problem?
What do you mean with the select() function. In the openSSL doc I can't
found something like that.
Lee Dilkie wrote:
Perhaps I'm getting confused with what's reported.
I just noticed that SSLv3 gets reported even when I specify TLS methods
on the client and server. ie.
cipher spec=AES256-SHA SSLv3 Kx=RSA Au=RSA
Enc=AES(256) Mac=SHA1
Is this really SSLv3 or is it
William A. Rowe, Jr. wrote:
TLSv1_server_methods() do not speak the crufty old SSLv2 garbage, you
can't connect to it using a multi-protocol handshake.
For maxiumum portability use SSLv23_server_methods()
On the client side it doesn't matter, if you want a TLSv1 connection
only, then by all
Bernhard Froehlich wrote:
Maybe this would be possible using the NULL cipher combined with DH
authentication...
(The official NULL cipher suites use RSA authentication.) The answer to
the first question of the OP is yes, use a NULL cipher suite.
But if your problem is only performance I
Bards1888 wrote:
I've searched the archives and couldn't find anything related, so I'm
posting here for some help/advice;
[...]
timing function used: getrusage
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes256 bytes 1024 bytes 8192
Hagai Yaffe wrote:
I am looking for some documentation regarding OpenSSL Random Number
Generator, I have looked on the net and could not find what I need. I
mainly need some compression between OpenSSL Random Number Generator and
other Random Generation algorithms (Blum-Blum-Shub, FIPS 186,
Anders Björnerstedt (AS/EAB) wrote:
When downloading from the tarballs list, is it the case that the first choice
on each version
Is the export version ? and the other three (MD5) (SHA1) (PGP sign) are
restricted ?
It should be the MD5 sum, SHA1 sum and PGP signature respectively of the
ELLERT Alexandre wrote:
I installed openssl-0.9.8 on my linux FTP server and I also compiled
vsftpd-2.0.3 under RedHat 9 with SSL support (without any errors).
And when I try to connect with FileZilla v2.2.16 under Windows XP I get some
errors:
Commande : AUTH TLS
Réponse : 234
Lerchenfeld, David W. wrote:
Has anyone seen this problem I have been fighting it for some time and cannot
get it resolved:
I have (specs below) Apache running on an HPUX11i server and everytime and
activate SSL for a server Apache keeps launching child stacks instead of using
the existing
Tyler Durden wrote:
This book is good, but the openSSL version that use, I think that is
the 0.96, so the documentation is slightly old.
It's based on 0.9.6 but it gives some prospect on 0.9.7, so it's not so
outdated as one might think.
Ciao,
Richard
--
Dr. Richard W. Könning
Fujitsu
Ragnar Paulson wrote:
I'm looking for a pointer to more documentation of how to use the openssl API,
I don't really want to read the source or learn the internals. I have found
the following two references:
SSL and TLS: Designing and Building Secure Systems by Eric Rescorla
Network Security
Enrico Weigelt wrote:
is there an announce mailing list or something similare where
notifications on new releases are posted ?
Look at http://www.openssl.org/support/
Ciao,
Richard
--
Dr. Richard W. Könning
Fujitsu Siemens Computers GmbH
James Goddard wrote:
We are using openssl in an application with an embeded GoAhead
webserver. When using 97c everything works fine. When we switch to 97d
everything still works fine on HPUX and Windows platforms, however on
Linux we are unable to connect to the webserver via SSL.
[...]
Any
Mike Marshall wrote:
so when a connection is accepted, here are the calls:
1) ssl = SSL_new(ctx)
2) BIO_new_socket
3) SSL_set_bio - called with the results of number 2
4) SSL_accept(ssl) -- this line fails with a code of -1
5) SSL_get_error returns error code 1
6) ERR_peek_error
7)
Madhuri Rambhatla wrote:
I am a brand new user of OpenSSL. I have installed version 0.9.7d on my
Win 2000 Server. My compiler is Visual Studio .NET for C++.
When I try to perform a SSL_write(.) I get an error SSL_WANT_READ_ERROR.
Please tell me how to rectify this.
See for example
Lara Adianto wrote:
What's the correct libraries for openssl ?
Is this okay:
[EMAIL PROTECTED] local]# ldd /usr/bin/openssl
libdl.so.2 = /lib/libdl.so.2 (0x4001b000)
libc.so.6 = /lib/i686/libc.so.6 (0x4001f000)
/lib/ld-linux.so.2 = /lib/ld-linux.so.2
(0x4000)
no
Lara Adianto wrote:
I actually used openssl-0.9.6i, it compiled perfectly
and can link with openldap properly.
But when I tested the TLS connection with the server,
it threw me :
-
TLS trace: SSL_accept:before/accept initialization
TLS
Frederic Evrard wrote:
Ok thanks, and this HMACs keys are used to forge
TLS Record Layer : Hanshake Protocol : Encrypted Hanshake Message
HMACs(shared secret+DAta).
Is it used to control integrity of the TLS Handshake packet ?
Not for ensuring the integrity of the TLS Handshake packets, but for
Frederic Evrard wrote:
I'm using open-ssl to do EAP-TLS authentication, then I've a question
about something strange for me.
When you want to use TLS to mount an uncrypted tunnel, you need a session
key, but in authentication you only need certificate checking ?? Why
generate pre-master-key,
Warrick FitzGerald wrote:
Hi All,
Im running STunnel in a production web server environment. I have
recently been experiencing crashes which Im not sure to attribute to
STunnel or OpenSSL, as I am not that savvy as to where the two cross
lines. I have posted similar question on the STunnel groups
Jochen Schaefer wrote:
does anybody know how to accept a SSL certificate where only the
certificate date and the company which issued it have to be valid?
I want to establish a SSL connection between 2 tomcat web server where
both have the possibility to access each other. One has a static ip
rajesh nair wrote:
I saw all the cipher names but i want to know the default cipher suit supported by
openssl lib.
if i write a program using openssl , with out using SSL_CTX_set_cipher_list()
function what will bw the default cipher set ?
(that is i am not choosing a cipher suit from the list
Boyle Owen wrote:
-Original Message-
From: Scott Lamb [mailto:[EMAIL PROTECTED]
The spammer who zapped the mod_ssl list (see
http://marc.theaimsgroup.com/?l=apache-modsslr=1b=200403w=2) has now
moved onto this list (see content-free mail apparently from rse...)
Can someone with admin
Chris Rowe wrote:
Where's a good example that shows doing an SSL handshake with a memory
BIO_pair?
I want to do overlapped IO on sockets and pipes without going through the
SSL_connect(), SSL_write(), etc. functions,
but I'm not sure how to go about doing the handshake mechanics to perform
the
Chris Nolan wrote:
1. Using a certificate that contains the client's public encryption key,
send a PKCS7 message to the client.
2. Get the client to send me a hash of the decrypted content.
The problem is, wrapping my head around what to call and in what order
on the server side. The man pages are
Markus Lorch wrote:
Marton,
I think your card is simply slow. I've done similar test (RSA only)
using an IBM 2058 eServer Cryptographic Accelerator (ICA), which has
5 ultracyper crypto processors on it.
The machine is a dual xeon 2.4 box running Linux 2.4.20
I used openssl 0.9.7b with IBM's
Ashutosh Jaiswal wrote:
My problem is generating an individual symmetric key which can be used
as a session key. I looked at all symmetric crypto functions, but didn't
seem to find one that could generate a key on its own. Maybe I
overlooked something. Anyone have any suggestions?
Normally a
Gerrit v d Hul wrote:
Hi list,
I've build OpenSSL version 0.9.7b on OS390 (zOS) with 'Configure OS390-Unix'
I want to check/read a CRL, but this gives a problem: the time values are not
given.
The command 'openssl crl -noout -text -in 5a5d2711.r0' gives:
Certificate Revocation List (CRL):
Jue (Jacky) Shu wrote:
Yes, Lutz. That's why I want to check peer's FQDN against which on its
certificate.
Look at Lutz' list. You get already in step 1 the FQDN from the *user*,
so there is no need for further actions to find out the peer's FQDN.
Ciao,
Richard
--
Dr. Richard W. Könning
Fujitsu
Jue (Jacky) Shu wrote:
Sorry, Richard.
Maybe I didn't put it clearly.
There r two names, one is from the certificate, another one is from DNS.
They must match.
The other one is *not* from DNS, but from the *user* (step 1 from Lutz'
list). The user wants to connect to a specific site, and the
Jue (Jacky) Shu wrote:
Yes, that's what I want to do. But I have to use SSL_accept instead of accept,
and peer's ip address is dynamic. Can I get peer's ip address from SSL
connection?
Normally one makes first an accept and then an SSL_accept. After the
accept you can proceed as described by
Shashank Khanvilkar wrote:
Hi,
I don't know how to exactly describe my problem, but I will try my best with
the help of a packet trace.
Below is a trace of an SSL session. As seen from this, when the handshake is
complete, and i send an applicaion data of 128 bytes, why do i get
two record layer
Shashank Khanvilkar wrote:
Yes.. i did use SSLdump, with the private RSA key to capture the trace.
Below is the command that i used.
/usr/local/sbin/ssldump -i eth0 -A -d -X -k $HOME/certificates/client.pem
port
I think ssldump has no option to dump the application data in hex.. but I
will
At 13:07 28.03.2003 +0530, you wrote:
Hi, Can anyone tell me how can I get to understand the meaning of
error codes ,alert numbers and other stuff I#8217;m getting the following
error on my server : error:140943E8:SSL
routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:985:SSL alert number 0
At 10:54 28.03.2003 -0500, you wrote:
Thanks!
I did that and it worked thanks. But now it complains about
ld:ERROR: fatal error: library not found: -lthread
Replace in Saju's answer socket with thread and repeat the procedure.
Ciao,
Richard
--
Dr. Richard W. Könning
Fujitsu Siemens Computers
At 07:54 28.03.2003 -0800, Neil Nelson wrote:
Martin Witzel wrote:
The basic question amounts to: Is there an exportable version of OpenSSL?
U.S. Export home page for encryption can be found at
From Martin's E-Mail address i presume that he is an employee of the german
subsidiary of an U.S.
At 10:15 11.10.2002 +0100, you wrote:
Could someone consider whether the documentation for OpenSSL should be
shipped
in HTML format as well as POD please? I use Windows 2000 and my current
ActiveWare version of Perl only contains POD2TEXT which is somewhat limiting.
My ActiveWare version of
At 13:00 30.08.2002 -0400, you wrote:
http://www.openssl.org/docs/apps/ocsp.html describes the openssl ocsp
command, but openssl-0.9.6g command line doesn't recognize the ocsp
command and I don't see it anywhere in the sources.
Can anyone tell me if ocsp is available and, if so, where?
Iirc
At 18:10 01.07.2002 +0200, you wrote:
does anyone knows how to obtain a big random seed in systems
that doesn't provide /dev/urandom?
Get and port for example PRNGD.
(http://www.aet.TU-Cottbus.DE/personen/jaenicke/postfix_tls/prngd.html)
may be i could initialize RAND_seed with current time,
At 16:26 01.07.2002 -0700, you wrote:
I am trying to download
ftp://ftp.runestig.com/pub/starttls/start_tls-telnet.current.tar.gz
I tried using MSIE 5.5 and a regular FTP client (anonymous connection)
I tried with Netscape (which works normally with this site) and got the
same error. This seems
At 12:01 24.05.2002 +0100, you wrote:
When a browser connects to a https site, does it include some sort of
token in the header to enable the server to equate two or more requests
to the same ssl session? Some thing to hash on ...
See RFC 2246, p. 31.
Ciao,
Richard
--
Dr. Richard W. Könning
At 01:55 05.04.2002 +0200, you wrote:
heh, i didn't mean to insult anyone of the great ppl who put a lot of effort
into the ftp-tls specs. i'm currently working on a client-side implemenation
myself. i spent lots of time to get the command data encryption to work.
it
was pretty hard for me
At 12:55 27.01.2002 +, you wrote:
I'm thinking of writing a small GUI application that implements just the 2
following functions of:
*Create a self-signed certificate
*Create a private key
First, is there such an application already around (I can't find any), and
secondly, would a random
At 09:09 28.01.2002 -0500, you wrote:
I was under the impression that on windows OpenSSL uses
RAND_screen which will obtain random data from the screen and mouse events?
Shouldn't you use that?
Exactly this function (in crypto/rand/rand_win.c) i had on my mind, but i
was too lazy
At 10:27 24.10.2001 +1300, you wrote:
On Wed 23 Oct 2001, Scott Klement wrote:
For a MS-Windows client that can connect using FTP over SSL, go here:
http://www.wsftp.org/
Thanks Scott. Much appreciated. I do not especially want to write my own
ssl/ftp client so I'll go with the above
At 09:19 24.10.2001 EDT, you wrote:
The implementation of AUTH SSL/TLS in the FTP client support that
comes with Kermit 95 and C-Kermit 8.0
http://www.kermit-project.org/ftpd.html
supports all ciphers supported by OpenSSL; reuses the session for the
data connections; and properly performs ver
At 20:33 12.10.2001 +0200, Helmut Heilig wrote:
can anybody tell me the difference between openssl and openssl-engine.
Couldn't find anything about that in the FAQ.
See: http://www.openssl.org/support/faq.html
[MISC] 6. What is an 'engine' version?
Ciao,
Richard
--
Dr. Richard W. Könning
At 14:56 10.10.2001 +0800, you wrote:
Does anyone know what the different between OpenSSL 0.9.6b and OpenSSL
0.9.6b - engine?
See: http://www.openssl.org/support/faq.html
[MISC] 6. What is an 'engine' version?
Ciao,
Richard
--
Dr. Richard W. Könning
Fujitsu Siemens Computers GmbH, EP LP COM 5
67 matches
Mail list logo