On 9/15/2011 5:21 AM, Dave Thompson wrote:
In the past, this fact has caused common SSL clients (browsers etc.)
to regularly turn off older ciphersuites to protect against false
servers that deliberately downgrade to weak protocol versions and
ciphersuites, whenever such an attack became too
From: owner-openssl-us...@openssl.org On Behalf Of Jakob Bohm
Sent: Tuesday, 13 September, 2011 07:33
On 9/13/2011 1:46 AM, Dave Thompson wrote:
From: owner-openssl-us...@openssl.org On Behalf Of Jakob Bohm
Sent: Monday, 12 September, 2011 03:52
On 9/9/2011 10:13 PM, krishnamurthy
On 9/13/2011 1:46 AM, Dave Thompson wrote:
From: owner-openssl-us...@openssl.org On Behalf Of Jakob Bohm
Sent: Monday, 12 September, 2011 03:52
On 9/9/2011 10:13 PM, krishnamurthy santhanam wrote:
snip: unclear about key transport or maybe derivation
The normal way to do this is:
1. On the
On 9/9/2011 10:13 PM, krishnamurthy santhanam wrote:
I am implementing SSL on server side to authenticate the client
certificate(X.509) and also client will authenticate the servers
certificate(X.509). Once the mutual authentication has completed server has
to generate AES key for encryption
From: owner-openssl-us...@openssl.org On Behalf Of Jakob Bohm
Sent: Monday, 12 September, 2011 03:52
On 9/9/2011 10:13 PM, krishnamurthy santhanam wrote:
snip: unclear about key transport or maybe derivation
The normal way to do this is:
1. On the side running openssl, just let openssl
I am implementing SSL on server side to authenticate the client
certificate(X.509) and also client will authenticate the servers
certificate(X.509). Once the mutual authentication has completed server has
to generate AES key for encryption and decryption.
In server side I am creating 256
