Hello,
I am using the Openssl-1.0.2 with openssl-fips-2.0.9 and have a question?
If AES CBC Encryption is considered vulnerable to an attacker with the
capability to inject arbitrary traffic into the plain-text stream, then why is
it listed as an approved algorithm/option in table 4A on page 14
I assume it says it is a FIPS 140-2 approved mode because it is approved
by FIPS 140-2 ;). Don't confuse the concepts of being 'FIPS approved' or
'FIPS compliant' with being 'secure'. They are not the same thing, and
can sometimes conflict.
On 20/03/2015 12:01, Philip Bellino wrote:
Hello,
Hi,
Is it possible to create a PKCS8 RSA Private Key using a non-password based
encryption algorithm? There doesn't appear to be an option through the command
line `openssl pkcs8`. If it is not possible to do this through OpenSSL (which
seems to be the case), is it not a valid way to encrypt
On 6/12/2013 10:17 PM, Thaddeus Fuller wrote:
Hi,
Is it possible to create a PKCS8 RSA Private Key using a non-password
based encryption algorithm? There doesn’t appear to be an option through
the command line `openssl pkcs8`. If it is not possible to do this
through OpenSSL (which seems
We only use OpenSSL_add_all_algorithms during SSL initialization, no other
SSL_[CTX]_set_cipher_list calls are made, therefore the cipher used should be
the default DHE-RSA-AES256-SHA then.
Alex
On Oct 14, 2012, at 3:01 PM, Dave Thompson wrote:
From: owner-openssl-us...@openssl.org On Behalf
From: owner-openssl-us...@openssl.org On Behalf Of Alex Chen
Sent: Friday, 12 October, 2012 21:31
The 'openssl cipher -v' command shows the following cipher suites:
snip
If both the client and server uses the sample version of openssl
library and they only calls OpenSSL_add_all_algorithms()
to
The 'openssl cipher -v' command shows the following cipher suites:
$ openssl ciphers -v
DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1
DHE-DSS-AES256-SHA SSLv3 Kx=DH Au=DSS Enc=AES(256) Mac=SHA1
AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256)
Hi allI want to use TEA encryption algorithm with OpenSSL.Is there any engine
to provide implementation of TEA algorithm ?gost engine is an example of
adding new cryptoalgorithms into OpenSSL but gost example is a bit complex.
Thanks in advance,
Siavash
TEA source code :
https
Hi allI want to use TEA encryption algorithm with OpenSSL.Is there any engine
to provide implementation of TEA algorithm ?gost engine is an example of
adding new cryptoalgorithms into OpenSSL but gost example is a bit complex.
Thanks in advance,
Siavash
TEA source code :
https
Is it possible to change the algorithm used to encrypt private keys
(when used with 'openssl req -newkey ...)? I'd like to use AES256
instead of triple-DES.
Thanks!
--
Ian Pilcher
Hi everyone,
Another set of very very basic questions:
- What encryption algorithm does openSSL use when generating the asymmetric
keys?
- Is it something that the developer has to specify, or is there a default?
Thank you
Colette
From: "Gotfried, Colette" [EMAIL PROTECTED]
To begin with, what part of OpenSSL are we talking about? I'm
assuming that it's the "openssl genrsa" application. If not, you'll
have to restate your question:
ColetteG Another set of very very basic questions:
ColetteG
Colett
After installing a Verisign test certificate; when testing with
./openssl s_client -connect www.takeitnow.nl:443 and GET / HTTP/1.0
everything seems to work; the HTTP GET is recorded in the server
logging. But when accessing the server with Netscape (4.5) I get a popup
box 'Netscape and
Steve,
The server is WN 2.3.3 (see also http://www.wnserver.org). It works with both
'strong' and 'weak' browsers, but I can't figure out if it uses strong encryption
where possible (e.g. strong browsers).
Jon
Dr Stephen Henson wrote:
[EMAIL PROTECTED] wrote:
That's right! Now we've
Hi
The browsers send a prioritised list of ciphers to the server for selection,
strong first, followed by the weaker ones.
The server selects the first cipher that matches. So the server should typically
select the strongest possible common cipher.
:) Amit.
[EMAIL PROTECTED] wrote:
Steve,
[EMAIL PROTECTED] wrote:
Hi all,
Our first attempt to install a secure webserver was not succesfull. We
did install Openssl (0.9.4) and WN webserver (2.3.3) on a Linux box.
After installing a Verisign test certificate; when testing with
./openssl s_client -connect www.takeitnow.nl:443
Dear Steve,
You're right: I've downloaded a 128bit IEX security upgrade and now it works.
But, now we've to find out how to install 'weak' encryption.
Thanks again
Jon Petersen
Dr Stephen Henson wrote:
[EMAIL PROTECTED] wrote:
Hi all,
Our first attempt to install a secure webserver
17 matches
Mail list logo