-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Dave Thompson
Sent: 19 December 2013 08:36
To: openssl-users@openssl.org
Subject: RE: HTTPS TLSv1.2 Client-Auth negotiation
Yes, that Wireshark decode of (encrypted) renegotiation is clearly wrong.
Sending two ClientKX
Yes, that Wireshark decode of (encrypted) renegotiation is clearly wrong.
Sending two ClientKX would be wrong, sending (Client)Cert and ClientKX
is right, and the first size would match Cert and not ClientKX.
You might try is s_client -connect 23.66.176.239 -msg -debug
with redirect from a
Hi,
Thanks for detailed information , since I am not very comfortable with
c/c++ , it is bit difficulty for me to design and implement a webserver
.
Is there simple open source webserver (which uses the boost lib and has the
option to include my modified openssl libs) for android ndk level
Hi,
Thanks for the information , actually I need to write simple webserver for
the android (in the ndk level for some requirement) .
I have added some new CIPHER suite to the openssl as per
our requirement . now I need to write simple webeserver which uses that
modified-openssl , hence I planned
On Thu, Nov 1, 2012 at 1:47 PM, Indtiny s indt...@gmail.com wrote:
Hi,
Thanks for the information , actually I need to write simple webserver for
the android (in the ndk level for some requirement) .
I have added some new CIPHER suite to the openssl as per our requirement .
now I need to
On Wed, Oct 31, 2012 at 12:31 PM, Indtiny s indt...@gmail.com wrote:
Hi,
Thanks for the suggestion , while browsing about openssl I came across this
site http://www.rtfm.com/openssl-examples/
which has code for server which is based on the openssl .
Can I use that server code for my
Hi.
I think that you should write simple HTTP server first and add SSL
support to it afterwards.
Best regards,
Andrey Koltsov
software developer
29.10.2012 20:49, Indtiny s пишет:
Hi,
I have CCM chiper suite in the openssl and for some other requirement I have
write my own simple
Absolutely!
Charles
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Andrey Koltsov
Sent: Tuesday, October 30, 2012 4:08 AM
To: openssl-users@openssl.org
Cc: Indtiny s
Subject: Re: https server using openssl
Hi.
I think
On Tuesday 11 September 2012, Supratik Goswami wrote:
Is there no one in the community who can help me to find the cause of
the problem ?
Maybe You have firewall issues on office IP macine. Have You tried tcpdump or
similar utility to check if there is something being sent/received?
Regards,
It is not a firewall issue, I checked this from outside firewall. The
strange part of the problem is
it does not happen always, it works intermittently.
[root@gateway bin]# openssl s_client -bugs -connect
test.mydomain.com:443 -msg -state
CONNECTED(0003)
SSL_connect:before/connect
Is there no one in the community who can help me to find the cause of
the problem ?
On Tue, Sep 4, 2012 at 7:21 PM, Supratik Goswami
supratiksek...@gmail.com wrote:
I am using OpenSSL version : openssl-1.0.0j in our production.
I am facing a strange problem where the SSL connection simply
original-
De: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] Em nome de Supratik Goswami
Enviada em: terça-feira, 11 de setembro de 2012 10:15
Para: openssl-users@openssl.org
Assunto: Re: HTTPS connection hangs during SSL handshake
Is there no one
Hi Ricardo:
On September 17, 2008 12:52:23 pm Ricardo Garcia Reis wrote:
Hey fellows,
I want your help, to implement an integration with SafeNet HSM Hardware. I
know OpenSSL, but never used with PKCS#11.
The Engine interface is your friend :) And WHICH Safenet HSM? Have you taken a
look at
Hello again:
Aaack - my bad for not re-reading the post - the openssl.cnf section should
be:
[ openssl_init ]
engines = engine_section
oid_section = new_oids
[ engine_section ]
lunahsm = luna_hsm
[ luna_hsm ]
engine_id = LunaCA3
init
Hello Patrick,
Thanks for help ...
-
My Background:
Working with a server application that has a programming language (ADVPL),
in the server I am responsible for some protocols such as http/https -
server/client :) and now I am having to use an HSM.
Currently supports only the
I don't have any examples, but check out
http://search.cpan.org/dist/libwww-perl/lib/HTTP/Request/Common.pm
Using LWP and a PUT operation seems to be pretty straightforward if this
document is to be believed.
Jim.
On Wed, Jun 18, 2008 at 3:40 PM, David M. Funk [EMAIL PROTECTED] wrote:
Anybody
: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jim Lynch
Sent: Thursday, June 19, 2008 8:39 AM
To: openssl-users@openssl.org
Subject: Re: HTTPS put file in perl
I don't have any examples, but check out
http://search.cpan.org/dist/libwww-perl/lib/HTTP/Request/Common.pm
Using LWP and a PUT
., PA 16066
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jim Lynch
Sent: Thursday, June 19, 2008 8:39 AM
To: openssl-users@openssl.org
Subject: Re: HTTPS put file in perl
I don't have any examples, but check out
http://search.cpan.org/dist/libwww-perl/lib/HTTP/Request
: 724-772-7889
email: [EMAIL PROTECTED]
www: http://www.trinityITsolutions.com
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kyle Hamilton
Sent: Thursday, June 19, 2008 12:32 PM
To: openssl-users@openssl.org
Subject: Re: HTTPS put file in perl
PUT
}));
$reply{$name} .= $value;
}
foreach $rpl (keys %reply)
{
print OUTFILE $rpl = $reply{$rpl}\n;
}
close (OUTFILE);
_
From: David M. Funk [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 19, 2008 9:28 AM
To: openssl-users@openssl.org
Subject: RE: HTTPS put file
Hello Ricardo,
Ricardo Garcia Reis schrieb:
Hello All,
I can not connect to a HTTPS server of WebServices.
(https://hnfe.sefaz.es.gov.br/Nfe/wsdl/nfeStatusServico.wsdl)
The error occurs when the function SSL_read() is calling, returning 0
and SSL_get_error () equals SSL_ERROR_ZERO_RETURN.
Message -
From: [EMAIL PROTECTED]
To: openssl-users@openssl.org
Sent: Thursday, January 17, 2008 6:01 PM
Subject: Re: https + onpenSSL + firefox: 8101 error
Hello
Thanks, I don't know what extensions are. I runned that command and it
shows this extensions:
X509v3 extensions
Hello,
I enabled https in my website on a Tomcat server.
I created with openSSL the CA, I singed my web certificate and I added
the certifie of
my CA in IE and Firefox. With IE 6 and 7 it run successfull securely,
but with firefox
and netscape it shows this error acceder perfectamente a
Thanks, I don't know what extensions are. I runned that command and it shows
this extensions:
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Cert Type:
SSL Client, S/MIME, Object Signing
Netscape Comment:
Hello
Thanks, I don't know what extensions are. I runned that command and it
shows this extensions:
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Cert Type:
SSL Client, S/MIME, Object Signing
- Original Message -
From: David Schwartz [EMAIL PROTECTED]
To: openssl-users@openssl.org
Sent: Thursday, December 07, 2006 6:49 PM
Subject: RE: HTTPS security model
OK, I'm going to take a humourous punch at what you just said; if
authentication and authorization are the same
Actually, David, the truth is that your really not getting these
guarentees that
your looking for.
Correct. In a technical sense, *you* do not get the guarantees, your end of
the HTTPS connection does. Whether you choose to trust your end or not is a
separate issue.
The problem is that the
On Fri, Dec 08, 2006 at 04:15:15AM -0800, David Schwartz wrote:
Actually, David, the truth is that your really not getting these
guarentees that
your looking for.
Correct. In a technical sense, *you* do not get the guarantees, your end of
the HTTPS connection does. Whether you choose
On 12/8/06, David Schwartz [EMAIL PROTECTED] wrote:
I think that's kind of a crazy thing to say. For what possible reason would
Microsoft want my credit card information to leak to a cracker? For what
possible reason would Microsoft want my computer to be hijacked?
It's unlikely that MS would
Hello,
Le 08-déc.-06 à 14:48, Victor Duchovni a écrit :
Yes, the security of unauthenticated TLS is rather questionable.
I, the guy who asked an innocent question at first in this long
thread, have well understood this point from the very first two
answers I got in this thread and passed
There are security paradigms such as SSH where you use leap of
faith: strictly you haven't authenticated the remote end, but you
know that your peer is the other box next to you, you
verified its PK fingerprint visually, so you approve (authorize)
that peer from now on.
You are
In message [EMAIL PROTECTED] on Tue, 5 Dec 2006 13:45:13 -0800, David
Schwartz [EMAIL PROTECTED] said:
davids Authentication and authorization are the same thing.
Generally speaking, that's incorrect, even if you might have a
specific case where your statement applies.
To take an example, I
I have seen this certificate before, and I assert that I want to
allow it for limited purposes -- if only because I want to make sure
that third-parties can't see what URLs I'm looking at. I do NOT want
to post my credit card or other sites' login information to this site,
so warn me if I do so.
Proponents of the requested change believe that it is much
likelier to have
your communications observed by a passive attacker, than to have an active
attacker in the path that masquerades as e.g. amazon.com. Not that the
later is impossible - just less probable and less frequent.
Except
OK, I'm going to take a humourous punch at what you just said; if
authentication and authorization are the same thing, why are both
required? Isn't one enough? Please make up your mind...
If A and B are the same thing, either neither is required or both are
required. Everything true about
I don't understand this argument at all. The two questions you seem to
think are being confused are the *same* question.I don't think so. When I
type in https://www.amazon.com;, what I want to know is - do I have a
secure connection to Amazon?This is an authentication question. A secure
On Wed, Dec 06, 2006 at 07:16:32PM +, [EMAIL PROTECTED] wrote:
[ Authentication vs. Authorization ]
Yes, the real issue is that encryption without authentication does
not necessarily provide confidentiality, the party on the other end of
the encrypted connection could be the same attacker
A secure connection to an unauthenticated source is of
no value because the unauthenticated source could be
the one person who the connection is supposed to be
secured from. If there's nobody the connection is
supposed to be secured from, why would you care
that the connection is
Dear,
Le 04-déc.-06 à 19:15, Victor Duchovni a écrit :
TLS includes anonymous cipher-suites (ADH) that do not require or use
server certificates. Postfix 2.3 clients using opportunistic TLS with
Postfix 2.3 (SMTP+STARTTLS) servers will use anonymous ciphers by
default, because SMTP server
The difficulty for the end user here is that the little lock icon is
overloaded: it is taken to mean both session is secured against
spying AND session is with a trusted partner. One could argue that
this confounds authentication (verifying the cert.) and authorization
(asserting trust of the
The difficulty for the end user here is that the little lock icon is
overloaded: it is taken to mean both session is secured against
spying AND session is with a trusted partner. One could argue that
this confounds authentication (verifying the cert.) and authorization
(asserting trust of
This will probably look like a dumb question, but anyway. Is there
any provision and way, in SSL and/or HTTP, to establish a SSL link
without trying to assert anything about the server identity? Such
that a client (a web browser) would happily use the encrypted tunnel
while obviously not
What I use it HTTP and LWP::UserAgent Perl modules
use LWP::UserAgent;
$ua = new LWP::UserAgent;
$ua-agent(AgentName/0.1 . $ua-agent);
my $cgi = new CGI();
my $post = '';
# Create a request
my $req = new HTTP::Request POST = 'https://www.server.com';
Hello,
I am trying to add client certificate support to Daquiri which is
using openssl for https connections already.
http://omniti.com/~jesus/projects/
So before creating the SSL with SSL_new I am loading our client
certificate CA's certificate chain into the context with:
int
Try SSL_CTX_use_PrivateKey_file() to load private key
(and I suggest SSL_CTX_check_private_key() to check
private key to certificate compatibility).
Well, I thought for PEM SSL_CTX_use_certificate_chain_file() would
also load the private key (thought I read that somewhere) ...anway.
When I use
On Mon, Nov 27, 2006, Torsten Curdt wrote:
ssl_err = SSL_connect(hr-ssl);
if (ssl_err 0)
{
error_printf(Hard error %d on SSL_connect for fd %d\n,
ssl_err, event-fd);
I always get a -1 return code and the password callback is not getting
called at all
Thanks for the help guys ...the last thing that was missing was
actually an infrastructure problem :)
So - working now :)
cheers
--
Torsten
__
OpenSSL Project http://www.openssl.org
User Support
Hi,
I prefer the PKCS12 keystore type for certificates and private keys.
The PKCS12 keystore is supported by JDK, and you don't need to convert the
PKCS8 to JKS type (java only support JKS and PKCS12).
Regards,
HC
-Original Message-
From: Eshwaramoorthy Babu [EMAIL
Isn't SSL/TLS part of javax.security? At any rate, this is not a good
place for Java questions...
The IBM keyman program (google search...) seems to have better support for
some standard formats than the standard keytool does.
/r$
--
STSM, Senior Security Architect
SOA Appliances
To: openssl-users@openssl.org
Subject: Re: HTTPS
Milan Tomic wrote:
Can cli.cpp run on Windows platform? I need Windows OpenSSL HTTPS
client.
While compiling I got an error saying that it can't find
sys/socket.h
include file.
Thank you.
Uhh, hard times ahead if you want
Milan Tomic wrote:
Where can I find some HTTPS client app example using OpenSSL? I have
found cli.cpp in the OpenSSL distribution but it connects to the
server through sockets.
I guess cli.cpp is exactly what you are looking for. You first have to
set up the connection using sockets and
Can cli.cpp run on Windows platform? I need Windows OpenSSL HTTPS
client.
While compiling I got an error saying that it can't find sys/socket.h
include file.
Thank you.
__
OpenSSL Project
Milan Tomic wrote:
Can cli.cpp run on Windows platform? I need Windows OpenSSL HTTPS
client.
While compiling I got an error saying that it can't find sys/socket.h
include file.
Thank you.
Uhh, hard times ahead if you want to code SSL and ask me such
questions... ;)
I guess you'll need
Milan Tomic wrote:
Where can I find some HTTPS client app example using OpenSSL? I have
found cli.cpp in the OpenSSL distribution but it connects to the server
through sockets.
If you are looking for a binary that does the job you
may simply use openssl s_client...
Olaf
--
Dipl.Inform.
Have you looked at libwww from W3C?
--- Milan Tomic [EMAIL PROTECTED] wrote:
Where can I find some HTTPS client app example using
OpenSSL? I have
found cli.cpp in the OpenSSL distribution but it
connects to the server
through sockets.
To: [EMAIL PROTECTED]
Subject: Re: HTTPS with customized pfx files.
On Mon, May 10, 2004, Fabiano Reis wrote:
Content-Description: Mail message body
Hi,
I have an Apache webserver running with ssl enabled. I configured it to
use:
SSLVerifyClient required option, so my customers can
On Fri, 11 Jan 2002 08:47:58 -0600, Scott Frazor wrote:
I tried looking at the RFC and it was not what I was looking for. I think
now that I have read a couple of responses to my original question I am
specificaly looking for how to impliment a POST through OpenSSL's API and
receive the
, January 10, 2002 8:20 AM
To: '[EMAIL PROTECTED]'; 'Scott Frazor'
Subject: RE: HTTPS Post
Scott,
Read http://www.ietf.org/rfc/rfc2616 for HTTP information
-Original Message-
From: Scott Frazor [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, January 09, 2002 6:00 PM
To: [EMAIL
On Wed, 9 Jan 2002, Scott Frazor wrote:
Can anyone give me a rough idea on how to prepare and send a https POST via
openssl? I know how to open a socket and connect SSL, but I'm missing
something when it comes to sending a HTTPS POST and RECEIVING the response.
I'm not sure if I'm asking
PROTECTED]
Reply-To: [EMAIL PROTECTED]
Date: Wed, 21 Nov 2001 08:44:40 +
To: [EMAIL PROTECTED]
Subject: Re: https
Keary Suska wrote:
I would recommend that you remove Net::SSLeay and install Crypt::SSLeay. The
former is no longer being maintained (and is considered deprecated), and may
On Tue, 20 Nov 2001, Keary Suska wrote:
...
I would recommend that you remove Net::SSLeay and install Crypt::SSLeay. The
former is no longer being maintained (and is considered deprecated), and may
not function properly with newer openssl versions, but the latter is being
actively
On Wed, 21 Nov 2001, Keary Suska wrote:
...
It's your choice which to use, though the read me states that Net::SSLeay
doesn't directly support LWP, so I imagine you will get better results with
LWP if you use the library recommended by the author.
yes, this choice is a matter of opinion -
)
To: OpenSSL [EMAIL PROTECTED]
Subject: Re: https
On Tue, 20 Nov 2001, Keary Suska wrote:
...
I would recommend that you remove Net::SSLeay and install Crypt::SSLeay. The
former is no longer being maintained (and is considered deprecated), and may
not function properly with newer openssl
Ah.. the Camel ;-)) Well for one thing the exchange between https and your
browser is quite a bit different.. whereas plain http can be obtained simply
by GET [..] Which you can't do with https.. quite in the same way;-))
Hope that helps somewhat.. You also should use carp or something as it
Hello yitzpick,
ysn hi,
ysn i'd like to know how to do GET / POST requests over HTTPS.
Actually, HTTPS is simply the HTTP over SSL.
So just use ssl_read ssl_write to implement HTTP Protocol. :)
ysn there's some demos/bio example,
ysn but doesn't compile on Linux.
ysn
Hi!
It's the same as using plain connection... The difference is that the
connection between client and server is encrypted...
Uro Gaber
PowerCom Gaber Globocnik d.n.o.
http://www.powercom-si.com
eMail: [EMAIL PROTECTED]
Tel: 01/724-84-26 -- +386-1-7248426
Fax: 01/724-84-27 -- +386-1-7248427
From: Vadim Fedukovich [EMAIL PROTECTED]
w3c-wwwlib from www.w3c.org
wwwlib examples don't work with https, all i found was this:
http://www.w3.org/Library/src/SSL/WWWSSL.html
( Because US regulations on encryption .. )
i'd be really happy if someone just told me how to fix OpenSSL
One example of how to get
https or http is simply in the code of ocsp.c in the apps
directory.
The apps/ocsp.c code initialized optionally a normal or ssl
connection. Then you just send your http data stream into
it.
if you want to add proxy support for ssl: Use the proxy host
instaed,
On Tue, Feb 27, 2001 at 12:05:36PM +0100, [EMAIL PROTECTED] wrote:
wwwlib examples don't work with https, all i found was this:
http://www.w3.org/Library/src/SSL/WWWSSL.html
( Because US regulations on encryption .. )
i'd be really happy if someone just told me how to fix OpenSSL demos/bio
hi,
i'd like to know how to do GET / POST requests over HTTPS.
there's some demos/bio example,
but doesn't compile on Linux.
perl+ Net::SSLeay
[EMAIL PROTECTED]
__
OpenSSL Project
Michael wrote:
hi,
i'd like to know how to do GET / POST requests over HTTPS.
there's some demos/bio example,
but doesn't compile on Linux.
perl+ Net::SSLeay
I'm not sure I understand your question. Examples of doing this in my
application are in the files HTTPing.pm and
Michael wrote:
hi,
i'd like to know how to do GET / POST requests over HTTPS.
there's some demos/bio example,
but doesn't compile on Linux.
perl+ Net::SSLeay
[EMAIL PROTECTED]
__
OpenSSL Project
Michael wrote:
hi,
i'd like to know how to do GET / POST requests over HTTPS.
there's some demos/bio example,
but doesn't compile on Linux.
perl+ Net::SSLeay
My mistake. I guess I'm tired. I thought you were an internal
Michael. Sorry.
Here's some examples
Kari Hurtta wrote:
https://www.openssl.org/
goes to https://www.engelschall.com/title/
What is this?
--
/"\
| Kari
\ /
ASCII Ribbon Campaign | Hurtta
X
Against HTML Mail |
/ \
|
__
OpenSSL Project
http://www.openssl.org
User
You are trying to access the page via https,
secured http?
Use http://www.openssl.org
- Original Message -
From:
Tom Nichols
To: [EMAIL PROTECTED]
Sent: Wednesday, April 11, 2001 7:03
AM
Subject: Re: https://www.openssl.org/ ?
Kari Hurtta wrote:
https
"Ray, Marla S" wrote:
Please pardon what might seem like a simple question but I am very new to
using the lwp and ssl modules and need some help.
We are trying to use Perl to do a POST to an HTTPS location. Our post
includes a file and optionally other form input. I can access and
Title: RE: HTTPS
http://sourceforge.net/projects/aphid/
http://www.apachetoolbox.com/
http://www.delouw.ch/linux/apache.phtml
If you're using a Unix based system, try to use one of those tools above. I used apachetoolbox, and it didn't done the entire job for me, but it helped a lot
"Varga, Jack" [EMAIL PROTECTED] writes:
Is the session_id resident in each ssl application
data packet or just in the handshake packets? If so,
is it always in the clear (i.e., not encrypted?
No, it's only in the ServerHello and (if resumption is being used) in
the ClientHello. However,
Check http://www.modssl.org/docs/2.7/ssl_intro.html
and http://www.modssl.org/docs/apachecon2000/slide-006-l.html
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
__
OpenSSL Project
"Varga, Jack" [EMAIL PROTECTED] writes:
Along the lines of a Stephens TCP packet header illustration,
is there something similar to describe an https (or http for that
matter) packet header?
The first thing to realize is that HTTPS means "HTTP over SSL".
Ordinarily, HTTP traffic is carried as
Hello,
We are using OpenSSL version 0.9.5a for a project and have noticed some
errors connecting to any of our HTTPS:// sites with IE4.0. We can use the
same machine with the same version browser and connect to several other https:
sites. One thought was what version of SSL is being sent to
: Re: HTTPS:
errors
Hello,
We are using OpenSSL version 0.9.5a for a project and have noticed some
errors connecting to any of our HTTPS:// sites with IE4.0. We can use
the same machine with the same version browser and connect to several other
https: sites. One thought was what
Luke Higgins wrote:
Hello all,
I just installed Net::SSLeay and OpenSSL-0.9.4 on my redhat 6.0 system and was
looking for an example of using Net::SSLeay to perform a POST request on a
https site that requires authentication. The example in the Net::SSLeay
distribution
Chris Schoenfeld wrote/schrieb/scribsit:
I can do a simple GET:
GET /
That works fine.
The problem is that the first line of input is immediately sent to the
server and processed, there is no way for me to send additional information
(headers, POST data, etc) required for more complex
84 matches
Mail list logo
