__
Do you Yahoo!?
Protect your identity with Yahoo! Mail AddressGuard
http://antispam.yahoo.com/whatsnewfree
__
OpenSSL Project http://www.openssl.org
User
Ole Hansen [EMAIL PROTECTED] writes:
I would like to decrypt the Finished message from the client. What
functions will do here? I have tried with EVP_Decrypt*() but output does
not make sense. Which key should I pass to EVP_Decrypt*-functions if
these are to be used? Those from the key
Our site has recently been successfully attacked twice. The first time
we probably deserved it, as we running on old software, and hadn't been
fixing vulnerabilities regularly. So we reformatted the disks,
installed Apache 1.3.29, PHP 4.3.4, and Openssl 0.9.7c, and patched the
kernel bug
Our site has recently been successfully attacked twice. The first
time we probably deserved it, as we running on old software, and
hadn't been fixing vulnerabilities regularly. So we reformatted the
disks, installed Apache 1.3.29, PHP 4.3.4, and Openssl 0.9.7c, and
patched the kernel bug
Do you have any reason to think this is an OpenSSL bug rather than an
Apache, PHP, or other module bug/configuration error? Or even another
service?
When you cleaned up the system and presumably restored your data, did
you check to make sure that there weren't any malicious or altered php
It may seem like a long shot, but do you have any CGI scripts which allow a binary
file transfer. It looks like you may have a CGI script running as root and getting
exploited that way. Verify all the script entries in your Apache configuration.
Regards,
Fred Crable
-Original
Your message appears to show the output of a 'wget
http://www.viperhaxu.hpg.com.br/telnetd' command. Only output from apache
server is the first two lines.
Plus you are not even running this apparent test using HTTPS (eg. port 443)
so you have no basis for suspecting openssl AT ALL!!
Looks to
I've run into an interesting situation and need some advice. I'm building a server
that will be validating clients via
certs. So, I've coded this to handle CRLs, but I've encountered that if a CRL has
expired no certificates
related to that CA are considered valid. I'm not sure this a good way
On Mon, Dec 29, 2003, Joseph Bruni wrote:
I've run into an interesting situation and need some advice. I'm building a
server that will be validating clients via certs. So, I've coded this to
handle CRLs, but I've encountered that if a CRL has expired no
certificates related to that CA are
Gotcha. So it would be safe to assume that almost nobody uses CRLs
since none of the software I use that does SSL seems to worry about the
presence (or lack) of a CRL. Wonderful. That really inspires
confidence.
I'll just bump the nextUpdate field out and make sure that the CA is
keeping the
10 matches
Mail list logo