SMIME TOOL VERSION 0.7
==
17.11.1999, Sampo Kellomaki <[EMAIL PROTECTED]>
Available from
http://www.bacus.pt/Net_SSLeay/smime.html
or as part of (future) OpenSSL-0.9.5 (see www.openssl.org)
Smime tool is a set of utilities for doing smime signatures as well as
basic
As I read the SSL3 specs, I gather that random bytes from the client
(generated as part of Client Hello) are combined with the client-generated
pre-master secret and random bytes from the server (generated at the Server
Hello) to yield the master secret.
I'm curious as to the rationale for using
Rene, Nicholas, Ben, Terrell and Goetz --
Thanks to your all for your comments! Most helpful!
Harry
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAI
On Tue, Nov 16, 1999, Bodo Moeller wrote:
> On Sun, Aug 08, 1999 at 03:05:26PM +, Bodo Moeller wrote:
> > Claus Assmann <[EMAIL PROTECTED]>:
> >> how do I correctly set the verify_mode? Reading the code,
> >> SSL_VERIFY_CLIENT_ONCE and SSL_VERIFY_PEER seem to be useful for
> >> my purpose (tr
Hi all,
On RH 6.1 i386, I'm trying to make a self-signed certificate until mine
comes from Thawte. I used openssl to generate the key and csr. But when I
try to make the crt, it's giving me trouble. Here's what's not working:
./openssl x509 -req -days 30 -signkey www.blah.com.key -in
www.blah
Steve Freitas wrote:
>
> >There are some passphrase FAQs at
>
> Thanks!
>
> Steve
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
>
OpenCA Version 0.2.0 RELEASED - Major Release
=
OpenCA - The Open Certification Authority Toolkit
(http://www.openca.org)
The OpenCA core team is proud to announce the new release of the OpenCA.
This version incorporates many chan
On Sun, Aug 08, 1999 at 03:05:26PM +, Bodo Moeller wrote:
> Claus Assmann <[EMAIL PROTECTED]>:
[...]
>> how do I correctly set the verify_mode? Reading the code,
>> SSL_VERIFY_CLIENT_ONCE and SSL_VERIFY_PEER seem to be useful for
>> my purpose (try to verify the client, but don't fail).
[...]
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Harry Whitehouse
> Sent: Tuesday, November 16, 1999 1:54 AM
> To: [EMAIL PROTECTED]
> Subject: Question about Browser Authenticity
>
> How can the user be certain that their browser (or other SSL3
> c
I guess you're looking for something like:
http://home.netscape.com/eng/ssl3/ssl-toc.html
http://home.netscape.com/eng/ssl3/draft302.txt
http://www.consensus.com/ietf-tls/ietf-tls-home.html
Patrik
Roger Bodén wrote:
> I'm preparing an SSL/TLS presentation and would like to have a short
> histo
I'm preparing an SSL/TLS presentation and would like to have a short
history part. Is the SSL v2 and v3 specs available somewhere?
--
Roger
__
OpenSSL Project http://www.openssl.org
User Support M
At 14:53 16.11.99 +0100, Nicolas Roumiantzeff wrote:
>Downloading each new browser version using HTTPS (with the previous release)
>would be advisable.
Sorry, don't solve the problem.
HTTPS / SSL secures only the connection.
Other attacks are:
1. compromise the new browser on the server you dow
At last I said someting that is not totaly stupid after all ;-)
Good night Ben...
Nicolas
-Message d'origine-
De : Ben Laurie <[EMAIL PROTECTED]>
À : [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date : mardi 16 novembre 1999 18:30
Objet : Re: Compiling OpenSSL without 3DES
>Nicolas Roumiantz
>There are some passphrase FAQs at
Thanks!
Steve
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager
I've made a self-signed DSA CA (RootCA) following
instructions gleaned from the archives.
The RootCA signs a request for User1. User1
installs the certificate.
The RootCA signs a request for User2. User 2
installs the certificate.
User1 encrypts some data, combines it with his
cert, s
Greetings,
I am an SSL newbie so please forgive.
We are a small Swiss hosting company with our servers co-located in the US.
We want to start up another server in Switzerland, and have them communicate
securely through SSL using openSSL. What are the implications since we will
be using openSSL o
Downloading each new browser version using HTTPS (with the previous release)
would be advisable.
Nicolas Roumiantzeff.
-Message d'origine-
De : Harry Whitehouse <[EMAIL PROTECTED]>
À : [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date : mardi 16 novembre 1999 06:34
Objet : Question about Browse
Nicolas Roumiantzeff wrote:
> But this 2 key tripple DES (112 bit key length) would be the best solution
> regarding the French regulation:
> It would be not stronger than 128 bit and still currently secure (where as
> simple DES is not).
> It would aslo be as resistant as the 3 key tripple DES to
Hi Bruno,
>I've got another question about 3DES and SSL: isn't the SSL protocol
limited
>to a 128 bit keylength ? If this is true, how is 3DES handled ? Is the 3rd
>key only partially used ? Or is the "key1, key2, key1" scheme used ?
No, the "key1, key2, key1" scheme is not used for the 3DES cip
Terrell Larson wrote:
>
> I think the short answer is that the user won't know - this is the practical answer.
> The technical answer is the the user must be
> able to run an app such at MD5 against the browser code that will confirm that the
>browser is legit. But of course the md5 app
> migh
On Mon, 15 Nov 1999, steve wrote:
> No, I'm not asking what your password is. But some people gotta have a
> theme, and I'm wondering what type of text you guys would use for your
> secure certificate password? A completely random grouping of letters and
> numbers? Lyrics from an obscure song
Nicolas Roumiantzeff wrote:
>
> But for the French authorities you would have to prove taht DES is a group.
>
> Beside, the 3-DES implementation used in SSL is not exactly a composition of
> 3 DES function (the initial and final seps of the DES algorithm are done
> only once instead of 3 times).
-Messaggio Originale-
Da: Dr Stephen Henson <[EMAIL PROTECTED]>
A: <[EMAIL PROTECTED]>
Data invio: Monday, November 15, 1999 6:27 PM
Oggetto: Re: CRL and Netscape
> Anyway in your case it might be a time problem. The CRL contains two
> fields which signal the validity period of a CRL. T
23 matches
Mail list logo
