Hi
The browsers send a prioritised list of ciphers to the server for selection,
strong first, followed by the weaker ones.
The server selects the first cipher that matches. So the server should typically
select the strongest possible common cipher.
:) Amit.
[EMAIL PROTECTED] wrote:
> Steve,
Hi,
Sure the browser exports all export ciphers in the client_hello. But only if
they have been enabled in the browser.
It would be an empty list if only strong(non-exportable) ciphers were enabled
and others (exportable) were disabled in the browser.
And I think that is the scenario vijay is hav
Oliver King <[EMAIL PROTECTED]>:
> [...] Does OpenSSL support reading from a connection on
> one thread and writing to the same connection on another thread?
> Has anyone tried this, or is it not supported?
I would not recommend trying, there is no locking done on the
struc
zheng xiangyang <[EMAIL PROTECTED]>:
> [...]
Call EVP_cleanup() to free those data structures.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECT
MARTIN Guy CNET/DMI/LAN <[EMAIL PROTECTED]>:
> just begining to use OpenSSL (or trying...), I have got some undefined
> references at compile time.
> gcc -o cli cli.o -L/usr/local/ssl/lib -lcrypto -lssl
Change the compiler options from "-lcrypto -lssl" to "-lssl -lcrypto".
_
Thanks to Dr Stephen, the solution was convert the certificate file to
PEM format (it was in PCKS#7):
First change the "BEGIN CERTIFICATE" and "END CERTIFICATE" lines to
"BEGIN PKCS7"/"END PKCS7" and then run "openssl pkcs7 -in server.gid
-out certs.pem -print_certs".
[]s,
Sergio Salvi.
I got a similar error once and it apparently related to the format of the
key/cert file I had downloaded in win/dos, and it was saved as one big
lineI edited it to add the newlines, and then it worked fine.
Jim Warren Connecting America
[EMAIL
Ulf Möller <[EMAIL PROTECTED]>:
>> - RSA, OAEP DES and CDMF encryption/decryption
>> - SHA-1 digest computation
>> - Basic X.509 Certificate Management (Disk storage, CRL look-up, ...)
>>
>> I'd just like to know which of the previous tasks can be done using the
>> OpenSSL.
> CDMF doesn't
Try the file http://www.e-softinc.com/cacerts.txt
It contains a list of certs that were found in the
mod_ssl package, and were supplemented with certs found
in the cert7.db file.
Thomas
Jean-Marc Beroud wrote:
>
> Hello,
>
> How can I convert Netscape's cert7.db file into PEM format? I need o
Hello,
How can I convert Netscape's cert7.db file into PEM format? I need one
particular CA root certificate contained in this file for Apache.
Greets,
Jean-Marc
__
OpenSSL Project http://www.ope
On Thu, 17 Feb 2000, Amit wrote:
> Hi,
> I think the problem lies with the browser. The browser seems to be an
> export version so strong encryption algorithms have been disabled. This
> means that in the client_hello the browser's list of available ciphers
> will be null and so the connection fa
Here's what I've accomplished so far..
I've set up a CA, fairly easy and standard.
I've gotten the CA's cert into the cisco router for use for known-CA
verification.
I've gotten the router to make a certificate signing request, but it's
making the request in a PKCS7 format. But since I'm les
Steve,
The server is WN 2.3.3 (see also http://www.wnserver.org). It works with both
'strong' and 'weak' browsers, but I can't figure out if it uses strong encryption
where possible (e.g. strong browsers).
Jon
Dr Stephen Henson wrote:
> [EMAIL PROTECTED] wrote:
> >
> >
> > That's right! Now we
Check your browser, it might be an older 'international' version and not
capable of handling 128 bit encryption.
vijay karthik wrote:
> Hi!
>
> I selected the "RC2/RC4 encryption with 128 bit key"
> cipher for SSL connection from my browser.
> I tried to connect to the apache listener(with
> o
> > After installing a Verisign test certificate; when testing with
> > ./openssl s_client -connect www.takeitnow.nl:443 and GET / HTTP/1.0
> > everything seems to work; the HTTP GET is recorded in the server
> > logging. But when accessing the server with Netscape (4.5) I get a popup
> > box 'Net
15 matches
Mail list logo