Re: [SLE] how do i know the version how to start https
tk dev wrote: 3.as i know, modssl apache-ssl is different. how should i start apache after i enabled ssl? should i stop the current apache? should i change/start/stop any daemon? /sbin/init.d/apache reload Most of the scripts in that directory have start, stop and reload functions built in. Try them out. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: : using ssl in http protocol
do you means that on server side, i can only free the resource of certion persistent connection when 1. reading/writing error occures when server trys to read/write from the socket; 2. server side timeout(can be configed by hand.) occures. is there any http headers for keeping the persistent connection, such as: browser send such messages to the server every XXX minutes/seconds, just like a heart beat. and is there any headers for terminate a persistent connection? You terminate a connection just by closing it, why do you want another information? The server can close a connection whenevr it wants, even if the client starts sending nasty heartbeat polling requests. This depends on how you program you server to react on DoS attacks, maybe you can use some intelligent IDS. Are you asking the fourth question before the others? (at least) :-) - What service is to be delivered by the application? - To what degree does the application require a connection oriented mode? - What do I have to add to fit within exiting protocols, e.g., http? - What are the basic possibilities of http. Note that even if you would have some additional layer on top of IP+TCP+HTTP+keep-alive-mode, you still have to live with network failures etc. The question is to what degree you want to signal lower level interruption of connectivity to the end user, or whether or not you can or want to keep some session information beyond an interuption. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Support for Crypto-Accelerator cards
Hello everybody out there, the ChangeLog states that there is support for Atalla crypto accelerator cards, I assume for the AXL 200. Is there anybody who can tell on what platforms the card is supported? The Atalla people say that they don't have a driver for Solaris (yet). Thnx in advance and kind regards harvey --- KS IT RS Security-Produkte email: [EMAIL PROTECTED] Dresdner Bank AGtel: +49 (0)69 263 10913 Jürgen-Ponto-Platz 1fax: +49 (0)69 263 13704 D-60301 Frankfurt/Main office: HA 2-10, 15.OG A113 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
SSL Problems with IE and Win2000
Hello I'm using sslwrap with openssl 0.95a to forward an SSL connection to a regular webserver. Everything works fine with Netscape on Win98. Internet Explorer on Win98 does not work, SSL Handshake is done, but hangs. On Win2000 its even worse, there, not even Netscape works correctly. This problem occurs mostly we the dns server are dynamically reconfigured. Any hints? -- Pascal. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Support for Crypto-Accelerator cards
On Fri, 25 Aug 2000, Schlote, Hans-Werner wrote: Hello everybody out there, the ChangeLog states that there is support for Atalla crypto accelerator cards, I assume for the AXL 200. Is there anybody who can tell on what platforms the card is supported? The Atalla people say that they don't have a driver for Solaris (yet). While I don't know about Atalla AXL 200, I have some experience with Rainbow's CryptoSwift and NCipher NForce devices/cards. They both have patches to OpenSSL, and OpenSSL ENGINE beta has support for hardware. -- M Taylor mctaylor@ / privacy.nb.ca __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
using rsa functions from libcrypto
Hi, I want to use RSA functions from libcrypto (i386-NetBSD + cc). Can someone send me an example of implementation in C with a public/private keys generation, message encryption/decryption. I need this for a personal project that will not be distributed. thank you. Julien Guisset french student from Paris __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: using ssl in http protocol
From: Arun Venkataraman [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 24, 2000 9:28 PM You need to get familiar with the basics of HTTP. rfc 2068 is the ultimate authority in this regard. RFC 2068 has been superceded by RFC 2616 since June 1999. (And it's a bit misleading to say any RFC is "the ultimate authority" about anything, since RFCs are subject to amendment, and hence are not "ultimate" in the proper sense.) What happens is that the client submits a request say: GET /index.html HTTP/1.0. This will cause the server to terminate the connection after the request has been satisfied. If the client says: GET /index.html HTTP/1.0 Connection: Keep-Alive HTTP/1.0 has been superceded by HTTP/1.1, which is what RFC 2616 defines, and what RFC 2068 defined before it. Persistent connections are a feature of HTTP/1.1. (RFC 2068 notes that a few HTTP/1.0 implementations supported persistent connections, but they are not part of the HTTP/1.0 specification, which can be found in RFC 1945.) The rules governing the HTTP-Version component of an HTTP request line are detailed in RFC 2616, but to gloss a bit, an HTTP/1.1-compliant application SHOULD use "HTTP/1.1" as its HTTP-Version, and MUST use "HTTP/1.1" if it uses any features not compatible with HTTP/1.0 - such as persistent connections. Michael Wojcik [EMAIL PROTECTED] MERANT Department of English, Miami University __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: using rsa functions from libcrypto
Hi, I used CA.pl to generate a CA and signed a certificate for myself. (Default openssl.cnf; OpenSSL 0.9.5 28 Feb 2000) After importing the cert to netcape I send a signed message to myself using the mutt email client. First question - maybe this one is for the mutt-list: Can mutt handle pkcs-7-conforming mails? Well, my mutt installation can't. I received the message in two parts, the message and the signature. I saved the signature part and tryed to verifiy the signature with openssl smime -verify -in smime.p7s resulting in Error reading S/MIME message 2108:error:2107A087:PKCS7 routines:SMIME_read_PKCS7:no content type:pk7_mime.c:215: Merging the content of the mail and the signature in one file and trying to verify it resulted in openssl smime -verify -in dummy Error reading S/MIME message 2112:error:2107A087:PKCS7 routines:SMIME_read_PKCS7:no content type:pk7_mime.c:215: The man page of openssl/smime states, that there might be parsing errors when reading S/MIME v3 structure. Is this the reason for this problem?? Thanks for any hints, Martin -- Martin Lohner [EMAIL PROTECTED] Ecrypt AG www.ecrypt.de __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: using rsa functions from libcrypto
Hi Julien, I am working on a similar project and I founda good example of RSA encryption/decryption in /openssl/demos/maurice/example2.c. Look in these dirs, there's some interesting stuff, in /openssl/apps too. Bye, Paolo. - Original Message - From: julien guisset To: [EMAIL PROTECTED] Sent: Friday, August 25, 2000 7:55 AM Subject: using rsa functions from libcrypto Hi,I want to use RSA functions from libcrypto (i386-NetBSD + cc).Can someone send me an example of implementation in C with a public/private keys generation, message encryption/decryption.I need this for a personal project that will not be distributed.thank you.Julien Guissetfrench student from Paris__OpenSSL Project http://www.openssl.orgUser Support Mailing List [EMAIL PROTECTED]Automated List Manager [EMAIL PROTECTED]
Re: using rsa functions from libcrypto
Martin Lohner wrote: Hi, I used CA.pl to generate a CA and signed a certificate for myself. (Default openssl.cnf; OpenSSL 0.9.5 28 Feb 2000) After importing the cert to netcape I send a signed message to myself using the mutt email client. First question - maybe this one is for the mutt-list: Can mutt handle pkcs-7-conforming mails? Well, my mutt installation can't. I received the message in two parts, the message and the signature. I saved the signature part and tryed to verifiy the signature with openssl smime -verify -in smime.p7s resulting in Error reading S/MIME message 2108:error:2107A087:PKCS7 routines:SMIME_read_PKCS7:no content type:pk7_mime.c:215: Merging the content of the mail and the signature in one file and trying to verify it resulted in openssl smime -verify -in dummy Error reading S/MIME message 2112:error:2107A087:PKCS7 routines:SMIME_read_PKCS7:no content type:pk7_mime.c:215: The man page of openssl/smime states, that there might be parsing errors when reading S/MIME v3 structure. Is this the reason for this problem?? Thanks for any hints, With OpenSSL 0.9.5a you need to be able to have the message as a single multipart/signed entity. The errors you are seeing are because OpenSSL cannot see any MIME Content-type: header. For the latest dev version you may be able to do: openssl smime -verify -inform DER -in smime.p7s -content message However the message MUST be available verbatim, that is without any MIME headers being stripped or translated otherwise you'll get a signature failure. This can cause problems because mail readers typically strip off MIME headers and interpret the content appropriately. These must be available to the smime program because they are part of the signed content. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Celo Communications: http://www.celocom.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]