Hi Jacob,
Thanks for such a detailed reply. But I am having one concern that how
an application can know whether it si secure or not. Fips uses
GetSystemTimeAsFileTime() for PRNG test which is having granuality of 1 ns,
but my application is running even at faster rate so same value is being
I am reading the OpenSSL FIPS user guide and the first thing I notice is
that it says it only supports openssl 0.9.8j and up but not openssl 1.0.0.
We are currently using openssl 1.0.0. Does that mean we cannot use the
FIPS module? Do we have to move back to 0.9.8 branch?
Alex
Dear Users,
I have released version 4.44 of stunnel.
The ChangeLog entry:
Version 4.44, 2011.09.17, urgency: MEDIUM:
* New features
- Major automake/autoconf cleanup.
- Heap buffer overflow protection with canaries.
- Stack buffer overflow protection with -fstack-protector.
* Bugfixes
Hi all
i hope someone can gives me an explanation or a solution for this problem: I
have a reverse proxy ssl on production environnement, based on apache 2.2.17
and modssl2.2.16 and openssl 0.9.8r and sslcache (shù)
Clients are auhentified by a client certificate, on the other hand my sever
is
hi,
I have created root CA(evalRootCertificate.cer) and server
certificate(OdysseyServer.pfx) using 'evalCerts.exe' of Funk software. For
using evalRootCertificate.cer on linux, I wanted to convert to .pem format,
I issued the command
# openssl x509 -inform der -in evalRootCertificate.cer -out
Hi Dave,
Thanks for your reply. I got the steps I mentioned after some googling. But
those steps are not working. I understand you must be very busy, but I am
stuck into there from then on. Can you please manage some time to look into
it. Or if you know someone who can help me in this regard. It
Hi! I'm trying to enable GOST ciphers in openssl-1.0.0e and so far I
failed. What I've done so far:
1. built openssl with ./config shared zlib enable-rfc3779
--prefix=/tmp/gost-ssl-new
2. updated config file as described in README.gost.
I've straced openssl run and I'm sure it reads my
On 9/19/2011 8:49 AM, alok sharma wrote:
Hi Jacob,
Thanks for such a detailed reply. But I am having one concern that
how an application can know whether it si secure or not. Fips uses
GetSystemTimeAsFileTime() for PRNG test which is having granuality of
1 ns, but my application is
On 9/18/2011 3:48 PM, ubuntuv wrote:
hi,
I have created root CA(evalRootCertificate.cer) and server
certificate(OdysseyServer.pfx) using 'evalCerts.exe' of Funk software. For
using evalRootCertificate.cer on linux, I wanted to convert to .pem format,
I issued the command
# openssl x509
On 09/16/2011 08:11 PM, Alex Chen wrote:
I am reading the OpenSSL FIPS user guide and the first thing I notice
is that it says it only supports openssl 0.9.8j and up but not openssl
1.0.0.
We are currently using openssl 1.0.0. Does that mean we cannot use
the FIPS module? Do we have to move
On Mon, Sep 19, 2011, alok sharma wrote:
Hi Jacob,
Thanks for such a detailed reply. But I am having one concern that how
an application can know whether it si secure or not. Fips uses
GetSystemTimeAsFileTime() for PRNG test which is having granuality of 1 ns,
but my application is
Hi guys!
I need help, please.
I don't know, how do it. Maybe anyone has experience with signing/verify a
docs/strings with GOST, and he will help me with...
I have little code, which has can't load `md_gost94'... And I don't know how
to use API for the GOST... :(
My code are:
[CODE=cpp]
Hi guys!
I need help, please.
I don't know, how do it. Maybe anyone has experience with signing/verify a
docs/strings with GOST, and he will help me with...
I have little code, which has can't load `md_gost94'... And I don't know how
to use API for the GOST... :(
My code are:
[CODE=cpp]
Hi,
From a windows machine s_client is successful on port 443 but fails on port
5989 with 400 Bad Request and read:errno=0
The same works from another machine for the same target.
The target machine is an ESXi.
Request help to better understand the error.
--
View this message in context:
Thanks Jacob.
Output of
#less evalRootCertificate.cer
-BEGIN CERTIFICATE-
MIICBDCC.MVWn1dH/IzvUWbQ==
-END CERTIFICATE-
I even tried removing the following file lines
-BEGIN CERTIFICATE-
-END CERTIFICATE-
# openssl x509 -inform der -in
On 09/19/2011 04:29 PM, ubuntuv wrote:
Thanks Jacob.
Output of
#less evalRootCertificate.cer
-BEGIN CERTIFICATE-
MIICBDCC.MVWn1dH/IzvUWbQ==
-END CERTIFICATE-
I even tried removing the following file lines
-BEGIN CERTIFICATE-
-END CERTIFICATE-
#
Hello folks,
I'm developing a tool for signing digital TV apps, and for testing I'm
creating a lot of different test scenarios.
Well, using OpenSSL 1.0.0e to create a new certificate, signed by a
snakeoil one I got the following error:
-- The stateOrProvinceName field needed to be the same
Hello,
I'm debugging a problem with
ucspi-sslhttp://www.superscript.com/ucspi-ssl/index.html,
an open-source SSL client and server wrapper. The client wrapper seems to
run into an infinite loop sometimes when the server abruptly closes the
socket without shutting down SSL properly.
The problem
Hello,
I'm debugging a problem with
ucspi-sslhttp://www.superscript.com/ucspi-ssl/index.html,
an open-source SSL client and server wrapper. For the most part everything
works great, but I am seeing strange shutdown behavior when using the client
wrapper to connect to one particular server.
The
Hi Gabriel,
openssl performs as it is described.
You probably wanted the behaviour activated by the option supplied
which requires the DN component to be present, but doesn't tie it to the
corresponding entry in the CA DN.
Regards
Willy
Am 19.09.2011 17:02, schrieb Gabriel Marques:
Hello
Hello,
I've been troubleshooting a few problems with
ucspi-sslhttp://www.superscript.com/ucspi-ssl/index.html
interoperating
with particular SSL implementations. I am not encountering bugs in openssl
itself, but rather bugs in the implementation of the client or server.
I was wondering if there
On Mon, Sep 19, 2011, Gabriel Marques wrote:
Hello folks,
I'm developing a tool for signing digital TV apps, and for testing
I'm creating a lot of different test scenarios.
Well, using OpenSSL 1.0.0e to create a new certificate, signed by a
snakeoil one I got the following error:
-- The
Thanks Dr. Stephen an Mr. Willy Weisz, the comments clarifies the
different matching options.
Still, bugged with the details that made OpenSSL complain about two
strings apparently equal, I've sniffed out the certificates:
0.9.8
SET (1 elem)
SEQUENCE (2
Hi Scott!
When it is time to cleanly close the connection, it calls SSL_shutdown(),
then returns to its select loop to wait for a response indicating that the
server has completed its end of the shutdown. When the server has
completed the shutdown, it expects select to return with a readable
24 matches
Mail list logo