Hi All,
I have a client application that uses SSL23_client_method(). When the client is
getting connected to server that supports TLS 1.0 there are no issues. When the
client is getting connected to server that supports only SSLv3.0, connection is
getting aborted with protocol number error.
I
Do you call SSL_CTX_set_options() with bit flags (SSL_OP_ALL,
SSL_OP_NO_SSLv3, etc.) to indicate the protocols you are willing to accept?
BTW, openssl-users (not -dev) is the proper forum for this sort of
questions.
Charles
From: owner-openssl-us...@openssl.org
Thanks,
Also it can be usefull to go back to the book 'Network Security with
OpenSSL', pages 128 to 138.
Michel.
Le 27/10/2012 17:00, Alban D. a écrit :
Hi everyone,
iSEC Partners just released a paper that provides detailed guidelines
and sample code on how to properly do certificate
Hi Charles,
Thank you for the reply. I am not setting any option using
SSL_CTX_set_options, should I indicate protocols using this function?.
Regards
Jaya
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Charles Mills
Sent: Monday, October 29, 2012
On 10/27/2012 10:58 PM, Jeffrey Walton wrote:
On Sat, Oct 27, 2012 at 11:00 AM, Alban D. blan...@gmail.com wrote:
Hi everyone,
iSEC Partners just released a paper that provides detailed guidelines
and sample code on how to properly do certificate validation with
OpenSSL:
You should at least look into it. I am not sure what the defaults are
without looking at the docs. Try setting SSL_OP_ALL (sounds good to me) |
SSL_OP_NO_SSLv2 (SSL v2 is considered to be badly flawed). That should
(IIRC) leave you able to accept SSL v3, TLS v1, and TLS v1.1.
Charles
From:
(Remember to start a new thread, not replying to some ancient
thread).
(Remember to put a non-blank subject in your mails, so we all
have an idea what is about)
On 10/22/2012 6:51 PM, Kevin Butters wrote:
Is there an SSL command that can be used to display CA cert information
extracted from
Hi all,
The xmldsig (http://www.w3.org/TR/xmldsig-core/#sec-RSAKeyValue)
use the first form of RSA representation with respect to the :
http://tools.ietf.org/html/rfc3447#section-3.2
It looks like rsa.h use the quintuple representation only,
is there a way how to work with the (n, d) form in
Dear OpenSSL Users,
Could someone confirm that when loading private keys in memory using
PEM_read_PrivateKey
EVP_PKEY *evpp = PEM_read_PrivateKey(fk, 0, 0, 0);
the full key is filled in, i.e. evpp points to a complete
(public+private) key?
By analyzing the structure
Hi Charles,
I was under the assumption that I can turn of protocols using this options.
Since I wanted to give a try, without turning off any protocol, did not give
attention towards this call. Let me give a try.
Thank you
Jaya
From: owner-openssl-us...@openssl.org
Hi,
I have CCM chiper suite in the openssl and for some other requirement I
have write my own simple webserver... Can somebody help me to develop
simple openssl based webserver ..
I just need to support the POST operation at my server side
i.e , in my requirement , client will post the data to
SSL_CTX_set_options, should I indicate protocols using this function?.
Before you do that, please realize TLS 1.0 is the least broken of the
protocols you are trying to enable. You really want all TLS 1.2
clients, but its not widely implemented in clients and servers. I can
tell you that a number
On 29 Oct 2012, at 8:44 AM, Miroslav Mikluš wrote:
The xmldsig (http://www.w3.org/TR/xmldsig-core/#sec-RSAKeyValue)
use the first form of RSA representation with respect to the :
http://tools.ietf.org/html/rfc3447#section-3.2
The RSAKeyValue element contains a public key, but the quintuple
On Mon, Oct 29, 2012 at 11:04 AM, Jakob Bohm jb-open...@wisemo.com wrote:
On 10/27/2012 10:58 PM, Jeffrey Walton wrote:
On Sat, Oct 27, 2012 at 11:00 AM, Alban D. blan...@gmail.com wrote:
Hi everyone,
iSEC Partners just released a paper that provides detailed guidelines
and sample code on
On Mon, Oct 29, 2012, Gerardo Ganis wrote:
Dear OpenSSL Users,
Could someone confirm that when loading private keys in memory using
PEM_read_PrivateKey
EVP_PKEY *evpp = PEM_read_PrivateKey(fk, 0, 0, 0);
the full key is filled in, i.e. evpp points to a complete
From: owner-openssl-us...@openssl.org On Behalf Of flowher
Sent: Saturday, 27 October, 2012 09:03
To: openssl-users@openssl.org
Subject: Certificate lookup
I'm using 'openssl verify -CApath /something/cert CERT_TO_VERIFY' to
verify certificate chains.
I just found out that some
From: owner-openssl-us...@openssl.org On Behalf Of Anamitra Dutta Majumdar
(anmajumd)
Sent: Friday, 26 October, 2012 19:13
To: openssl-users@openssl.org
Subject: Re: sslv3 alert bad certificate:s3_pkt.c:1065:SSL alert number 42
This is a close box without a server operator.
Is there a way
From: owner-openssl-us...@openssl.org On Behalf Of Charles Mills
Sent: Friday, 26 October, 2012 11:08
1. Pardon my ignorance. So _Applink is a generic Windows facility, not
OpenSSL-specific? Can you point me to a link or something
that explains. I could not find anything.
OpenSSL_Applink
In the previous version of the FIPS module (openssl-fips-1.2.3), the
incore script had an incore_adjust value. The new version
(openssl-fips-2.0.1) is a perl script and I cannot see how to adjust
the offset for our processor. Can anyone point me in the right
direction here?
Where's the failure here?
hostname_matched is set to HOSTNAME_VALIDATION_ERR at initialization,
and in case of a NULL hostname or certificate it is returned by the
function, unmodified.
--
Erwann ABALEA
Le 27/10/2012 21:00, Jeffrey Walton a écrit :
On Sat, Oct 27, 2012 at 11:00 AM, Alban D.
Bonjour,
In the 4.2 paragraph, talking about revocation, you explicitely write
that your code examples don't check for revocation. Depending on your
target audience, this might not be a wise choice.
In the same part, you're referring to a post by Ben Laurie about how
hard it is to detect
@Gerardo,
I'm having a problem with this function and I will use your thread for some
support.
@All
The problem I've got is quite simple. The callback I pass throught this
function is not called. I inserted a breakpoint into cb and it's not called
at all.
I'm using OpenSSL 1.0.1c. I'm sure
From: owner-openssl-us...@openssl.org On Behalf Of Leonardo Laface de
Almeida
Sent: Monday, 29 October, 2012 16:20
The problem I've got is quite simple. The callback I pass
throught this
function is not called. snip
Someone could please help me figure out why? I've wrote as
OpenSSL page
Aha! Got it, I think. Thanks. Was not aware that one could do this sort of
thing. Neat trick. GetProcAddress() is documented only for locating
functions in a DLL, but I guess __declspec(dllexport) causes the name to be
exported in such a way that GetProcAddress() can find it.
OpenSSL_Applink is
On Mon, Oct 29, 2012 at 4:02 PM, Erwann Abalea
erwann.aba...@keynectis.com wrote:
Where's the failure here?
hostname_matched is set to HOSTNAME_VALIDATION_ERR at initialization, and in
case of a NULL hostname or certificate it is returned by the function,
unmodified.
HOSTNAME_VALIDATION_ERR is
On Mon, Oct 29, 2012 at 4:02 PM, Erwann Abalea
erwann.aba...@keynectis.com wrote:
Where's the failure here?
hostname_matched is set to HOSTNAME_VALIDATION_ERR at initialization, and in
case of a NULL hostname or certificate it is returned by the function,
unmodified.
My bad - you were right. I
Hi Jeff,
Thanks for the reply. I don’t want to enable SSLv2, but would like to support
SSLv3, TLS 1.0. Code where I am creating the SSL context and setting the
options looks as shown below
ssl_ctx = SSL_CTX_new(SSLv23_client_method());
if (ssl_ctx != NULL)
Hi Jeff,
Thanks for the reply. I don’t want to enable SSLv2, but would like to support
SSLv3, TLS 1.0. Code where I am creating the SSL context and setting the
options looks as shown below
ssl_ctx = SSL_CTX_new(SSLv23_client_method());
if (ssl_ctx != NULL)
28 matches
Mail list logo