Andrew Sumner wrote:
Implementing openssl I've hit a wall.
I need to initiate SSL on the connection in the
listener, before the client sends the login packet as it
obviously shouldn't be sent in the clear.
There's no way to pass the SSL objects to the new process,
so I've been trying to
JCA wrote:
One of my requirements is to use a FIPS-compliant cryptographic
module, and OpenSSL is an obvious choice. Now I understand that, when
operating in FIPS-compliant mode, all the cryptographic operations in
OpenSSL are completed atomically. In some cases, this could be a
problem.
Dennis Morgan:
Hi,
what i am trying to achieve is to encrypt a plain ascii text message
Which will be transmitted via a udp or tcp.
The application which its been implemented for is for a security product..
regards
Dennis
Do you have a shared secret that only the client and server
Peter Wilkes wrote:
so we ran this with a 64 bit int and noticed that 128 bits comes out.
can we safely ignore the other 64 bits? why are we getting 128 bits out?
we are using the TripleDES cipher.
It's not clear if you mean 128-bits comes out of the encryption process or
128-bits comes out
Michael Prinzinger:
I wrote a customized check certificate method, that simply compares
the certificate the client offered during the connection build up, to
the certificate we know it should be using. This works fine.
That works so long as you already know the certificate the client should
Richard F. Ostrow Jr. wrote:
if((n = select(nfds + 1, rfds, NULL, NULL, NULL))
0)
{
[snip]
for(sbiotmp = client_head; sbiotmp; sbiotmp =
sbiotmp-next)
{
Joe Novak wrote:
Hi,
I'm using the EVP_ set of function calls to interface to
2-key 3DES. I see how to set the first key in EVP_EncryptInit
but I do not see how to set the second key. Is it possible
with the EVP_ calls or do I need to use the lower-level DES_
functions? Thanks.
Joe
I have generated rsa private key using openssl. just for my curiosity
i
tried to chage some of the characters in the private key and see
whether it
works.
What exactly do you mean by works? Were you able to decrypt messages
encrypted with the public key corresponding to the unmodified
Hello everyone,
I need a deeper understanding of SSL_read()/SSL_write() and was
wondering if someone could please provide some insight.
As far as I understand, OpenSSL has is a record-oriented protocol.
Lets say the record size is 16K. Let's say a client requests data of
size 40K and
Deepak Mundra wrote:
I have written a server client application in which im using self signed
ssl
certificates .. How can i make sure that only known clients can connect to
my
server using ssl connection?
Simply define *precisely* what you mean by known clients and test for
that. If a
Jason Pettiss wrote:
I have a server which reads/writes a socket independently; that is to
say, at the same time (not a request-response model). I note in the
FAQ it says I must not allow multiple threads to use an SSL connection,
so clearly if my sockets are blocking I cannot support
Darryl Miles wrote:
But this flag (while documented to the contrary) does nothing inside
libssl. So yes the documentation says you should set it, prove to me
that OpenSSL behaves in a different way because you set it.
One of the biggest downsides of open source software is that encourages
Darryl Miles wrote:
Kernel objects are the exception, only because we cannot allow a
program
(broken or valid) to screw up kernel objects. So the kernel has no
choice
but to overserialize.
FYI modern kernel's do not need to serialize (let alone
overserialize,
whatever that means,
Darryl Miles wrote:
I do not believe the SSL_write() call is allowed to access the
underlying BIO/kernel-socket to read in more data. I think SSL_write()
is allowed to process any data already read into buffer (from kernel to
OpenSSL library internal buffer) in an attempt to unstall the
Konstantin Ivanov wrote:
I am developing a server application which is based on Windows IO
Completion ports which basically means that the reads and write to
the socket are asynchronous. This also means that I cannot use the
SSL_read and SSL_write functions which are tied to the socket fd
if
Peter Lin wrote:
The reason for this strange design is that, the plain text RSA
private key is stored in some hardware chip which can only do
en/decryption but cannot pass the key out. However, I need to
save a copy of the private key in a unsafe place for other
purpose, but need to make
Daniel Marschall wrote:
Any idea? This problem exists since 2003 and noone found an answer -
this is unbelievable.
If you're waiting for somebody else to find a bug in *your* code, you're
going to be waiting a long time.
Comparing the text strings for literal equality makes no logical sense
Parimal Das wrote:
Its the second case Darry,
Here the 'sleep' is Operating System Sleep mode induced by closing the lid
of laptop.
After opening the laptop, when the system wakes up,
My application is always hanging at the same place.
Bug is in your code. It is doing what you asked it do
Mark Williams wrote:
I can think of one. In the near future I will need to add SSL support
to a
legacy application which uses two threads to read/write from/to a
socket.
If SSL supported this it would make my life much easier. As the
situation
stands I am not sure how to tackle this
Daniel Marschall:
Hello.
I am not searching bugs in my code. I have a certificate and a CRL.
And the functionality -issuer_checks is buggy. My cert and CRL have
exactky the same DN as issuer.
What is the bug then? All you've reported so far is:
1) When you compare using exact string
Mark Williams wrote:
2) Let the two threads read and write to your own two
independent queues and
service the application side of the SSL connection with your
own code to and from the read and write queues.
Won't I still need to combine the reading and writing to the SSL object
into a
Parimal Das wrote:
Please suggest.
1. What i should include in this code to correct this hang?
It depends on what your code should do in this case. Do you want to wait a
limited amount of time for the other side to reply? Or do you want to wait
possibly forever? Your current code
Mark Williams wrote:
There is one added complication in that the protocol is a datagram
protocol at a
higher level (although it uses TCP). I am concerned that the whole
protocol could
block if there is not enough data to encrypt a whole outgoing message
but the peer cannot
continue until
Mark wrote:
I may be making a wrong assumption but if the cypher used is a block
cypher does it not wait until a full block of data is ready before it
can encrypt and send the data? If a message does not consist of enough
data to fill a block, could there be unencrypted data left in a
Parimal Das wrote:
The IMAP(2009) c-client library/API does its own socket I/O for
non-SSL sessions, but in SSL the socket I/O is delegated to OpenSSL.
When c-client does its own socket I/O, it sets a timeout (normally
15 seconds) on a select() call prior to doing any read() or write()
denot...@libero.it wrote:
I'm working with ID-based signature (SHAMIR 84) and I create a c struct
as
below:
struct sign
{
BIGNUM *s;
BIGNUM *d;
}
How do I export this private
key into a file in a PEM format??
It depends on why you are doing this. You need to match the format
Faturita wrote:
I am using a blocking BIO to read and write to an SSL socket
using two threads (because it is in blocking mode).
This is not permitted. You cannot have two threads call modification
functions on the same object at the same time.
There is the Reading thread:
while (true)
I tried after setting mode SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER.
Still I am facing the same problem.
It is successfully transmitting data of more than 2000 bytes
but consistently giving problem in sending 166 bytes.
After failing once it never succeds and we have to terminate the
connection.
Sebastián Treu wrote:
I used a select() thread with non-blocking IO just to no keep the cpu
busy in a infinite loop. Kind of:
while( alive CONTINUE )
{
/* The main client attendance */
copy = master;
if ( select(client-fd+1, copy, NULL,NULL,NULL) == -1)
Sebastián Treu wrote:
The main idea was avoid polling in an infinite loop consuming CPU
resources. I wrote that code thinking in: If the particular client
socket is calling our (thread) attention then fetchs the data. I
thought on that approach as I don't know another for non-blocking IO
Sebastián Treu wrote:
When talking about thead-safeness and the developer responsability.
Say that I implement static locking callbacks on my application with
non-blocking BIO.
Yes, you must implement the locking callbacks. OpenSSL uses them to provide
the thread-safety guarantees it
TheSquad wrote:
Hello everyone,
I have multithreaded the Handshake of SSL by creating a thread after
each
connection to my server.
the handshake is done on a separate thread.
So there is two question poping up :
I've said it before and I'll say it again -- this is the worst possible way
Sebastian Treu:
As David said in an older thread, I can think of the API as a state
machine and then, regarding how much progress we get, do something.
Considering this, I have some doubts about a communication between
server and clients. Let's say we write a client that in his nature,
it's
Sebastian Treu wrote:
Well, maybe I miss the point of what man pages wanted to say with:
[...]
WARNING
When an SSL_write() operation has to be repeated because of
SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE, it must be repeated
with
the same arguments.
[...]
If you
Sebastian Treu:
If you set ALLOW_MOVING_WRITE_BUFFER, the restriction is relaxed. The
only
restriction that remains is that you must present a consistent data
stream.
For example, if you try to SSL_write foo and two bytes are sent,
your next
SSL_write *must* start with an o.
That
Hello everybody,
I have a question: A client system generates a CSR that contains some
pieces of information and sends the CSR to my CA. What I want to do is
NOT to directly sign the CSR / issue the Certificate but first to
modify or add new pieces of information and then issue the
Steffan Dettmer write:
Could it be considered that a miss-assumption about SSL/TLS
capabilities caused this situation?
Only with hindsight.
I think since TLS should be considered a layer, its payload
should not make any assumptions to it (or vice versa). But in the
moment some
Adam Grossman wrote:
One last questions, and i am done bugging you about this...
These are the steps i am taking:
SSL_set_fd(ssl_data-ssl_ssl, sock_fd);
sslbio=SSL_get_rbio(ssl_data-ssl_ssl);
internalBIO=BIO_new(BIO_s_bio());
BIO_set_write_buf_size(internalBIO, 1024);
The problem is that the clients have been hacked to add some
information
within the first packet sent over. and i, unfortunately, can't change
that. so i need to be able to read in the raw first 128 bits, get some
info out of that, and the have the SSL connection go just as normal,
never
Wayne Feick wrote:
Our server does a raw socket accept first, and then spawns a thread for
each that brings up the ssl connection if applicable. The code flow is
like this:
int fd;
SSL_CTX* ctx;
SSL* ssl;
BIO* fdbio = BIO_new_socket((int)fd, 0);
BIO* bio = BIO_new_ssl(ctx,
Victor Duchovni wrote:
Locking callbacks are needed for the reference counting in the CRYPTO
library to not get messed up. Various bits of context are associated
withe the new SSL object by reference.
Locking callbacks are required, period. If you are using OpenSSL with
multiple threads,
Namrata Sorte wrote:
Hi,
I have a query regarding RSA algorithm viz:
Why don't openssl RSA signing verifying work for Word Document file?
Neither it works for document encryption decryption.
Could anybody please guide explain me why is it so?
It's the same reason an internal
Namrata Sorte wrote:
Hey,
Thanks for reply. Could you please explain me :
You have to put connect it to a suitable transmission and drive it for it
to work.
in more detail.
Sure.
RSA is a mathematical algorithm that has applications in encryption and
signature verification. But it is
Namrata Sorte wrote:
Actually I want to Sign Word Document (.doc) file using RSA
(both encryption-decryption signing-verifying) algorithm.
So could you please tell me what modification will be required
to make in existing algorithm to support signing word document.
I don't know what I can
Namrata Sorte wrote:
Ya to be more specific, I want to sign and verify Word Document
File and using command line will be fine for now. For this I am
using SHA-1 to generate hash of the input message, than I want
to use RSA for signing this message digest, which finally will
be appended to
ambika cp wrote:
I have an application encryting the data using RSA algorithm.
I am using the encrypted data and want to decrypt the data to get plaintext.
For this I am calling a RSA_private_decrypt() open ssl call in my C file.
The publickey size is 2048bytes. The ciphertext passed from
Sad Clouds wrote:
I think pretty much every Unix platform standardised on Posix threads
by now. Using locking implies that you're using threads, and that is
Pthreads API on Unix.
Just because you are using threads and on a platform that supports native
threads, it does not follow that you
Cerr:
Hi There,
I would like to open a session to an open ssl http server on port 443
without any manual keyboard entry.
I've tried the following:
cat ./logininfo | openssl s_client -connect 192.168.167.166:443
where logininfo contains
GET / HTTP/1.1
host: hostname.com
Martin Domke wrote:
Do I have to protect the SSL object on my own from concurrent access?
Yes, you do. If you didn't that's your problem. Both SSL_read and SSL_write
are logically modification operations on the SSL object (because they can
change its state). You cannot perform a modification
Reinaldo Matukuma:
Hello all.
I will try to explain what I need and what I want to do.
I know a hash from a file X. And I also know that this file X has
data always been appended at end periodically.
So, I want to only update the hash information of the file without
the need to read all
Shaun Crampton wrote:
Is there any way to accomplish this while using only one domain?
Can you be very precise about what you mean by only one domain? For
example, you can do it by pointing www.example.com and www-x.example.com at
the same IP and having the server issue a different certificate
Rene Hollan wrote:
I don't think it's possible to resign a existing well-known CA cert
to turn it into an intermediate CA with a different trust anchor and
have it have the effect you desire.
That's not what I'm suggesting. What I'm suggesting is to sign an existing
IC for a well-known CA
Ooops, tiny mistake:
Again, the fake IC is a certificate signed by the manufacturer's CA
with no AKID.
This part was incorrect. It should read with its SKID. So the short
version is: Simply have the manufacturer's CA sign the CA's IC. Use that IC
along with the CA's IC in the server. It should
Rene Hollan wrote:
I guess I'm just dense and stupid. Won't that fail since the CA
IC cert won't be signed by the CA cert identified as it's issuer?
Yeah, I think you're right. I made the same mistake I was trying to convince
the OP not to make -- thinking that CAs sign certificates. The
Todd Thatcher wrote:
Using the command openssl s_client connect gmail.google.com:443
openssl gets the certificate information and stays connected until I enter
QUIT,
or the timeout is hit -- about 2 minutes later. I want to script
certificate
expiration date checks for out servers. Is
P Kamath wrote:
I said it is an RNG, not cryptographic RNG. By adding current time
source,
however crude, and doing a sha1/md5, why should it not be cryptoPRNG?
What
properties should I look for?
You should look for a cryptographically-secure random number generator.
Seriously, you
Aravinda babu wrote:
During SSL/TLS handshake,a pre master secret is sent from client to the
server by encrypting pre master secret with server's public key.
From that both client and server derive master secret and finally one
symmetric key. My doubt is, why both cannot use pre master
Piper.guy1 wrote:
Hi,
Please understand I'm a newbie to security if my question sounds
rather elementary.
The embedded product I'm working on requires a secure connection to
our server that uses a Verisign certificate to authenticate. I've been
porting the OpenSSL examples from the
Sad Clouds wrote:
1) According to the FAQ, an SSL connection may not concurrently be
used by multiple threads. Does this mean that an SSL connection can
be used by different threads provided access is limited to one at a
time?
I assume that having a mutex for each SSL object would
Piper Guy1 wrote:
This is precisely what a browser does. Again, using the
https://www.amazon.com; example, OpenSSL takes care of getting the
certificate from the server, making sure the certificate is valid,
checking
that the server owns the certificate, and making sure the
Christina Penn wrote:
Here is some example code of me trying to decrypt a partial AES message.
It doesn't work.. is there a way I can do something like this? It only
works
if I call DecryptMessage() with the entire encrypted string. Why?
Your DecryptMessage function is specifically designed
Christina Penn wrote:
Hello David,
Can you show me exactly how to break up my example code to make my example
work?
It's really simple. When you want to decrypt a message, call
EVP_DecryptInit_ex. For each chunk of data you want to decrypt that is part
of the message, call
Johannes Baeuer wrote:
Why would a 16 byte block need to be padded by one byte to 17 bytes?
Is it really not immediately obvious?
No encrypted output for one or more bytes of input can be less than 16
bytes. Thus the smallest possible output sequence is 16-bytes. The number of
possible
Kunal Sharma wrote:
void encode2(char *inbuf,char *outbuf)
{
unsigned char key32[] = As different as chalk and cheese;
unsigned char iv[] = As dark as pitch;
AES_KEY aeskey;
memset(outbuf, 0, sizeof(outbuf));
AES_set_encrypt_key(key32, 32*8,
Kunal Sharma wrote:
What I see happening is this:
ENCRYPT - size of /etc/rgconf on disk is 157043 bytes
ENCRYPT - size of /etc/rgconf_encrypted on disk is 157044 bytes.
BROWSER saves the file to disk - size is 136 bytes (How ???)
You called 'strlen' on something that was not a string, so it
Rusty Carruth wrote:
I would have thought that OPENssl, for which I have the source, would
have met the requirements to use the _GPL symbols in the kernel.
The requirement is that the module claim that it is available under the GPL
by containing a specific license declaration. You can fix this
Chuck Pareto wrote:
if my public key is 256 bytes long, what is the max length
of the string I can use to encrypt? Is it 256?
If the output is exactly 256 bytes, there are (in theory) 2^(256*8) possible
outputs. That means there can be at most 2^(256*8) possible inputs. There
are more than
Pankaj Aggarwal wrote:
I am able to think about the following approaches :
1. Keep a record a threads which are spawned.
2. Expose a function from our library for cleanup when the thread exits
Is there any other way to avoid the memory leak caused by error queues ?
There are several:
Chuck Pareto wrote:
I'm not sure what you mean by shouldn't be using public-key
encryption, why?
Because you don't understand its properties, so there's no way you can know
whether or not it meets your security requirements.
It seems like .Net sets up a nice class that is easily
Hannes Schuller wrote:
hash = (unsigned char *)malloc(RSA_size(rsa) * sizeof(unsigned char));
ciphertext = (char *)malloc(RSA_size(rsa) * sizeof(char));
signature = (char *)malloc(RSA_size(rsa) * sizeof(char));
if (ciphertext != NULL signature != NULL hash != NULL) {
Hannes Schuller wrote:
I'm very puzzled here. Why do you sign the reply and then sign a hash
of the signature? You say Message encryption successful, but that's
a signature you're doing, not an encryption.
I was under the impression that RSA_private_encrypt and
RSA_public_encrypt do
Charlie wrote:
His algorithm has one part that doesn't seem right to me, but changing
it made things even worse. It seems weird that the Final function is
inside the main for loop. It seems like final should mean... final.
(ie: after the looping is done).
It's quite common that fixing one
fatalfr fatalfr wrote:
Thank you for your reply. Actually I use
-passin (email editing problem ?)
Complete command line working fine in cmd is
the following one :
openSSL smime -decrypt -in OUT\TEST_OK.TXT -out OUT\OK.TXT
-inkey SBE\sbe-test.key.pem -passin pass:tn!;bg+xy:tABrP1YZK
Chuck Pareto wrote:
My group is using RSA with a key thats 2048 in size.
We want to encrypt strings that are longer then this
key size gives.
If we switch to a key that is 4096 what is the max
string length we can encrypt? is it double?
No, no! You are doing this all wrong!
RSA is an
Amit Ben Shahar wrote:
Hi,
The documentation specifies that SSL_ERROR_ZERO_RETURN is returned if
the transport layer is closed normally.
My question is, how should i handle this return code?
specifically should i call SSL_free normally to free resources, or are
resources already freed?
I generated the ssl request, I signed it in my CA (openssl) and
uploaded
signed certificate back to device.
I generated also ca.der and uploaded it to my Internet browser. When I
trying open ilo my browser give a warning about a mismatched hostname.
I'm accessing this device via IP
Alexey Drozdov wrote:
Hi!
When your setup proxy setting for browsers, they using HTTP CONNECT
method for establish pure tcp-connection via proxy (not for local
resources).
It's seems like:
Client send HTTP-request to proxy
CONNECT remotehost:port HTTP/1.1
Host:
Rene Hollan:
Oh! I totally misunderstood this.
I thought OP wanted to MITM SSL sessions (which is possible, if
(a) the traffic is decrypted, (b) certs are reissued and resigned,
and (c) the client TRUSTS the modified cert chain (typically its
root cert)).
This is just HTTPS Proxy. In
Raj wrote:
Thanks for all the response
1. I was able to do the handshaking successfully with the
browser.
On receiving the request from the browser I will send HTTP OK
response
back to the browser, I was able to do the handshaking and read the
actual
GET request.
2.
Sandeep Kiran P wrote:
We dont have any control on how the server generates its certificates.
As said earlier, we only control the client portion of SSL/TLS.
Sites where our client application runs, is handed over the location
where trusted CA certs are stored and thats all we have.
Raj wrote:
I have tried one more method to read the data from the socket,
which was
partially successful it is defined as follows
do
{
dwReadDataLen = SSL_read(Serverssl,pBuff,iBufferSize); // Gets
the
data from the server side
I'm writing a SSL proxy (which is working great except for this issue)
and every time I got to attach a file in an email the connection resets,
and it gets caught in an infinite retransmit loop.
There are two totally different ways you can make an SSL proxy, and to figure
out your issue, we
Sam Jantz wrote:
It's multi threaded with non-blocking I/O. I'm not sure exactly what
you mean by socket discovery, but I think you are asking how my program
determines when something is ready? If that's the case then my program
uses a select statement to watch the file descriptor to see
On 9/12/2010 11:38 PM, Raj Singh wrote:
issuer_pubkey_len = i2d_PUBKEY(pubKey, NULL);
issuer_pubkey = malloc(issuer_pubkey_len);
i2d_PUBKEY(pubKey, issuer_pubkey);
memory_dump(issuer_pubkey, issuer_pubkey, issuer_pubkey_len);
The problem, is issuer_pubkey buffer is different each time, I run
On 9/23/2010 7:16 AM, Gumbie wrote:
Can someone explain what is needed to create and EV (Extended
Validation) Certificate? I have been trying to research this and have
found limited information on this. Only one document that was of any
help
On 9/23/2010 11:42 AM, zhu qun-ying wrote:
Hi,
I have an SSL apllication, that it suppose to run for a long time. After some
time of running, I found the usage of the memory is growing. I stop all SSL
connections and checked all SSL * has been freed but it could not release the
memory back
On 9/24/2010 11:05 AM, zhu qun-ying wrote:
I think I should clarify something here. The app is running
in a small device that does not have virtual memory
(no swap space) and the memory is limited (256/512 M).
In peek connections, it may use up to 90% of the system memory,
and when
On 9/25/2010 9:31 AM, Jayaraghavendran k wrote:
(a) Does OpenSSL plan to support this feature in any of it's future
releases? (Or does any of the releases already support it? I went
through the Change Logs, but couldn't find anything), If no, why not?
I can't answer whether there are any
On 9/26/2010 11:14 PM, zhu qun-ying wrote:
Does it mean that it is hard to change the behavior?
Yes, because it's not implemented in any one particular place. It's a
fundamental design assumption throughout OpenSSL that it's aimed at
general-purpose computers with virtual memory subsystems.
On 9/27/2010 4:13 PM, Scott Neugroschl wrote:
As David said, yes.
On the other hand, you could re-implement malloc() and free() for your
platform.
There's really no way to make that help very much. It might help a
little, but the fundamental problem is this:
If you want to implement each
On 9/29/2010 11:41 PM, Raj wrote:
Hi All
Is there any method to set time our for SSL _read function.
As from the Open SSL document SSL_read will not return if there is no
data to read from the socket
You really shouldn't need this. If you know for sure that it's the other
side's turn to
On 9/30/2010 11:39 PM, Raj wrote:
Can you please let me know how can I set time out as a whole. I think
you are mentioning about SSL_CTX_Set_timeout function. If it is so then
I have set the time out using this function, and sadly I didn't get the
expected result.
There are a lot of ways. The
On 10/6/2010 5:01 AM, john.mattapi...@wipro.com wrote:
Thanks Steve,
I used the following commands to create the certificate using the
openssl built with FIPS support
openssl genrsa -des3 -out wv-key.pem 1024
openssl req -new -x509 -key wv-key.pem -out wv-cert.pem -days 365
Do I miss any
On 11/2/2010 6:25 PM, Md Lazreg wrote:
r=select(m_sock_fd + 1, fds, 0, 0, ptv);
if (r = 0 (Errno == EAGAIN || Errno == EINTR))/*if we timed
out with EAGAIN try again*/
{
r = 1;
}
This code is broken. If 'select' returns zero, checking errno is
This may be a stretch, but did you confirm the socket is within the
range of sockets your platform allows you to 'select' on? For example,
Linux by default doesn't permit you to 'select' on socket numbers 1,025
and up, though you can have more than 1,024 file descriptors in use
without a
On 11/6/2010 7:44 AM, Martin Boßlet wrote:
I just tested, whether the BER-encoding is preserved if I do not alter
any of the contents. Unfortunately, it seems as if the encoding is not
preserved. I did the following:
d2i_PKCS7_bio(file,p7);
and then directly
i2d_PKCS7_bio(file2, p7);
again.
On 11/16/2010 11:06 PM, Nivedita Melinkeri wrote:
Hi,
I had some questions about the latest security advisory. I understand
that this applies to multi-threaded application while using ssl sessions.
Correct.
If the application is written thread safe using
CRYPTO_set_locking_callback
On 11/18/2010 12:50 AM, Steve yongjin Shin wrote:
-BEGIN RSA PRIVATE KEY-
...omitted..
-END RSA PRIVATE KEY-
-BEGIN CERTIFICATE-
...omitted...
-END CERTIFICATE-
On 11/18/2010 7:26 AM, Pandit Panburana wrote:
I am not clear about the condition that vulnerability when using
internal session caching mechanism. Is it the same thing as TLS session
caching or this is some thing different?
The internal session caching mechanism caches TSL session
On 11/29/2010 2:34 AM, A. N. Alias wrote:
I've been using IE, Chrome and Firefox as clients for a test SSL/TLS server.
This works fine with Firefox, which uses a single TCP connection for the TLS
handshake and subsequent communication. However, IE and Chrome seem often to
send different parts
301 - 400 of 1078 matches
Mail list logo