an example, which happens to be important right now
because of poodle.
Hope this will clear all the confusions.
-Aditya
On Fri, Oct 24, 2014 at 5:35 PM, Jakob Bohm jb-open...@wisemo.com
mailto:jb-open...@wisemo.comwrote:
On 24/10/2014 13:33, Aditya Kumar wrote:
Hi All
:
::SSL_CTX_set_cipher_list(ctx,
ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM);
Is there something wrong with these ciphers? What are best cipher argument for
only TLSv1 communication. I think, I need not set ciphers on client side.
Thanks – Pradeep reddy.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner
anything to release fixes that enable solution B.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs
a certificate backed by much more thorough
identity checks, given your position in the SSL pecking order.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
, definitly
WINSOCK2.H contains this:
/*
* Constants and structures defined by the internet system,
* Per RFC 790, September 1981, taken from the BSD file netinet/in.h.
*/
by the way: Visual C++ is from 1998, also an old ancient compiler
we have 2014 ;-)
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner
'
NMAKE : fatal error U1077: 'cl' : return code '0x2'
Stop.
this seems that you include ancient SDK headers not capable of IPv6
at all ...
--
Jakob Bohm, CIO, partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Soborg, Denmark. direct: +45 31 13 16 10
tel:+4531131610
!
On 11/5/2014 1:23 PM, Jakob Bohm wrote:
Maybe you forgot to run the batch file that sets the
INCLUDE and LIB environmentvariables to prepend later
VC 6.0 compatible SDK headers before,such as those in
the July 2002 Platform SDK.
The copyright message quoted by Walter H. is just that,
acopyright
the only affected clients, then this is not the best
possiblefix.
On the other hand, if some other SSL library would fail if
presented withthe 3 new suites (the GCM suites without
ECDSA certs), then their fix is correct and just helps the
old OpenSSL versions by chance.
Enjoy
Jakob
--
Jakob Bohm
I get 20 blocks totaling 253 bytes. I have stack traces of where
each block is allocated but I cannot figure out how this memory should be
cleaned up. Each of the 20 blocks filter down to 1 of 5 root stack traces. The
stack traces are:
Repeated 6 times:
Enjoy
Jakob
--
Jakob Bohm, CIO
loader API). For libraries written in C++, the static constructor
and destructor language mechanisms are treated this way
automatically and thus subject to the same limitations on
permitted operations.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730
scheme, using
the same implementation functions.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management
reportfrom .NET to see the real error code.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs
On 12-12-2014 21:31, Jeffrey Walton wrote:
On Fri, Dec 12, 2014 at 5:23 AM, Jakob Bohm jb-open...@wisemo.com wrote:
On 09/12/2014 21:46, Jeffrey Walton wrote:
On Tue, Dec 9, 2014 at 2:07 PM, Amarendra Godbole
amarendra.godb...@gmail.com wrote:
So Adam Langley writes SSLv3 decoding function
who chose them for you.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
On 19/12/2014 12:11, Jakob Bohm wrote:
On 19/12/2014 00:10, Prabhat Puroshottam wrote:
I am trying to summarize the problem again, since the previous
mail seems confusing to some of you. It might help you quickly understand
the problem I am facing:
We have a product, where Client connects
certificates or refreshing your CRL.
Thanks, best Benjamin!
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service
version of s_client knows how to
dump out the constructed verification chain, there is only an option
to dump the server supplied certificates (regardless if those were
used by the client or not). Hopefully some future version will have
options to dump either or both lists.
Enjoy
Jakob
--
Jakob
lifetimes, but those tend to be used
regularly over that period, givingplenty of opportunity to convert
the private key files.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message
, such as OS
loaders and door locks.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones
, GFlags.exe etc.).
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
.
Also pleaseclean up any differences that are just typos
before the future 1.0.2arelease.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain
On 28/12/2014 12:26, Kurt Roeckx wrote:
On Sun, Dec 28, 2014 at 01:31:38AM +0100, Jakob Bohm wrote:
3. The 1.0.x binary compatibility promise seems to not have been
completely kept. As recently as just this December, As a practical
example: I had an OS upgrade partially fail due
On 29/12/2014 01:37, Matt Caswell wrote:
On 28/12/14 00:31, Jakob Bohm wrote:
On 24-12-2014 00:49, Matt Caswell wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
You will have noticed that the OpenSSL 1.0.0 End Of Life Announcement
contained a link to the recently published OpenSSL Release
as they are, but change the comparison to compare values
that are actually supposed to be the same, such as MAC key length to MAC
key length (implicit 0 in the digests[] array), and result length to
result length (named keylen in the digests[] array).
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
to compile and thenjust outputs simplistic nmake
makefiles (such as nt.mak and ntdll.mak) based on those
lists.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non
. Experiment in
experiment-land.
My two bits.
On Fri, Feb 6, 2015 at 9:59 PM, Matt Caswell m...@openssl.org
mailto:m...@openssl.org wrote:
On 06/02/15 16:03, Jakob Bohm wrote:
I believe you have made the mistake of discussing only amongst
yourselves, thus gradually convincing
be selected by
setting the CYGWIN environment variable appropriately, so (contrary to recent
messages on the list) there's no reason to rewrite c_rehash for use on Windows.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45
, GFlags.exe etc.).
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
. 0xFF8, but that would still be 256 times rarer).
I am assuming without checking, that i2d_ASN1_INTEGER
already handles negative values.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public
mode around the basic DES/AES/IDEA/... block functions.
And this is just one example of the flexibility provided by
not going through the more rigid EVP API.
Should everyone not doing just TLS1.2 move to a different
librarynow, such as crypto++ ?
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S
certificate which fails
to display unknown name components.
P.S.
I presume that for any real use, you would use an officially
allocated OID to avoid clashing with what other people use.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark
is the alternate way for this
add signature function - that also dumps core at
PKCS7_SIGNER_INFO_set() function.
I have no clue as to what am I doing wrong here.
Appreciate your help.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark
give us credit
for not doing this arbitrarily, or on a whim.
I believe you have made the mistake of discussing only amongst
yourselves, thus gradually convincing each other of the
righteousness of a flawed decision.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
On 18/03/2015 10:14, Matt Caswell wrote:
On 18/03/15 07:59, Jakob Bohm wrote:
(Resend due to MUA bug sending this to -announce)
On 16/03/2015 20:05, Matt Caswell wrote:
Forthcoming OpenSSL releases
The OpenSSL project team would like to announce the forthcoming
code formatting as in the rest of the 0.9.8 series?
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management
difficult to read and maintain. Sometimes taking a step forward
results in some pain. This was a good investment for the future.
+1 for the reformat.
On 03/18/2015 06:45 AM, Jakob Bohm wrote:
On 18/03/2015 10:14, Matt Caswell wrote:
On 18/03/15 07:59, Jakob Bohm wrote:
(Resend due to MUA
program.
Attaching my entire code here. After getting the base64 decoded I'm
calculating the MD5 sum and printing it. This works for a regular
string but not for SSH pubkey.
Thanks again.
--Prashant
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej
are
included?
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
, Jakob Bohm jb-open...@wisemo.com:
Not having tested or read the relevant OpenSSL code, I
presume that SSL_write could want a read if it has sent
a handshake message, but not yet received the reply, thus
it cannot (encrypt and) send user data until it has
received and acted on the handshake reply
the client should refuse if the certificate does
not match the DNS name or IP address it was trying to contact
(not to be confused with whatever name the server returns in
protocol messages such as the SMTP banner).
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
before the first read of client commands,
except in some servers that do an early read to check if
a broken/spammer client is trying to send before receiving
the banner).
--
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct
for the platform number, this should be one of the Long Term
Support kernel releases to maximize longevity (assuming that
regular OS patching within a version number is still accepted
as same platform).
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860
and those
explicitly specified.
The second interpretation happens to match what the proposed
patchdoes implicitly, while the first interpretation does not.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
. This is going to be hard.
c) Use the source code of openssl ca (apps/ca.c) to
create an enhanced ca app which has the missing feature.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion
projects, openssl is C code.
Actually, it is a .tar.gz file unless working with bleeding
edge stuff.
The .tar.gz is signed with gpg not PKCS#7 like jar files.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16
or to
coordinate with other stakeholders.
-Steve M.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs
On 26/03/2015 22:29, Steve Marquess wrote:
On 03/26/2015 01:41 PM, Jakob Bohm wrote:
On 26/03/2015 16:56, Steve Marquess wrote:
On 03/26/2015 11:30 AM, John Foley wrote:
We looked at this very briefly a couple of years ago. In theory, there
may be a way to achieve the goal as a loadable
Signature.
Alex
*From:*openssl-users [mailto:openssl-users-boun...@openssl.org] *On
Behalf Of *Jakob Bohm
*Sent:* Wednesday, 18 March 2015 6:50 AM
*To:* openssl-users@openssl.org
*Subject:* Re: [openssl-users] question about resigning a certificate
On 16/03/2015 02:46, Alex Samad - Yieldbroker
On 13/04/2015 18:48, Steve Marquess wrote:
On 04/13/2015 12:14 PM, Jakob Bohm wrote:
On 13/04/2015 17:48, Salz, Rich wrote:
In other words, is the only
practical and viable option regarding this to re-implement crypt()
using EVP
methods ? - thanks.
Yes. That would be so much easier than
from the project.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
).
I may have, once, when transferring data from an IBM
mainframe (VM/CMS) to a PC. No longer recall the
options I had to specify to the ftp client.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
= no-ec_nistp_64_gcc_128 no-gmp no-jpake no-krb5 no-libunbound
no-md2 no-rc5 no-rfc3779 no-sctp no-shared no-ssl-trace no-store
no-unit-test no-zlib no-zlib-dynamic static-engine
=== Cut here ===
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
On 22/04/2015 21:49, Viktor Dukhovni wrote:
On Wed, Apr 22, 2015 at 09:04:04PM +0200, Jakob Bohm wrote:
For parallel installation of OpenSSL 1.0.2a and the OS
supplied OpenSSL 1.0.1 (with patches equivalent to the
latest release), modify SHLIB_VERSION_NUMBER from 1.0.0
to 1.0.2
) {
BIO *test;
cut here
Does this fix make sense?
--
Jakob Bohm, CIO, partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Soborg, Denmark. direct: +45 31 13 16 10
tel:+4531131610
This message is only for its intended recipient, delete if misaddressed.
WiseMo
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
'
# }
# }
1.3.6.1.4.1.311.20.2 = ASN1:BMP:SomeTemplateName
I am not sure about the 1.3.6.1.4.1.311.21.7 OID, but it
might be similar.
Enjoy
Jakob
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion
On 12/05/2015 21:45, Nico Williams wrote:
On Tue, May 12, 2015 at 08:23:34PM +0200, Jakob Bohm wrote:
How about the following simplifications for the new
extension, lets call it GSS-2 (at least in this e-mail).
1. GSS (including SASL/GS2) is always done via the SPNego
GSS mechanism, which
[mailto:openssl-users-boun...@openssl.org] *Em nome
de *Jakob Bohm
*Enviada em:* terça-feira, 12 de maio de 2015 15:42
*Para:* openssl-users@openssl.org
*Assunto:* Re: [openssl-users] Testing OpenSSL based solution
On 12/05/2015 20:10, Salz, Rich wrote:
You can't easily have test vectors for DSA
.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
message both during signing and
verification). This would not be detected by signing
and verifying sample messages with random parameters.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public
with any other TLS mechanisms,
such as certificates.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service
each end knows the
MIC key before sending its first GSS token.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service
On 13/05/2015 21:17, Nico Williams wrote:
We're closer.
On Wed, May 13, 2015 at 07:10:10PM +0200, Jakob Bohm wrote:
On 13/05/2015 17:46, Nico Williams wrote:
On Wed, May 13, 2015 at 12:03:33PM +0200, Jakob Bohm wrote:
On 12/05/2015 21:45, Nico Williams wrote:
On Tue, May 12, 2015 at 08:23
of discussion.
On 13/05/2015 17:46, Nico Williams wrote:
On Wed, May 13, 2015 at 12:03:33PM +0200, Jakob Bohm wrote:
On 12/05/2015 21:45, Nico Williams wrote:
On Tue, May 12, 2015 at 08:23:34PM +0200, Jakob Bohm wrote:
How about the following simplifications for the new
extension, lets call
)
already has a FIPS validatedopen source implementation of
crypt().
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote
v8?
You surely cannot mean that amd64 port, introduced in Windows 2003 (NT
5.02)?
Just joking :-)
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may
streams, could be to randomly vary
the exact number of padding bytes within the
typically 4 bit) range permitted by the protocol,
but this would be limited to CBC mode encryption,
not being available for stream and GCM encryptions.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http
be enabled, though I don't know if that
is at the TLS or HTTP level.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service
recompile OpenSSL (at latestpatchlevel) without the SSL3
protocol?
This would also provide all the other security fixes that
have been added to OpenSSL since someone gave you the
program.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg
On 04/04/2015 07:18, Jakob Bohm wrote:
On 04/04/2015 04:07, Mabry Tyson wrote:
I happened to notice what seems to be an output glitch in the textual
output of a certificate.
I received a copy of the QuoVadis Root CA 2 certificate as a file.
When I examined the certificate via
openssl
rules:
All INTEGER fields are signed, so when the most significant
bit of a 2048 bit value is set, then it needs to be encoded
and processed with an extra leading 0 byte.
OpenSSL displays that leading 0 byte, while NSS (used by
Firefox) apparently hides it.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner
everything below
it when replying (because everyting below the --space marker
is, by definition, just the e-mail sig).
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non
a way
to use a HTTP request to switch a connection to HTTPS.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service
are default builds with SSL3 enabled.
The suggestion was to buildOpenSSL with the unwanted
features (in this case SSL3) disabled at configure/build
time.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
to explicitly do that, what is the API for that ?
Thanks Regards,
Nayna Jain
Inactive hide details for Jakob Bohm ---06/10/2015 09:49:54
AM---On 10/06/2015 05:22, Nayna Jain wrote: Jakob Bohm
---06/10/2015 09:49:54 AM---On 10/06/2015 05:22, Nayna Jain wrote:
From: Jakob Bohm jb-open
.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
/GPG or S/MIME would be simpler yet. There are any number of
examples online for signing a file and verifying its signature.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion
.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
of such a vulnerability
would be that the cryptographic keys still need to
match.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo
validated, and the classic privacy-
enhanced checking where missing/outdated CRLs are
downloaded from URLs specified in other extensions (there
are 2 possibilities) in the certificate being validated
(the surveillance-happy method is to use OCSP).
--
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner
for a few years (don't prevent upgrading openssl because
the users needs to upgrade openssl).
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors
the
latest ones, though that latter option might be as rare
as building the Linux kernel without /dev/*random).
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding
or specific to opensc
pkcs11 drivers.
Keywords to search for:
pkcs11, pkcs11 engine, opensc project, openssl engine.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non
On 27/05/2015 12:47, Ben Humpert wrote:
2015-05-27 8:17 GMT+02:00 Jakob Bohm jb-open...@wisemo.com:
Maybe the Android user interface is really asking about
something other than the issuing CA cert.
What are you trying to achieve by selecting a CA cert
in the client UI?
The official Google
, and if
that change is also in the part used by EAP_TLS.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
),
only the specific truncations SHA-512/256 and SHA-512/224
are approved for use by/for the US government. This is
purely a bureaucratic requirement, there is no known
security reason for the rest of the world to follow this
latter limitation to the letter.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner
experts promoting their pet algorithms, such
as ECDH (off topic for DH issues), specific ideas of
which groups are the safest (most promoting the
(p-1)/2 also prime variant, none acknowledging the
DSA-like X9.42 variant), or just asking if LogJam is at
all real.
Enjoy
Jakob
--
Jakob Bohm, CIO
On 22/05/2015 07:18, Jeffrey Walton wrote:
On Fri, May 22, 2015 at 12:51 AM, Jakob Bohm jb-open...@wisemo.com wrote:
On 22/05/2015 03:57, Jeffrey Walton wrote:
As an additional change for 1.0.2c or later (no need to
delay the urgent fix), maybe adjust internal operations
to discourage use
On 22/05/2015 08:30, Jeffrey Walton wrote:
On Fri, May 22, 2015 at 1:55 AM, Jakob Bohm jb-open...@wisemo.com wrote:
On 22/05/2015 07:18, Jeffrey Walton wrote:
On Fri, May 22, 2015 at 12:51 AM, Jakob Bohm jb-open...@wisemo.com
wrote:
On 22/05/2015 03:57, Jeffrey Walton wrote:
As an additional
groups as input, but do devise some way to work around
the commonly used code pattern of calling openssl
dhparam at build time and then making all users of a
distribution use the resulting DH group.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29
, while talking to anything
popular that was up to date with official security updates
less than 2 years ago (let alone a month) is a simple must.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Soborg, Denmark. Direct +45 31 13 16 10
This public
the _EMPTY_FRAGMENTS countermeasure is needed for the
IV issue.
I know a lot of people said the sky was falling, I am
trying to remember why.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public
doesn't have whatever bug caused the OpenSSL team to
disable the workaround by default.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors
out too many clients
in practice.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones
501 - 600 of 1144 matches
Mail list logo