Hi all,
I've removed the replies, for shortness. Thank you very much for them,
they have been very enlightning. I think I've found my solution. What I
wanted to do is make sure that the software only runs on a system that
has a smartcard connected to it that the software owner has sent the
Hi,
I developed an application based on ACE_SSL which based on openssl. I found I
could not set up a TLS connection with no certificate verification. That is I
just want a TLS connection without certificate.
I used the same cipherlist and rand file with openssl command, while openssl
command
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of David Schwartz
Sent: Thursday, April 13, 2006 7:33 AM
To: openssl-users@openssl.org
Subject: RE: Licenses...
I still find this argument incomprehensible. Are you
suggesting that the
sole purpose the
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Tyler MacDonald
Sent: Thursday, April 13, 2006 10:45 AM
To: openssl-users@openssl.org
Cc: [EMAIL PROTECTED]
Subject: Re: Licenses...
Ted Mittelstaedt [EMAIL PROTECTED] wrote:
An end user can download
[EMAIL PROTECTED] wrote:
hi
i'm having problems trying to build OpenSSL 0.9.8a on an Intel based Mac OS X
10.4.6.
if i've understood correctly, building goes fine up to the point where the openssl binary is
being linked. at that point i get lots of errors about undefined symbols and the
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Kyle Hamilton
Sent: Thursday, April 13, 2006 12:51 PM
To: openssl-users@openssl.org
Cc: [EMAIL PROTECTED]
Subject: Re: Licenses...
I have an open-source project. It may be compiled with or without
OpenSSL
I still find this argument incomprehensible. Are you
suggesting that the
sole purpose the FreeBSD people develop software is to create this
wonderful, powerful FreeBSD project? And that anything that doesn't
benefit the project with the name FreeBSD somehow doesn't matter?
It would have
The security policy states that the fips-approved sources, when
compiled on a system that allows for verification that the compiled
library has not been changed (via a fairly complex examination of
process executable space), create a library that is FIPS 140-2
validated.
I think that's probably
just a side note:
RSA private keys can be used to encrypt data that can be decrypted
with the public key.
RSA public keys can be used to encrypt data that can be decrypted with
the private key.
The speed of the operation is 3 to 4 orders of magnitude slower than
the equivalent
On Thu, Apr 13, 2006, Hank Cohen wrote:
Right you are! My mistake.
I knew it was under development but no draft has been issued yet.
Here's a new question.
When OpenSSL got it's NIST algorithm certifications were they only for
specific processors? I notice that the Open Source Software
Hello,
just a side note:
RSA private keys can be used to encrypt data that can be decrypted
with the public key.
RSA public keys can be used to encrypt data that can be decrypted with
the private key.
Thats true, signing is technically nothing else as encrypting some
data (md hash) with
Forwarded to openssl-users
+DA2.0 etc are the flags for HP's native compiler, not for gcc.
Regards,
Lutz
- Forwarded message from Patrick Hsu [EMAIL PROTECTED] -
X-Original-To: [EMAIL PROTECTED]
X-Original-To: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
Subject: compile
On Fri, Apr 14, 2006, Marek Marcola wrote:
Hello,
just a side note:
RSA private keys can be used to encrypt data that can be decrypted
with the public key.
RSA public keys can be used to encrypt data that can be decrypted with
the private key.
Thats true, signing is technically
Hello,
The rsautl utility can do this using the -sign and -verify options. In rsautl
verify does a public decrypt and writes the result rather than a memcmp
and a Yes/No answer.
You are right:
--
$ openssl genrsa -out rsa.pem 1024
Generating RSA private key, 1024 bit long modulus
On Fri, Apr 14, 2006, Zhang, Long (Roger) wrote:
Hi,
I developed an application based on ACE_SSL which based on openssl. I found I
could not set up a TLS connection with no certificate verification. That is I
just want a TLS connection without certificate.
I used the same cipherlist
Hello.
I developed an application based on ACE_SSL which based on openssl.
I found I could not set up a TLS connection with no certificate verification.
That is I just want a TLS connection without certificate.
Anonymous ciphers are disabled by default in OpenSSL (default:
Hi all,
I just created a fresh install of FC5, which claims to have
openssl-0.9.8a and openssl-devel-0.9.8a included, but I can't find ec.h
or ecdh.h anywhere on the system (all the other headers are there).
This seems especially odd since the openssl command line program seems
to be at
Ted Mittelstaedt [EMAIL PROTECTED] wrote:
listen to yourself, your speaking as though software should be distributed
and sold exactly like Windows server products are: aimed at the
administrators who are just pretending to be adminstrators, and who are
not real professionals.
Thank goodness
I will be out of the office starting 04/14/2006 and will not return until
04/17/2006.
I will be out of the office for the remainder of Friday April 14, 2006. I
will respond to your email when I return on Monday, April 17, 2006. If
this is a production issue, please call our 24/7 NSS/OCC number
On 4/14/06, Tyler MacDonald [EMAIL PROTECTED] wrote:
Ted Mittelstaedt [EMAIL PROTECTED] wrote:
listen to yourself, your speaking as though software should be distributed
and sold exactly like Windows server products are: aimed at the
administrators who are just pretending to be
I detect an attempt to propose a compromise (a sensible one, says me, and
I work for a proprietory software developer). For shame! :-)
--|
John L. Ries |
Salford Systems |
Phone: (619)543-8880 x107 |
or (435)865-5723 |
In 0.9.8a, it looks like AES 128 will be accepted by the server even if it is supposed to accept only AES 256.
To reproduce this behavior, on the server run:
openssl s_server -accept 4433 -cipher AES256-SHA –state
On the client, run:
openssl s_client -connect PISA_SERVER:4433 -cipher AES128-SHA
Hi Roy,
In 0.9.8a, it looks like AES 128 will be accepted by the server even if it
is supposed to accept only AES 256.
I reported this same bug on February 17th, and Dr. Steven Henson has
confirmed it is a bug so hopefully it will be fixed.
If you find any work around please let me know.
Hello folks,
I'm trying to use openssl (OpenSSL 0.9.7i 14 Oct 2005) on Mac OS X to
encrypt a stream of data using RC4.
It seems that the RC4 algorithm used in openssl is incompatible with
some other implementations I found, for instance this PHP
implementation: http://rc4crypt.devhome.org/ . But
Sorry, I somehow overlooked that previous thread. Note that in my
scenario, a weaker cipher is implicitly added to the supported cipher
list, so the bug is somewhat more severe IMHO.
What I tried was to remove all the AES 128 options from ssl/s3_lib.c.
That seemed to do the trick. I do not know
What I tried was to remove all the AES 128 options from ssl/s3_lib.c.
That seemed to do the trick. I do not know if it has any bad side
effects though.
Of course, this will only work if you don't need AES 128 at all.
In my case I have a configuration program which allows users to select
Hello folks,
I'm trying to use openssl (OpenSSL 0.9.7i 14 Oct 2005) on Mac OS X to
encrypt a stream of data using RC4.
It seems that the RC4 algorithm used in openssl is incompatible with
some other implementations I found, for instance this PHP
implementation:
There's no provision for --prefix= as an option?
-Kyle H
On 4/14/06, Dr. Stephen Henson [EMAIL PROTECTED] wrote:
On Thu, Apr 13, 2006, Hank Cohen wrote:
Right you are! My mistake.
I knew it was under development but no draft has been issued yet.
Here's a new question.
When OpenSSL
Not all who wander are lost.
Not all who are idealistic are fascist.
Not all who are afraid of being forgotten are Ozymandias.
And not all who work on open-source projects have the patience or will
to keep slamming our horns together.
Honestly, we have better things to do with our time than worry
On Fri, Apr 14, 2006, Kyle Hamilton wrote:
There's no provision for --prefix= as an option?
No but that doesn't matter in practice...
The validated module is the object file fipscanister.o. Once that and the
associated hash files have been built and installed using the approved
prodecure
All the GPL requires is that binary distributions of a GPL'd software
must include the source, or include a written offer to make the source
available for a nominal copying charge; it also requires that the
license be included so that the person licensing the program knows
that they have
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of David Schwartz
Sent: Friday, April 14, 2006 3:47 AM
To: openssl-users@openssl.org
Subject: RE: Licenses...
I still find this argument incomprehensible. Are you
suggesting that the
sole purpose the
On Fri, Apr 14, 2006, Chris Clark wrote:
What I tried was to remove all the AES 128 options from ssl/s3_lib.c.
That seemed to do the trick. I do not know if it has any bad side
effects though.
Of course, this will only work if you don't need AES 128 at all.
In my case I have a
On Fri, Apr 14, 2006 at 03:23:17PM -0700, David Schwartz wrote:
Hello folks,
I'm trying to use openssl (OpenSSL 0.9.7i 14 Oct 2005) on Mac OS X to
encrypt a stream of data using RC4.
It seems that the RC4 algorithm used in openssl is incompatible with
some other implementations I
Try the next 0.9.8 snapshot.
Thanks Dr. Steve!
-Chris
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager
Oi, you're quite the speaker, aren't ya?
In message [EMAIL PROTECTED] on Fri, 14 Apr 2006 17:28:47 -0700, Ted
Mittelstaedt [EMAIL PROTECTED] said:
tedm OpenSSL needs to stick with the license that most closely
tedm reflects the philosophy of it's authors. That is, right now, an
tedm advert
Hi,
On 4/15/06, Victor Duchovni [EMAIL PROTECTED] wrote:
Also because RC4 is a keystream, and the first ~256 byes of output are
correlated with the key, implementations need to agree on how much of
the initial output to discard.
I read about that 256 byte thing on the web, but what I'm trying
Hi,
On 4/15/06, David Schwartz [EMAIL PROTECTED] wrote:
This is almost always a case of the key being handled differently in
the
two cases. For example, in one case you may specify the key in ASCII, and in
the other case in base64. One may be in hex and the other in ASCII, 'F'
could
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Tyler MacDonald
Sent: Friday, April 14, 2006 10:10 AM
To: openssl-users@openssl.org
Cc: [EMAIL PROTECTED]
Subject: Re: Licenses...
I'm not saying dependant, I'm saying available!!!
Binary
39 matches
Mail list logo