n Behalf
Of Jochen Bern
Sent: Wednesday, September 27, 2017 06:51
To: openssl-users@openssl.org <mailto:openssl-users@openssl.org>
Subject: Re: [openssl-users] Hardware client certificates moving to
Centos 7
I don't know offhand which OpenSSL versions did away with MD5, but you
*can* install a
-users-boun...@openssl.org] On Behalf
>> Of Jochen Bern
>> Sent: Wednesday, September 27, 2017 06:51
>> To: openssl-users@openssl.org
>> Subject: Re: [openssl-users] Hardware client certificates moving to Centos 7
>>
>> I don't know offhand which OpenSSL versions did aw
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
> Of Jeffrey Walton
> Sent: Wednesday, September 27, 2017 13:15
> To: OpenSSL Users
> Subject: Re: [openssl-users] Hardware client certificates moving to Centos 7
>
> >
> > Heck, MD4 and MDC
On 09/27/2017 10:10 PM, Michael Wojcik wrote:
> On Behalf Of Jochen Bern
> Sent: Wednesday, September 27, 2017 06:51
>> I don't know offhand which OpenSSL versions did away with MD5, but you
>> *can* install an 0.9.8e (+ RHEL/CentOS backported security patches)
>> straight off CentOS 7 repos
>
>
FIPS mode is a policy decision in my opinion also but since RedHat prides
itself in security e.g. SELinux, etc. I believe that is a RedHat decision
as opposed to the OpenSSL community. The alternative would be to use a
different Linux distro like Ubuntu, etc. which does not compile their
OpenSSL
>> I don't know offhand which OpenSSL versions did away with MD5, but you
>> *can* install an 0.9.8e (+ RHEL/CentOS backported security patches)
>> straight off CentOS 7 repos:
>
> Ugh. No need for 0.9.8e (which is from, what, the early Industrial
> Revolution?). MD5 is still available in OpenSSL
rs@openssl.org
> > Subject: Re: [openssl-users] Hardware client certificates moving to
> Centos 7
> >
> > I don't know offhand which OpenSSL versions did away with MD5, but you
> > *can* install an 0.9.8e (+ RHEL/CentOS backported security patches)
> > straight off Ce
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
> Of Jochen Bern
> Sent: Wednesday, September 27, 2017 06:51
> To: openssl-users@openssl.org
> Subject: Re: [openssl-users] Hardware client certificates moving to Centos 7
>
> I don't know offhand w
On 09/27/2017 02:07 PM, Stuart Marsden wrote:
> Is there a way a can install a version of openssl on a dedicated standalone
> Centos 7 server which will support these phones?
> That would be preferable to me than having to leave Centos 6 servers just
> for this
I don't know
On 09/27/2017 08:07 AM, Stuart Marsden wrote:
Hi
I think I know what you are going to say - MD5?
Lots of problems with that cert. If you have some connection with the
vendor, have them read IEEE 802.1AR-2009 standard for Device Identity
credentials. You will be supporting this phone
Hi
I think I know what you are going to say - MD5?
I ran openssl s_server -verify , then ran the x509 command as you suggested
using the captured client certificate
This phone model has only just gone into production, and I am using a "preview
version" of the hardware
Is there a way a can
On 09/26/2017 08:04 PM, Kyle Hamilton wrote:
openssl x509 -noout -text -in clientcertificate.pem
You may need to extract the client certificate from wireshark, but you
could also get it from openssl s_server.
Specifically, that error message is suggesting that there's a message
digest
openssl x509 -noout -text -in clientcertificate.pem
You may need to extract the client certificate from wireshark, but you
could also get it from openssl s_server.
Specifically, that error message is suggesting that there's a message
digest encoded into the certificate which is unknown to the
On 09/26/2017 11:26 AM, Stuart Marsden wrote:
Hi
I have Centos/Apache servers for securely provisioning IP phones using hardware
client certificates embedded in the phones.
for this test I have allowed all protocols and ciphers
on Centos 6 this works fine, the rpms are:
Sorry how can I tell ?
I can run a wireshark if necessary
thanks
> On 26 Sep 2017, at 16:36, Wouter Verhelst wrote:
>
> On 26-09-17 17:26, Stuart Marsden wrote:
>> [ssl:info] [pid 1611] SSL Library Error: error:0D0C50A1:asn1 encoding
>>
On 26-09-17 17:26, Stuart Marsden wrote:
> [ssl:info] [pid 1611] SSL Library Error: error:0D0C50A1:asn1 encoding
> routines:ASN1_item_verify:unknown message digest algorithm
So which message digest algorithm is the client trying to use?
--
Wouter Verhelst
--
openssl-users mailing list
To
16 matches
Mail list logo