Re: [openssl-users] Hardware client certificates moving to Centos 7

n Behalf Of Jochen Bern Sent: Wednesday, September 27, 2017 06:51 To: openssl-users@openssl.org <mailto:openssl-users@openssl.org> Subject: Re: [openssl-users] Hardware client certificates moving to Centos 7 I don't know offhand which OpenSSL versions did away with MD5, but you *can* install a

Re: [openssl-users] Hardware client certificates moving to Centos 7

-users-boun...@openssl.org] On Behalf >> Of Jochen Bern >> Sent: Wednesday, September 27, 2017 06:51 >> To: openssl-users@openssl.org >> Subject: Re: [openssl-users] Hardware client certificates moving to Centos 7 >> >> I don't know offhand which OpenSSL versions did aw

Re: [openssl-users] Hardware client certificates moving to Centos 7

> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf > Of Jeffrey Walton > Sent: Wednesday, September 27, 2017 13:15 > To: OpenSSL Users > Subject: Re: [openssl-users] Hardware client certificates moving to Centos 7 > > > > > Heck, MD4 and MDC

Re: [openssl-users] Hardware client certificates moving to Centos 7

On 09/27/2017 10:10 PM, Michael Wojcik wrote: > On Behalf Of Jochen Bern > Sent: Wednesday, September 27, 2017 06:51 >> I don't know offhand which OpenSSL versions did away with MD5, but you >> *can* install an 0.9.8e (+ RHEL/CentOS backported security patches) >> straight off CentOS 7 repos > >

Re: [openssl-users] Hardware client certificates moving to Centos 7

FIPS mode is a policy decision in my opinion also but since RedHat prides itself in security e.g. SELinux, etc. I believe that is a RedHat decision as opposed to the OpenSSL community. The alternative would be to use a different Linux distro like Ubuntu, etc. which does not compile their OpenSSL

Re: [openssl-users] Hardware client certificates moving to Centos 7

>> I don't know offhand which OpenSSL versions did away with MD5, but you >> *can* install an 0.9.8e (+ RHEL/CentOS backported security patches) >> straight off CentOS 7 repos: > > Ugh. No need for 0.9.8e (which is from, what, the early Industrial > Revolution?). MD5 is still available in OpenSSL

Re: [openssl-users] Hardware client certificates moving to Centos 7

rs@openssl.org > > Subject: Re: [openssl-users] Hardware client certificates moving to > Centos 7 > > > > I don't know offhand which OpenSSL versions did away with MD5, but you > > *can* install an 0.9.8e (+ RHEL/CentOS backported security patches) > > straight off Ce

Re: [openssl-users] Hardware client certificates moving to Centos 7

> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf > Of Jochen Bern > Sent: Wednesday, September 27, 2017 06:51 > To: openssl-users@openssl.org > Subject: Re: [openssl-users] Hardware client certificates moving to Centos 7 > > I don't know offhand w

Re: [openssl-users] Hardware client certificates moving to Centos 7

On 09/27/2017 02:07 PM, Stuart Marsden wrote: > Is there a way a can install a version of openssl on a dedicated standalone > Centos 7 server which will support these phones? > That would be preferable to me than having to leave Centos 6 servers just > for this I don't know

Re: [openssl-users] Hardware client certificates moving to Centos 7

On 09/27/2017 08:07 AM, Stuart Marsden wrote: Hi I think I know what you are going to say - MD5? Lots of problems with that cert. If you have some connection with the vendor, have them read IEEE 802.1AR-2009 standard for Device Identity credentials. You will be supporting this phone

Re: [openssl-users] Hardware client certificates moving to Centos 7

Hi I think I know what you are going to say - MD5? I ran openssl s_server -verify , then ran the x509 command as you suggested using the captured client certificate This phone model has only just gone into production, and I am using a "preview version" of the hardware Is there a way a can

Re: [openssl-users] Hardware client certificates moving to Centos 7

On 09/26/2017 08:04 PM, Kyle Hamilton wrote: openssl x509 -noout -text -in clientcertificate.pem You may need to extract the client certificate from wireshark, but you could also get it from openssl s_server. Specifically, that error message is suggesting that there's a message digest

Re: [openssl-users] Hardware client certificates moving to Centos 7

openssl x509 -noout -text -in clientcertificate.pem You may need to extract the client certificate from wireshark, but you could also get it from openssl s_server. Specifically, that error message is suggesting that there's a message digest encoded into the certificate which is unknown to the

Re: [openssl-users] Hardware client certificates moving to Centos 7

On 09/26/2017 11:26 AM, Stuart Marsden wrote: Hi I have Centos/Apache servers for securely provisioning IP phones using hardware client certificates embedded in the phones. for this test I have allowed all protocols and ciphers on Centos 6 this works fine, the rpms are:

Re: [openssl-users] Hardware client certificates moving to Centos 7

Sorry how can I tell ? I can run a wireshark if necessary thanks > On 26 Sep 2017, at 16:36, Wouter Verhelst wrote: > > On 26-09-17 17:26, Stuart Marsden wrote: >> [ssl:info] [pid 1611] SSL Library Error: error:0D0C50A1:asn1 encoding >>

Re: [openssl-users] Hardware client certificates moving to Centos 7

On 26-09-17 17:26, Stuart Marsden wrote: > [ssl:info] [pid 1611] SSL Library Error: error:0D0C50A1:asn1 encoding > routines:ASN1_item_verify:unknown message digest algorithm So which message digest algorithm is the client trying to use? -- Wouter Verhelst -- openssl-users mailing list To