> On Fri, Jun 25, 1999 at 02:38:48PM -0700, Eric Rescorla wrote:
>
> >> slow (1024 squaring operations), the obvious change would be to use DH
> >> parameters with a 160-bit subprime and a 160-bit secret exponent (160
> >> squarings and ca. 80 full-size multiplications, and even the second
> >> e
On Fri, Jun 25, 1999 at 02:38:48PM -0700, Eric Rescorla wrote:
>> slow (1024 squaring operations), the obvious change would be to use DH
>> parameters with a 160-bit subprime and a 160-bit secret exponent (160
>> squarings and ca. 80 full-size multiplications, and even the second
>> exponentiatio
Hello All.
I have heard various stories as for the the laws, copyrights, etc.. dealing
with the the RSA algorithm and was curious if someone could provide info.
regarding the above products. Is [EMAIL PROTECTED] the solution here ? ..
please share experiences.
much thanks
Tyler K.
admin linux wrote:
> hi,
>been trying to make on linux redhat 6.0 openssl unsucessfully.
has anyone been able to build cleanly openssl*.tar.gz on redhat 6.0?
TIA
Rick
__
OpenSSL Project ht
Ben Laurie <[EMAIL PROTECTED]> writes:
> Yeah, but with RSA it costs you a large-prime-generation. Which _is_ a
> lot.
I'm not arguing that EDH isn't cheaper than ERSA, I'm arguing
that it's not worth it even though it's cheaper.
-Ekr
--
[Eric Rescorla [EMAIL P
> On Fri, Jun 25, 1999 at 08:43:14AM -0700, Eric Rescorla wrote:
>
> >> Forward secrecy is exactly the point (that's what the temporary keys
> >> are for, if we leave aside export ciphers). You're right that it
> >> shouldn't be necessary to create a fresh key every time we need one,
> >> but it
Paul M Fleming wrote:
I'm working on a server program that needs to timeout
if input isn't
entered within a certain time period. I'm doing a select followed by
an
SSL_read, obviously this isn't correct. I look at the archive and saw
some
discussion about this but no suggestions on how to solve it
On Fri, Jun 25, 1999 at 03:33:41PM -0500, Paul M Fleming wrote:
> I'm working on a server program that needs to timeout if input isn't
> entered within a certain time period. I'm doing a select followed by an
> SSL_read, obviously this isn't correct.
You'll have to use non-blocking sockets and
"Isaac Rajkumar" <[EMAIL PROTECTED]>:
> Can someone explain how I can specify non-blocking socket behavior to the
> library. I am not using BIO based read/write functions - instead my calls
> are through SSL_read and SSL_write.
Just switch your sockets to non-blocking mode. The SSL library can
h
Sarah Bateman <[EMAIL PROTECTED]>:
> Client: ssleay 0.8.1 running on NT4
> Server: proxy server using ssleay 0.8.1 library
> SSL related server code:
[...]
> ssl = SSL_new (ctx);
> SSL_clear(ssl);
(An SSL_clear directly after after the SSL_new is not necessary, but
should not cause any problem
I'm working on a server program that needs to timeout if input isn't
entered within a certain time period. I'm doing a select followed by an
SSL_read, obviously this isn't correct. I look at the archive and saw some
discussion about this but no suggestions on how to solve it. I don't think I
nee
X509_get_notAfter(X509 *spYourCertificate, char *cpADate)
cpAfterdate - Buffer to get valid upto date of the certificate
RETURNS: 1 - Valid upto date obtained
Also X509_get_notBefore(X509 *spYourCertificate, char *cpBDate)
cpBeforedate - B
Or you can just grab them here:
http://www.e-softinc.com/cacerts.txt
These are the certs we've grabbed as part of an SSL
survey that we are compiling. (Compiled from a variety of
sources, including Netscape 4.0, I believe)
Note the URL must be visited directly, it is not visible
by following an
Eric Rescorla wrote:
>
> > > is any virtue in generating new DH keys for every transaction
> > > other than Perfect Forward Secrecy -- which you could do
> > > just as good a job with by refreshing the key every couple
> > > hours.
> >
> > Forward secrecy is exactly the point (that's what the tem
On Fri, Jun 25, 1999 at 08:43:14AM -0700, Eric Rescorla wrote:
>> Forward secrecy is exactly the point (that's what the temporary keys
>> are for, if we leave aside export ciphers). You're right that it
>> shouldn't be necessary to create a fresh key every time we need one,
>> but it does not co
Hello,
Is there any function in the openssl library that tells the expiration
date of a certificate saved in a file in PEM format ?
Many thanks.
---
CTV-JET
Carles Xavier Munyoz Baldó / [EMAIL PROTECTED]
http://www.ctv.es/USERS/carles
Dpto. Sistemas / System Department
Clave pública PGP / PGP pu
Hallo,
Ups, sorry:
>You could try the folowing:
>1. load Netscape.exe in a editor capable of handling so big binary files.
>
>2. search for the string MIIC
Just search for the string MII.
There should be some non printable char in front of it.
>3. extract everything until the next unprintable c
At 17:27 25.06.99 +0200, you wrote:
Hallo,
>Goetz Babin-Ebell wrote:
>> At 10:01 24.06.99 +0200, you wrote:
>> >I know that major WWW browsers have a set of compiled-in
>> >certificates like Verisign, Thawte etc. I need the same
>> >for my application. Where can I find certificates
>> >for Verisi
Hi
I have been looking at this problem for a week now and am at my wits
end.
I'm sure it's something trivial but I certainly can't find the solution.
I'm afraid it's an old version of ssleay, 0.8.1, but up until now this
has been stable and caused no problems.
So here is the description of th
Another option is to extract them from IE. Use CertMgr.exe
and then click on the "trust certificates" tab. Then you can extract
them one by one in a DER format or extract a collection in a PKCS#7-cert
format.
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On B
> > is any virtue in generating new DH keys for every transaction
> > other than Perfect Forward Secrecy -- which you could do
> > just as good a job with by refreshing the key every couple
> > hours.
>
> Forward secrecy is exactly the point (that's what the temporary keys
> are for, if we leave
Goetz Babin-Ebell wrote:
>
> At 10:01 24.06.99 +0200, you wrote:
> >Hi,
> Hallo,
>
> >I know that major WWW browsers have a set of compiled-in
> >certificates like Verisign, Thawte etc. I need the same
> >for my application. Where can I find certificates
> >for Verisign, Thawte etc. ?
>
> You
I've found IE 5 to be funny animal.. Go into Tools, Options, Advanced
and hit restore defaults.(what default is it setting?? I haven't
bothered to figure it out.) That has fixed about 90% of my problems
with clients and IE5. The other 10 needed to go request a new
certificate after they did th
Joshua,
Thanks for the module. I hate to ask this BUT, would you be able to
give me some pointers on what packages I should build with and where
the ssleay.xs should go etc. I did build this stuff once on NT, but I
had to do a ton of hacking to get things built and it got very ugly.
I lost what ve
I'm using apache 1.3.6 with appropriate mod_ssl and openssl. When I connect
to the web server under ssl, I get prompted for a certificate appropriately.
Then, the base "It Worked!" page comes up. But, then I get prompted again
for the certificate and the bitmaps at the bottom of the page show up
Oliver Floericke schrieb:
>
> Hello!
>
> how can I convert a certificate created by ca from PEM into DER? I've tried
>
> 'openssl x509 -inform PEM -outform DER -in myCert.pem -out myCert.der'
>
> but the result is a binary file which it should not be (or should it?!??!)
It should, really
On Thu, Jun 24, 1999 at 11:03:34AM +0200, Ralf S. Engelschall wrote:
>> I thought this wasn't necessary anymore. I suggest we dump this
>> compilation flag and do something similar to the NULL ciphers: allow
>> them to be used but they need to be explicitly allowed in the cipher
>> list. Comments
Have a look at
http://www.cryptsoft.com/~eeay/
http.//www.openssl.org
The latter explicitely states:
"OpenSSL is based on the excellent SSLeay library developed
by Eric A. Young and Tim J. Hudson."
Next question, please ;-)
Alessandro Vesely schrieb:
>
> May I ask what _is_ SSLeay?
>
> I fou
On Thu, Jun 24, 1999 at 09:38:56PM -0700, EKR wrote:
> Bodo Moeller <[EMAIL PROTECTED]>:
>> No. DH *key* generation is fast, but only if you have done DH
>> *parameter* generation before. Then the secret key is just a random
>> number x, and the corresponding public key is g^x mod p.
>> DH p
Hi Oliver!
> how can I convert a certificate created by ca from PEM into DER? I've
> tried
>
> 'openssl x509 -inform PEM -outform DER -in myCert.pem -out
> myCert.der'
>
[ew] That's ok.
> but the result is a binary file which it should not be (or should
> it?!??!)
>
[ew] Yes, it should
>May I ask what _is_ SSLeay?
SSLeay is a prior incarnation of openSSL and indeed refers to
Eric Young who who wrote the package. Eric now works for RSA
and the package has been renamed openSSL to indicate its new
status.
__
Ope
Alessandro Vesely wrote:
> May I ask what _is_ SSLeay? Is it some package maintained
> by someone somewhere, or what?
It _is_ an *absolete* SSL library written by Eric A. Young.
Currently not maintained. 8-(
Regards,
Mike
---
Michal Trojnara * +48 501 00 12 43
IT Security Offic
Hello!
how can I convert a certificate created by ca from PEM into DER? I've tried
'openssl x509 -inform PEM -outform DER -in myCert.pem -out myCert.der'
but the result is a binary file which it should not be (or should it?!??!)
And BTW: does anybody know a link where I can find more info
33 matches
Mail list logo
