Michael J. Markowitz wrote:
>
> At 01:19 PM 8/12/99 +0100, Dr Stephen Henson wrote:
> >It is a bit more awkward to use than RSA. Like many things, if it wasn't
> >for the RSA patent hardly anyone would use it.
>
> I have to publicly disagree with this assessment.
[interesting argument deleted]
Bodo Moeller wrote:
>
> If they're still using the same buggy server as a couple of months
> ago, then
>
> openssl s_client -ssl2 -bugs -connect banking.wellsfargo.com:443
>
> should work. Look in the s_client source to see what exactly this does
> (it sets all the bug workaround options).
H
Joe:
I don't know if Matt is also planning a website, but I haven't even
started mine, so I can't give you a link to it.
-Mike
Joe Novielli wrote:
>
> BTW MATT : Your web link would be much appreciated to clear the concepts
> for neophytes.
>
> At 04:03 PM 08/11/99 -0700, you wrote:
> >Hi:
Title: RE: Using the OpenSSL WITHOUT doing authentication
Bodo,
Thank you very much for responding to my message. I've probed a bit deeper into the code supplied with the libraries (the conglomeration of c files that lives in the /apps directory). Of particular interest was s_serve
At 01:19 PM 8/12/99 +0100, Dr Stephen Henson wrote:
>The Digital Signature Algorithm, also called the Digital Signature
>Standard (DSS) is a public key algorithm that can be used only for
>signing. Unlike RSA it doesn't have patent problems (I believe it does
>have a patent but anyone can use it).
Vincent Levesque wrote:
>
> Hello,
>
> I've looked around and I'm still a little bit confused about a few
> details of Diffie-Hellman. (This is not specific to openssl so feel free
> to ignore me :-). First of all, my "experimentations" seem to show that
> only the server side needs Diffie-Hellm
On Wed, 11 Aug 1999, Joshua Chamas wrote:
> Does anyone know how to connect to the wellsfargo site at:
>
> https://banking.wellsfargo.com/
>
> I've tried with:
>
> SSLv2_client_method()
> SSLv23_client_method()
> SSLv3_client_method()
Wells Fargo is using a very old, buggy version of one
> If you include hashes of the DH *shares*, as opposed to the *result*
> of the DH exchange, then you avoid the protocol weakness.
How would I extract this information from the OpenSSL library?
Jeffrey Altman * Sr.Software Designer * Kermit-95 for Win32 and OS/2
The Kermit
At 12:51 PM 8/12/99 +0200, nino wrote:
>-- what is the DSA algorithm, and where is it explained ? Is it a short
>for LUCDSA (lucas functions instead of exp as in RSA)?
DSA = (U.S. Federal) Digital Signature Algorithm (FIPS 186-1)
See http://csrc.nist.gov/fips/fips1861.pdf
-mjm
==
Michae
In <[EMAIL PROTECTED]>, on 08/12/99
at 12:51 PM, nino <[EMAIL PROTECTED]> said:
>-- what is the DSA algorithm, and where is it explained ? Is it a short
>for LUCDSA (lucas functions instead of exp as in RSA)?
DSA is Digital Signature Algorithm which is part of DSS Digital Signature
Standard
Jeffrey Altman <[EMAIL PROTECTED]>:
>>> TLS_CHECKSUM_DATA ::= SEQUENCE {
>>>authentication-type-pair OCTET_STRING, -- 2 bytes
>>>SSLversion INTEGER,-- SSL version number
>>>Cipher OCTET_STRING, -- the 3 byte cipher ID
>>>Session_ID
On Thu, Aug 12, 1999 at 07:54:22AM -0700, [EMAIL PROTECTED] wrote:
>> This is not secure. The master secret is derived from data
>> transmitted in clear and the premaster secret, which is just the
>> result of the DH exchange, which *can* be influenced by an attacker in
>> a way such that the cl
Hello again,
I've seen some discussion about the "dangers" of using the openssl
incorrectly but it has left me more confused than before. I'm using
openssl because I don't know much about ssl and I want a libary to take
care of the details. As I understand it the PRNG initializes itself
correctly
Hello,
I've looked around and I'm still a little bit confused about a few
details of Diffie-Hellman. (This is not specific to openssl so feel free
to ignore me :-). First of all, my "experimentations" seem to show that
only the server side needs Diffie-Hellman parameters: why is that? Also
I'd li
Carles Xavier Munyoz Baldó <[EMAIL PROTECTED]>:
> Is there any MD5 hash funcion in the openssl library ?
Sure. Look at what "openssl md5" does.
__
OpenSSL Project http://www.openssl.org
User Supp
> This is not secure. The master secret is derived from data
> transmitted in clear and the premaster secret, which is just the
> result of the DH exchange, which *can* be influenced by an attacker in
> a way such that the client and server agree on its value and the
> attacker kn
Hi,
Look my reply to "ADH ciphers with SSL_ALLOW_ADH - do they work?". I'm
new to openssl too so I might not be giving you the best solution there
is... I think you have to use anonymous Diffie-Hellman if you don't need
any authentication. This cipher suite seems to be disabled by default in
open
> On Thu, Aug 12, 1999 at 12:00:00AM +, Jeffrey Altman wrote:
>
> > I am setting the cipher list on both my client and server
> >
> > ADH-DES-CBC3-SHA:ADH-DES-CBC-SHA
> >
> > and then attempt to make a TLSv1 connection and get the following
> > error:
> >
> > [TLS - handshake starting
In <[EMAIL PROTECTED]>, on 08/12/99
at 12:51 PM, nino <[EMAIL PROTECTED]> said:
>-- what is the DSA algorithm, and where is it explained ? Is it a short
>for LUCDSA (lucas functions instead of exp as in RSA)?
DSA is Digital Signature Algorithm which is part of DSS Digital Signature
Standard
Hi,
Yes, I can use the ADH cipher suites. I'm doing the same thing you do:
1. I compile the library with SSL_ALLOW_ADH
2. I set the cipher suite to include the ADH cipher (which is not enabled
by default)
I'm also calling "SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL);" to disable
cert
Hi,
My apologies, it IS working. I thought I had tried it but I guess I made a
mistake and linked to the wrong library (I have 4-5 different versions of the
compiled openssl libraries!). In order to get ADH to work I have to compile
the libraries either with NO_RSA or with SSL_ALLOW_ADH. When NO_
I'm still unsure about the CA cert?
What does this do, how does it fit in?
Is this the SAME as a signed certificate which the web server uses? (I
don't think so)
Which certificate is the one browsers need to install? (ie: the one we need
to generate for them)
I'm fine with:
- generating a s
You're sending your email to the wrong people. This is a web-server
issue. You need to get a certificate for easyshopping.com. addr.com
needs to configure their web server so that your certificate is
delivered to people who browse easyshopping.com. That's about all you
really need to know abo
nino wrote:
>
> Hi,
>
> I have some problems finding the following in the documentation:
>
> -- what is the DSA algorithm, and where is it explained ? Is it a short
> for LUCDSA (lucas functions instead of exp as in RSA)?
>
The Digital Signature Algorithm, also called the Digital Signature
St
Hi !
My self signed SSL-Server certificate works ok with Netscape but
MSIE 5.0 says following about the certificate :
"This certificate cannot be verified due to a lack of information"
I make the fertificate with "make certificate TYPE=custom"
This will produce 4 files : ca.crt, server.key, se
Joshua Chamas <[EMAIL PROTECTED]>:
> Does anyone know how to connect to the wellsfargo site at:
> https://banking.wellsfargo.com/
> I've tried with:
> SSLv2_client_method()
> SSLv23_client_method()
> SSLv3_client_method()
> and nothing.
If they're still using the same buggy server as a cou
On Thu, Aug 12, 1999 at 12:00:00AM +, Jeffrey Altman wrote:
> I am setting the cipher list on both my client and server
>
> ADH-DES-CBC3-SHA:ADH-DES-CBC-SHA
>
> and then attempt to make a TLSv1 connection and get the following
> error:
>
> [TLS - handshake starting]
> [TLS - FAILED]
David Azari <[EMAIL PROTECTED]>:
> I'm having extreme difficulty setting up an SSL connection between
> client and server when neither specifies a certificate and key file.
> Actually, the problem seems to be specific to the server. If I tell the
> server to use a cert and key, via the
>
CASTELAIN Didier wrote:
>
> Is there a Certificate server in Freeware or for a trial period ?
Have a look at:
http://www.openssl.org/related/apps.html
Ciao, Michael.
__
OpenSSL Project http:/
Hello,
Is there any MD5 hash funcion in the openssl library ?
How can I use it in a C program (parameters and return values) ?
Many thanks.
---
CTV-JET
Carles Xavier Munyoz Baldó / [EMAIL PROTECTED]
http://www.ctv.es/USERS/carles
Dpto. Sistemas / System Department
Clave pública PGP / PGP public K
Hi,
You could have a look at the OpenCA project
http://www.openca.org
Greetings,
Hugo
On Thu, 12 Aug 1999, CASTELAIN Didier wrote:
> Hello,
>
> Is there a Certificate server in Freeware or for a trial period ?
>
> Thanks
>
>
>
> > SYSICOM USWEB/CKS
> > Didier CAS
Hi,
I have some problems finding the following in the documentation:
-- what is the DSA algorithm, and where is it explained ? Is it a short
for LUCDSA (lucas functions instead of exp as in RSA)?
-- what is the format NET (ie. -inform NET or -outform NET). I can see
that it makes the transition
I've written a mail program for OS/2. Have I a chance to incorporate SSL?
Thank you in advance!
/*---*/
/* Eberhard Sturm Tel: +49-251-83-31679 */
/* Universitaetsrechenzentrum Fax: +49-251-83-31
Dr Stephen Henson wrote:
> Anyway there are a couple of formats for "chains". The "standard"
> version if PKCS#7 where you can do...
>
> openssl crl2pkcs7 -nocrl -certfile user.pem -certfile ca.pem -outform
> DER -out p7.der
>
> You can use -certfile multiple times and each file can contain m
34 matches
Mail list logo
