From: "lucian" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject:Re: Openssl on Win32 (help!)
Date sent: Mon, 29 Jan 2001 17:49:54 +0200
Send reply to: [EMAIL PROTECTED]
Take a look at the .bat file you used when you co
Hello,
I am running Linux RedHat 7.0 with apache and openssl. I use a cable
modem/router configuration, so I have my router set up to distribute out IPs
and to forward all port 80 and port 443 requests to my Linux box. When I am
on the LAN I use the 192.168.1.101 address to talk to the web
OK, I understand how V2 backwards compatibility
works - clients send a V2-style ClientHello with
a version of 3.0 or 3.1. (It's a seriously ugly
aberration, too, but let's not go there right now.)
I saw in Appendix E that "Requests to resume an
SSL 3.0 session should use an SSL 3.0 client hello
It is a very secure cipher suite. You might also want to examine RC4-SHA and
RC4-MD5 because they are much faster. Other ciphersuites that offer
excellent security include
DES-CBC3-MD5
IDEA-CBC-SHA
RC4-SHA
RC4-MD5
IDEA-CBC-MD5
RC2-CBC-MD5
You can specify which ciphers your client wants to negoti
Hello,
I am trying to develop a security module for signing
(pkcs#7 format) Adobe PDF files as a plug-in.
Moreover I would need to access some of the security
functions using a COM interface.
Can I easily do this work using OpenSsl? How?
Do you know of any other security package that I can
use?
P
Maxime Dubois wrote:
>
> What I wanted to know is: How does a root CA say it does not trust anymore
> a sub-CA it has signed before?
By revoking the certificate of the sub CA.
Revoking means putting it into the root CA's CRL.
Ciao, Michael.
__
- Original Message -
From: "Kenneth R. Robinette" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Saturday, January 27, 2001 1:32 AM
Subject: Re: Openssl on Win32 (help!)
> From: stuart hodgkinson <[EMAIL PROTECTED]>
> Subject:Re: Openssl on Win32 (help!)
> To:
Hello and thanks for your help,
> > > 1. How can I revoke an intermediate CA? Is It Possible?
>
> Yes it is possible. Just have the parent CA issue a CRL that includes
> the intermediate.
Do you mean that the parent CA's CRL must include the intermediate CA's
CRL?
I'm not sure I really understa
Hi,
This function is used to set the cipher suites and in my client and server test which
does both TLSv1 and SSLv3 it always picks DES-CBC3-SHA. Is this the best chiper suite
avialable? If i was to pick another would it be through the use of
SSL_set_cipher_list(SSL *,const char *);?
As always
> > 1. How can I revoke an intermediate CA? Is It Possible?
Yes it is possible. Just have the parent CA issue a CRL that includes
the intermediate.
> > 2. Is there a list/index of all the sub-CAs signed by a root CA?
No. Not unless the CA makes a special effort to do this, such as by
publishi
[EMAIL PROTECTED] wrote:
>
> Hi,
>
> The first 8 bytes of my decrypted ciphertext are garbage. The rest is OK.
> I encrypt 12220 bytes in one pass with des_ede3_cbc_encrypt(...)
>
> Are the any prerequisites which are necessary for encrypting/decrypting with
> DES ?
>
Use of des_ede3_cbc_encr
Hi,
your problem is that you are decrypting with a different initialization vector than
the one you are encrypting with.
Before decryption, you must set the ivec to the same value it had before encryption.
The relevant parameter of des_ede3_cbc_encrypt() for this is "des_cblock *ivec".
Try for e
Just to say I've at last found the problem in my signing
implementation. I was using EVP_MAX_MD_SIZE as limit for my signature
array, and that was of course completely wrong; I see now I should
have used EVP_PKEY_size(pkey) instead.
Pedro.
--
Pedro Miller Rabinovitch
Gerente Geral de
Hi,
The first 8 bytes of my decrypted ciphertext are garbage. The rest is OK.
I encrypt 12220 bytes in one pass with des_ede3_cbc_encrypt(...)
Are the any prerequisites which are necessary for encrypting/decrypting with
DES ?
Thanks,
Niels
__
Hi OpenSSL Users,
After replacing the self-signed certificate by a real Verisign certificate I
get the following error
message in ssl_engine_log:
[29/Jan/2001 10:30:46 05379] [error] Init: Unable to read server certificate
frm file /usr/local/apache_t3.1/conf/ssl.crt/server.crt (OpenSSL library
On Fri, Jan 26, 2001 at 05:58:28PM -, Martin S. Marshall wrote:
> > ./apachectl sslstart
> > /usr/lib/dld.sl: Unresolved symbol: __eprintf (code) from
> > /usr/local/ssl/lib/libcrypto.sl.0.9.7
> > /usr/lib/dld.sl: Unresolved symbol: __umoddi3 (code) from
> > /usr/local/ssl/lib/libcrypto.sl.0
Maxime Dubois wrote:
>
> So I need to keep request files as I keep cert files...
Maybe you can also try to generate a new request from an expired
cert.
openssl x509 -x509toreq
> I think renewal is interesting because [...]
It's always a matter of your local policy.
Ciao, Michael.
__
Thanks
So I need to keep request files as I keep cert files...
I think renewal is interesting because we don't think the validity period of
certs is determined by their weakness but by an internal policy of users and
CRL management. In an organisation delivering certificates to its members, we
d
18 matches
Mail list logo
