Thanks for the sourcecode!
I can see now, that 3DES really needs 3 keys so I'm wondering if 3DES is a bit
"overkill" for my purpose.
Does anyone have an example of how to do a simple DES (not 3DES) encryption using
OpenSSL?
Thanks,
Kim
-Oprindelig meddelelse-
Fra: Mariusz Jedrzejewski
I want to generate a CSR without prompts. The reason is so that the CSR
can be generated from a web based script form. I could pipe in answers
to the prompts, but based on past experience doing things like this, this
is not the proper solution since in the future, the order of prompts or
what is
I've been working on reverse proxy server on Solaris 8 system. Apache
2.0.39, using openssl-0.9.6c.
Lines in httpd.conf are as follows:
SSLProxyEngine On
SSLProxyMachineCertificateFile
/usr/local/apache2/conf/ssl.crt/ca-chain.crt
SSLProxyVerify on
SSLProxyVerifyDepth 2
ProxyPass / https://name.o
Dear Joerg,
it would be interesting to learn the reason to consider ssltest insecure.
As I read it, DH parameters (modulus and generator) are set to
some well-known values. This is required to use the same group,
both by server and client. Security of DH key exchange is determined by
DH private
To generate a key from a password, use EVP_BytesToKey
There is an explanation in an old document written by
the legendary EAY in doc\ssleay.txt.
That old document (search for == cipher.m == ) has an
example of encrypting some bytes with TripleDES and
EVP_BytesToKey, EVP_EncryptInit and the like.
[Please CC me on any replies since I'm not subscribed to this list.]
The attached patch (against openssl-0.9.6g) prevents Configure from
misinterpreting Win32 pathnames that begin with a drive letter as a
relative as opposed to an absolute pathname.
For example, without this patch when Configure
The problem is that you have compiled your application and the OpenSSL
library
using different MS C runtime libraries. There are few possible options
on Windows
(single threaded, single threaded debug, multi threaded, multi threaded
debug) and
you MUST use the same libraries for both OpenSSL li
Hello.
I'm get the "PRNG not seeded" error even with /dev/random and urandom
available. I also set the RANDFILE=/dev/random , but that still did not
fix things. The $HOME/.rnd file fixes this but there are too many users
to use the $HOME/.rnd file per account.
Does anyone know why OpenSSL w
Thanks. Makes sense. That's been on my mind for quite some time.
ldd httpd gives..
__SNIP__
libmysqlclient.so.10 =>
/usr/local/mysql/lib/mysql/libmysqlclient.so.10 (0x40014000)
libcrypt.so.1 => /lib/libcrypt.so.1 (0x40039000)
libresolv.so.2 => /lib/libresolv.so.2 (0x40
Innokentiy Ivanov wrote:
>Good afternoon!
>
>Can anybody help me, please?
>What shell i do to use ciphers with DH/DH-anon key exchange algorithms?
>
>When i try to connect to OpenSSL server with only cipher DH_..._..._... or
>DH_anon_..._..._..., it says: "no shared cipher".
>
>Please, help me t
Hi,
we experiment with different certificate profiles and try to mix
UTF8 encoding with printable strings within one certificate.
To do this, we plan to use the global switch
string_mask = utf8only
and specify the encoding for each element that should be in printable
string explictly.
I assu
Because I have to use certificates in the PKCS#12 format, I use the
function d2i_PKCS12_fp() in my application.
On UNIX, this works fine. On Windows NT4 (SP6a) the function crashes.
I am using OpenSSL 0.9.6c at the moment.
I have read about a similar problem in this mailing list, and there is an
Good afternoon!
Can anybody help me, please?
What shell i do to use ciphers with DH/DH-anon key exchange algorithms?
When i try to connect to OpenSSL server with only cipher DH_..._..._... or
DH_anon_..._..._..., it says: "no shared cipher".
Please, help me to do this. Maybe, OpenSSL doesn't s
I just checked, and here Apache and OpenSSH both link to the shared
OpenSSL libraries. If yours were also linked with the shared libraries,
then a new patch release should just drop in. You'll need to exit and
restart sshd and httpd before they'll start using the new libraries,
though.
If you h
Hi Jonathan,
On Thu, 8 Aug 2002, Jonathan Hersch wrote:
> I'm working on an SSL proxying device using OpenSSL
> 0.9.6e on Linux with engine support and Broadcom
> accelerator cards. I'm testing the box by putting
> about 250 connections/sec through it, so for each test
> connection it has to es
Hi,
Tarassov Vadim wrote:
>does someone know how should I use openssl pkcs12 program in order to get such
keytore store that will be compatible with JSSE?
Once I could do that with keytool in Sun's J2EE SDK package.
(J2SE's keytool could not handle pkcs12 format, I presume)
like:
keytool -pk
Hallo everybody,
does someone know how should I use openssl pkcs12 program in order to get such keytore
store that will be compatible with JSSE? If it is not possible, can someone point me
on differences between keytore imported from netscape and those created by openssl
pkcs12 so that I can
17 matches
Mail list logo
