> > In my experience if you just refer to the SSL/TLS spec you're fine.
>
>Really? Even if you don't specify any algorithms or key lengths in detail?
Yeah. We just said RSA key exchange (512 through 2048 bits typical)
for symmetric encryption key. For details, see RFC .
>Where did you get t
> > If you dynamically
> > link to OpenSSL, you may have no idea or control over what
> > algorithms and
> > key lengths you wind up using. This makes the form impossible
> > to fill out.
>
> In my experience if you just refer to the SSL/TLS spec you're fine.
Really? Even if you don't spe
> If you dynamically
> link to OpenSSL, you may have no idea or control over what algorithms and
> key lengths you wind up using. This makes the form impossible to fill out.
In my experience if you just refer to the SSL/TLS spec you're fine.
> If your product includes the OpenSSL libraries, you'd
> I was told that even though our program is only supporting
> limited key lengths, it can not be exported as it is linking to
> OpenSSL which has the logic to support larger key lengths and
> strong ciphers.
This is a misleading thing to say. But in general, it's true that it's very
diff
>Hi,
>I have a question about distribution of software which is based on OpenSSL
libraries considering US export regulations.
>We are planning to use OpenSSL library to develop a program with
functionality similar to that of HTTPS client/server. We >will be linking
our code (static or dynamic -
I'm trying to figure out how to update a CRL without restarting the
server. It looks like get_cert_by_subject() wants to see all the
successively generated CRLs for a CA. In other words, it wants to see
something like 12345.r0, 12345.r1 etc.
So I start the server with 12345.r0 in my certificate
Hi,
I am just starting out on ssl...could pl. tell me what
might be causing the below error, when using s_client
to connect to a server, my application also fails
during chain verification process...
s_client output of the server:
Loading 'screen' into random state - done
CONNECTED(017C)
SSL
On Mon, Jun 16, 2003, John Douglass wrote:
> I noticed this setting in the openssl.cnf file (as of late) and was
> wondering the actual effect of turning this off or on...
>
> # Extension copying option: use with caution.
> # copy_extensions = copy
>
>
It means what it says in the manual page
I noticed this setting in the openssl.cnf file (as of late) and was
wondering the actual effect of turning this off or on...
# Extension copying option: use with caution.
# copy_extensions = copy
Uncommenting means that we can use things like:
# Import the email address.
# subjectAltName=email:c
Someone in your company is responsible for trade and/or export regulations. Find out
who that is and contact them for guidance. While regulations have become more liberal
in some cases, they are always changing so it's good to get up-to-date advice from
someone whose job it is to follow the regu
Sorry for my delay in replying. It shouldn't affect SSH as that didn't come
with Red Hat 6.2. It's a while since I used 6.2, but at the time I
downloaded an RPM from a dutch encryption site (which is now long gone).
They used their own security libraries so were independent of openssl.
However, yo
Marius Cabas wrote:
How can i verify from an OpenSSL server application if the client
> certificate/private key matches the server certificate/private key?
What do you mean,, "match"? The keypair used by the server is not the
same keypair used by the client. Do you mean something like "are sign
Regarding exportability, last I heard export restrictions had been
relaxed somewhat for friendly nations. However I'm not American and do
not live in the US so not sure.
Please, the situation is confusing enough without uninformed speculation.
Exporting something which implements HTTP/SSL -- full
Are you actually implementing HTTPS, or are you just using SSL over TCP
for your own application?
We are planning to create two versions of our program
This may not be necessary.
Is an export license or review by the authorities required for this kind of application?
If you use crypto, you need
Off the home page:
OpenSSL is based on the excellent SSLeay library developed by Eric A.
Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an
Apache-style licence, which basically means that you are free to get and
use it for commercial and non-commercial purposes subject to some simp
How can i verify from an OpenSSL server application if the client certificate/private
key matches the server certificate/private key?
regards
Get advanced SPAM filtering on Webmail or POP Mail ... Get Lycos Mail!
http://login.mail.
Hi,
I have a question about distribution of software which is based on OpenSSL libraries
considering US export regulations.
We are planning to use OpenSSL library to develop a program with functionality similar
to that of HTTPS client/server. We will be linking our code (static or dynamic - any
17 matches
Mail list logo
