I discovered the following recently while trying to decrypt an old file
encrypted with openssl 0.9.4. I thought this might be useful for others.
In openssl 0.9.5 (early 2000) the encryption utility (openssl enc command)
was changed to salt the encryption with a random 8-byte value. This improved
-Original Message-
From: Heusden van, FJJ (Folkert) [mailto:[EMAIL PROTECTED]
Sent: Wednesday, May 12, 2004 6:01 AM
To: [EMAIL PROTECTED]
Subject: RE: sha1
Yes, that is correct.
-Oorspronkelijk bericht-
Van: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Eleanor Nagai
Verzonden: d
thanks for your confirmation.
-Original Message-
From: Heusden van, FJJ (Folkert) [mailto:[EMAIL PROTECTED]
Sent: Wednesday, May 12, 2004 6:01 AM
To: [EMAIL PROTECTED]
Subject: RE: sha1
Yes, that is correct.
-Oorspronkelijk bericht-
Van: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTE
If you're going through hell, keep
going
- Original Message -
From: "Dr. Stephen Henson" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, May 12, 2004 4:25 PM
Subject: Re: Session key
generation
> On Thu, May 06, 2004, Michael
Shtelma wrote:> > > Hello> > >
>
After further investigation it appears that the problem was some proxy
server response text ("HTTP/1.1 200 Connection Established") left in the
socket buffer and read by the OpenSSL code when it thought it would be
looking at the certificate. The 0x0054 pair was referring to the "TT" in
"HTTP"
The
On Wed, May 12, 2004, David Gianndrea wrote:
> Dr. Stephen Henson wrote:
>
>
> >When email is signed the other side receives a list of supported ciphers.
> >Many
> >email applications will list these against that recipient and use an
> >appropriate one: that is one that the email software suppo
Dr. Stephen Henson wrote:
When email is signed the other side receives a list of supported ciphers. Many
email applications will list these against that recipient and use an
appropriate one: that is one that the email software supports and the
recipient supports.
Humm, Ok I am using mozilla as a
Steve,
Martin is probably right with his comment, it doesn't sound like a SSL
problem but more a surrounding environment problem (browser, Apache,
Tomcat?, Struts)
1. Have you checked with a suite of browsers? Internet Explorer seems to
experience a lot of problems with HTTPS POST
2. Do you have S
Frank wrote:
I'm writtign this but I know you will probably have no idea how to fix
it or what the problem is all I can say is they with a newer snapshot of
openssl we have a problem with core dumping and it works when compiled
with older versions.
Well the BN_CTX code has been changed recently
[EMAIL PROTECTED] wrote:
Hi,
openssl private_encrypt function does not handle the
RSA_PKCS1_OAEP_PADDING. But the public_encrypt () has this PADDING handled.
Is there any specific reasons behind this?
Well OAEP padding is intended for encryption schemes (not signing) and
for encryption normally th
> > > >
> > > > I have some code to extract a DNS field from subjectAltName extensions
> > > > in X509v3 certificates in the function below. It is based on example 5-8
> > > > in the book "Network Security with OpenSSL" by Viega, Messier and
> > Chandra.
An extract from curl
Copyright (c) 1996 -
Are
you enforcing client certificate authentication? If so, it might be
a mod_ssl issue. In Apache 2.0.xx, if your global SSLVerifyClient for the
SSL virtual host is set to none and you only enforce client authentication for
certain locations in your virtual host, then POSTing is a
problem.
Thank you Martin, unfortunately neither of these areas would be of any use (I think) as using an unsecured url (ie HTTP://...) the site works as one would expect. Only when using the HTTPS://... does the POSTing problem occur. My guess is that this could be either an openssl or mod_ssl problem a
Hi Stephen,
Do you have an idea of how can I implement this using Xenroll? Is there any
documentation on the internet?
Thanks in advance,
Fabiano
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dr. Stephen Henson
Sent: Tuesday, May 11, 2004 8:41 PM
To
On Wed, May 12, 2004, Richard Holliday wrote:
> Thanks very much for your comments.
>
> I agree that if the MS software was causing this issue it would manifest
> itself with a direct con. as well.
>
> The version numbers I get when routing through a proxy are major = 0x0054
> and minor = 0x005
On Wed, May 12, 2004, S.Mehdi Sheikhalishahi wrote:
> Hi All
> Can I construct a pkcs12 file without private key?
Yes using OpenSSL 0.9.8 and the -nokeys option with -export. This only work on
0.9.8-dev though it is ignored on previous versions and will ultimately give
an error because it can't
On Wed, May 12, 2004, David Gianndrea wrote:
> Is it possible to create an AES-256 user cert for personal
> email signing and encrypting?
>
There's no such thing[*].
> Perhaps more correctly what determines what cipher is used
> to encrypt an SMIME email. Is it the cert or the email
> applicati
I'm using a non-blocking socket on the server side.
I'm polling on the socket after accepting the TCP connection.
On seeing some data, I do a SSL_accept() on the socket before
proceeding further.
This fails with a status of -1 and error value of 5 ( bad asn1 hdr)
( The SSL_accept is in a loop (i
Hi,
openssl private_encrypt function does not handle the
RSA_PKCS1_OAEP_PADDING. But the public_encrypt () has this PADDING handled.
Is there any specific reasons behind this? How to use OAEP padding with
PrivateEncyption?
openssl library function:
openssl-0.9.6c/crypto/rsa/rsa_eay.c
/* signing
Is it possible to create an AES-256 user cert for personal
email signing and encrypting?
Perhaps more correctly what determines what cipher is used
to encrypt an SMIME email. Is it the cert or the email
application?
If it is the email app, then just what is the cert doing for
the email app?
An inqu
All,I am trying to use the simple post action in an html form (using struts BTW) only I get the following:
Method Not AllowedThe requested method POST is not allowed for the URL /admin/ListUsers.do.
Apache/2.0.49 (Unix
=
Loving,
Jiji VS
__
Do you Yahoo!?
Yahoo! Movies - Buy advance tickets for 'Shrek 2'
http://movies.yahoo.com/showtimes/movie?mid=1808405861
__
OpenSSL Project
Hi All
Can I construct a pkcs12 file without private key?
Thanks.
Best Regards.
Bye.
__
Do you Yahoo!?
Yahoo! Movies - Buy advance tickets for 'Shrek 2'
http://movies.yahoo.com/showtimes/movie?mid=1808405861
_
On Wed, 2004-05-12 at 08:39, Patrick Coleman wrote:
> Hi,
> I'm a little confused as to how Diffie-Hellman works with openssl. Once the
> key is generated, which part of the DH struct do you need to send to the
> other party? I have tried printing dh->pub_key to a terminal, but all I got
> was '
Hi,
I'm a little confused as to how Diffie-Hellman works with openssl. Once the
key is generated, which part of the DH struct do you need to send to the
other party? I have tried printing dh->pub_key to a terminal, but all I got
was '0'. Is this normal? Is there a standard way of formatting such
Thanks very much for your comments.
I agree that if the MS software was causing this issue it would manifest
itself with a direct con. as well.
The version numbers I get when routing through a proxy are major = 0x0054
and minor = 0x0054. These are being compared against the SSL* s version
which
26 matches
Mail list logo
