ERR_get_error() or SSL_get_error()?

2005-11-17 Thread Edward Chan
Title: ERR_get_error() or SSL_get_error()? If SSL_accept() returns <= 0, and I want to see what the error is, should I be calling this to get a string description of the error: int ret = SSL_accept(); if (ret <= 0) {     char buf[256];     ERR_error_string_n(ERR_get_error(), buf,

Re: Disabling Weak Encryption

2005-11-17 Thread Alex Kupriyenko
Hi, Bob, Can you  help me  with  that problem: A RSA encrypt()/decrypt() interface works fine in one application/process, but with client-server communication – TCP/IP socket (cl public_encrypt – serv private_decript) I've got Decryption error: RSA_padding_check_PKCS1_type_2:b

Re: Disabling Weak Encryption

2005-11-17 Thread Bernhard Froehlich
Lester, Bob wrote: /Hi,/ /I'm looking to disable weak encryption in OpenSSL 0.9.8.a. Do I need to rebuild without that support, or can I just use the OpenSSL cipher command? In either case, can anyone tell me which cipher suite(s) to disable to achieve this?/ /TIA,/ /<*BobL*>/ /The

Disabling Weak Encryption

2005-11-17 Thread Lester, Bob
Title: Disabling Weak Encryption Hi,     I'm looking to disable weak encryption in OpenSSL 0.9.8.a.  Do I need to rebuild without that support, or can I just use the OpenSSL cipher command?  In either case, can anyone tell me which cipher suite(s) to disable to achieve this? TIA, <*BobL*>

Disabling Weak Encryption

2005-11-17 Thread Lester, Bob
Title: Disabling Weak Encryption Hi,     I'm looking to disable weak encryption in OpenSSL 0.9.8.a.  Do I need to rebuild without that support, or can I just use the OpenSSL cipher command?  In either case, can anyone tell me which cipher suite(s) to disable to achieve this? TIA, <*BobL*>

Re: Self signed cert

2005-11-17 Thread Jorey Bump
Gerard Earley wrote: Can you recommend any cheap certificate issuers in the price range you mention and whether any will issue a cert for an IP address (if that's possible). I have been happy with RapidSSL, because they are single root, easy to install, and the purchase process is convenient

Re: Self signed cert

2005-11-17 Thread Gerard Earley
Jorey Bump wrote: > Brent Clark wrote: > >> Out of interest, is there anyone on this list using a self sighned >> cert with a mailserver on the internet, using TLS. >> >> The reason I ask this, is because I dont want to have to pay verislim >> and co, for something I know I can do myself. >> If any

Re: Self signed cert

2005-11-17 Thread Jorey Bump
Brent Clark wrote: Out of interest, is there anyone on this list using a self sighned cert with a mailserver on the internet, using TLS. The reason I ask this, is because I dont want to have to pay verislim and co, for something I know I can do myself. If anyone is using / doing this, have ha