Peter Sylvester wrote:
Hm.
A correct client would not set a different one. There is
no requirement to check anything on session resume.
Yes. in fact 3546 did specify this. i missed it :-)
The only extension that is currently supported is the servername extension.
In order to use this effecti
Hi,
I need a sample (and basic) SSL client server application code, where the
server is implemented as a Java program, and the client is implemented as a
C or C++ program using openssl libraries.
The Java program can use a keystore in JKS format, while the C program can
use the certs generated by
Thanks, this is exactly what I was looking for.
And thanks also to Peter for pointing out the already
built options openssl x509 -C
which produce the perfect C stub code.
Alberto
On Mon, 2006-02-06 at 10:04 +, Katie Lucas wrote:
> On Fri, Feb 03, 2006 at 02:54:38PM -0600, Alberto Alonso wrot
If you want to submit and have considered by the httpd project, perhaps you
ment to submit it there?
Nice work b.t.w.
Bill
Peter Sylvester wrote:
Hello,
I just have put together the small patch for apache 2.2.0 which allows
to use the sernername extension
logic in the development snapshot i
This is the SSL protocol itself.
http://wp.netscape.com/eng/ssl3/traces/trc-clnt-us.html#ClientHello1
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of jimmy
Sent: Monday, February 06, 2006 10:47 PM
To: openssl-users@openssl.org
Subject: reagrding extended
> I'm looking to generate a short digital signature, perhaps 192
> bits or so, using an asymmetrical algorithm. DSA seems to
> have 320 bit signatures regardless of the key size used. Is
> this really the case, or am I missing something? Ignoring for
> the moment the wisdom of using signatures
You don't actually need the perl. Find 'openssl.exe' and run that.
-Kyle H
On 2/6/06, ssl_virgin (sent by Nabble.com) <[EMAIL PROTECTED]> wrote:
> Many thanks for the replies!
>
> Based on these, I've made some progress:
> 1) downloaded the pre-compiled binary from
> http://www.slproweb.com/pro
I'm looking to generate a short digital signature, perhaps 192
bits or so, using an asymmetrical algorithm. DSA seems to
have 320 bit signatures regardless of the key size used. Is
this really the case, or am I missing something? Ignoring for
the moment the wisdom of using signatures this short
Many thanks for the replies!
Based on these, I've made some progress:
1) downloaded the pre-compiled binary from http://www.slproweb.com/products/Win32OpenSSL.html.
2) installed it.
3) according to the “help” file, I need to have Perl installed on the PC, so I did that.
4) navigated to the 'Crypt
Hi –
I have a simple TLS client with OpenSSL. It works fine but
one oddity…
When all is completed I call SSL_shutdown(ssl). At that
point I see in the sniffer trace an Encryption Alert
I read response from server -- SSL_read(ssl, buff2,
sizeof(buff2) - 1);
https > 1154 [FIN, ACK]
Hm.
A correct client would not set a different one. There is
no requirement to check anything on session resume.
The only extension that is currently supported is the servername extension.
In order to use this effectively, you need an applictaion call back.
If you don't have a callback, the exte
Hello,
I just have put together the small patch for apache 2.2.0 which allows
to use the sernername extension
logic in the development snapshot in order to select a different ssl
context, and also to
renegotiate if the vhost indicated by Host: has a different SSL_ctx
(e.g. certificate).
The
Hi,
Currently openssl-0.9.9 accepts a client hello (session resumption),
with or without the extended hello part. Why is this so?
Is it (or is it not) necessary to check if the extensions are the same
as previously negotiated? i.e., shouldn't the extensions be validated
w.r.t. previously neg
Dear all,
I apologise for the mis directed email regarding a minisip
registration with openser. It was mistakenly sent to openssl users
mailing list and my sincere apologies for it.
regards,
Pjothi
__
OpenSSL Project
You're not defining any ciphers to use, given the commented-out
tls_ciphers_list line.
Try setting it to:
tls_ciphers_list = "MEDIUM:HIGH"
Check the OpenSSL documentation for more information on what values
this string can take.
-Kyle H
On 2/6/06, Pjothi <[EMAIL PROTECTED]> wrote:
>
>
> Dear a
Hello All, Is both the static and shared crypto libraries FIPS compliant. 0.9.7e=The static crypto library is fips compliant.The integrity of libcrypto.a is checked using its HMAC-SHA1 fingerprint libcrypto.a.sha1 There is no checking for shared library libcrypto.so 0.9.7j-dev==
> I've been doing some research into this and so far the main
> cause seems
> to be that we were not calling SSL_free after each connection
> closed.
> From what I have gathered, the correct way to cleanup after a
> connection is to call the following functions in this order:
>
> SSL_sh
like openssl x509 -C
So you can, at compile time, build a small app which will read a
key/certificate/etc and use an i2d_* routine to DER encode it, dropping
that into a file. The file you run through a quick filter to turn into
a suitable include file making the binary data a character
array
On Fri, Feb 03, 2006 at 02:54:38PM -0600, Alberto Alonso wrote:
> I would like to be able to hard code the key/cert in the
> application instead of having files.
>
> Is there something similar to: SSL_CTX_use_PrivateKey_file
> and SSL_CTX_use_PrivateKey_file but that I can use pointers
> memory?
19 matches
Mail list logo
