On OS X you can use pstopdf... a couple of ideas can be found here:
http://www.macosxhints.com/article.php?
story=20051020122911920&query=man+pdf
Basic usage is:
man -t openssl | pstopdf -i -o openssl.pdf
That will give you a formatted PDF for two sided printing.
On May 25, 2006, at 6:17 PM,
Thanks!
looks like RSA+DH is the way to go for perfect forward secrecy!
Sreeram
signature.asc
Description: OpenPGP digital signature
Related note: you can explicitly request re-keying at any time, and
should do it periodically on long-term connections. That makes analysis
even more expensive since there's less data and less payoff.
Victor Duchovni wrote:
For all these ciphers the attacker has to brute force the symmetric k
Thats cool..they do have DH ...a quick look suggested a premaster
secret(randomly choosen). Dint seem like theres a DH exchange
Sudharsan
Sudharsan
On 5/25/06, Victor Duchovni <[EMAIL PROTECTED]> wrote:
On Fri, May 26, 2006 at 07:23:05AM +0530, Sreeram Kandallu wrote:
> Hi All
>
> Is it possi
I don't have the details at hand, but look at "perfect forward secrecy"
in "SSL and TLS", Rescorla.
Sreeram Kandallu wrote:
Hi All
Is it possible to decrypt a recorded SSL session, if the attacker gains
access to the RSA private keys at a later point in time? If yes, what
would be the best wa
On Fri, May 26, 2006 at 07:23:05AM +0530, Sreeram Kandallu wrote:
> Hi All
>
> Is it possible to decrypt a recorded SSL session, if the attacker gains
> access to the RSA private keys at a later point in time? If yes, what
> would be the best way to avoid this?
$ ciphers='kEDH:!aNULL:!LOW:!E
well..i took a quick look and the client chooses a premaster secret
and the various keys are a function of it..doesnt look like theres any
scope for a DH exchange..Maybe some of the experienced security pple
can help
Sudharsan
On 5/25/06, Sudharsan Rangarajan <[EMAIL PROTECTED]> wrote:
I must a
I must apologize for not being SSL specific..But it gives u a hint and
u can take a look at the SSL specs and see what they allow.
Sudharsan
On 5/25/06, Sudharsan Rangarajan <[EMAIL PROTECTED]> wrote:
Im not sure if SSL gives u such options, but the best way to prevent
compromise of a RSA key w
Im not sure if SSL gives u such options, but the best way to prevent
compromise of a RSA key would be to establish a diffie hellman key.
You would want to do a shared secret anyawy..and im sure SSL does
it..if the shared secret is computed using diffie hellman and nobody
gets hold of the exponents
Hi All
Is it possible to decrypt a recorded SSL session, if the attacker gains
access to the RSA private keys at a later point in time? If yes, what
would be the best way to avoid this?
Thanks in Advance!
Regards
Sreeram
signature.asc
Description: OpenPGP digital signature
> From: Simon
>
> On 5/23/06, Kyle Hamilton <[EMAIL PROTECTED]> wrote:
> > .pod files are processed by pod2man, which is a standard
> part of perl.
> > Type 'man man' to determine how to show those files -- on some
> > systems it's merely 'man 3 SSL', others require different command
> > lin
On 5/23/06, Kyle Hamilton <[EMAIL PROTECTED]> wrote:
.pod files are processed by pod2man, which is a standard part of perl.
Type 'man man' to determine how to show those files -- on some
systems it's merely 'man 3 SSL', others require different command
line arguments (I'm not a user of OSX, so
> I noticed the custom server application I have to
> connect to tends to change connection port after a
> first handshake has been performed.
What does that mean?
> I disagree with the server application administrator
> which states this is a normal behaviour due to SSL
> regonation.
On Thu, May 25, 2006 at 10:58:55AM +0200, Marek Marcola wrote:
> Hello,
>
> > > AES256-SHA means also RSA key_exchange. Are you setting
> > > private RSA keys, certificate, and CA certificate also in SSL context ?
> >
> > does this imply that when I want to use EDH for key exchange that the ciph
http://lookit.typepad.com/lookit/2006/04/lame_openssl_bu.html
Basically, "openssl base64 -d" silently fails if given a line longer than 79
characters.
__
OpenSSL Project http://www.openssl.org
User
Mandar sarlashkar wrote:
I am trying to setup Apache 2.0.58 on Mandriva Linux 2006... Linux
platform is new for me...
Do you have a compelling need to compile your own apache? I encourage
it, but only if it makes sense for you. Most people are better off using
the distribution's package mana
Hello,
> I noticed the custom server application I have to
> connect to tends to change connection port after a
> first handshake has been performed.
>
> I disagree with the server application administrator
> which states this is a normal behaviour due to SSL
> regonation.
My guess is that is rat
Dear all,
I'd need a little clarification on SSL renegotiation.
Could ssl renegotiation take place over a different
tcp port then the "already-established" ones ? (tcp
connections established, handshake succcessfully
performerd at least one time).
I noticed the custom server application I have
Hello,
> 3) In enc manpage, what does a "salt" mean?
In "openssl enc" passphrase and salt are parameters
to PKCS#5-like key generation function.
You may read more about PKCS#5 at:
http://www.rsasecurity.com/rsalabs/node.asp?id=2127
> 4) Suppose I have an input file foo.in and a key file
Hello,
> > Hi, fellows. Thanks a lot for the hint. I'm using Blowfish in cfb mode.
> > Will there be any "padding not removed" problem with this cipher?
> >
> > Actually I'm very new here. I wonder if anyone can also clarify to me some
> > basic concepts as well. I really appreciate the help.
>
Hello,
> > AES256-SHA means also RSA key_exchange. Are you setting
> > private RSA keys, certificate, and CA certificate also in SSL context ?
>
> does this imply that when I want to use EDH for key exchange that the cipher
> will not be able to be AES*?
No, AES encryption may be used with the fo
21 matches
Mail list logo
