Marek Marcola wrote:
Many applications generate a static one, can the same exact key be
re-used without any security considerations for unrelated sessions ?
Should a highly secure application generate a new one for every connection?
In this case (export restriction) generating RSA 512 bit key
I am writing a sample application both in Linux and Windows using OpenSSL FIPS mode. In both of Linux and Windows, call FIPS_mode_set in the source code, and use fipsld in Linux and fipslink.pl in windows, all the build procedures followed the OpenSSL FIPS 140-2 User Guide. However, when I run th
Hello,
> > SSL protocol differs in server_key_exchange packet
> > (with may be used not only for export restriction).
> > This requires temporary RSA key in context.
> > If you add to server initialization routine something like:
> > RSA *rsa;
> > rsa=RSA_generate_key(512,RSA_F4,NULL,NULL);
This didn't go through either. Resending.
Original Message
Subject: Re: CAs and SubjectAltNames
Date: Wed, 12 Jul 2006 22:46:27 -0700
From: Phil Dibowitz <[EMAIL PROTECTED]>
To: openssl-users@openssl.org
References: <[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>
On
This didn't go through the first time. Re-sending.
Original Message
Subject: Re: CAs and SubjectAltNames
Date: Wed, 12 Jul 2006 22:23:14 -0700
From: Phil Dibowitz <[EMAIL PROTECTED]>
To: openssl-users@openssl.org
References: <[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>
On Thu, Jun 08
Marek Marcola wrote:
SSL protocol differs in server_key_exchange packet
(with may be used not only for export restriction).
This requires temporary RSA key in context.
If you add to server initialization routine something like:
RSA *rsa;
rsa=RSA_generate_key(512,RSA_F4,NULL,NULL);
> > SSL protocol differs in server_key_exchange packet
> > (with may be used not only for export restriction).
> > This requires temporary RSA key in context.
> > If you add to server initialization routine something like:
> > RSA *rsa;
> > rsa=RSA_generate_key(512,RSA_F4,NULL,NULL);
> >if (!
On Fri, Jul 14, 2006, Marek Marcola wrote:
> Hello,
> > > Well ... In that case,
> > > A] how is it that s_server and s_client can
> > > communicate
> > > 1) Using the same ssl library
> > > 2) Using the same certificates
> > > 3) Using the same cipher suits
> >
> > You mean can't , don't u? That
Hello,
> > Well ... In that case,
> > A] how is it that s_server and s_client can
> > communicate
> > 1) Using the same ssl library
> > 2) Using the same certificates
> > 3) Using the same cipher suits
>
> You mean can't , don't u? That is bcoz SSL protocol
> itself is different in the export case
You urself answered it just now! :-)
The client doesn't matter, so you can connect to
s_server...
--- Urjit Gokhale <[EMAIL PROTECTED]>
wrote:
> > Well ... In that case,
> > A] how is it that s_server and s_client can
> > communicate
> > 1) Using the same ssl library
> > 2) Using the same certif
> Well ... In that case,
> A] how is it that s_server and s_client can
> communicate
> 1) Using the same ssl library
> 2) Using the same certificates
> 3) Using the same cipher suits
You mean can't , don't u? That is bcoz SSL protocol
itself is different in the export case. As Steve
mentioned ther
--- Urjit Gokhale <[EMAIL PROTECTED]>
wrote:
> Hi,
> Thanks for the reply.> > Urjit,
> > >
> > > I got it working once I replaced
> > > "EXP-DES-CBC-SHA" with
> > > "DES-CBC-SHA"
> > >
> > > I think you might have to do something special
> to
> > > enable export quality ciphers.
> > >
> >
> > Th
Yes, you are right. The problem is gone away in VC 2005 ( Unfortunately I have only VC 2005 Beta version -old, but it works). VC 2001 plus service pack 6 was installed (which caused the problem). Thanks for the help. Shicai"Dr. Stephen Henson" <[EMAIL PROTECTED]> wrote: On Wed, Jul 12,
Hi,
Thanks for the reply.> > Urjit,
> >
> > I got it working once I replaced
> > "EXP-DES-CBC-SHA" with
> > "DES-CBC-SHA"
> >
> > I think you might have to do something special to
> > enable export quality ciphers.
> >
>
> They can place restrictions on the size of the RSA key used for kex
exchange
On Fri, Jul 14, 2006, Girish Venkatachalam wrote:
> Urjit,
>
> I got it working once I replaced
> "EXP-DES-CBC-SHA" with
> "DES-CBC-SHA"
>
> I think you might have to do something special to
> enable export quality ciphers.
>
They can place restrictions on the size of the RSA key used for k
Urjit,
I got it working once I replaced
"EXP-DES-CBC-SHA" with
"DES-CBC-SHA"
I think you might have to do something special to
enable export quality ciphers.
regards,
Girish
--- Urjit Gokhale <[EMAIL PROTECTED]>
wrote:
> Hi,
> I have attached the sample server and client
> programs for your
Jean-Romain PAC wrote:
Hello,
It seems that my index.txt (OpenSSL) database is corrupted. When I try
to add a new certificate, or want to do anything that will have an
influence to the database, I have this error message :
error creating name index:(2,1,7)
How can I repair it ?
Jean-Romain.
Hi,
I have attached the sample server and client programs for your
consideration. As these are minimal sample codes that reproduce my problem,
error handling is not done.
To run the server, you need to provide the port on the command line
To run the client, you need to provide host and port where s
18 matches
Mail list logo
