Original message
>Date: Tue, 22 Aug 2006 12:22:37 -0700
>From: "David Schwartz" <[EMAIL PROTECTED]>
>Subject: RE: Wrapping SSL_read/SSL_write so they behave like
read/write.]
>To:
> You should 'select' for writability if and only if you get a
WANT_WRITE
>indication, whether
> Thank you for the clarification. What you have said
> makes sense, but I am still a little unclear on what
> is meant by "redistribution" and "products derived from [OpenSSL]".
The term "redistribution" means any distribution of OpenSSL or a
derivative
work of OpenSSL other than what
> To answer my own question: No. Here is an amended version.
While I believe your code is okay, it can be improved in a few ways. It
contains some assumptions that are not always true, and it will work better
without those assumptions.
> > for(cp = connobjs; cp; cp = cp->next)
> >
In message <[EMAIL PROTECTED]> on Tue, 22 Aug 2006 15:07:31 -0400, Ryan Shon
<[EMAIL PROTECTED]> said:
rshon> Presumably, a program, e.g. a web browser, could be written
rshon> which uses OpenSSL (whether through linking to the libraries or
rshon> by including actual pieces of OpenSSL code), and
Thank you for the clarification. What you have said
makes sense, but I am still a little unclear on what
is meant by "redistribution" and "products derived from [OpenSSL]".
Presumably, a program, e.g. a web browser, could be written
which uses OpenSSL (whether through linking to the libraries or
Hello,
> >You may use select() but with some care.
> >Simplest way is to:
> > 1) wait on select()
> > 2) read hit from SSL descriptor occur
> > 3) read incrementally with SSL_read() from that descriptor until
> >WANT_READ
> > (or in other words - get all data from SSL read buffer)
> > 4) go to se
Original message
>Date: Tue, 22 Aug 2006 15:00:46 +0200
>From: Marek Marcola <[EMAIL PROTECTED]>
>Subject: Re: Wrapping SSL_read/SSL_write so they behave like
read/write.]
>To: openssl-users@openssl.org
>You may use select() but with some care.
>Simplest way is to:
> 1) wait on sele
In message <[EMAIL PROTECTED]> on Tue, 22 Aug 2006 18:47:12 +0200, Richard
Koenning <[EMAIL PROTECTED]> said:
Richard.Koenning> Ryan Shon wrote:
Richard.Koenning>
Richard.Koenning> > My boss hopes to sell this OpenSSL variant as a
Richard.Koenning> > product. Because of this, he would not want
Ryan Shon wrote:
My boss hopes to sell this OpenSSL variant as a product. Because
of this, he would not want customers who buy this product to be
free to redistribute it on their own. If we were only to modify
existing OpenSSL, then I assume our entire product would be subject
to free redistri
On Tue, Aug 22, 2006 at 12:06:29PM -0400, Steven Young wrote:
> On Tue, Aug 22, 2006 at 03:00:46PM +0200, Marek Marcola wrote:
> > You may use select() but with some care.
> > Simplest way is to:
> > 1) wait on select()
> > 2) read hit from SSL descriptor occur
> > 3) read incrementally with SSL
Richard Koenning wrote:
Ryan Shon wrote:
In particular, we are unclear as to what redistribution rights
the OpenSSL license would grant to customers who purchase
our OpenSSL variant. Would they be allowed to redistribute
our optimized library?
The license enumerates the conditions which have
On Tue, Aug 22, 2006 at 03:00:46PM +0200, Marek Marcola wrote:
> You may use select() but with some care.
> Simplest way is to:
> 1) wait on select()
> 2) read hit from SSL descriptor occur
> 3) read incrementally with SSL_read() from that descriptor until
> WANT_READ
>(or in other words - g
Title: Message
Folks,
For
the sake of closure (and finality, one would hope :-) ), the relevant Apache
configuration parameter is "ServerTokens". There is also a spiffy module
available to do just about anything you might desire here:
modsecurity.
Works
for me...
rnd
-Origina
Ryan Shon wrote:
In particular, we are unclear as to what redistribution rights
the OpenSSL license would grant to customers who purchase
our OpenSSL variant. Would they be allowed to redistribute
our optimized library?
The license enumerates the conditions which have to be met for redistribu
You are correct; I did miss Lutz's email.Lutz ... thank you. That is exactly the answer I was looking for, to all my questions.Thank you openssl list, and to all those who provided helpful feedback.
Sincerely, ScottOn 8/22/06, Bernhard Froehlich <[EMAIL PROTECTED]> wrote:
Scott Campbell wrot
Scott Campbell wrote:
[...]
My question is (rephrased), if possible, how can I hide the
headers in OpenSSL from being broadcast to software running
rudimentary security scans (e.g., Nessus)?
Is there a line I can add to a conf file?
Is preventing the broadcast of software, version,
Do something like this for a SSL_read() and something very similar for
SSL_write() and SSL_shutdown(), etc. (I'm assuming non-blocking sockets):
-
totalbytesread=0;
stop='n';
unsigned
Originally I sent this letter to [EMAIL PROTECTED],
as indicated by the license file, but I never got a
response.
Hopefully you in openssl-users can help.
I work for nFocal, a company in
Rochester, New York. We want to develop a variant of OpenSSL
in which we optimize the cryptography library t
Guys, While I appreciate the vibrant discussion, I was not asking for the pros and cons of hiding the header information, whether or not one feels it promotes security, and whether one believes meddling with this makes one a geek or not. In many people's desire to announce their opinion on the
Hello,
> Pardon me, I think I'm a little thick today. I get what you're
> all saying but I'm still not 100% sure of how this should be applied.
> Here's the program flow, without SSL:
>
> while(!quit) {
> for(i in all file descriptors) {
> if(we have something buffered up to say to the s
Apologies if this is a duplicate; I was messing around with my e-mail
yesterday and it was broken for a while. I didn't see this go through.
On Sun, Aug 20, 2006 at 06:54:36PM -0400, Joe Flowers wrote:
> It means call exactly the same SSL function you just did with the exact
> same paramete
Hello,
> So, I guess SSLv3 and TLS are almost identicle as far as encryptions are
> concerned and TLS differs from SSLv3 in terms of handshake, authentication,
> key management.
> If this is correct, then now onwards what should be preffered methods used
> for SSL_CTX_new() ? Should it be SSLv3 or
- Original Message -
From: "Marek Marcola" <[EMAIL PROTECTED]>
To:
Sent: Tuesday, August 22, 2006 3:41 PM
Subject: Re: TLS1 support in openssl?
> Hello,
> > how does openssl 0.9.8b support tls? I went through the code and it
> > looks like tls is just like an alias for SSLv3.
> > Can s
Hello,
> how does openssl 0.9.8b support tls? I went through the code and it
> looks like tls is just like an alias for SSLv3.
> Can someone tell me where exactly TLS1 and SSLv3 differ?
In general they are very close, but main difference are:
- protocol version in messages (SSL3: 0300, TLS1: 0301
Hi,
how does openssl 0.9.8b support tls? I went
through the code and it looks like tls is just like an alias for
SSLv3.
Can someone tell me where exactly TLS1 and SSLv3
differ? What are the changes that they will differ in future?
Thank you,
~ UrjitDISCLAIMER
==
This e-mail may con
On Mon, Aug 21, 2006 at 04:15:46PM -0500, Doug Nebeker wrote:
>
> The problem is that virtually no legit users will ever look, but the
> hackers
> definitely will. I'll admit (being a geek) that I checked once when
> logging
> into my banking site for the first time many years ago. So maybe I
On Mon, 2006-08-21 at 11:42 -0700, [EMAIL PROTECTED] wrote:
> plain text document attachment (RE:)
> > > The long version: We run security check software, which makes
> > > connections
> > > with various services, calls up the header, and then tells us that based
> > > upon the version it read in
27 matches
Mail list logo
