On Wed, Jan 31, 2007 at 01:27:23AM -0500, Victor Duchovni wrote:
> Tested by explicitly setting:
>
> ssl_cipher_methods[SSL_ENC_AES128_IDX]=
> #ifndef TEST_MASK256
> EVP_get_cipherbyname(SN_aes_128_cbc);
> #else
> 0;
> #fi
> ssl_cipher_methods[SSL_ENC_AES256_IDX]
On Tue, Jan 30, 2007 at 10:24:21AM -0500, Victor Duchovni wrote:
> Is this the right forum? I want to make that Postfix 2.4 is still correct
> when OpenSSL 0.9.9 is released, and I am reluctant to augment the AES-256
> work-around with a Camellia-256 work-around, ... I am looking for a more
> syst
I have what I hope to be a relatively simple question regarding
SSL_read/write/etc operations on nonblocking sockets, and the errors
they return. I would like to preface this by saying that I have spent
hours scouring google and also searching the archives and I haven't
really found an answer,
I have what I hope to be a relatively simple question regarding
SSL_read/write/etc operations on nonblocking sockets, and the errors
they return. I would like to preface this by saying that I have spent
hours scouring google and also searching the archives and I haven't
really found an answer,
Hi,
Attached the cert generated for SMIME.
This is usually 5 dashes.
Regards
Kamal
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bertram Scharpf
Sent: Wednesday, January 31, 2007 5:46 AM
To: openssl-users@openssl.org
Subject: File format's name
Hi,
s
> Hi,
>
> sorry, please let me ask this question:
>
> The ASCII files OpenSSL produces all look like
>
> BEGIN CERTIFICATE
> ...
> END CERTIFICATE
>
> Is the number of dashes reliably 4? And what is the name
> of this file format?
Yes. PEM.
DS
_
Hi,
sorry, please let me ask this question:
The ASCII files OpenSSL produces all look like
BEGIN CERTIFICATE
...
END CERTIFICATE
Is the number of dashes reliably 4? And what is the name
of this file format?
A customer asks me to send the certificate without these
surrounding li
On Tue, Jan 30, 2007, Dinh, Thao V CIV NSWCDD, K72 wrote:
> Terry
> I ran into same problem a while ago. I had a blocking server, waiting
> for client to connect. I had non-blocking client connected to server, It
> never pass SSL_connect(). I changed non-blocking to blocking I/O BEFORE
> I called
Greetings everyone:
We're using OpenSSL for TLS client/server authentication, implement
via EAP-FAST protocol.
We are seeing odd output when doing the tunnel establishment
phase( tls full client side auth handshake) on the client side.
Details are:
a. we set the ciphersuite to TLS_DH_ano
Terry
On the client side, I convert back from blocking socket to n0n-blocking
socket after successfully calling SSL_connect. On the server side, I
call accept(). After accept return socket, put ssl on this socket, then
call SSL_accept(). If SSL_accept() successes, spin off a thread to
handle this
hello Thao
Thank you for trying but no, this does not help.
If you want to build a single threaded scalable server using nonblocking
i/o, you need to use exclusively nonblocking i/o. You can't conveniently
block on one connection while it sorts itself out, as you put the other
connections temporar
Terry
I ran into same problem a while ago. I had a blocking server, waiting
for client to connect. I had non-blocking client connected to server, It
never pass SSL_connect(). I changed non-blocking to blocking I/O BEFORE
I called SSL_connect(). It worked fined. It seem to me you need to using
block
Hello all,
I am doing, in C language, a SSL client with openSSL 0.9.7g
I have multiple clients (about 10) using the same SSL_CTX and connecting
to 2 different servers. (5 clients on each for example).
I wonder how SSL_get_session, SSL_set_session ans SSL_SESSION_free have
to be used there.
On Mon, Jan 29, 2007 at 04:53:50PM -0500, Victor Duchovni wrote:
> Sun builds libcrypto with AES128 support, but without AES256 support.
>
> And attempts to paper-over the problem with a custom "DEFAULT" cipherlist,
> (but COMPLEMENTOFDEFAULT is wrong, and "ALL" and "HIGH" are not usable).
>
> W
There is a exmple implemtation of usage of bio_pairs in ssltest.c file included with the ssl distribution. This should give you a good idea about how to use them properly. I too took that same implemetion from ssltest.c and wraped it in a class for my IOCP server without too much of a trouble.
Reg
Hello,
> Thanks for the tip. But I still can't sign a Certificate Request.
> opensssl first asked for dir serial. I mkdir'd it, then it complains about
> not being able to load a serial number.
> jfd
This looks like not properly setup CA "infrastructure".
Look at "CA.pl" script (man CA.pl) to get s
Hello,
> I tried with "openssl s_client" but i cant get any OpenSSL version
> information back. Is there some easy ways of determine if the remote
> service is vulnerable or can you ensure that the versions which is
> older than 0.9.6k or 0.9.7c are not vulnerable.
SSL server do not send back versi
17 matches
Mail list logo
