Hello All:
At first , I make SSL connection By OpenSSL ,and then ,I want IE can share
this connection ,which means that IE do not need SSL authentication again
,so IE can connect the WEB server on the SSL tunnel.
Now,SSL connection is built by OpenSSL. But ,I do not know IE how to share
the SSL
> From: owner-openssl-us...@openssl.org On Behalf Of prathima
> Sent: Wednesday, 07 January, 2009 05:27
(I haven't seen any other response yet, although this is pretty basic)
> I am using Microst Live Communication server 2005 as server for
> Mutual TLS
> authentication with a SIP phone.(Polyc
You're looking at the User Guide. This isn't the right thing to look
at; the relevant document (and indeed the controlling document) is the
Security Policy, http://openssl.org/docs/fips/SecurityPolicy-1.2.pdf ,
and the relevant section is Appendix A, "Installation Instructions".
It's very likely t
Steve,
Thank you for the prompt reply! Here is the command that I'm using to
create a pkcs8 formatted key:
openssl pkcs8 -in -topk8 -v2 des3 -passout pass:
As you said "The bit you are missing is the PKCS#5 spec which gives details
of the PBKDF2 key derivation algorithm."
My questions:
1)
Mark Allison wrote:
Problems with decrypting using openssl-0.9.8b and windows 64 (x64).
Same test works on windows 32 bit os.
My first recommendation would be to try the LATEST version of OpenSSL.
A lot of things have changed since that version and the version you are
linking against has mult
and, just for reference, per guidance above, finally,
uname -a
Linux dt.loc 2.6.27.7-9-default #1 SMP 2008-12-04 18:10:04 +0100
i686 i686 i386 GNU/Linux
openssl version
OpenSSL 0.9.8j-fips 07 Jan 2009
thanks!
__
OpenSSL Pro
On Fri, Jan 9, 2009 at 3:29 PM, Kyle Hamilton wrote:
> If you read it, you too will see this. :)
Actually, I HAD already read section 4.2.1 of the UserGuide for *v1.2*,
"4.2.1Building the FIPS Object Module from Source
The specification of any other options on the command line, such as
./config
'no-asm' used to be a violation of the security policy with the 1.1.x
series, but it is explicitly allowed in the 1.2 policy.
If you read it, you too will see this. :)
-Kyle H
On Fri, Jan 9, 2009 at 3:13 PM, PGNet wrote:
> Kyle,
>
> On Fri, Jan 9, 2009 at 2:37 PM, Kyle Hamilton wrote:
>> Delet
Kyle,
On Fri, Jan 9, 2009 at 2:37 PM, Kyle Hamilton wrote:
> Delete the directory, untar it fresh, and reconfigure with that config line.
ok,
> rm -rf openssl-fips-1.2
> tar zxf openssl-fips-1.2.tar.gz
> cd openssl-fips-1.2/
Directory: /usr/local/src/openssl/openssl-fips-1.2
> ./config fips
You can configure a single apache instance, with many virtualhosts SSL
enabled on the same IP/Port, but every virtualhost must be under the
same domain.
This can be done using a "wildcard certificate" where you can use the
subjectalternativenames set to DNS:*.mydomain.com.
Then if your virtualh
Delete the directory, untar it fresh, and reconfigure with that config line.
What you're seeing is a situation caused by prior builds not being
completely cleaned. The problem is that if you do anything that isn't
in the security policy (including 'make clean'), the result cannot be
claimed to be
"Kevin Murphy" writes:
>...would like to get some clarification on the above points.
>It would be terrific if I could use one certificate for multiple hosts.
Kevin:
That is the default behavior of Apache when you configure the SSL
enabled web server instance to respond on all IP addresses (with
per advice,
./config fipscanisterbuild no-asm
completes without error, but, now,
make
fails @,
...
/usr/bin/ranlib ../libssl.a || echo Never mind.
make[1]: Leaving directory `/usr/local/src/openssl/openssl-fips-1.2/ssl'
make[1]: Entering directory `/usr/local/src/openssl/openssl-fips-1.2'
My mistake.
That's for "fipscanisterbuild".
Trying now ...
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager
On Fri, Jan 9, 2009 at 12:25 PM, Kyle Hamilton wrote:
> In the fips-1.2 configuration step, use
> ./config fipscanisterbuild no-asm
As I had alread noted above, I did.
> So either use a box supporting SSE2 or use a pure C build (no-asm) which
> will have poorer performance.
config with,
./Co
If you're running it on a processor with SSE, and it's failing, what
does this tell you? SSE2 is required to use the asm code path. SSE
just doesn't cut it.
In the fips-1.2 configuration step, use
./config fipscanisterbuild no-asm
-Kyle H
On Fri, Jan 9, 2009 at 9:25 AM, PGNet wrote:
> Hi Step
Problems with decrypting using openssl-0.9.8b and windows 64 (x64).
Same test works on windows 32 bit os.
We are having difficulties trying to decrypt a encrypted text string
using a simple test application on a windows 64 bit os. The same test
application works as expected on windows 32 bit o
On Fri, Jan 9, 2009 at 10:20 AM, Steve Chaplin
wrote:
> Hi all,
>
> I have an application that essentially performs the same purpose
> as apps/enc.c and have a couple of questions. I have spent a few
> days checking out enc.c and others plus googling and have checked
> the mailing list archive, I
Hi Stephen,
On Fri, Jan 9, 2009 at 8:18 AM, Dr. Stephen Henson wrote:
> You can get the answer with "openssl errstr" or by checking the source file
> referenced.
Noted. Thanks.
> So either use a box supporting SSE2 or use a pure C build (no-asm) which
> will have poorer performance.
I have no
On Thu, Jan 08, 2009, PGNet wrote:
>
> ...
> Testing SHA-512 ... passed.
> Testing SHA-384 ... passed.
> if [ -n "libcrypto" ]; then \
> ../util/shlib_wrap.sh ./fips_shatest < SHAmix.r | diff -w
> SHAmix.x - ; \
> fi
> ERROR:2d06c071:li
On Fri, Jan 09, 2009, Jean-Marc Desperrier wrote:
>
> Stephen, can you elaborate on that response because from the patch it seems
> that more than only client validation of the server signature in SSL
> sessions is affected.
>
> cms/cms_sd.c is affected, but the consequence is only a missing err
Thank you, I missed that step.
I did add that step and noted that ML (MASM) is part of visual studio 9
and switched to DO_MASM.
After making that change, everything compiled but I had a link error:
_bn_sub_part_words was multiply defined.
I looked at the code and saw that _bm_sub_part_words was
Hi all,
I have an application that essentially performs the same purpose
as apps/enc.c and have a couple of questions. I have spent a few
days checking out enc.c and others plus googling and have checked
the mailing list archive, I also have the O'Reilly books.
1. I am calling EVP_get_cipherbyna
Dr. Stephen Henson wrote:
On Wed, Jan 07, 2009, Victor Duchovni wrote:
This is not very clear to me. Which signatures are poorly verified:
1. The server's signature on SSL/TLS protocol messages that must
be signed under the server's private key (corresponding to the
private k
In my case (not Md Lazreg) I can control only client part of connection.
I use heavily patched OpenSSL 0.9.8d
The sever side use some version of MS WIndows. I believe it MS Server
2003 or newer.
I was hoping that the solution for Md Lazreg will help in my case.
Kyle Hamilton пишет:
Specif
25 matches
Mail list logo
