For me , the "responding incorrectly" here defined as "incorrect cypher
suite".
Is there any way to detect this exact error?
Thanks
Peter
On Fri, May 22, 2009 at 1:04 PM, David Schwartz wrote:
>
> > 4. TLS server free, but responding incorrectly
> > (as the scenario described in the beginning)
> 4. TLS server free, but responding incorrectly
> (as the scenario described in the beginning)
> Is there any way to differticate these cases, especially case 4?
> Peter
No. There are an infinite number of variations on "responding incorrectly".
If you can define it precisely, then you can tes
> Dear all:
> at the end of letter, I append the the public key I excerpted from my
> certificate by openssl x509.
> Since the key is 2048 bits, 256 bytes, I find the length of
> 00:af:..14:f7
> is 257 bytes.
Right. In BER/DER form, without the leading 00 byte, the high bit is set and
the num
Hi all,
I need to build a scenario of detecting incorrect cypher suite of TLS
connection.
The plan is to modify from a good TLS server, to encrypt data in a different
cypher method from client request in handshake phase. However, as openssl
encapsulated the implementation, I wonder if there's an
Dear all:
at the end of letter, I append the the public key I excerpted from my
certificate by openssl x509.
Since the key is 2048 bits, 256 bytes, I find the length of 00:af:..14:f7
is 257 bytes.
But I use -modulus parameter, I see the beginning 00 will disappear
and the size if 256 bytes as
I'm trying to connect to an HTTPS server, and my connection is being
rejected when I use a client certificate:
[dw...@macbook ~]$ openssl s_client -cert $CERT -connect $SERVER:443 -crlf -tls1
CONNECTED(0003)
depth=1 /C=US/O=Foo Corporation/CN=Foo Intranet Basic Issuing CA 2A
verify error:num=20
On Thu May 21 2009, Finest Software for All Windows and Apple Mac wrote:
>Look up finest very cheap Applications today..
> - - - Snip - - -
>
OpenSSL: $7,850USD, includes a developer in the package enabled
for a limited-use, one-month, trial period.
Developer may be returned at any time with
Hi,
Thank you all for the replys.
I've found out what the problem was.
The buffer that I sent to d2i_X509 function was bad ASN.1 buffer.
After solving the cetrificate buffer retrieval everything worked great!
Thanks Again,
Lior
2009/5/21 Peter Sylvester
> Victor B. Wagner wrote:
>
>> On 2009.
Victor B. Wagner wrote:
On 2009.05.20 at 18:28:42 +0200, Peter Sylvester wrote:
IMO a good approach is also to simple read and understand apps/x509.c
Unfortunately, it wouldn't help much. x509 utility does work only with
certificates in files (or stdin), so it uses d2i_X509_bio.
In t
Hi Kyle,
How we give the engine support in the ./config line.
-Yateendra J.
-Original Message-
From: Kyle Hamilton [mailto:aerow...@gmail.com]
Sent: Wednesday, May 20, 2009 11:11 PM
To: openssl-users@openssl.org
Cc: Jaiman, Yateendra
Subject: Re: [FWD] Openssl-0.9.8e/i build fails with
I'm trying to use opentsa but i don't find anywhere how can I build a tsa
certificate p12 file in with my self-signed certificate. Can I build it
with an openssl command, and what about the syntax ?
Thanks in advance to everybody
--
Santiago PĂ©rez Agra
Concello de Pontevedra
spe...@ponteve
> Dear all:
> I have some question about parameters pass to bn_rand
> from http://www.openssl.org/docs/crypto/BN_rand.html, the top has
> 3 choices.
> a. -1 most significant bit of the random number can be zero
> b. 0 most significant bit of the random number is 1
> c. 1 most significant 2 bit o
Hi Dave/Ger/Kyle n all
Thanks for the inputs
The problem got solved
I used -config option to specify the location of openssl.cnf
Then I followed steps specified on modssl site
http://www.modssl.org/docs/2.8/ssl_faq.html#ToC29
and changed the default key location in httpd.conf file now its
I'm trying to create a custom self-signed p12 file in order to attach it
to a opentsa server but i don't know how to do the next question:
"Generate a private key and a certificate including the TimeStamping
critical extended key usage X.509v3 extension for the TSA and set up the
mod_tsa confi
Dear all:
I have some question about parameters pass to bn_rand
from http://www.openssl.org/docs/crypto/BN_rand.html, the top has 3 choices.
a. -1 most significant bit of the random number can be zero
b. 0 most significant bit of the random number is 1
c. 1 most significant 2 bit of the random nu
On 2009.05.20 at 18:28:42 +0200, Peter Sylvester wrote:
> IMO a good approach is also to simple read and understand apps/x509.c
Unfortunately, it wouldn't help much. x509 utility does work only with
certificates in files (or stdin), so it uses d2i_X509_bio.
In this case certificate is stored in
16 matches
Mail list logo
