On Tue, Jul 13, 2010 at 3:04 PM, Jakob Bohm wrote:
> On 13-07-2010 15:00, Jeffrey Walton wrote:
> [SNIP]
>>> proponents of the RSA and DH algorithms said that the
>>> number was wildly exaggerated and proposed some much
>>> smaller values.
>>
>> I'm not willing to go out on a limb a recommend a
Amit Ben Shahar wrote:
> Hi,
>
> The documentation specifies that SSL_ERROR_ZERO_RETURN is returned if
> the transport layer is closed normally.
> My question is, how should i handle this return code?
> specifically should i call SSL_free normally to free resources, or are
> resources already fr
Using OpenSSL 1.0.0a and OpenSSL FIPS 1.2 on Debian 5
After the configuration and installation of FIPS 1.2, I go into the
openssl-1.0.0a directory and attempt to run
./config fips --openssldir=/etc/ssl --prefix=/usr shared
The text I get back is:
Operating system: x86_64-whatever-linux2
Configu
On 13-07-2010 15:00, Jeffrey Walton wrote:
Hi Jakob,
Are you sure about those numbers?
Yes. See SP800-57 [1].
I know SP800-57 says it, see below.
I know that proponents of ECC cryptography have been roundly
criticized for putting forward those specific numbers and for
talking NIST into rep
Hi,
The documentation specifies that SSL_ERROR_ZERO_RETURN is returned if
the transport layer is closed normally.
My question is, how should i handle this return code?
specifically should i call SSL_free normally to free resources, or are
resources already freed?
Thanks,
Amit Ben Shahar
Hi Jakob,
> Are you sure about those numbers?
Yes. See SP800-57 [1].
> I know that proponents of ECC cryptography have been roundly
> criticized for putting forward those specific numbers and for
> talking NIST into repeating them in their official publications.
Many of the folks I work with want
Hi!
I would like to know what is the most common way to handle certificat
revokation? Is it OSCP protocol or CRLs?
Firefox seems to handle both to some extent, but the default seems to be
only use OSCP if the certificate extensions specifies a server. My
CRL database is empty, but has a manual im
I've been looking all over for this, and I can't find it.
Background - I'm trying to build stunnel on a platform that doesn't
include RSA_generate_key, so I need to modify it to use the newer API.
At the very least, I need to know how to check the return value of the
new API.
Thanks!
--
===
