Hi,
Ours is an LDAP client application that fetches LDAP server names on the fly
using DNS SRV Resource Records. We then randomly pick one the servers
returned from DNS, establish an SSL/TLS connection with that server and then
perform a bind operation using user credentials (DN and password). Use
Let's pretend for a moment that an out of the box application uses openssl to
provide access not through a browser, but rather through a SOAP client like
Eclipse.
And let's also say that you have no access to the code internal to that
application.
Is there any other way to limit the ciphers? So
No, OpenSSL chooses the cipher from the argument to
SSL[_CTX]_set_cipher_list(3ssl) called on the SSL or the SSL_CTX structure.
On 8/11/10 4:57 PM, Alex Chen wrote:
> Does openssl choose the cipher from the pem file? If so, which section of the
> following pem file sets the cipher for communicat
Hi All,
I have a very strange problem, I had developed a application which would
playback the contents from the https server.
In this issue, when I play the content URL Server A it leads below crash,
but if I a play from Server B URL it plays properly. Both Server A and
Server B are HTTPS ser
Does openssl choose the cipher from the pem file? If so, which section of the
following pem file sets the cipher for communication?
Certificate:
Data:
Signature Algorithm: md5WithRSAEncryption
Issuer: .
Validity
Not Before: ...
Not After : ...
Hi,
This kind of error (MAC verification failure) usually indicates that the
given password is incorrect.
Check your password in the code, maybe there is some encoding problems
(ASCII vs UTF8).
You can also try to open your pkcs#12 file using another application,
like Firefox, to see if it's
Hello,
I was wondering if any of you guys ran into the below error and provide some
guidance/assistance?
8980:error:23076071:PKCS12 routines:PKCS12_parse:mac verify
failure:p12_kiss.c:121:
p12 = d2i_PKCS12_fp(fp, NULL);
if (!PKCS12_parse(p12, "password", &pkey, &x509, &ca))
Basically, I a
With regards to initialization vectors for CBC-mode block ciphers, how does
one extract the vector? Is it merely the first X bytes of data after the
record header, where X is the block size?
If so, are those first X bytes unencrypted? I suppose they must be.
Also, it's my understanding that in
Hodie IV Id. Aug. MMX, Jakob Bohm scripsit:
[...]
> The issue is which PRF to use when TLS version <= 1.1 but ciphersuite
> is from RFC5246 Appendix A. The TLS 1.1 and older standards then
> insist on the old PRF no matter what cipher suite is used, while the
> cipher suite definitions (in RFC5246
Hi,
I am using OpenSSL 0.9.8e-fips-rhel on Linux.
I am generating RSA Key using RSA_generate_key(). I am able to success
on that part.
On reading the OpenSSL faq, found that the function 'RAND_egd()' needs
to be
called before generating the key.
Is it mandatory to seed before generating ke
Hi ,
I am writing a program to generate RSA key and able to generate also.
But in the document I read, The pseudo-random number generator(PRNG)
must be seeded prior to calling RSA_generate_key().
How to seed the PRNG using ?
Thanks for your time,
Krishnaurthy
_
The informati
Hi Steve,
> -Original Message-
> From: Dr. Stephen Henson
>
> On Wed, Aug 11, 2010, Eisenacher, Patrick wrote:
>
> > Hi,
> >
> > I can make openssl's ca tool issue certificates with the
> subject's dname encoded as UTF8String for requests with UTF-8
> encoded subject dnames. However, when
On Wed, Aug 11, 2010, Eisenacher, Patrick wrote:
> Hi,
>
> I can make openssl's ca tool issue certificates with the subject's dname
> encoded as UTF8String for requests with UTF-8 encoded subject dnames.
> However, when I change the subject via the -subj commandline option, I can't
> seem to g
Hi,
I can make openssl's ca tool issue certificates with the subject's dname
encoded as UTF8String for requests with UTF-8 encoded subject dnames. However,
when I change the subject via the -subj commandline option, I can't seem to get
a certificate with a UTF-8 encoded subject dname.
Here's w
Hi,
I'm currently looking to add SSL support to an open source project.
I am reading the documentation and samples but could use some advice.
So if someone could help me about securing a TCP socket connection, it would
be really appreciated :)
Best regards.
P.S : Hope I've not posted in a wrong
Hi there:
A couple of things:
1: Neither of your CA certs have "certSign" as a keyUsage. This is the most
likely cause of failure.
2: Your router cert has a Basic constraint of CA=true - while probably not
causing you any problems, this is EXTREMELY dangerous.
I would suggest you go and make
16 matches
Mail list logo
