Re: McAfee Claims TLS Vulnerability

2012-04-29 Thread Jeffrey Walton
On Sun, Apr 29, 2012 at 5:40 PM, Mike Hoy wrote: > We use McAfee to scan our website for vulnerabilities. They claim the > following: >> >> Configure SSL/TLS servers to only use TLS 1.1 or TLS 1.2 if supported. >> Configure SSL/TLS servers to only support cipher suites that do not use >> block cip

How to detect expiration of server certification

2012-04-29 Thread 谷口康規
Hi. Help me please. I'm beginner. I'm tring to print message of expiration of server certificate on the side of SSL server.(server authentication) But, I can't find how to get the alert from error code. I think SSL_AD_CERTIFICATE_EXPIRED or SSL3_AD_CERTIFICATE_EXPIRED is the error code. However

RE: SSH/SFTP - DH_GEX group out of range

2012-04-29 Thread Dave Thompson
> From: owner-openssl-us...@openssl.org On Behalf Of Johansen Daniel > Sent: Friday, 27 April, 2012 03:18 > Im sorry for removing some "sensitive" information, but it is > company policy. > Understood. > SFTP Server is using maverick sshd library (java based). > I haven't used that myself, but

RE: FAILED:unable to get local issuer certificate

2012-04-29 Thread Dave Thompson
> From: owner-openssl-us...@openssl.org On Behalf Of Tammany, Curtis > Sent: Friday, 27 April, 2012 09:45 > To: st...@openssl.org; openssl-users@openssl.org > Subject: FAILED:unable to get local issuer certificate > > We have an Apache 2.2.22/OpenSSL 1.0.1 CAC-enabled website > running on Windows

RE: OpenSSL 1.0.1b released, invalid tar file!

2012-04-29 Thread Dave Thompson
> From: owner-openssl-us...@openssl.org On Behalf Of jb-open...@wisemo.com > Sent: Thursday, 26 April, 2012 19:37 > On 26-04-2012 15:05, Thomas J. Hruska wrote: > > ... This archive under 7-Zip 9.20 (latest > > stable) displays a "There are no trailing zero-filled records" > > error dialog but

Re: Please tell me about encryption API of OpenSSL 1.0.1

2012-04-29 Thread Matt Caswell (fr...@baggins.org)
On 29/04/12 05:23, MauMau wrote: Q2: Is AES-XTS slower than AES-CBC? Does AES-NI speed up AES-XTS like AES-CBC? Yes it is slower because there is an additional encryption operation on the "tweak". I think AES-NI speeds up the implementation of the underlying AES cipher, and therefore would be

McAfee Claims TLS Vulnerability

2012-04-29 Thread Mike Hoy
We use McAfee to scan our website for vulnerabilities. They claim the following: > Configure SSL/TLS servers to only use TLS 1.1 or TLS 1.2 if supported. > Configure SSL/TLS servers to only support cipher suites that do not use > block ciphers. Apply patches if available. I ran #openssl version a