To answer my own question, seems the code that generates the
SSL_CIPHER_description() output does not make any difference between SSLv3,
TLSv1.0
and TLSv1.1. Only TLSv1.2 is displayed as such. So in my case, I probably
did have a TLSv1 connection. Confusing ...
A followup question, is it correct t
I have a weird case that I cannot properly explain.
Using OpenSSL 1.0.1c for both client and server, I was testing various
combinations of ciphers and protocol version requests.
Basically, the server uses SSLv23_server_method().
The client code uses SSLv23_client_method() and SSL_OP_NO_SSLv2
Then
I am interacting with DES encryption at a fairly superficial level, but it has
been working for some time. Now I am trying to encrypt a slightly longer text
string and am running into a problem. It works well until my text length
exceeds about 8 KB and then it simply truncates the input and e
>From: owner-openssl-us...@openssl.org On Behalf Of Jack Trades
>Sent: Thursday, 14 June, 2012 16:18
>I have an asynchronous win32 websocket server (written in C/C++
>using MSVS 2010) application that I now want to support WSS -
>a WebSocket Secure connection. To accomplish this, I added
>open
I made an error. I didn't actually add OCSPSigning extended key usage to the
OCSP responder cert.
My attempt(which I found at the mailing list archive) was bad:
openssl x509 -in 03.crt -inform PEM -addtrust OCSPSigning -out
ocsp_resp_cert.pem
"-addtrust" is another command for another purpose
Hello.
I could connect to OpenSSL OCSP responder only by IPv6. But I have another
error:
3908:error:2706A067:OCSP routines:OCSP_CHECK_DELEGATED:missing ocspsigning
usage:.\crypto\ocsp\ocsp_vfy.c:350:
3908:error:27069070:OCSP routines:OCSP_basic_verify:root ca not
trusted:.\crypto\ocsp\ocsp_vfy
Hello.
I start OCSP server for testing. I use command:
openssl ocsp -index index.txt -port -rkey ocsp_resp_pkey.pem -rsigner
ocsp_resp_cert.crt -CA cacert.crt –text
After I got the message “Waiting for OCSP client connections...” I see that
process openssl.exe listen only TCPv6 port
,
Hello,
IIRC, when you do dynamic linkage, the conf file is parsed and engine
initiated as per conf file, not when you do static linkage. Hence your
issue.
More generally, it's a bad idea to link statically in the context of
GOST use: if at one point you need to use FSB certified GOST, you'll
I have a question on how this situation happens, exactly, when using TLS 1.1 or
1.2. From ticket 2771, I see that the length of the ClientHello is what causes
the problem. But what needs to happen in order to make a ClientHello get too
big? My OpenSSL application only supports around 25 ciph
As far as I understood the main idea of this code is to get engine and
initialize it by ENGINE_init(e).
My code was only for testing of loading and initialization of specific ENGINE.
What is the further use of this ENGINE* pointer? It seems that i can "forget"
about it
Variable with type ENG
I have an asynchronous win32 websocket server (written in C/C++ using MSVS
2010) application that I now want to support WSS - a WebSocket Secure
connection. To accomplish this, I added openssl to my application.
However, when the client tries to connect to my webserver, openssl is
rejecting the cl
11 matches
Mail list logo
