RE: CN > 64 chars

I'll be waiting for it Thanks Steve Juan Angel -Mensaje original- De: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] En nombre de Dr. Stephen Henson Enviado el: miércoles, 10 de octubre de 2012 2:05 Para: openssl-users@openssl.org Asunto: Re: CN > 64 chars O

Re: top 10 mistakes when using libopenssl?

Suggestions from my experience: -Failing to verify the certificate after calling SSL_accept() -Failing to verify minimum cipher strength for the application -Failing to understand that the NULL suites give nothing and only take extra bytes -Misunderstanding that "DN=CN:CA1;DN=CN:you" does NOT match

RE: SSL Certificate Caching

> From: owner-openssl-us...@openssl.org On Behalf Of Sharanagoud B D > Sent: Tuesday, 09 October, 2012 06:39 > Is there a option to specify a source interface along with > openssl s_cleint option to establish multiple HTTP > Connections from single linux device? This is required to > test certi

RE: SSL Certificate cache

> From: owner-openssl-us...@openssl.org On Behalf Of Sharanagoud B D > Sent: Tuesday, 09 October, 2012 06:25 > How to check in Linux client device whether the certificate > used is cached or it's from the server? I am using openssl > s_client to establish http connection. > By "the certificate

RE: Best practice for client cert name checking

> From: owner-openssl-us...@openssl.org On Behalf Of Charles Mills > Sent: Monday, 08 October, 2012 07:47 > Dave, any thoughts on my original question? My thread kind of > got hi-jacked. Not much, but since you ask: > -Original Message- > From: Charles Mills [mailto:charl...@mcn.org] >

stunnel 4.54 released

Dear Users, I have released version 4.54 of stunnel. The ChangeLog entry: Version 4.54, 2012.10.09, urgency: MEDIUM: * New Win32 features - FIPS module updated to version 2.0. - OpenSSL DLLs updated to version 1.0.1c. - zlib DLL updated to version 1.2.7. - Engine DLLs added: 4758cca, aep, atall

Re: Memory usage on openssl-0.9.8a/

This might be helpful: http://comments.gmane.org/gmane.comp.encryption.openssl.devel/17743 On Mon, Oct 8, 2012 at 11:35 AM, Thirumal, Karthikeyan < kthiru...@inautix.co.in> wrote: > Team, > > We used "openssl-0.9.8a" version of openssl for the SSL communication, for > our desktop based TCP a

Getting at the details of the client's requestes cipher suites

Hi OpenSSLers, During the TLS handshake the client suggests a list of cipher suites (and then negotiation occurs). I want to know what the client suggested. In text (or with ways to translate bits to said text/acronyms). Is there a trivial way to do this? I want to expose the nature of the ne

Problem with AES 256 algorithm / GCM mode.

Hello. I use OpenSSL for my work and particularly the AES 256 algorithm with the GCM mode. When I test this mode, the ciphered text is correct but the authentication tag is not correct. I think my test vectors are correct (source : NIST and my cipher room). Could you help me? If yes, how can we p

Re: SSL_accept fails with bad certificate error

Thank you for the reply. It is probably obvious that I am new to SSL programming, and I am modifying some existing code. I will read over your information and write back if I am still having issues. Thanks Derek On Wed, Oct 10, 2012 at 4:30 AM, Dave Thompson wrote: > >From: owner-openssl-us...@

RE: SSL_accept fails with bad certificate error

>From: owner-openssl-us...@openssl.org On Behalf Of Derek Cole >Sent: Tuesday, 09 October, 2012 21:12 >I am trying to write a server that will accept an incoming SSL connection. >In psuedo, I have the following chain of function calls >SSL_CTX_load_verify_locations(ctx, root