I ran openssl s_server with an ECC certificate signed by an RSA Root CA. When I
try to connect using s_client and a TLS 1.2 ECDH-RSA cipher suite (eg
ECDH-RSA-AES128-SHA256 or ECDH-RSA-AES128-GCM-SHA256), the connection fails
with s_server printing the following error: "3086918464:error:1408A0C1
On Wed, Oct 31, 2012, Dave Thompson wrote:
>
> I meant to make that any _nonstatic_ [EC]DH (i.e. "ephemeral" with
> authentication, or "anonymous" without). OpenSSL doesn't implement
> static DH at all, and I've never seen anyone use static ECDH.
>
Actually OpenSSL does now implement static D
> From: owner-openssl-us...@openssl.org On Behalf Of (me)
> Sent: Wednesday, 31 October, 2012 18:22
> An "incoming" connection is usually, at least by connection,
> an SSL server.
>
_by convention_
> In general: if an SSL connection/session uses an akRSA suite,
> knowledge of the packets on th
>From: owner-openssl-us...@openssl.org On Behalf Of Derek Cole
>Sent: Wednesday, 31 October, 2012 13:22
>Is it possible to use libpcap to detect an incoming connection
>(writing all packets those packets to a socket), then, if using
>libpcap i determine that a SSL connection was established , st
> From: owner-openssl-us...@openssl.org On Behalf Of redpath
> Sent: Tuesday, 30 October, 2012 16:56
> I am using openssl to create a signature for a file contents and use
> openssl to verify the contents using the signature file. The
> public key is from an x509 cert.
> All works great.
>
Speci
I'd suggest as a next step to see if you're using the same public key for
both the Java and openssl verify.
After that, the next step would be, in Java, to do a raw public key
operation and examine the result. That will tell you whether it's the
public key, the padding, the OID, or the hash th
As I am thinking about this a little more - I guess that the SSL_new and
SSL_accept handles all of the SSL handshake negotiation as well, that would
have to be manually handled if you were trying to decrypt on the fly?
On Wed, Oct 31, 2012 at 2:23 PM, Derek Cole wrote:
> To be clear - I have
To be clear - I have already written the code to read the SSL header.
Regarding your last line - is there a cleaner way to "redirect" as you say,
or is it as I described - opening a new socket and writing the packet to it?
If I wanted to decrypt on the fly, is there a standard way of decrypting
t
Hello,
Is it possible to use libpcap to detect an incoming connection (writing all
packets those packets to a socket), then, if using libpcap i determine that
a SSL connection was established , stand up another socket to read the same
file descriptor with the SSL client so that I could use the pro
On Wed, Oct 31, 2012 at 12:31 PM, Indtiny s wrote:
> Hi,
>
> Thanks for the suggestion , while browsing about openssl I came across this
> site http://www.rtfm.com/openssl-examples/
>
> which has code for server which is based on the openssl .
>
> Can I use that server code for my simple webserv
Solved!
Thanks, Steve.
Leonardo
-Mensagem original-
De: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
Em nome de Dr. Stephen Henson
Enviada em: terça-feira, 30 de outubro de 2012 20:04
Para: openssl-users@openssl.org
Assunto: Re: RES: PEM_read_PrivateKey
On T
11 matches
Mail list logo
