When I go to SSL site I see this message in fx:
"You have asked Firefox to connect securely to news.ycombinator.com,
but we can't confirm that your connection is secure.
Normally, when you try to connect securely,
sites will present trusted identification to prove that you are
going to the right
at it > From: owner-openssl-us...@openssl.org On Behalf Of A A
> Sent: Monday, 17 June, 2013 20:58
> Unfortunately fx doesn't let me to export CA certificate. I can only
> view server side certificate and export it. Also, marking the
It works for me (in 20.1, I'm a little behind, but I doubt th
Sorry for top posting, damm gmail web interface did that. I don't have
mutt installed on this machine and it hurts.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
Unfortunately fx doesn't let me to export CA certificate. I can only
view server side certificate and export it. Also, marking the
exception as permanent doesn't make fx remember this setting and I
need to accept the certificate warning every time I go to a new SSL
site. I tried to import the certi
Ok, we have too much "maybe"s on an very open discussion that depends on so
many variables... My intention is not to enter on a long discussion on
security policies, I dont think the author of the first email is the
network manager or the one that will deal with changing security policies,
he only
Hi all,
i'm Marco, i'm new in this list.
I was wondering if with "openssl cms" i can be able to encrypt an already
signed file into a cades - bes envelope (RFC 5126).
If yes, where i can found examples and documentations?
thenk you and regars
Marco
Ø because from a workstation people may access external websites too. Like
banks
And perhaps they shouldn't. Have you seen the size of the built-in browser CA
trust lists recently?
And really, which is more likely: an in-house CA leads you astray, or you bring
some external malware from the
Well... trusting a CA means you trust it for any website you access from
the workstation. Adding exceptions means you trust it only for those
specific sites. I would not recommend adding an untrustworthy in-house CA,
because from a workstation people may access external websites too. Like
banks, fo
Ø By the way, I would NOT recommend add a in-house probably unprotected CA as
a trusted one. The exception is much better to deal with such cases.
If it's a work machine, then absolutely trust the in-house CA, no matter how it
is managed and protected.
/r$
--
Principal Securi
By the way, I would NOT recommend add a in-house probably unprotected CA as
a trusted one. The exception is much better to deal with such cases.
On Mon, Jun 17, 2013 at 1:16 PM, Cristian Thiago Moecke <
cont...@cristiantm.com.br> wrote:
> Its not an fx user list, but let me help you:
>
> On fir
Its not an fx user list, but let me help you:
On firefox side, you could
1) Add a permanente excepion (just make sure to check the appropriate
checkbox on the exception dialog) so it wont ask you every time
2) Export the certificate, clicking on the lock icon on the URL bar and
going to More Infor
Is it possible to grab a CA certificate with openssl? I don't mean a
remote server certificate but a local Certificate Authority
certificate that is used when connecting to a SSL wep page. I need
because a special kind of certificate is used in a place where I work
that is signed by the company its
On 17 June 2013 15:17, Jakob Bohm wrote:
>>
>> IV's should always be random - you should not reuse an IV.
>> Using the the last block of cipher-text from a previous message as the
>> IV gives a predictable IV which is insecure in CBC mode for certain
>> classes of attack.
>
>
> You are making the
On 6/17/2013 3:19 PM, Matt Caswell wrote:
On 17 June 2013 14:02, enrico d'urso wrote:
Hi, thanks for answer.
At the moment in my application I create an random IV and a random KEY.
Client after this creation send them to Server encrpyting all with RSA
public key.
Client decrypt the message with
Hi, I will consider the fact to use an other mode of encryption.
It seems best solution in my case.
Thanks for support.
Best regards
Enrico
Inviato da Samsung Mobile
Matt Caswell ha scritto:
>On 17 June 2013 14:02, enrico d'urso wrote:
>> Hi, thanks for answer.
>> At the moment in my applicat
On 17 June 2013 14:02, enrico d'urso wrote:
> Hi, thanks for answer.
> At the moment in my application I create an random IV and a random KEY.
> Client after this creation send them to Server encrpyting all with RSA
> public key.
> Client decrypt the message with private key, and from this point t
Hi, thanks for answer.
At the moment in my application I create an random IV and a random KEY.
Client after this creation send them to Server encrpyting all with RSA public
key.
Client decrypt the message with private key, and from this point the
communication will be based
on DES in cbc mode usi
On 17 June 2013 13:25, Matt Caswell wrote:
>>
>> Take a random IV, and use it.
>> Encrypt a message, and save last cipher-text ( Let be C).
>> Re-call EncryptInit using C as IV.
>>
>
> IVs must be random and not predictable in advance. Using the last
> block of a previous message as the IV for a s
On 17 June 2013 12:57, enrico d'urso wrote:
> Hi, thanks for your answer.
>
> I didn't call them all times, just first time.
> The fact is that I would like to use 'cbc' scheme, so I Could make this way,
CBC is a mode used within an individual message. It cannot be used
across multiple messages i
Hi, thanks for your answer.
I didn't call them all times, just first time.
The fact is that I would like to use 'cbc' scheme, so I Could make this way, if
re call EncryptInit
will delete the state of the context :
Take a random IV, and use it.
Encrypt a message, and save last cipher-text ( Let
20 matches
Mail list logo
