Hi guys,
Thanks a lot for your answers! Yes, I use customized rand method and it
turns out to be very CPU expensive. And this is the root cause for my
performance degradation with TLS1.2.
Best regards,
Denis
2014-07-25 15:30 GMT-04:00 Thulasi Goriparthi
:
>
> On Jul 25, 2014 5:15 PM, "Dr. S
It's a good idea for server to set client-CA list, but not required. If it
isn't set,
libssl server will send CertReq with an empty list, which the RFCs permit,
and the browsers I have to hand (IE9, FF31, Chrome36.something) all handle.
The OP's problem is more likely on the client side.
Fro
> From: owner-openssl-us...@openssl.org On Behalf Of Viktor Dukhovni
> Sent: Thursday, July 24, 2014 14:18
> On Thu, Jul 24, 2014 at 08:07:01AM -0700, phildoch wrote:
>
> > The key format needed by the system is algorithm-specific DER format.
>
> I am not aware of any standard formats for keys o
Did you successfully load the root cert into the SERVER truststore?
The requirements are not quite symmetric:
Almost always (except for anon and non-PK):
server MUST set privatekey and matching cert, and preferably any chain
cert(s) (you have none)
client MUST set truststore containing r
