Re: Case-sensitive cipher names are a bad idea

2014-08-15 Thread Jeffrey Walton
On Sat, Aug 16, 2014 at 12:08 AM, wrote: >> ... > Even today with Unicode character set families, the ability to provide > a global case-independent mapping becomes a massive problem. There are > a variety of latin-like alphabets and greek alphabets, and even > IBM EBCDIC encodings that are much

Re: Case-sensitive cipher names are a bad idea

2014-08-15 Thread shathawa
> Does ANYONE think that case-sensitive cipher names are good idea? > > Someone who types TLSV1:RC4-MD5 will find things working, but is likely to > be surprised by how weakly-protected they are. > > /r$ > > -- > Principal Security Engineer > Akamai Technologies, Cambridge MA > IM:

Error while attempting to create an Intermediate Root CA

2014-08-15 Thread Michael G. Zajac
This one really has me turned around… I am receiving AKID errors which I have seen earlier: *Error Loading extension section v3_x509* *2283200:error:22077079:X509 V3 routines:V2I_AUTHORITY_KEYID:no issuer certificate:v3_akey.c:153:* *2283200:error:22098080:X509 V3 routines:X509V3_EXT_nconf:err

RE: Case-sensitive cipher names are a bad idea

2014-08-15 Thread Salz, Rich
> Well, one problem is that "strcasecmp" is not in the Standard C Library, and > in > fact is illegal, because external identifiers beginning with "str" are > reserved to > the implementation. Openssl already handles that, thanks. > That said, I agree that case-insensitive comparison would be a

RE: Case-sensitive cipher names are a bad idea

2014-08-15 Thread Michael Wojcik
Well, one problem is that "strcasecmp" is not in the Standard C Library, and in fact is illegal, because external identifiers beginning with "str" are reserved to the implementation. There is no standard case-insensitive string-comparison function in C. You have to write your own. Here's one:

RE: Case-sensitive cipher names are a bad idea

2014-08-15 Thread Salz, Rich
> The case makes some things more clear: I never said it didn't. > There are lots of other ways to typo the input string. Yup, but saying TLSV1 won't work while TLSv1 does work is silly. > Perhaps there are currently no collisions, and case folding is likely safe, > but I > don't really see m

Re: Case-sensitive cipher names are a bad idea

2014-08-15 Thread Viktor Dukhovni
On Fri, Aug 15, 2014 at 11:43:51AM -0400, Salz, Rich wrote: > Does ANYONE think that case-sensitive cipher names are good idea? > > Someone who types TLSV1:RC4-MD5 will find things working, but is > likely to be surprised by how weakly-protected they are. The case makes some things more clear:

Re: Case-sensitive cipher names are a bad idea

2014-08-15 Thread Walter H.
Hello On 15.08.2014 17:43, Salz, Rich wrote: Does ANYONE think that case-sensitive cipher names are good idea? this is a bad idea; or can you explain the difference between tlsv1:rc4-md5 and TLSV1:RC4-MD5? Someone who types TLSV1:RC4-MD5 will find things working, but is likely to be surp

Re: Error Handling in a Multithreaded Environment, Failures effecting non-associated connections

2014-08-15 Thread David Hinkle
Thanks! On Fri, Aug 15, 2014 at 10:50 AM, Salz, Rich wrote: > > Just so I make sure I understand, I just need to do something like: > > while ((err = ERR_get_error())); > > When I switch work and everything will be ok? > > Simpler to just call ERR_clear_error() > > -- > Principal Security Engin

RE: using openssl to generate SAN seems not working...

2014-08-15 Thread Wellen Lau
Pls ignore this. I got it works properly now. From: Wellen Lau Sent: Thursday, August 14, 2014 10:50 AM To: openssl-...@openssl.org; openssl-users@openssl.org Subject: using openssl to generate SAN seems not working... Hi All, I am having trouble to use enable the Subject AlterName in

RE: Error Handling in a Multithreaded Environment, Failures effecting non-associated connections

2014-08-15 Thread Salz, Rich
> Just so I make sure I understand, I just need to do something like: > while ((err = ERR_get_error())); > When I switch work and everything will be ok? Simpler to just call ERR_clear_error() -- Principal Security Engineer Akamai Technologies, Cambridge MA IM: rs...@jabber.me Twitter: RichSalz

Case-sensitive cipher names are a bad idea

2014-08-15 Thread Salz, Rich
Does ANYONE think that case-sensitive cipher names are good idea? Someone who types TLSV1:RC4-MD5 will find things working, but is likely to be surprised by how weakly-protected they are. /r$ -- Principal Security Engineer Akamai Technologies, Cambridge MA IM: rs...@jabber.me

using openssl to generate SAN seems not working...

2014-08-15 Thread Wellen Lau
Hi All, I am having trouble to use enable the Subject AlterName in generating CSR or signing the cert. I did google on it and found few places mentioning as below. Does it work ? or something has been broken? This is my configuration file : openssl.conf [ req ] req_extensions = v3_req