Another quick question, I'm setting up a server ssl handshake on a device on
which the certificate verification will sometimes fail not because the
certificate is bad but because the time is not set properly on the device.
I'm doing an ssl verify callback that is almost identical to one of the
Thanks Jakob & Michael for your reply.
I'm using openssl to interact with apple's APNS server. Sending data as
fast as possible, most of the time APNS server don't reply, but in some
circumstance, APNS server will rely with a response and then close the
connection. So the RST is expected most of th
Just to amplify on Jakob's response: the reason that sometimes you see the
reply is that sometimes your application manages to get it from the stack
before the stack receives and processes the RST from the peer. In the example
you provided, there was a 52ms window in which you could have read th
On 02/12/2015 11:21, Anty Rao wrote:
Using non-blocking openssl , after detecting underlying TCP is
broken, i invoke SSL_read to attempting reading response.
*sometimes* response from server is lost, sometimes not. But
tcpdump show that response is always send back to me. what is
> In the past BouncyCastle and Crypto++ could not interop even though
> they both claim to follow P1363. IEEE did not publish test vectors, so
> each library had a misinterpretation that ensured they did not
> interop. Here were the issues for each library:
>
> * BouncyCastle
> - Label shou
On 26/11/2015 11:25, Mofassir Ul Haque wrote:
We can generate primes p,q and g for DSA in OpenSSL by using command:
openssl dsaparam -text -out dsaparam.pem 1024
Is it possible to generate primes p , q and g using an Hash Function
in OpenSSL if value of L , N and hash function is known ?
Any
On 12/02/2015 11:16 AM, Steve Marquess wrote:
> If you don't know or care what FIPS 140-2 is, be very glad this isn't > your
> problem and turn your charitable attentions to some worthy >
cause. > > The CMVP has introduced a new policy that will result in the
> effective termination of many extant
> Encryption in https/apache is handled by mod_ssl. does that means,
> since there are NULL ciphers I can just use them in apache/mod_ssl by
> just changing a setting like:
>
> SSLCipherSuite eNULL
>
> in httpd.conf?
No. mod_ssl modifiers the ciphers you specify by appending
':!aNULL:!eNULL:!
thanks! that seemed to work,
So the idea is to use an object store on an isolated network and push
and get objects out of it using https.
Encryption in https/apache is handled by mod_ssl. does that means,
since there are NULL ciphers I can just use them in apache/mod_ssl by
just changing
> but if I do a: openssl ciphers -v "ALL:eNULL" | grep eNULL
Look for NULL, not eNULL. Or "Enc=None"
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
ok, thanks,
but if I do a: openssl ciphers -v "ALL:eNULL" | grep eNULL
I don't see anything. How do I configure openssl so it will always be
able to use the eNULL 'encryption' ?
Ron
On 12/01/2015 06:46 PM, Viktor Dukhovni wrote:
On Tue, Dec 01, 2015 at 03:34:09PM -0700, Ron Croonenberg wro
If you don't know or care what FIPS 140-2 is, be very glad this isn't
your problem and turn your charitable attentions to some worthy cause.
The CMVP has introduced a new policy that will result in the effective
termination of many extant validations if they are not updated by
January 31 2016[1].
>
> Using non-blocking openssl , after detecting underlying TCP is broken, i
> invoke SSL_read to attempting reading response. *sometimes* response from
> server is lost, sometimes not. But tcpdump show that response is always
> send back to me. what is special is that RST packages come next the
>
13 matches
Mail list logo
