yone share me sample SSL based client server
programme which I could use to measure performance.
Regards,
Alok
On Tue, Sep 9, 2014 at 3:54 AM, Iñaki Baz Castillo wrote:
>
> 2014-09-08 19:46 GMT+02:00 Alok Sharma :
> > One thing I observerd by looking into scp
> > code that it doe
;
int client = accept(server, (struct sockaddr*)&addr, &len); /*
accept connection as usual */
printf("Connection: %s:%d\n",inet_ntoa(addr.sin_addr),
ntohs(addr.sin_port));
ssl = SSL_new(ctx); /* get new SSL state with context
*/
SSL_set
an alternative way to use open ssl read or
write to improve performance. I searched in scp code and found it does not
use SSL_read/SSL_write. So if there is another set of APIs which I can use
or any idea how I can meet the same performance as scp.
Regards,
Alok
Hi Steve,
I am also seeing AES along with GCM and RC4 in my search if I disable
CBC. So can it guarantee that still client and server can communicate. Also
if I use both end points as having same version of openssl than also there
can be any problem.
Regards,
Alok
On Tue, Nov 12, 2013 at 8
Hi,
I am using 0.9.8.s openssl and due to some limitation I cann't upgrade to
latest versions to tackle CVE-201300169. So is there any easy process to
disable CBC based ciphers.
Also is there a way to know which ciphers client and servers are using?
Regards,
Alok
Hi Steve,
Thanks for reply. Do you have idea how CBC ciphers can be disabled?
Regards,
Alok
On Tue, Nov 12, 2013 at 8:23 PM, Dr. Stephen Henson wrote:
> On Tue, Nov 12, 2013, Alok Sharma wrote:
>
> > One of the openSSL vulnerabilities is:
> >
> > CVE-2013-0169:
&g
1.0.0k or 0.9.8y
we use DTLS 1.0 protocol.
Does anyone know of any setting in openssl configuration that can be
tweaked to mitigate this vulnerability? E.g. a setting to not allow use of
algorithms with CBC etc.?
Regards,
Alok
Hi,
Thanks for the help, it resolved my problem.
Regards,
Alok
On Fri, Sep 23, 2011 at 5:59 PM, Dr. Stephen Henson wrote:
> On Fri, Sep 23, 2011, alok sharma wrote:
>
> > Hi,
> > Ok I got your point. I think it will be helpful.Do you have any link
> or
> > pr
Hi,
Ok I got your point. I think it will be helpful.Do you have any link or
precedure to setup these call backs or these are just function pointers
which needs to be initialized at ssl initialization time.
Regards,
Alok
On Fri, Sep 23, 2011 at 5:22 PM, Dr. Stephen Henson wrote:
> On
case
it holds lock for around 5-6 mins.
Regards,
Alok
On Fri, Sep 23, 2011 at 5:04 PM, Dr. Stephen Henson wrote:
> On Fri, Sep 23, 2011, alok sharma wrote:
>
> > I am using the openssl fips version for my application.So, I have not
> made
> > any change in openssl or Fips cod
same
{
RANDerr(RAND_F_FIPS_RAND,RAND_R_PRNG_STUCK);
ctx->error = 1;
fips_set_selftest_fail();
return 0;
}
}
memcpy(ctx->last, R, AES_BLOCK_LENGTH);
Regards,
Alok
On Fri, Sep 23, 201
Hi,
So is there any method on Windows to generate non-predictable
randomnumbers. I think mostly FileSytem time is used to seed randomness
which is failing in my case.
Regards,
Alok
On Mon, Sep 19, 2011 at 4:52 PM, Dr. Stephen Henson wrote:
> On Mon, Sep 19, 2011, alok sharma wrote:
>
generated for current as well as for last request. Is there any provision
inside Openssl which ensures that unique randon numbers will be generated or
application need to add some delay for each new connection request.
Regards,
Alok
On Thu, Sep 15, 2011 at 6:02 PM, Jakob Bohm wrote:
> On 9/14/2
= (unsigned char) ((ft.dwLowDateTime >> 16) & 0xff);
buf[7] = (unsigned char) ((ft.dwLowDateTime >> 24) & 0xff);
.
.
Please help in this regard. I am using openssl version 0.9.8o.
Regards,
Alok
Hi,
I am using openssl to one of my application. The application has
support of multithreading and runs on Windows platform. This application
uses openssl 0.9.8.0 version and has support of fips. The application
listens on a particular port and for each new connection it creates a
separate t
any known issues in openssl? Is there any way to avoid such kind of issue?
Regards,
Alok
Try saying that to a web banking manager :-)
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of lwoods (sent by
Nabble.com)
Sent: Saturday, December 03, 2005 10:22 AM
To: openssl-users@openssl.org
Subject: Ignorant of SSL: I have a dumb questio
turn, I can read from the file?
-thanks
Alok
try using the log value?
- Original Message -
From: "Victor Duchovni" <[EMAIL PROTECTED]>
To:
Sent: Sunday, August 07, 2005 6:56 AM
Subject: Re: need function to get cube root
> On Sat, Aug 06, 2005 at 05:36:52PM -0700, Anirban Banerjee wrote:
>
> > Can someone please let me have a poi
Jagannadha Bhattu wrote:
Hi,
I am new to SSL and want to know more about BIOs. Is there a tutorial
on how to use and on their uses.
Thanks
JB
__
OpenSSL Project http://www.openssl.org
User Suppo
Joshua Juran wrote:
On May 19, 2005, at 4:03 PM, Miles Bradford wrote:
So when you send the CSR including the Public Key - you would send
them the
(your) Private Key, also? Then they sign it with a Private Key they've
created? and send it back?
You don't give away your private key to anybo
Hello :(
As usual trolling..
The particular pages or components retrieved over the SSL link (the one
retrieved through URLs beginning with 'https'), will be sent over encrypted
links. In addition, the endpoint will be validated. So that if you retrieve
'https://www.amazon.com/anything/goes/
Hi,
Joshua Juran wrote:
On Apr 1, 2005, at 4:37 AM, alok wrote:
Can someone exactly explain why one cannot typecast a bio( ) to a
UNIX domain socket/IPC/fd?
I'll give this a shot.
Unix allows you to read() to and write() from stream-like objects such
as files, pipes, character devices
Can someone exactly explain why one cannot typecast a bio( ) to a UNIX
domain socket/IPC/fd?
-thanks
Richard Levitte - VMS Whacker wrote:
In message <[EMAIL PROTECTED]> on Wed, 30 Mar 2005 16:51:37 -0800, David Brock
<[EMAIL PROTECTED]> said:
dbrock-openssl> I'm fairly new to openSSL so forgive
Hi Brian,
Brian Hurt wrote:
Lecture warning.
On Mon, 14 Mar 2005, alok wrote:
Yeah, you need large key sizes- 128 bits keys just aren't enough
(they allow birthday attacks to be computationally feasible). But I
note that all the AES finalists went to 256 bit key sizes. This
would
Yeah, you need large key sizes- 128 bits keys just aren't enough (they
allow birthday attacks to be computationally feasible). But I note
that all the AES finalists went to 256 bit key sizes. This would put a
birthday attack at about 128 bits of complexity- sufficient. Anything
less than about
Personally, I'd like to see OpenSSL start using private key crypto as
hashing functions. The reason that work on dedicated hashing
algorithms kinda died off after MD[45]/SHA* came out was that people
figured out that they were the equivelent of private key encryption.
IIRC, you can turn any pr
I doubt many people would actually use it if they know it can be easily
broken..
Like someone said on the list "hey everyone uses it, it must be secure"
is the mental genere.
-A
Ted Mittelstaedt wrote:
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Tho
.Who has enough time, "no patience" and is inquisitive and irritated
enough to work "backwards" on symmetric encryption algorithms
Please unicast your replies.
-thanks
Alok
__
> >>
> >
> >ok per block, it is still "a function (on a set) = output"
> >
> >
> Sorry, I don't understand your analogy with rubik's cube (most possibly
> because that's just not the way my brain's working... ;))
:o)
>
> A block cypher has a defined output for a defined input, so if you
> encode
computing power.
> The only variables are how much sample data and computing power you need.
>
hmm..thanks, will look into it.
-Alok
>
> Andrew
>
>
> Alok wrote:
> > Maybe am a bit off my head
> >
> > but given a rubik cube, and a fixed axes of orientation def
sounds stupid though..
-thanks
Alok
- Original Message -
From: "Bernhard Froehlich" <[EMAIL PROTECTED]>
To:
Sent: Wednesday, January 19, 2005 6:10 AM
Subject: Re: Even CA's make mistakes..
> Alok wrote:
>
> > [...]
> >
> >lets take PKI out
> * Alok wrote:
>
> > A bit off the thread...
> > Ever wondered if one can break PKI given that the 1st request to a
server is
> > mostly GET / in https?
>
> The "GET /HTTP/1.0" is done using a symetric cipher like RC2 or RC4 etc.
> The PKI is onl
A bit off the thread...
Ever wondered if one can break PKI given that the 1st request to a server is
mostly GET / in https?
Any ideas?
- Original Message -
From: "Shaun Lipscombe" <[EMAIL PROTECTED]>
To:
Sent: Wednesday, January 19, 2005 4:57 AM
Subject: Even CA's make mistakes..
> In
SA is used/needed to sign the
certificates.
One of the keys is probably what the browser has and the other is the key
used to sign the webserver's digital cert generated from the csr.
-hth
Alok
- Original Message -
From: "R. Markham" <[EMAIL PROTECTED]>
To:
Sent: Wedn
But how do you guarantee that the web server is "who he says he is"?
Iin theory, an ISP could, hack up a DNS to point to my local server. What
verifies that the machine I am connecting to is indeed that machine which it
claims to be?
- Original Message -
From: "R. Markham" <[EMAIL PROTECT
Painter, Philip wrote:
I don't think you're wrong there Alok. The E(KDE)PUBK is
A random Des key taken as _data_ and encrypted asymmetrically
With the recipient's public key. Only the recipient will be
Able to decrypt it, with her private key.
what do you mean by encrypted assy
Not at all, there's no man in the middle issue at all because the
certificates which are issued by a trusted TP g'tee the ownership of the
public key.
The logic goes like this:
You generate a random DES key known only to you. Let's call this KDE
You use this to encrypt the data. Lets call this E
David C. Partridge wrote:
The "one shot" symmetric key is purely random.
how?
No it's not a function of anyone's private or public key.
then it is open to man in the middle
Once generated, it is encrypted using the public key of the recipient and
included with the message.
but then if i do s
Thanks,
something I would appreciate if you could clarify:
David C. Partridge wrote:
Not correct.
You sign the message with YOUR private key. The signature is verified by
the recipient using your certificate which is issued by a CA.
agreed,
If you are also enveloping, then the data is encrypte
El hallabi-Kettani Abderrahmane wrote:
--- Alok <[EMAIL PROTECTED]> a écrit :
I think there is a reason why you cant encrypt a
message without 1st
signing it using smime
By your logic, any preshared "key" would do the
trick , why bother with
the cert ?
(in other words, hisce
with certs)??
El hallabi-Kettani Abderrahmane wrote:
--- Alok <[EMAIL PROTECTED]> a écrit :
But when you sing with your public key, and encrypt
with your public key,
how will he decrypt it if he does not have your
private key?
you sign with the private key existed in mycert.pem or
in
Abderrahmane wrote:
--- Alok <[EMAIL PROTECTED]> a écrit :
sorry,
i meant the key corresponding to mycert.pem
you sign with the private key wich corresponds to
mycert.pem, but you can also encrypt the data with the
public key wich corresponds to the same private key in
mycert.pem b
into which I can feed this data and get something out.
Will just the sever side APIs and feeding the data into the ctx for the
same suffice?
Alok
__
OpenSSL Project http://www.openssl.org
User Support
44 matches
Mail list logo
