64-bit vs. 32-bit speed for SHA-1

2004-12-06 Thread Eric Rescorla
Does anyone have solid numbers on the perfomance of OpenSSL's SHA-1 on 32-bit vs. 64-bit platforms? Thanks, -Ekr __ OpenSSL Project http://www.openssl.org User Support Mailing List

Re: trying SSL_connect to a TCP listen port

2003-02-20 Thread Eric Rescorla
the client side. Consider what happens if there is a protocol which uses the first four bytes of the packet as the length of the remaining data. Such a protocol will block indefinitely when handed an SSL client hello. All the client can do in this case is time out. -Ekr -- [Eric Rescorla

Re: SSL_accept hang

2003-02-04 Thread Eric Rescorla
also difficulties with writing. This can easily lead to deadlock with OpenSSL because there might still be data in the SSL buffers but not on the network socket. These issues are discussed quite extensively in "SSL and TLS" as well as in my "Introduction to OpenSSL Programming"

Re: SSL_accept hang

2003-02-04 Thread Eric Rescorla
David Schwartz <[EMAIL PROTECTED]> writes: > On 03 Feb 2003 22:00:08 -0800, Eric Rescorla wrote: > > >David Schwartz <[EMAIL PROTECTED]> writes: > > >>You nearly always need non-blocking, even if it's just for > >>timeouts. > > >Depe

Re: SSL_accept hang

2003-02-03 Thread Eric Rescorla
David Schwartz <[EMAIL PROTECTED]> writes: > On 03 Feb 2003 19:01:53 -0800, Eric Rescorla wrote: > >Tim Regovich <[EMAIL PROTECTED]> writes: > > >>*always* operate in non blocking mode. The code may > >>be slightly more complex but will *always* work

Re: SSL_accept hang

2003-02-03 Thread Eric Rescorla
Tim Regovich <[EMAIL PROTECTED]> writes: > *always* operate in non blocking mode. The code may > be slightly more complex but will *always* work > better. I don't agree with this. Getting non-blocking code correct with OpenSSL is quite tricky. If you don't need non-blocking, there's no reason to d

Re: Slapper denial-of-service problem - why isn't this fixed?

2002-12-22 Thread Eric Rescorla
have been put forward as to what this is or is not are simply best > guesses without much evidence to back them up. > Certainly guessing is all I've been doing. -Ekr -- [Eric Rescorla [EMAIL PROTECTED]]

Re: Rep:Re: IBM 4758 engine status?

2002-12-20 Thread Eric Rescorla
driver. Unfortunately it needs to be ported to kernel 2.4, which is what I'm currently doing. As I said, I have a semi-usable port but it's got some problems. -Ekr -- [Eric Rescorla [EMAIL PROTEC

Re: Slapper denial-of-service problem - why isn't this fixed?

2002-12-17 Thread Eric Rescorla
Stephen Amadei <[EMAIL PROTECTED]> writes: > On Tue, 17 Dec 2002, Eric Rescorla wrote: > > > Now consider what happens if you're running 512 virtual servers (IPs) > > with 256 child processes. If Slapper contacts all of them, it will > > freeze all your c

Re: Slapper denial-of-service problem - why isn't this fixed?

2002-12-17 Thread Eric Rescorla
tions from any > previously exploited/controlled servers). The question however is; what > *exactly* is the problem? I don't think it matters. Just open a connection and spit out a partial SSL message. This ought to stall the server till the network timeouts are done. -Ekr --

Re: Slapper denial-of-service problem - why isn't this fixed?

2002-12-17 Thread Eric Rescorla
Eric Rescorla <[EMAIL PROTECTED]> writes: > Now consider what happens if you're running 512 virtual servers (IPs) > with 256 child processes. If Slapper contacts all of them, it will > freeze all your children and you're frozen until the timeouts > happen. Joe, do y

Re: Slapper denial-of-service problem - why isn't this fixed?

2002-12-17 Thread Eric Rescorla
your server when it contacts it. Now consider what happens if you're running 512 virtual servers (IPs) with 256 child processes. If Slapper contacts all of them, it will freeze all your children and you're frozen until the timeouts happen. Joe, do you have more virtual servers than chil

Re: Slapper denial-of-service problem - why isn't this fixed?

2002-12-17 Thread Eric Rescorla
as access on port 443 gets blocked. Thanks, -Ekr -- [Eric Rescorla [EMAIL PROTECTED]] http://www.rtfm.com/ __ OpenSSL Project http://www.openssl

Re: Slapper denial-of-service problem - why isn't this fixed?

2002-12-17 Thread Eric Rescorla
sites. Somehow this attack is > choking the accept queue, preventing access to the other unaffected > children. That's one possibility... Another would be clogging of access to the session cache. In the first case, it's hard to understand how OpenSSL could be the cause of the probl

Re: Slapper denial-of-service problem - why isn't this fixed?

2002-12-17 Thread Eric Rescorla
Since Apache 1.3.x runs separate server processes, it's kind of surprising that a single client would stall all server processes. Could you put a debugger on one of the stalled processes and see where it is? Thanks, -Ekr -- [Eric Rescorla

Security holes... Who cares?

2002-11-15 Thread Eric Rescorla
I'd like to announce the availability for downlaod of the following paper. Security holes... Who cares? Eric Rescorla RTFM, Inc. <http://www.rtfm.com/> We report on an observational study of user response fo

Re: Is a https proxy possible?

2002-11-13 Thread Eric Rescorla
pted path. > > He explained what he wanted in 3 minutes before leaving on a week of > vacation, so I'm kind of confused myself. :) If you have the private key for the server, the easiest thing to do is use ssldump (http://www.rtfm.com/ssldump). Then you don't need a proxy, jus

Re: Memset not clearing sensitive data

2002-11-07 Thread Eric Rescorla
the developers, but I have it pretty hard to get excited about this sort of thing. In the case of SSL in particular, the private key is generally kept in memory for the life of the process. If it's not zeroed, there's not a lot of point in zeroing other keys, since compromi

Re: coalesced data.

2002-09-12 Thread Eric Rescorla
convenient with application level code unless you have some other thread to handle network flushes. [1] In some implementations, you can add buffering BEFORE the SSL code, but this is a different story. -- [Eric Rescorla

Re: coalesced data.

2002-09-12 Thread Eric Rescorla
ne > clear my doubt please. While SSL CAN coalesce data, in general implementations don't coalesce user writes, in order to avoid confused programmers :) -Ekr -- [Eric Rescorla [EMAIL PROTECTED]] http://www.rtfm.com/ ___

Re: SSL server compatible with SSH client

2002-09-11 Thread Eric Rescorla
"Le-Vazquez, Thuy" <[EMAIL PROTECTED]> writes: > I've written an SSL server, will the server communicate with SSH client? > If not, does anyone know how to hook this two together? You don't. They're different protocols. -Ekr -- [Eric Rescorla

ANNOUNCE: ssldump [correction]

2002-09-11 Thread Eric Rescorla
http://www.rtfm.com/ssldump If you downloaded ssldump from the link on the ssldump web site this morning, please make sure you got version 0.9b3 and not version 0.9b2. The link on the web site had not been adjusted to point to 0.9b3. You can check this by checking either the name on the tarball

ANNOUNCE: ssldump: an SSL protocol analyzer v 0.9b3

2002-09-11 Thread Eric Rescorla
ANNOUNCE: ssldump: an SSL protocol analyzer v 0.9b3 Version 0.9b3 http://www.rtfm.com/ssldump/ RTFM, Inc. is pleased to announce the availability of ssldump 0.9b3 ssldump is an SSLv3/TLS network protocol analyzer. It identifies TCP connections on the chosen network interface and attempts to inte

Re: When can I SSL_read? Always safe to SSL_write?

2002-09-03 Thread Eric Rescorla
o OpenSSL Programming" at: http://www.rtfm.com/openssl-examples -Ekr -- [Eric Rescorla [EMAIL PROTECTED]] http://www.rtfm.com/ __ OpenSSL Project

Re: OpenSSL and JSSE?

2002-08-26 Thread Eric Rescorla
"Paul L. Allen" <[EMAIL PROTECTED]> writes: > Eric Rescorla wrote: > Hmmm... When I watch a demo client and server with client > authentication, > I see the client's cert going over the wire. I wonder why I don't see > it in the case of my real code? W

Re: OpenSSL and JSSE?

2002-08-26 Thread Eric Rescorla
"Paul L. Allen" <[EMAIL PROTECTED]> writes: > Eric Rescorla wrote: > > > I've watched my Java client connecting to my OpenSSL server using > > > ssldump. I can see the server's cert going over to the client. The > > > client does

Re: SSLv1 Signed CSR?

2002-08-01 Thread Eric Rescorla
rhaps mean an X.509v1 certificate? (2) I very much doubt you have an SSLv1 anything since AFAIK no production implementations of SSLv1 were ever released, being as it was riddled with security flaws. -Ekr -- [Eric Rescorla

Re: Is a 'random.pem' file secure?

2002-07-25 Thread Eric Rescorla
e encrypted randomness is just as random than simple randomness :) -- [Eric Rescorla [EMAIL PROTECTED]] http://www.rtfm.com/ __ OpenSSL Project

Re: bad mac decode/renegotiation

2002-06-27 Thread Eric Rescorla
detail about what you're doing here. In particular, what do you mean by "two servers running the app"? -Ekr -- [Eric Rescorla [EMAIL PROTECTED]] http://www.rtfm.com/ __

Re: Unknown SSL content type 43

2002-06-12 Thread Eric Rescorla
POP3S port appears to be 995, not 110. My guess would be that what's listening on port 110 is normal POP. Try telnetting to port 110 to see if you get the POP banner. If so that's what's going on. -Ekr -- [Eric Rescorla

Re: General question regarding SSL connection setup

2002-06-11 Thread Eric Rescorla
but the hope is that when you mash it all together you get enough entropy... > c) Does the server generate an ephemeral RSA private key for each SSL > connection, or just once for the lifetime of the process which it uses > across all clients? Typically the latter, th

Re: fragmentation

2002-06-10 Thread Eric Rescorla
5) to account for data expansion and the record header. That said, some implementations (Microsoft) violate this limit. In any case, since TCP segments are typically <1500 bytes long, most records will span multiple TCP segments. -Ekr -- [Eric Rescorla [EMA

Re: Strong Authentifikation

2002-06-10 Thread Eric Rescorla
es quite widely. The SASL mechanisms that are as secure as SSL are no faster. On the other hand, if you're willing to live with a lower security level (or if you have a lot of different authentication mechanisms to support) than SASL may be better for you. -Ekr -- [Eric Rescorla

Re: AW: Java Implementation of OPENSSL

2002-05-28 Thread Eric Rescorla
[EMAIL PROTECTED] writes: > We were trying to have JCE implementation only. I think you are getting to > the point. > Could you provide some more info on this? Try Cryptix: www.cryptix.org -Ekr -- [Eric Rescorla [EMAIL PROTECTED]]

Re: AW: Java Implementation of OPENSSL

2002-05-28 Thread Eric Rescorla
e you trying to achieve? It doesn't sound like you're trying to do SSL, so you just want some JCE implementation. -Ekr -- [Eric Rescorla [EMAIL PROTECTED]] http://www.rtfm.com/ _

Re: AW: Java Implementation of OPENSSL

2002-05-28 Thread Eric Rescorla
s specified in the TLS and SSL specifications. PureTLS and JSSE are both complete implementations and so they take care of the padding internally. You should not need to do anything along these lines. -Ekr -- [Eric Rescorla [EMAIL PROTECTED]]

Re: AW: Java Implementation of OPENSSL

2002-05-28 Thread Eric Rescorla
[EMAIL PROTECTED] writes: > Did Test this link. Finding problem that there is no implementation for > NO-Padding option from this provider. > > Any Idea as to how to resolve this? Can you be a little more specific about what the problem is? -Ekr -- [E

Re: AW: Java Implementation of OPENSSL

2002-05-28 Thread Eric Rescorla
try PureTLS <http://www.rtfm.com/puretls/> -Ekr -- [Eric Rescorla [EMAIL PROTECTED]] http://www.rtfm.com/ __ OpenSSL Project http://www

Re: SSL_read()

2002-05-24 Thread Eric Rescorla
60 bytes of plaintext and all 200 bytes of ciphertext are read? If so, that's unsurprising. Remember that SSL is a record-oriented protocol, so OpenSSL needs to read the entire record to give you your data, no matter how many

Re: Examples

2002-05-24 Thread Eric Rescorla
http://www.rtfm.com/openssl-examples -Ekr -- [Eric Rescorla [EMAIL PROTECTED]] http://www.rtfm.com/ __ OpenSSL Project http://www.openssl.o

Re: [openssl-users] I'm confused on the big picture. Help?-------=========--------}}}}}}}}

2002-05-15 Thread Eric Rescorla
o: You don't need a private key on the client, just on the server. The client needs to either: (1) Have a copy of the server's certificate. (2) Trust the CA who signed the server's certificate. (3) Just accept the server's public key/certificate without verifying it. This is fine

Re: create opensll, ssldump keyfile

2002-05-14 Thread Eric Rescorla
. All you need to do for this is convert it into an OpenSSL keyfile. It's not clear what kind of keyfile you're starting with here... -Ekr -- [Eric Rescorla [EMAIL PROTECTED]] http://www.rtfm.com/ ___

Re: Tomcat and OpenSSL

2002-05-03 Thread Eric Rescorla
or mod_ssl. (2) Use Tomcat with Java SSL support via PureTLS or JSSE. How to do all of these is documented at: http://jakarta.apache.org/tomcat/tomcat-3.3-doc/tomcat-ssl-howto.html -Ekr -- [Eric Rescorla [

Re: Java SSL Support (didn't have a subject, so I am giving it one.)

2002-04-30 Thread Eric Rescorla
Chris Cleeland <[EMAIL PROTECTED]> writes: > On 30 Apr 2002, Eric Rescorla wrote: > Right. Good point. However, for some reason I remember that we had problems > with JSSE doing RSA properly, too. But memory is fuzzy anymore. That could be. I've heard such reports but n

Re: Java SSL Support (didn't have a subject, so I am giving it one.)

2002-04-30 Thread Eric Rescorla
s a free Java SSL/TLS implementation that interoperates fine with OpenSSL. -Ekr -- [Eric Rescorla [EMAIL PROTECTED]] http://www.rtfm.com/ __ OpenSSL Project

Re: Key strength confusion

2002-04-26 Thread Eric Rescorla
C-only export browsers out there. -Ekr -- [Eric Rescorla [EMAIL PROTECTED]] http://www.rtfm.com/ __ OpenSSL Project http://www.opens

Re: Key strength confusion

2002-04-26 Thread Eric Rescorla
ng crypto Strong crypto There is no way to tag an X.509 certificate in such a way that it is 40-bit only. -Ekr -- [Eric Rescorla [EMAIL PROTECTED]] Author of "SSL and TLS: Designing and Building Secure Systems"

Re: Certificate Problem / get_peer_certificate

2002-04-22 Thread Eric Rescorla
mp can read data captured with 'tcpdump -s 8192 -w' if that helps at all. In general, this sort of thing is very difficult to diagnose without either ssldump traces or OpenSSL logging info. -Ekr -- [Eric Rescorla [EMAIL PROTECT

Re: Certificate Problem / get_peer_certificate

2002-04-22 Thread Eric Rescorla
m to be able to fix this is to re-create all new certificates. The > certificates are set to expire in a year but the problem occurs within > weeks/months of deployment and continues to happen. Does anyone have any > insight on how this could be happening? Thank you for your time. What d

Re: Prevent apache from giving out server cert?

2002-04-18 Thread Eric Rescorla
Michael Sierchio <[EMAIL PROTECTED]> writes: > It's also the case that the client may send a 'Hello request' instead > of a client hello, in order to see what the server supports... HelloRequests may only be sent by the server (See RFC 2246 S 7.4.1.1)

Re: Prevent apache from giving out server cert?

2002-04-18 Thread Eric Rescorla
"Tobias Mattsson" <[EMAIL PROTECTED]> writes: > Well it might not be such a good design, > but what I asked initially was only if it is possible to restrict apache from giving >the cert out, and if that somehow can stop people from connecting to the server >without having the certificate. No. T

Re: Prevent apache from giving out server cert?

2002-04-18 Thread Eric Rescorla
;re doing static RSA key exchange). The client ENCRYPTS the PreMasterSecret under the server's public key. This necessitates knowing the public key. -Ekr -- [Eric Rescorla [EMAIL PROTECTED]] Author of "SSL and TLS: Designing and Building Secure S

Re: Using 3DES algorithm in SSL with only 2 keys

2002-04-15 Thread Eric Rescorla
. > If so, could you please tell me how to do it. The need for this is to > use only > 112bit key length because of 128bit key export restriction. Which country has such an export restriction? Not the US. -Ekr -- [Eric Rescorla [EMAIL PROTECTED]

Re:

2002-03-25 Thread Eric Rescorla
ce, know why I am having difficulties snooping an https > request from IE6 on a local windows client ( proxied via a linux box which > is running the https-proxy-sniff utility from Net_SSLeay.pm ) ? No idea. -Ekr -- [Eric Rescorla [EMAIL PROTECTED]]

Re:

2002-03-25 Thread Eric Rescorla
vely snoop an HTTP transaction. There's no need to pose as the server. Decrypting the traffic requires, as you say, the private key, but not the certificate. -Ekr -- [Eric Rescorla [EMAIL PROTECTED]]

Re:

2002-03-25 Thread Eric Rescorla
indows client on the local ( private ) network - it works for requests from > a linux client running on the same machine as the proxy, so the code is > basically correct. I've written into the newgroup 2 times, but nobody has > been able to answer my problem. If all you want to do is s

Re: public and private keys

2002-03-15 Thread Eric Rescorla
this public key during > the handshake. This how this is normally handled? Kevin, SSL really doesn't know how to work with raw private keys. Your best bet is to use self-signed certificates, which have the same security properties but fit the SSL operations model better. -Ekr --

Re: SSL for a Single-user Workstation

2002-03-06 Thread Eric Rescorla
waste my > time pouring over documentation for something not suited for my purpose. > Is this the case? I believe so. -Ekr -- [Eric Rescorla [EMAIL PROTECTED]] http://www.rtfm.com/ __

Re: SSL for a Single-user Workstation

2002-03-06 Thread Eric Rescorla
ot to put too fine a point on it, but what do you want to DO with SSL? SSL is a network security protocol, so if you don't have any networking, it's not clear why you'd want it. -Ekr -- [Eric Rescorla [EMAIL PROTECTED]] http://www.rtfm

Re: Can I use only handshake functions of OpenSSL ?

2002-03-04 Thread Eric Rescorla
nel .I think it > will be fastest solution but I'm newbie and don't sure . Can you help me ? Why would you want to do this? -Ekr -- [Eric Rescorla [EMAIL PROTECTED]] http://www.rtfm.com/ __

Re: newbie question

2002-02-17 Thread Eric Rescorla
l | | Client | <>| |<--->| Server | ++ Protocol/SSL | +--+ /|\ +- | | Firewall Normal Protocol Stunnel is one such proxy. -Ekr -- [Eric Rescorla [EMAIL

Re: Question on combining encryption with authentication

2002-01-25 Thread Eric Rescorla
ether an encrypted MD is as secure as > an HMAC? Mode (3) is potentially insecure if the attacker can control the IV. There's only a very small performance benefit to using a digest instead of HMAC so I would advise doing it. -Ekr -- [Eric Rescorla

Re: PEM/ASN1 certificate load error?

2002-01-19 Thread Eric Rescorla
67 6e 2e 3d 95 b0 sign.=.. 00771 ; 82 57<1> CONTEXT-SPECIFIC 2, 87 octets = 00773 ; 38 93 b4 19 8a f8 46 91 c2 28 4f f6 68 61 f7 b08.F..(O.ha.. 00789 ; 51 d9 ab 41 4c 62 78 77 67 48 c1 22 70 a0 b6 9f

Re: How do I respond to a renegotiation?

2002-01-17 Thread Eric Rescorla
penssl-examples/> > Will everything be handled "automagically" on the client side, or if not, > how do I know I have to shake hands with the server and what do I do? Sometimes :). This is discussed in the article as well. -Ekr -- [Eric Rescorla

Re: Non blocking I/O

2002-01-14 Thread Eric Rescorla
SSL Programming" at http://www.rtfm.com/openssl-examples. Part 2 covers non-blocking I/O. -Ekr -- [Eric Rescorla [EMAIL PROTECTED]] http://www.rtfm.com/ __ OpenSSL Project

Re: Avoiding clock-skew error problems

2002-01-14 Thread Eric Rescorla
Adam Wosotowsky <[EMAIL PROTECTED]> writes: > On Mon, Jan 14, 2002 at 09:26:22AM -0800, Eric Rescorla wrote: > > > SSL does not require that the client and server have synchronized > > clocks, except in the loose sense that a certificate verifier's > > clo

Re: Avoiding clock-skew error problems

2002-01-14 Thread Eric Rescorla
in order to avoid falsely evaluating expiry. Exactly what behavior are you seeing that leads you to believe that this is a problem? -Ekr -- [Eric Rescorla [EMAIL PROTECTED]] http://www.rtfm.com/

Re: RSA keys auth.

2002-01-06 Thread Eric Rescorla
Vadim Zaliva <[EMAIL PROTECTED]> writes: > On 6 Jan 2002, Eric Rescorla wrote: > > I would like to thank everybody who responded to my previous messages. > > > This can't be done with SSL exactly the way you want to do it. The > > only way that SSL kn

Re: RSA keys auth.

2002-01-06 Thread Eric Rescorla
Michael Sierchio <[EMAIL PROTECTED]> writes: > Eric Rescorla wrote: > > > That said, it's not clear how these results apply to passwords. > > The entropy of short chunks of text is lower. > > No. The entropy of short chunks of text, without syntax, is &g

Re: RSA keys auth.

2002-01-06 Thread Eric Rescorla
Michael Sierchio <[EMAIL PROTECTED]> writes: > Jeffrey Altman wrote: > > > A passphrase consisting of human readable/typable text provides > > approximately 2 bits of entropy per character. > > English text contains approx. 3.5 bits of entropy per character. This seems high, considering that

Re: RSA keys auth.

2002-01-06 Thread Eric Rescorla
nects. The client then authenticates to the server with a password. Once the client has authenticated he puts his own public key on the server. -Ekr -- [Eric Rescorla [EMAIL PROTECTED]] Author of &qu

Re: Maximum size of server certificate

2001-12-18 Thread Eric Rescorla
gle certificate and the server's cert chain as a whole are limited to 2^24-1 bytes. In practice the limit is 5-10 bytes longer because no handshake message can be longer than 2^24-1 bytes and so when you factor in the size of various length bytes and such you get a l

Re: Maximum size of server certificate

2001-12-18 Thread Eric Rescorla
"Krishnaswamy R." <[EMAIL PROTECTED]> writes: > Is there is any maximum size defined in TLS for a server's > certificate sent to the client? Yes, but it's ridiculously large. No single certificate can be longer than 2^24 bytes. -Ekr -- [Eric Rescorla

Re: Java toolkit for SSL???

2001-12-07 Thread Eric Rescorla
h you then JSSE is a reasonable choice. Otherwise, you should probably check out PureTLS which is (as far as I know) equally capable to JSSE and is Open Source. PureTLS can be found at http://www.rtfm.com/puretls -Ekr -- [Eric Rescorla [EMAIL PROTECTED

Re: Cryptology Questions

2001-12-07 Thread Eric Rescorla
sh). (Assuming, of course, that no attack better than brute force is known for the digest in question). -Ekr -- [Eric Rescorla [EMAIL PROTECTED]] http://www.rtfm.com/ __ OpenSSL Pr

Re: Cryptology Questions

2001-12-06 Thread Eric Rescorla
data from being tampered with. This is done by SHA. > Also reading in Eric's book he says 1024-bit assymetric keys are > about as strong as 80-bit symmertic keys. So why is assymetric used? I > assume its bec

Re: Cryptology Questions

2001-12-06 Thread Eric Rescorla
t it. Of course, it's obvious that there must be collisions and for MD5 at least it's technically possible to find them by brute force, since the birthday attack is 2^64 hard. This doesn't mean that the use of MD5 in SSL is insecure. The only property that SSL really requir

Re: PKI book in relation to VPNs

2001-12-04 Thread Eric Rescorla
it's an admin guide more than a book on the protocols. I'm generally a lot more interested in the latter (though there's a bigger market in the former so maybe I should have targetted "SSL and TLS" differently :)) -Ekr -- [Eric Rescorla

Re: PKI book in relation to VPNs

2001-12-04 Thread Eric Rescorla
tp://www.amazon.com/exec/obidos/ASIN/0201702096/qid=1007480469/sr=1-3/ref=sr_1_11_3/107-6458714-3717315 Neither of these books is wholly satisfactory. Harkins and Doraswamy is old and was always a bit thin. Yuan and Strayer is rather academic for my taste. -Ekr -- [Eric Rescorla

Re: Man in the middle attacks ?

2001-11-12 Thread Eric Rescorla
usual way SSL prevents man-in-the-middle attacks is by having the client check the server's certificate against a trusted CA. If you're using self-signed certificates and the client doesn't have any independent knowledge of the server's certificate you certainly are vulnerable to

Re: SSL_read() and select() problem.

2001-11-02 Thread Eric Rescorla
Venugopal Panchamukhi <[EMAIL PROTECTED]> writes: >I've modified the client code in such a way that reading and writing > is done in a single thread. But my basic problem was not cleared. When > i'm calling select() it is returning the read condition after which the > read_SSL() method is retu

Re: WinCE SChannel -> OpenSSL

2001-10-31 Thread Eric Rescorla
"Matthew Fleming" <[EMAIL PROTECTED]> writes: > I would appreciate your help with the following, although it is not > strictly (or not only) and OpenSSL problem. > > I am trying to connect a Pocket PC to a Linux server. The Pocket PC uses > Schannel (which on the PPC apparently includes SSLv2 and

Re: OpenSSL Handshake Problem

2001-10-30 Thread Eric Rescorla
> appreciated. In general your best approach is to look and see what errors the client and server are generating. Failing that, use ssldump <http://www.rtfm.com/ssldump> to watch the traffic and see what's going wrong. -Ekr [Eric Rescorla [EMAIL PROTECTE

Re: SSL_connect() blocks

2001-10-26 Thread Eric Rescorla
Ludovic Courtès <[EMAIL PROTECTED]> writes: > > This is pretty confusing. Are you trying to connect to an OpenSSH > > server with SSL? That won't work. > > Ok. I am getting a bit confused with secure protocols, and i guess i didn't get > it at all... ;) It's a little confusing because OpenSSH us

Re: SSL_connect() blocks

2001-10-26 Thread Eric Rescorla
Ludovic Courtès <[EMAIL PROTECTED]> writes: > I am new to OpenSSL and I am currently trying to use it to make a simple sort of > `rexec' program. I first started with the examples taken from > http://www.rtfm.com/openssl-examples . > > Actually, the problem I am facing is that my program (which i

Re: Posting to SSL

2001-10-24 Thread Eric Rescorla
"Richard Booth [Web Developer]" <[EMAIL PROTECTED]> writes: > When performing a post from a non-secure sever to a secure server is the > connection made secure before any data passes through? It's not clear what you mean here. Servers don't typically post to other servers. Perhaps you mean when a

Re: Is the key exchange asymmetric or symmetric?

2001-10-23 Thread Eric Rescorla
what they're talking about. If you want to understand how this all fits into SSL/TLS, you might check out my book, "SSL and TLS: Designing and Building Secure Systems" (see my .sig for a link) -Ekr -- [Eric Rescorla [EMAIL PR

Re: Moving write buffer

2001-10-19 Thread Eric Rescorla
Andrew Finnell <[EMAIL PROTECTED]> writes: > [1 ] > In my application , I am doing something simliar to this on the client > > SSL_use_PrivateKey_file ( "blah" ); > SSL_use_certificate_file ( "blah" ); > SSL_renegotiate ( ssl ); > > Not after that is done I try send

Re: client/server using TLS

2001-10-12 Thread Eric Rescorla
julien Bournelle <[EMAIL PROTECTED]> writes: > I try to developp a client/server application using TLS... > My client.c file is like this : > > first : initialize_ctx(); > tcp_connect6(); -> I use IPv6 socket > SSL_new(); > BIO_new_socket() > SSL_set_bio() > SS

Re: Differences between TLS and SSL

2001-10-11 Thread Eric Rescorla
Rich Salz <[EMAIL PROTECTED]> writes: > > SSLv3 is a defacto, industry standard, devised by the best cryptanalyst > > we have. It is represented only by an expired Internet Draft. TLS is a > > committee effort. You be the judge. > > That is unfair, misleading, and wrong. > > All IETF standard

Re: What to use when writing Java-clients?

2001-10-09 Thread Eric Rescorla
Endre Meckelborg Rognerud <[EMAIL PROTECTED]> writes: > I'm trying to write a client in Java that should connect to an OpenSSL > server through a SSLConnection. I have tried to write it with the JSSE > package from Sun, but I've had a lot of problems. The first problem > was related to the message

Re: Coding with TLS

2001-10-09 Thread Eric Rescorla
julien Bournelle <[EMAIL PROTECTED]> writes: > Hi, > as part of my thesis I must developp an application which uses > TLS. I use OpenSSL on FreeBSD 4.2. The problem is that I don't know how to > create a TLS connection between a client and a server. I searched on > google and other FAQs but

Re: configuration problems - jsse....

2001-10-08 Thread Eric Rescorla
"Nancy Pawlowski" <[EMAIL PROTECTED]> writes: > Does anyone recognize this error? > > I've had jsse with tomcat configured under linux - and it is running ok; >but am having problems running it under windows2000. This isn't an OpenSSL issue. Why are you posting it here? -Ekr

Re: nonblocking sockets + peek

2001-10-08 Thread Eric Rescorla
Wirta Ville <[EMAIL PROTECTED]> writes: > Yes, there is someone listening. And the whole thing works if client > doesn't use non blocking sockets. For some reason non blocking > BIO_do_connect doesn't send anything with it's first few attempts (it's > fourth or fifth time that makes things w

Re: SSL_read() never returns an error if client rejects certificate

2001-10-04 Thread Eric Rescorla
Jeremy Smith <[EMAIL PROTECTED]> writes: > > Also, the documentation refers to the concept of a "BIO" all over the places, but >never defines it anywhere that I can find. Is BIO some kind of universally >understood concept that I have only just heard of? In any case, where can I go to >learn

Re: SSL_read() never returns an error if client rejects certifica te

2001-10-04 Thread Eric Rescorla
Neff Robert A <[EMAIL PROTECTED]> writes: > I loved your book. Ordered it from B&N as soon as > I saw it. Helped me overcome some early initial > mindblocks when first integrating with OpenSSL. > For those of you reading this, Erik's book is > titled: SSL and TLS - Designing and Building > Secur

Re: SSL_read() never returns an error if client rejects certifica te

2001-10-04 Thread Eric Rescorla
nnects. This doubles the compute cost to the server. Whether sockets or CPU time is more precious to the server depends on the server. -Ekr [Eric Rescorla [EMAIL PROTECTED]] Author of "SSL and TLS: Designing and Building Secure Syst

Re: return value -1

2001-10-04 Thread Eric Rescorla
Ruby Cruiser <[EMAIL PROTECTED]> writes: > Also, > "SSL_read" does not return at all... I don't know > what's going on. > > What does Blocking and non_blocking IO mean?? Blocking I/O means that when you ask to read or write on the socket and there's no data or buffer space available the call won'

Re: Signing Browser Client Certificates

2001-09-26 Thread Eric Rescorla
"Christopher L. Everett" <[EMAIL PROTECTED]> writes: > Hello again: > > I read the OSPKI book, which pointed me at the sign.sh > script which helped quite a bit. I'm wondering if anyone can > help me with a few specifics. > > So far, how I understand a certificate request gets signed > is: >

Re: Client Authentication Problem

2001-09-26 Thread Eric Rescorla
Götz Babin-Ebell <[EMAIL PROTECTED]> writes: > And how gets he the connection IP-Address <-> FQDN ? > ->He uses DNS. I think you need to reread his message since that's not what he says. > If he wants to allow user XYZ presenting certificate C_XYZ to > do some things, all he has to do is look in

  1   2   >