r ciphers except
for the AES128-SHA and AES256-SHA.
Thanks again
--Basel
Frédéric Donnat <[EMAIL PROTECTED]> schrieb:
Hi
the folowinfg function shoudl do it.
from openssl/include/ssl.h
int SSL_CTX_set_cipher_list(SSL_CTX *,const char *str);
Refers to ttthe man for furt
Hi
the folowinfg function shoudl do it.
from openssl/include/ssl.h
int SSL_CTX_set_cipher_list(SSL_CTX *,const char *str);
Refers to ttthe man for further explanation.
regards
Fred
-Original Message-
From: [EMAIL PROTECTED] on behalf of Basel Katt
Sent: Wed 5/24/2006 11:12 AM
Hi all,
Here is a good link about block cipher algorithm that explains this.
It also explain the "mode": ECB, EFB, OFB, CBC (in SSL/TLS CBC one is used)
http://www.cacr.math.uwaterloo.ca/hac/
Chapter 7 - Block Ciphers
regards,
Fred
-Original Message-
From: Michael Sierchio [mailto:[
Hi,
Maybe you could have a look at "ssl/man/man3/engine.3", there is some
explanation on how engine works.
Some sample code could also be found in fiel apps/apps.c the following function:
ENGINE *setup_engine(BIO *err, const char *engine, int debug)
You could also have a lok at apps/engine.c
Hi,
You should have a look at "openssl ciphers -v".
You should fine this ciphers suites and the explaination Key exchnage algo; key
authent algo... sym enc algo etc...
hope it could help.
Fred
-Original Message-
From: Yves Kreis [mailto:[EMAIL PROTECTED]
Sent: Thu 1/12/2006 1:40 P
Hi,
In SSL protocol the server is supposed to send the client a list of CA (taht
the server trust) for client authentication.
The SSL_CTX_set_client_CA_list() is here to setup this list of CA "name". If
none are provided the certificate location should be used to do so.
Have a look at the onli
Hi,
I think you could use the i2d_X509_bio and d2i_X509_bio function that help
using BIO and X509 struture.
from openssl/x509.h
#define d2i_X509_bio(bp,x509) (X509 *)ASN1_d2i_bio((char *(*)())X509_new, \
(char *(*)())d2i_X509, (bp),(unsigned char **)(x509))
#define i2d_X509_bio(
pher: AES256-SHA
...
Things are the same with last openssl 0.9.7i.
Fred
-Original Message-
From: Daniel Tiefnig [mailto:[EMAIL PROTECTED]
Sent: Wed 11/30/2005 6:24 PM
To: openssl-users@openssl.org
Cc:
Subject:Re: cipher suite names in 0.9.8
Frédéric Donnat wrote:
> I
Hi,
I think you made an error:
- RSA with AES and SHA is: AES256-SHA
Just have a look at openssl ciphers -v ouput.
[EMAIL PROTECTED] gcb]$ LD_LIBRARY_PATH=/usr/local/ossl-0.9.8/lib
/usr/local/ossl-0.9.8/bin/openssl ciphers -v | grep AES
DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=
Hi,
You could have a look at apps/s_client.c code looking for nbio option.
It seems that there is two way of doing such thing:
- craete nbio BIO and then connect, etc..
- connect (a socket for example) and then set non blocking IO
(with the socket utilities)
hope it could help
Fred
---
Hi,
Here is something working fine in 0.9.7x but failing in 0.9.8 (as far as i have
tested it).
My engine name is "zencod" as you could see.
openssl_conf = openssl_init
[ openssl_init ]
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
Hi,
AES is included in openssl 0.9.7x and 0.9.8x versions.
"openssl ciphers -v" for SSL use
"openssl enc -h" for crypto use
-Original Message-
From: Pj [mailto:[EMAIL PROTECTED]
Sent: Wed 11/9/2005 3:03 AM
To: openssl-users@openssl.org
Cc:
Subject:AES
Hi,
Does Ope
Hi all,
Any news about that?
Nothing seems have changed on the CVS.
Regards.
-Original Message-
From: Claudiu Dragalina-Paraipan [mailto:[EMAIL PROTECTED]
Sent: Fri 10/28/2005 3:07 PM
To: openssl-dev@openssl.org
Cc:
Subject:BIO_do_connect does not connect (bug?)
Hell
Hi,
I know that 0.9.7x version have probleme in dynamic loading.
especially IMPLEMENT_DYNAMIC_BIND_FN() function.
We have corrected this in our engine by re-defining this macro.
You should find a thread about this in mailing list archive.
Regards,
Fred
-Original Message-
From: Marco
Hi,
To replace OpenSSL RNG, you just have to make your own ENGINE.
You have some example of such engine in engines directory of openssl 0.9.8.
regards,
Fred
-Original Message-
From: Andrew Amargo [mailto:[EMAIL PROTECTED]
Sent: Thu 10/20/2005 5:35 AM
To: openssl-users@openssl.or
Hi,
In fact, to see if algorithm are really available, you could
OPENSSL_add_All_algorithm() (or a similar function OPENSSL_add_all_digest()),
and then try to get them using their name using some EVP_get_digestbyname().
hope it could help.
Fred
-Original Message-
From: Dmitry Belyav
Hi,
I should have a look at evp.h file and the d2i_PrivateKey_xxx and
i2d_PublicKey_xxx functions which allow to use DER representation (in a char[]
buffer) of public/private key.
regards,
Fred
-Original Message-
From: guvenma (sent by Nabble.com) [mailto:[EMAIL PROTECTED]
Sent:
: Thu 10/6/2005 8:30 PM
To: openssl-users@openssl.org
Cc:
Subject:RE: question on linking dynamic engines
What about the name of the library is it specified using the SO_PATH control
command?
THanks,
-Anil
Frédéric Donnat <[EMAIL PROTECTED]> wrote:
Hi,
OpenSSL has a specifi
Hi,
OpenSSL has a specific path for dynamic ENGINE libraries.
If you use the --prefix="/path_to_openssl" option when building openssl, then
- the openssl libraries are in /path_to_ossl/lib
- the openssl ENGINE libraries are in /path_to_ossl/lib/engines
So it's easy to know the path. ;)
Afte
Hi,
Yes Null assume that default rsa_eay method is used (be carefull in openssl
0.9.8 RSA struct has change du to the key_generation method).
For exmaple if you do some RSA_pub_enc(), rsa_eay_pub_enc() will be called and
then your ibmca_bn_mod_exp()...
Just have a look at the source code to ha
Hi,
It depends on what you mean by compatible!
For example, 0.9.7 has a FIPS part that is not in 0.9.8 (for now).
SHA-256 are part of openssl 0.9.8, whereas it is only in the FIPS module of
0.9.7.
Also have a look at RSA structure change in 0.9.8 (ENGINE have changed too).
You should have a loo
Hi,
You could also have a look at:
- demos/selfsign.c
Or the OpenSSL tools:
- apps/req.c
- apps/ca.c
- apps/x509.c
Fred
-Original Message-
From: Dr. Stephen Henson [mailto:[EMAIL PROTECTED]
Sent: Wed 9/28/2005 3:12 PM
To: openssl-users@openssl.org
Cc:
Subject:Re:
Hi,
Sorry but it seems that i forget to say that CTR is "counter" mode (not one of
the basic ECB, OFB, CFB, CBC).
regards
Fred
-Original Message-
From: Frédéric Donnat
Sent: Wed 9/21/2005 11:36 AM
To: openssl-users@openssl.org
Cc:
Subject:Crypto CTR mod
Hi,
> hello I have one questionDose creating a self-signed certificate using
> OpenSSL for use with Microsoft Internet Information Services (IIS) 5,
> give me 40-bit key or 128-bit key?
As far as i know it the key in the certificate is an "asymmetric" one and is
use for the authentication and k
Hi all,
Is there an easy way to use symmetric algorithm of openssl 0.9.8 in CTR mode?
I have a look at the evp.h file but do not see anything about it.
Or maybe i've missed something.
regards,
Fred
__
OpenSSL Project
serial number
Frédéric Donnat wrote:
> Hi,
>
> Sorry for the mistake (nothing to deal with openssl.cnf file). I was just
> looking for ca.txt file.
>
> Is it normal behavior of openssl to be able to view a certificate without
> serial number using (without any error mentioned
Fred
-Original Message-
From: Frédéric Donnat
Sent: Mon 8/29/2005 11:51 AM
To: openssl-users@openssl.org
Cc:
Subject:/usr/local/ossl-0.9.8/ssl/openssl.cnf
Hi all,
Could someone telle where i can find the following file: ca.txt
I'm reading opthe HOWTO and
Hi all,
Could someone telle where i can find the following file: ca.txt
I'm reading opthe HOWTO and i see the following comment (cetificates.txt):
This is NOT the recommended way to create a"
CA certificate, see ca.txt."
regards,
Fred
Hi all,
In crypto/x509/x509.h header i can see th following:
typedef struct x509_cert_aux_st
{
STACK_OF(ASN1_OBJECT) *trust; /* trusted uses */
STACK_OF(ASN1_OBJECT) *reject; /* rejected uses */
ASN1_UTF8STRING *alias; /* "friendl
Hi,
According to the man page, d2i_xx method is able to allocate memory for you.
d2i_PUBKEY_xxx
If you are using OpenSSL 0.9.7 or later then this can be simplified to:
int len;
unsigned char *buf;
buf = NULL;
len = i2d_X509(x, &buf);
if (len < 0)
mail server test please ignore
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL
Mail server tests, please ignore
<>
Hi all,
I'm using openssl-0.9.7x and s_client option without any problem.
openssl s_client -connect etc...
I've just test this with openssl-0.9.8-beta4 and this does not work.
LD_LIBRARY_PATH=/usr/local/ossl-0.9.8-beta4/lib
/usr/local/ossl-0.9.8-beta4/bin/openssl version
OpenSSL 0.9.8-beta4 06
Hi,
I think ubsec driver in included in FreeBSD release, so you should be able to
use the ENGINE related to /dev/crypto. (hw_cryptodev.c)
Ubsec ENGINE should be ok for BroadCom FreebSD driver.
I think that you should not mix them.
Hope it could help,
Fred
-Original Message-
From: [E
Hi,
As we have an ENGINE in this demo (with some asym/symm crypto), if we could
help, just let me know.
regards,
Fred
-Original Message-
From: [EMAIL PROTECTED] on behalf of Richard Levitte - VMS Whacker
Sent: Tue 4/19/2005 12:26 AM
To: openssl-users@openssl.org; [EMAIL PROTEC
Hi nCipher ENGINE is called chill. ;))
openssl engine -t chil
(chil) nCipher hardware engine support
[RSA, DH, RAND]
Maybe nCipher a board based on a bcm582x chip (which allows ubsec ENGINE use).
Hope it could help.
Regards
Fred
-Original Message-
From: [EMAIL PROTECTED] on behalf
Hi
I always buuild my test httpd-2.0.x as follow:
[] CFLAGS="-DSSL_EXPERIMENTAL -DSSL_ENGINE" ./configure \
--prefix=/path_to_apache_install \
--enable-ssl=shared \
--with-ssl=/path_to_openssl \
After i just get a certificate and a private key for my http 2.0 from an
Hi,
I remember some error like this, when implemeting SSL in java and testing whith
openssl.
This can be due to a bad use of encryption/decryption (i advise you to check if
data before encrption are the same as the one after decryption).
Fred
-Original Message-
From: [EMAIL PROTECTE
Hi,
Just take a look at man engine.. ;)
We already encouter this probleme when implementing our one ENGINE for our
NSCrypto board, especially xhen adding symmetric ciphering..
The error you describe "could" comes from a bad symmetric enc/dec.
A "bad mac record with READ" sounds like openssl de
Hi all,
I've no probleme generating CA, client key, CSR, and certificate even export
in, pkcs12 format.
I do not succeded to create certificate chain.
I have a look at x509, pkcs7 pkcs12 options without any success. Maybe i missed
something...
As someone the answer?. Or can anyone put me in th
Hi,
Ithink you should provide all the code.
This is not enough to see if the parameters you used are correctly initialized.
For example, I'd like to see how you handle the multiple call.
Fred
-Message d'origine-
De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de Gorelik, Slava
Hi,
If you have a crypto-board you can use it through engine use.
One way is to initialize openssl librairy with the engine and then use random number
generation function.
Fred
-Message d'origine-
De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de Mateus
Envoyé : mardi 29 ju
Hi,
In fact, I think you should have a look at java SSL mailing list because JSSE is java.
Apache is using openssl, so you should have a look at apache ssl_error.log or
ssl_engine.log.
As far as I know it RC4 alogorithm does not required any IV (at DES or 3DES opposite
for example) that's why yo
Marcus Carey a écrit :
Can
someone explain the following warning? Client-SSL-Warning:
Peer certificate not verified ActivePerl
623Windows IIS 5.0Windows
2000 ServerCrypt-SSLeay
from Activestate repository Marcus
Hi !
This should be a warning due to the verification of the Server Certificate
Hi ,
I've already install openssl on linux with success and i'm trying to
install it on win95.
I've done each step according to the "install win32" file since i've to
setup and the config files and certificates manually. What does this
sentence mean ? On linux install you have to "certificate and
45 matches
Mail list logo
