RE: Failed SSL/HTTP connections via Apache(2.4.3)SSL when going from 1.0.1c to 1.0.1e

help to date. I am now running the latest OpenSSL with every package on my system. -Joel On Tue, February 19, 2013 7:48 am, Salz, Rich wrote: >> Since my goal is a running system with no known security >> vulnerabilities ... I have a habit of wanting to use the 'latest >>

RE: Failed SSL/HTTP connections via Apache(2.4.3)SSL when going from 1.0.1c to 1.0.1e

ther way, it will be interesting to track this down, so I will try the dynamic loading of mod_ssl again at some point(part of the fun of running this server in my home is tracking these things down when they come up - as I do enjoy this.) Thank you for bringing these good points up! Joel On Tue, Febru

Re: Failed SSL/HTTP connections via Apache(2.4.3)SSL when going from 1.0.1c to 1.0.1e

Thank you all for your kind help. I noticed the lack of the trace option with 1.0.1e. Is there some way for me to check out a copy of 1.0.2 development, to see if it exhibits the same problem - and if it does, to capture a trace? I have not been able to progress much on this, because of other resp

RE: Failed SSL/HTTP connections via Apache(2.4.3)SSL when going from 1.0.1c to 1.0.1e

On Mon, February 18, 2013 3:04 am, Eisenacher, Patrick wrote: > Hi Joel, > > > Looks like your client doesn't trust the server's root CA certificate. > Try to invoke s_client with either the -CApath or the -CAfile option. > > Thanks for your note. The issue I hav

Re: cipher suites for DTLSv1

On Fri, 15 Feb 2013, Joel Dice wrote: On Fri, 15 Feb 2013, Joel Dice wrote: On Thu, 14 Feb 2013, Dr. Stephen Henson wrote: On Thu, Feb 14, 2013, Joel Dice wrote: Although OpenSSL seems to allow CBC-based suites with DTLS, from what I've read a block in a CBC stream can't b

RE: Failed SSL/HTTP connections via Apache(2.4.3)SSL when going from 1.0.1c to 1.0.1e

On Mon, February 18, 2013 3:04 am, Eisenacher, Patrick wrote: > Hi Joel, > > > Looks like your client doesn't trust the server's root CA certificate. > Try to invoke s_client with either the -CApath or the -CAfile option. > > Thanks for your note. The issue I hav

Re: Failed SSL/HTTP connections via Apache(2.4.3)SSL when going from 1.0.1c to 1.0.1e

Here is the output from running an 'openssl s_client -debug' command (as much verbosity as I could quickly find.) The key difference between the two seems to be in the 1.0.1e case, there is this extra text at the end. 1.0.1c does not show this error. 13780:error:140790E5:SSL routines:SSL23_WRITE:s

Failed SSL/HTTP connections via Apache(2.4.3)SSL when going from 1.0.1c to 1.0.1e

Here is the output from a machine connecting to my server, once with it running 1.0.1c and also with it running 1.0.1e. I have spent hours trying to work this issue. I have it down to this: I have a two bootable partitions on my computer. The only relevant difference between them is the first has 1

Re: cipher suites for DTLSv1

On Fri, 15 Feb 2013, Joel Dice wrote: On Thu, 14 Feb 2013, Dr. Stephen Henson wrote: On Thu, Feb 14, 2013, Joel Dice wrote: Although OpenSSL seems to allow CBC-based suites with DTLS, from what I've read a block in a CBC stream can't be properly decoded without the prior b

Re: cipher suites for DTLSv1

On Thu, 14 Feb 2013, Dr. Stephen Henson wrote: On Thu, Feb 14, 2013, Joel Dice wrote: Although OpenSSL seems to allow CBC-based suites with DTLS, from what I've read a block in a CBC stream can't be properly decoded without the prior block being available (http://en.wikipedi

Re: DTLS over an alternate transport

On Thu, 14 Feb 2013, Tom Cocagne wrote: Thanks for the quick reply Joe. I am definitely interested in seeing your example, I've been unable to find many DTLS examples at all and certainly none that use an alternative transport mechanism. Also, have you taken into account the timer for dropped s

cipher suites for DTLSv1

Hi all, I've been experimenting with the DTLS support in OpenSSL recently and discovered that my application was receiving garbage data when packets were lost or reordered. Closer inspection explained why: I was only enabling cipher suites which either used stream ciphers like RC4 or block c

Re: DTLS over an alternate transport

On Thu, 14 Feb 2013, Tom Cocagne wrote: I've seen examples where BIO pairs are used send SSL traffic over application-controlled data streams instead of using raw file descriptors. Is this possible with DTLS as well? Yes, that's what I'm doing. It seems to work perfectly as long as no packet

cipher suites for DTLSv1

Hi all, I've been experimenting with the DTLS support in OpenSSL recently and discovered that my application was receiving garbage plaintext when packets were lost or reordered. Closer inspection suggested a possible cause: I was only enabling cipher suites which either used stream ciphers l

Re: RE : Re: Tutorial

Hi, Man pages means to look at the manual pages for the libraries. If you're using a UNIX system, you can do: $ man EVP_EncryptInit as an example, to see the manual. Additionally, you can use google for "man EVP_EncryptInit" to find the man pages. I recommend starting here: http://www.hmug.o

Re: Tutorial

Hi Driss, Have you looked at the man pages for the OpenSSL libraries? Also there is an OpenSSL book (www.opensslbook.com) that has sample code online for download. On Fri, Feb 22, 2008 at 6:53 AM, EL HACHIMI Driss <[EMAIL PROTECTED]> wrote: > Hello, > > I need to set an SSL communication betwe

Re: Emptying the buffer

nicast it to you? Thanks, Joel On Fri, Feb 15, 2008 at 11:14 AM, David Schwartz <[EMAIL PROTECTED]> wrote: > Joel Christner wrote: > > > dataRead=recvfrom(connfd,readBuffer,sizeof(readBuffer),0,NULL,NULL); > > for (i=0;i > Umm, you just stored the number of bytes read

Re: Emptying the buffer

Anyone have any ideas? Thanks On Wed, Feb 13, 2008 at 6:44 PM, Joel Christner <[EMAIL PROTECTED]> wrote: > Hello, > > I have a simple client-server program and am using blowfish. I'm using > the EVP_* routines to initialize, encrypt, and decrypt. Variable-length >

Re: Emptying the buffer

Ok, I will change that. Can you provide any guidance on how to empty the buffer? Thanks On Thu, Feb 14, 2008 at 2:50 AM, jimmy bahuleyan <[EMAIL PROTECTED]> wrote: > Joel Christner wrote: > > Hello, > > > > I have a simple client-server program and am using blowfi

Emptying the buffer

Hello, I have a simple client-server program and am using blowfish. I'm using the EVP_* routines to initialize, encrypt, and decrypt. Variable-length data is taken in from the client through stdin and sent to the server socket after encryption. One question I have is how I clear what's already

Re: Compiling on a Mac

As an aside, anyone have issues with unrecognized symbols EVP_CIPHER_CTX_block_size? I've tried including everything under the sun - evp.h, bio.h, err.h, rand.h, ssl.h, x509v3.h. On Feb 7, 2008 5:20 PM, Jeremy Farrell <[EMAIL PROTECTED]> wrote: > > From: Larry Bugbee > > > > > The source for in

Re: compiling a ssl

Hi Gopinath, I'm having the same issue (not in VC++ though) What symbols are causing external reference errors for you? What command-line string are you using to try and compile your project w/ OpenSSL? Did you link ssl/crypto into your project? On Feb 6, 2008 1:51 AM, gopinath ethiraja <[EMAI

Re: Compiling on a Mac

am of data. Thanks Joel On Feb 6, 2008 1:09 AM, David Schwartz <[EMAIL PROTECTED]> wrote: > > > Can you share the code that you found, a link to it, or at > > least a hint as to which search engine you found it on? > > >> http://www.cs.odu.edu/~cs772/sourcecode/N

Re: Compiling on a Mac

Can you share the code that you found, a link to it, or at least a hint as to which search engine you found it on? On Feb 5, 2008 8:01 PM, David Schwartz <[EMAIL PROTECTED]> wrote: > > > > The source for incremental_send isn't in the book anywhere > > that I've seen. > > Well then that explains t

Re: Compiling on a Mac

t it is provided. Thanks Joel On Feb 5, 2008 6:19 PM, David Schwartz <[EMAIL PROTECTED]> wrote: > > > > Ummm, I realize that. I've tried hunting down where the > > incremental_send method is and I can't find it anywhere. > > It's in your book

Re: Compiling on a Mac

ed by the compiler. Where is the symbol table and how do I examine it? Pardon my ignorance. I've also googled for "incremental_send", which per the OpenSSL book I'm using is supposed to be contained in one of the OpenSSL files that 'm including, and google doesn't pr

Re: Compiling on a Mac

7;m getting now when I try and compile - this appears to be the only error. Undefined symbols: "_incremental_send", referenced from: _incremental_encrypt in cc4DdydW.o _incremental_finish in cc4DdydW.o ld: symbol(s) not found collect2: ld returned 1 exit status Thanks for you

Re: Compiling on a Mac

1 AM, David Schwartz <[EMAIL PROTECTED]> wrote: > >>> mac# gcc blowfish.c -o blowfish > > >> Where did you get this command from and what > >> was it supposed to accomplish? > > > blowfish.c is a progam I wrote which contained a series of methods for >

Re: Compiling on a Mac

Hi Ted, Thanks, I will do that. Any pointers on a quick fix would be appreciated too. On Feb 4, 2008 3:07 AM, Ted Mittelstaedt <[EMAIL PROTECTED]> wrote: > Joel, > > Before compiling anything on the Mac you need to read the documents on > the Apple > website that disc

Compiling on a Mac

enced from: _encrypt_example in ccbqFUEC.o _incremental_finish in ccbqFUEC.o "_seed_prng", referenced from: _setup_for_encryption in ccbqFUEC.o _main in ccbqFUEC.o ld: symbol(s) not found collect2: ld returned 1 exit status Does anyone have any pointers or tips on how to rectify this? Thanks for your help, Joel

Re: Compiling on a Mac

blowfish.c is a progam I wrote which contained a series of methods for initializing, encrypting, and decrypting. Joel On Feb 3, 2008 10:51 AM, David Schwartz <[EMAIL PROTECTED]> wrote: > > > > mac# gcc blowfish.c -o blowfish > > Where did you get this command from and

Compiling on a Mac

"_EVP_EncryptFinal", referenced from: _encrypt_example in ccbqFUEC.o _incremental_finish in ccbqFUEC.o "_seed_prng", referenced from: _setup_for_encryption in ccbqFUEC.o _main in ccbqFUEC.o ld: symbol(s) not found collect2: ld returned 1 exit status Does anyone have any pointers or tips on how to rectify this? Thanks for your help, Joel

Re: Examples of blowfish.h code for C?

Anyone? On 10/30/07, Joel Christner <[EMAIL PROTECTED]> wrote: > > Hello, > > Please pardon the newbie question. I was curious if anyone had any links > or references that they could point me to for more details on how to use > blowfish.h with C? I've gone through

Examples of blowfish.h code for C?

o use specific methods and such. Thanks in advance, Joel

Re: configuration file seems to have priority over command line?

he verify showed that the common name didn't make it in. (B (BCommenting them out shouldn't be different from actually removing them, (BI would think? (B (B> Ted (B> (B> > -Original Message- (B> > From: [EMAIL PROTECTED] (B> > [mailto:[EMAIL PROTEC

configuration file seems to have priority over command line?

I have the following in the coniguration file: (B (B[ req ] (B{...} (Bprompt = no (B{...} (B[ req_distinguished_name ] (BC = JP (BST = Hyogo (BCN = example (BemailAddress = [EMAIL PROTECTED] (B (Band I try this on the command line: (B (Bopenssl

opentsa pointers, anyone?

Anyone here with experience setting up opentsa on Linux (Fedora Core 2) (Bwho could give me some pointers? (B (BI'm stuck on several things, the biggest one right now being that I (Bcan't figure out what is a standard set up for doing this sort of thing (Bon FC. I found a couple of seed tarbal

Re: What is that CA directory in the template directory layout?

Any takers on this? (B (BI'm still thinking that ${OPENSSL_HOME}/CA/ is for the certificate one (Bsigns as a CA and ${OPENSSL_HOME}/CA/private/ for the key for that (Bcertificate, but a coworker here insists that the root certificate (Bbelongs in ${OPENSSL_HOME}/ and the the key for it in (B$

Re: Does a root CA need two certificates?

Thanks, Ted and Richard, especially for going to the effort of (Bdeciphering my English. (B (B(One of these days I'll learn how to type fast and be lucid at the same (Btime.) (B (BOn the question of using certificates to sign vs. using keys to sign, (Bcould I ask for one more clarification -

Re: AW: Does a root CA need two certificates?

From a newb who has way too much theory and too little practical -- (B (B> >The data is no less secure true.. but the authentication is much easier (B> >for someone to fake since the certificate chain doesn't go through a (B> >trusted third party (Root CA) the person says "This is me. End of st

Re: Does a root CA need two certificates?

Sorry, I wasn't clear in my question. (I'm confused, I know.) (B (B(And thanks for trying to help a confused newb. ;-) (B (BOn Wed, 19 Jan 2005 16:27:10 +0900 (BJoel <[EMAIL PROTECTED]> mumbled unintelligibly: (B (B> Had another newbie type question -- (B> (B> When reading about how to se

Does a root CA need two certificates?

Had another newbie type question -- (B (BWhen reading about how to set up a self-signed web server, the docs I (Bread indicate there is a need for two certificates -- one being a (Bself-signed certificate for the entity certifying the server, and the (Bother being the certificate the web serve

What is that CA directory in the template directory layout?

The first two of these didn't get through, so I'll try again. If I end (Bup triple-posting, I apologize in advance. (B (BThis is not really an important question, but one I've been scratching (Bmy head over for quite a while, and not knowing the answer gives me less (Bthan full confidence in m

NET::SSLeay

I am having problems installing NET::SSLeay on my machine...here is all the pertinant information. If there is anything else that can help in my fixing this problem let me know...Thanks ~joel rpm -q openssl openssl-0.9.5a-2 rpm -q openssl-devel openssl-devel-0.9.5a-2 Redhat based on

SSL_write parameters after an SSL_ERROR_WANT_(READ|WRITE)

attempted to write the time of day to an SSL stream, but failed with the error SSL_ERROR_WANT_WRITE. Later on I discover that I can write, but by this time the time of day has changed by one second. What am I to do? - Joel Daniels

Ephemeral RSA Keys

are there any reasons why I should use Ephemeral RSA vs. Ephemeral DH? Also are there any reasons why I should not use Ephemeral Keys period? - Joel Daniels __ OpenSSL Project http://www.openssl.

SSL_set_fd vs. SSL_set_bio

Is there any benefit to creating my own BIO and using SSL_set_bio as apposed to SSL_set_fd, if I am trying to associate the SSL object with a file descriptor anyway? - Joel Daniels __ OpenSSL Project

what is PEM format?

ficate and rsa key EBs. Thanks. Joel __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]

RE: IE problem with self-signed certificate

orities and hit import. Now everything works fine. Joel > -Original Message- > From: James Hood [mailto:[EMAIL PROTECTED]] > Sent: Thursday, December 20, 2001 1:30 PM > To: [EMAIL PROTECTED] > Subject: RE: IE problem with self-signed certificate > > > > I h

RE: IE problem with self-signed certificate

> -Original Message- > From: Sherriff, Joel [mailto:[EMAIL PROTECTED]] > Sent: Thursday, December 20, 2001 1:05 PM > To: '[EMAIL PROTECTED]' > Subject: RE: IE problem with self-signed certificate > > > > From: Philipp Gühring [mailto:[EMAIL PROTEC

RE: IE problem with self-signed certificate

> From: Philipp Gühring [mailto:[EMAIL PROTECTED]] > Sent: Thursday, December 20, 2001 11:47 AM > > Which is fine. However, IE simply fails to display the > image. No dialog > > asking > > to accept the certificate, no nothing. That is, for me and > all but one of > > my co-workers. > > Cou

IE problem with self-signed certificate

Hello all, Has anyone else seen/solved this problem that I'm having with IE? My server has a self-signed certificate. In Navigator, if I load an http page that references an https image on my server - something trivial like: https://myserver/logo.gif"; WIDTH=130 HEIGHT=152 ALT="graphic"> Navi

RE: Alt Subject Name : IP Address

ct line. } catch (...) { return FALSE; //There was a memory exception } if(sCertAddress != sAddress) //If the server name from the server certificate and the server name do not match... return FALSE; //ERROR COULD NOT VALIDATE SERVER Joel Daniels (a novice).

REMOVE

  -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]Sent: Thursday, January 11, 2001 1:11 AMTo: [EMAIL PROTECTED]Subject: Time to Refinance? MORTGAGE QUOTESDEBT CONSOLIDATION-REFINANCING-SECOND MORTGAGES-HOME IMPROVEMENTCLICK HEREINTEREST RATES GOING

Iteration count problem with pbe (PKCS5_pbe_set())

same encrypted data back. I'm not sure if the problem is in openssl or JCE1.2, but I thought I'd see if anyone has seen this before or has any ideas. I would just use a iteration count < 256, but the PKCS#5 spec says not to use a count < 1000. Joel __

DLLs for Openssl 0.9.4

Hi All! Can anyone tell me where I can find dll's for Openssl v0.9.4? Thanks in advance!! Joel Yarde [EMAIL PROTECTED] __ Get Your Private, Free Email at http://www.hotmai

RE: funny behaviour of openssl s_client in win32

I have the same problem with s_client on Win 95...I am unable to type anything after the client has connected to the server. I have also noticed a similar problem with s_server: I connect to my Win 95 s_server from a Linux version of s_client (since the Windows one does not work). The client ca

certs

I way off base here? Joel __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]

please help a newbie

trying to learn the API. I would really appreciate any help you all give give... Cheers, Joel __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL

using des, no certificates

would be very useful, whether or not it uses DES. Thanks for your help! Joel __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated