Since 5 days i have not received any response. It could be a silly questions
to you guys. But i need the answer.
Waiting for a nice reply.
Best Regards,
S S Rout
--
View this message in context:
http://old.nabble.com/SSL_Certificate-Validation-%28-Server-Authentication%29%3A-Please-Help-tp33
Thanks Dave for explanation.
One doubt regarding sentence " If a subjectAltName extension of type dNSName
is present, that MUST
be used as the identity(RFC 2818)"
What does this line means ?
Does it says if a certificate have different CN in issuer & subject field
but SubAltname: x.x.x.x which m
Hey Crypto guys,
I have a basic questions regarding Certificate validation. Basically in a
Server Authentication a TLS client should validate the CN/SN with Host
portion of the ACS.URL. If it matches then handshake will succeed else will
fail. Am I right ?
e.g.
if Host.Url=x.x.x.x then CN (in b
S call flow if i use self-signed DSA type
certificates(keep the same on client & server side as well) ?
Please clarify Dave.
Best Regards.
S S Rout
Dave Thompson-5 wrote:
>
>> From: owner-openssl-us...@openssl.org On Behalf Of Mr.Rout
>> Sent: Friday, 11 May, 2012 03:50
>
Hi Folks,
In RFC-2246 there are various ways of Handshake failure.
Alert Descriptions
===
unexpected message 10
bad record mac 20
decryption failed 21
record overflow 22
decompression failure 30
unsupported certificate 43
certificate revoked 44
certificate unknown 46
illegal paramete
Dear All,
What is the significance of each phrase in the below cipher suite ?
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA
May be this is a dump question. But i am interested to know each phrase.
Best Regards,
Siba Shankar Rout
--
View this message in context:
http://old.nabble.com/A-Ques
Hi All,
Please help me out in debugging this cipher negotiation issue.
My client supports OpensslV1.0 and my server supports Openssl0.9.7. I used
self-signed RSA type certificate on both server & client. But my Handshake
is failing.
My client sends these ciphers in client hello message.
Cipher S
Dave & all,
We have fixed the Segment lost issue which was causing Packet drop. But we
are still seeing the "Encryption Alert" again. I am attaching one more
packet capture which has all the information.
Due to my limited knowledge i request would you please explain me the exact
reason for this
Dear Folks,
I am looking for "What are the possible TLS/SSL testing suite? " Is there
any link/docs which i can follow to get an idea about what are the possible
TLS/SSL Testing specification ?
Thanks in Advance.
Best Regards,
S S Rout
--
View this message in context:
http://old.nabble.com
Hi Johannes Bauer
If I have a certificate chain
Root -> A -> B -> Leaf
where "Leaf" is the certificate of a webserver (https) and Root is av
self-signed certificate.
If you donot mind would you please mention what are the Openssl commands you
used to create this chain ?
Please help me on thi
I am doing Server Authentication where i keep ROOT cert are my client and
Server cert ( could be Selfsigned or chained cert).
The issue here is i am facing the below error when ever i am using
2-level-CA cert even more.
Alert Level: Fatal, Description: Unable to verify leaf signature (21)
Du
Thanks Dave.
I request you please give more information regarding this error. What
exactly it means to me ?
I am doing Server Authentication where i keep ROOT cert are my client and
Server cert ( could be Selfsigned or chained cert).
The issue here is i am facing the below error when ever i am
Dear Folks,
While setting up the TLS session i am facing below error.
TLS Alert Level: Fatal, Description: Unable to verify leaf signature (21)
I created the Chained certfificate like below :
ROOTCA>ServerCA->ServerCert
I kept ROOTCA at my TLS client and cancatenated version of all th
Folks,
Can somebody clarify my doubts on below questions
1) what is intermediate certificate validation ?
2) Is it required to keep chained certificate or End user certificate at
Server Side
3) How to generate intermediate certificate using Openssl command ?
Please clarify.
Thanks in advance.
Dear Folks,
I am seeing the below errors during the certificate validation. Not sure
what is wrong with the certificate.
error:num=20:unable to get local issuer certificate
verify error:num=27:certificate not trusted
verify error:num=21:unable to verify the first certificate
Here is the output
Hi Folks,
Can somebody please clarify my silly questions ? I need to understand the
behavior of TLS client.
1. How do I verify that TLS Client send connection close without sending
Closure alert ?
2. Is there any way to decrypt Application data (HTTP data) on wireshark
itself ?
3.
Dear All,
My TLS client can validate both CN and SN & i need to test both the
scenario.
I don't know how to create certificate with “subjectAltName extension”
using openssl commands.
In the RFC-2818 , there are two ways of Certificate Validation for Host name
1) CN (Common Name)
2) S
Dear All,
Actually in large TLS client deployment network what are the Silence points
we need to take into consideration to have a healthy handshakes with data
traffic without any issues?
i.e. to avoid TLS server overload
If my TLS client does not support Session Resumption(means every time it
Dear All,
Actually in large TLS client deployment network what are the Silence points
we need to take into consideration to have a healthy handshakes with data
traffic without any issues?
If my TLS client does not support Session Resumption(means every time it
does Full handshakes) then what wou
Thanks a lot Dave for a Wonderful explanation.
Best Regards,
Rout
--
View this message in context:
http://old.nabble.com/Difference-b-w-TLS--Connection-and-TLS-Session-tp32780649p32831085.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
Thanks Wim & Richard.
But still i donot understand why I am seeing "Encryption Alert" ?
My TLS Client is " 10.220.4.50" & My TLS Server is "10.204.4.69". If you
see the packets #16,#31,#50 then an Encryption Alert is being sent by TLS
Client.
As of this Connection is getting closed and new hands
Dear ALL,
While understanding the TLS Resumption i got some questions. Can any body
please explain this to me ?
1) What should i see in Client Hello message if i say my TLS client Support
TLS-Resumption ?
2) If i donot see any TLS extension then what would be the real impact on
Secure communi
Thanks Ciao !!!.
I am seeing that "for one TCP connection my TLS client is doing 4
handshakes". I don't know what is the reason for this.
But when i see the packet capture i see "TLSv1: [TCP Previous segment lost]
Ignored Unknown" & "TLSv1: Encrypted Alert".
Can somebody please confirm this
Sign, cRLSign
> subjectKeyIdentifier=hash
> #authorityKeyIdentifier=keyid:always,issuer:always
> authorityKeyIdentifier=keyid:always
> #basicConstraints= critical, CA:TRUE, pathLenConstraint:0
> basicConstraints= critical, DER:30:06:01:01:ff:02:01:00
>
>
>
> Regards
> Ram
>
Dear All,
Can any body please let me know "what is the difference between TLS
Connection and TLS Session ?
How many TLS Session would be there in one TLS Connection?
For each TCP connection how many TLS Connection and TLS Session would be
there ?
Please clarify.
Best Regards,
Rout
--
View th
Rout
Dave Thompson-5 wrote:
>
>> From: owner-openssl-us...@openssl.org On Behalf Of Mr.Rout
>> Sent: Monday, 31 October, 2011 13:43
>
>> I am newbie to Openssl. I am confused about Chained ROOT
>> certificates?
>> Could someone please guide me the ste
Dear All,
I am newbie to Openssl. I am confused about Chained ROOT certificates?
Could someone please guide me the step by step approach for generating
Chained ROOT certificate?
e.g. My Server name is "www.https.com ( I successfully generated Self-signed
SSL certificate where i put CN=www.ht
Dear All,
I am doing HTTPS Testing using Openssl & Squid proxy.
We are implemented TLS client which supports TLSv1.0 only.
Can some body please suggest me "What are the Silence points we need to
verify for HTTPS Testing?".
Any comments would help me a lot.
-Regards,
Rout
--
View this message
28 matches
Mail list logo
