Another link:
http://code.google.com/p/ssl3fuzzerapi/source/browse/#svn/trunk
On Wed, Oct 27, 2010 at 6:34 AM, Anthony Gabrielson <
agabriels...@comcast.net> wrote:
> Hi,
> Check this out, its a nice little C example:
>
> http://agabrielson.wordpress.com/2010/07/15/openssl-an-example-from-the-co
I am not sure about this stuff however!
- Original Message
From: rfx <[EMAIL PROTECTED]>
To: openssl-users@openssl.org
Sent: Monday, February 25, 2008 12:25:24 PM
Subject: Re: S_client
"Use
browser
directly
(you
don't
have
to
use
openssl
s_client)
and
point
the
URL
tab
to
Hi El Hachimi,
You can follow ssl3fuzzerapi.googlecode.com. It is
raw SSL v3 communication
Thanks,
Suchindra Chandrahas
- Original Message
From: EL HACHIMI Driss <[EMAIL PROTECTED]>
To: openssl-users@openssl.org
Sent: Friday, February 22, 2008 8:23
Thanks Jimmy, now i properly understood!
Thanks and Regards,
Suchindra Chandrahas
jimmy bahuleyan <[EMAIL PROTECTED]> wrote: Suchindra Chandrahas wrote:
> Hi All,
>Just went through this in openssl source in s3_enc.c:
>
> static int ssl3_handshake_mac(
OK. So, this is after the rest of the calculations. OK understood!
Thanks !
Thanks and Regards,
Suchindra Chandrahas
Marek Marcola <[EMAIL PROTECTED]> wrote:
On Thu, 2008-01-03 at 03:30 -0800, Suchindra Chandrahas wrote:
> Hi All,
>Just went through this in opens
sent in client_finished message? Please let me know if i am wrong!!!
Thanks and Regards,
Suchindra Chandrahas
-
Never miss a thing. Make Yahoo your homepage.
Thanks Mererk. Will implement the same!
Thanks and Regards,
Suchindra Chandrahas
Marek Marcola <[EMAIL PROTECTED]> wrote: On Fri, 2007-12-21 at 22:23 -0800,
Suchindra Chandrahas wrote:
> Hi All,
> ClientFinished message has 2 hashes (md5 and
> sha1) of "Al
f 2. above)?
Thanks a lot and Regards,
Suchindra Chandrahas
Be a better friend, newshound, and
know-it-all with Yahoo! Mobile. Try it now.
http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypa
ards,
Suchindra Chandrahas
Marek Marcola <[EMAIL PROTECTED]> wrote: On Mon, 2007-12-17 at 19:39 -0800,
Suchindra Chandrahas wrote:
> Hi All,
> I am doing the following to calculate MAC
> as per SSL v3 handshake:
>
> printf("\nRESULT: Plain Record encry
}
It openssl expecting any parameter that i am not passing?, or does the mistake
mean something related to a part of ClientFinished message?
Thanks and Regards,
Suchindra Chandrahas
Marek Marcola <[EMAIL PROTECTED]> wrote: On Mon, 2007-12-17 at 19:39 -0800,
Suchindra Chandraha
g SSL packet sniffing, and it uses 64 byte key
material. However, my Write MAC key, Read MAC key,
Write Key, Read Key are all fine as per comparison
I am implementing an opensource ssl fuzzing client
without using openssl libraries extensively
Thanks for your help in advance, and Regards,
Suchindra C
Hi Helios,
This is probably a linker issue
Thanks and Regards,
Suchindra Chandrahas
Helios Nguyen <[EMAIL PROTECTED]> wrote: hello everybody,
I want to use function of sha library, in my program i haved put this
line #include but i got this error:
: und
eturn(ret);
}
I guess *p above is pointer to premaster secret. I am doing the same thing
here, only that EVP_Digest_Update is replaced MD5_Update/SHA_Update. I am not
still sure whether my algorithm is correct or not!
Thanks and Regards,
Suchindra Chandrahas
jimmy bahuleyan <[EMAI
Hi Jimmy,
Yes i changed the no. of bytes to 32 (both client and
server random). Also, is it ok to use openssl tls1_prf for ssl v3 handshake?
Thanks and Regards,
Suchindra Chandrahas
jimmy bahuleyan <[EMAIL PROTECTED]> wrote: Suchindra Chandrahas wrote:
&g
by me, though both use the same mechanism
Is something wrong with the MasterSecret calculation algorithm? Can i use a
generic OpenSSL v3 PRF function to calculate the same, without defining the
other parameters of ssl connection structure (because i am only required to
calculate the MasterSecret)?
Thanks and Regards,
Suchindra Chandrahas
-
Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now.
Thanks Merek. I have compiled a somewhat working version of it. Hope to
complete by tomorrow
Thanks for Matrix SSL
Thanks and Regards,
Suchindra Chandrahas
Marek Marcola <[EMAIL PROTECTED]> wrote: Hello,
> Thanks Merek. Will start working on this. Any docs that might have
> implem
Thanks Merek. Will start working on this. Any docs that might have
implementations of this in some code snippet forms, because i am not so well
versed with MD5/Crypto libraries ?
Thanks and Regards,
Suchindra Chandrahas
Marek Marcola <[EMAIL PROTECTED]> wrote: Hello,
> I
in
TLS, we have:
master secret = PRF(server random number, client random number, pre master
secret)
key_material = PRF(master secret, client random number, server random number)
Please advice me if there is any tls library function that finds Pseudo Random
(PRF?)
Thanks and Regards,
S
. Thanks a lot again, it helped me a lot!
Thanks and Regards,
Suchindra Chandrahas
Marek Marcola <[EMAIL PROTECTED]> wrote: Hello,
> I request you to please have mercy on me. I have
> to communicate to SSL v3 Server using SSL v3 Client Hello Message. The
> followi
quot;\x02\x01\x00" /* Compression Method */
I am somehow not getting GMT and random value details in ethereal. Is the above
stuff the right SSL v3 Client Hello?
Please help me out as i have to finish my project tomorrow morning!
Thanks and Regards,
Suchindra Chandrahas
Mare
server finished received
data transfer
However, i guess ssl3 handshake handler at server expects changecipherspec from
client side
Please let me know if i am wrong!
Thanks and Regards,
Suchindra Chandrahas
Lutz Jaenicke <[EMAIL PROTECTED]> wrote: Suchindra Chandrahas wrote:
> Hi
s:SSL3_GET_CLIENT_HELLO:no ciphers passed
Can you please tell me where the error is?
I have sent ciphers actually
Thanks and Regards,
Suchindra Chandrahas
-
Fussy? Opinionated? Impossible to please? Perfect. Join Yahoo!'s user panel
and lay it on us.
I had the same issue earlier, and it got resolved once i gave -lcrypto and
included -I/usr/include/openssl/rsa.h and all the .hs such as md5.h in the
source
You must include /usr/include/openssl/rsa.h, md5.h ... etc
and linker time stuff such as -lcrypto has to be used
Allen Chen <[EMAIL PROT
Hi Vladislav,
THANKS A LOT. I Now understoold that i must look for
client certificates time, and not that which is obtained at server end. Will
progress and update. Thanks a lot for your help
Suchindra Chandrahas
Vladislav Marinov <[EMAIL PROTECTED]> wrote:
Hi Vladislav,
I know i should not disturb you, just a small
question here. What kind of fuzzing attacks can be done on an SSL based apache
web server ? I just wanted a brief idea about them
Thanks and Regards,
Suchindra Chandrahas
Part 1 and Part 2 are the PDFs that were given in openssl.org
Well, the problem is still doubtful because 1. The server certificates are
recent (not expired), and 2. But they are self signed certificates (this might
be a problem !)
Thanks for the replies
Regards,
Suchindra Chandrahas
Goetz
_cert that says :
if(SSL_get_verify_result(ssl)!=X509_V_OK)
39 berr_exit("Certificate doesnt verify");
Does this mean that the host's certificate is not a X509 certificate ?
Regards,
Suchindra Chandrahas
-
Be a PS3 game guru.
Get your game fa
Thanks a lot !
Let me see, i am opening it in my browser now. Seems to take too long to open
Suchi
Vladislav Marinov <[EMAIL PROTECTED]> wrote: Suchindra Chandrahas wrote:
> Hi All,
>I have to write some ssl fuzzers for a web server. Any
> resources or links wo
Hi All,
I have to write some ssl fuzzers for a web server. Any resources
or links would be nice !
Thanks a lot for help,
Suchindra Chandrahas
-
It's here! Your new message!
Get new email alerts with the free Yahoo! Toolbar.
Dear madhu,
Have you worked at Disc Technology
Services Private Limited previously. Just got confused
by the name. Please don't mind.
Regards,
Suchi
__
Do you Yahoo!?
Yahoo! Small Business - Try
30 matches
Mail list logo