- Original Message -
From: "Kyle Hamilton"
To: ; "openssl-users"
Sent: Thursday, October 11, 2012 3:08 AM
Subject: Re: top 10 mistakes when using libopenssl?
Suggestions from my experience:
-Failing to verify the certificate after calling SSL_accept()
-Failing to verify minimum cip
On 2012.07.29. 17:49, Ted Byers wrote:
> Thanks
>
> Are you talking about an object available in the browser object and
> accessible via JavaScript, or a JavaScript file I'd include in my web page?
> Can you provide an URL to a resource where I can learn more about it?
>
>
It is a html form elemen
On 2012.07.29. 8:52, Sanford Staab wrote:
> Good questions and similar to what is on my mind. Please let me know
> if you get any good answers to these questions.
>
>
*
There is SPKAC, which generates rsa key pairs in browser (firefox,
chrome, opera)(ie not supported) and sends certificate reque
> C:\OpenSSL-Win32\bin>openssl genrsa -out privkey.pem 2048
This generates a RSA key, it has nothing to do with DSA.
> C:\OpenSSL-Win32\bin>openssl dsaparam -out dsaparam.pem 2048
This generated DSA parameters.
> C:\OpenSSL-Win32\bin>openssl gendsa -out privkey.pem dsaparam.pem
This generates DSA
You did not specify a CA to verify against. (using -CAfile or -CApath
and -verify)
That server is not sending its intermediate certificate.
Verifying against chain of root and intemediate succeeded for me
(openssl 1.0.0d on windows xp sp3)
- Original Message -
From: "Florian Pritz"
To
ke ECDSA key. or how to make Ans I would like to know which command that I need to use dh. I'm so sorry but would you show me the process about following ? EDH-RSA-DES-CBC3-SHA ECDHE-ECDSA-AES256-SHA RC4-MD5 EXP-DES-CBS-SHAThanks 2011/8/30 yyy <y...@inbox.lv>Generall
Generally ANY CA signature works with ANY ciphersuite. They are not related at all.You mean:Make a CA, which can sign a certificate, which can be used with these all ciphersuites?In that case any signature method can be used. (ECDSA and RSA ciphersuites will not work with one certificate, but CA sh
What exactly are you trying to do?None of ciphersuites specified in second list, meets the requiremencts specified in first list.(Only second ciphersuite uses ECDSA Au, it also is the only one, not using any variant of DES or RC4)There exists ECDHE-ECDSA ciphersuites usring RC4, but these are not i
p12 files can contain multiple certificates (full chain). It seems to install full chain,however i had root cert already installed, for this chain.I do not know, how to add a der (or pem) file to existing p12 file.Probably it wold be easier to make a new p12 filefrom all necessary der (or pem) file
In that openssl.cnf file add section section [server] (actually that name probably does not matter)and in it add a linensCertType=serverand when signing a request, add to command line -extensions server(at least that appears, what easyrsa script was doing)Easyrsa script also added a comment and fro
Everything seems to be fine, only for new installations it is recomended to use at least 2048 bit keyand, at least some time ago, openssl used to default to MD5 for certificate signatures,check, if it is not the case. Citējot Tomas Macek : We have some web servers and I want to create self signe
I also tried the same, and although wireshark labeled these data as
"encrypted application data", the text next to hex data in bottom window
contained unencrypted data. There were something added in the end, though.
(negotiated ciphersuite were NULL-SHA).
> 2) Getting back to the client & ser
Somewhere I have read that RSA key size limit is 32k or so. Largest key
I have attempted to generate was 24k, largest key successfully
generated and used was 16k. Are the these RSA keys or DH parameters?
In any case 2048bit (2k) sized keys are supported almost by anything.
> Hello,
> I am working
same as secp256k1?
s_server documentation (output of s_server -?) says that nistp256 is
the default, but such exact name is not present in output of
ecparam -list_curves.
> 2011/7/1 yyy :
>> Hello!
>>
>> s_server (and probably other TLS servers), requires ECDH paramet
Hello!
s_server (and probably other TLS servers), requires ECDH parameters, if
using ECDH ciphersuites. (probably similarily as for DH parameters with DH
ciphersuites).
It seems, that these are supposed to be generated using:
ecparam -name 'name_of_named_curve',
but this always generates the same
15 matches
Mail list logo
