OpenSSL is "publicly available code" and thus has an export exemption.
Things linked with it, however, may not be, depending on their
configuration.
-Kyle H
On Thu, May 28, 2009 at 1:05 PM, Bob Bell wrote:
> Folks -
>
> I have a basic question relative to the FIPS openSSL lib and US export
> co
Thanks to all for the information that was exchanged. It did help me
understand.
Bob Bell
On Thu, May 28, 2009 at 2:05 PM, Bob Bell wrote:
> Folks -
>
> I have a basic question relative to the FIPS openSSL lib and US export
> control law. As I understand it, in order for the openSSL lib to run
The platform is AIX. I have used the fipsld to link the application and
digest was properly embedded in the application executable.
I have wriitten a small pbm to test this.
main()
{
int (*dlsym_fips_mode_set)(int);
void *handle=dlopen("/usr/lib/libcrypto.a(libcrypto.so.0.9.8,"RT_LAZY");
dlsym_
On Fri, May 29, 2009, tensy joseph wrote:
> I have gone through the user guide again , i am little confused now . This
> statement makes me confuse
>
> A HMAC-SHA1 digest of the FIPS Object Module code and read-only data must be
> generated and embedded in the application executable object for us
I have gone through the user guide again , i am little confused now . This
statement makes me confuse
A HMAC-SHA1 digest of the FIPS Object Module code and read-only data must be
generated and embedded in the application executable object for use by
the FIPS_mode_set()
function at runtime initiali
My libcrypto.a is a shared library and also fipscansiter.o has been
incorporated in a shared library libcrypto.a .So to get the fipscanister.o
at compile time , it need to link with libcrypto.a at the compile time in
order to check hmac-sha1 integrity test of fipscanister.o embedded in the
libcryp
On Fri, May 29, 2009, tensy joseph wrote:
> Still now i was believing that to all the application should link to
> libcrypto library at the compilation so that it can check the fipscanister.o
> hash value in the library with the prevouisly stored fips .
>
> As the user guide says
>
>
> 1. The H
Still now i was believing that to all the application should link to
libcrypto library at the compilation so that it can check the fipscanister.o
hash value in the library with the prevouisly stored fips .
As the user guide says
1. The HMAC-SHA-1 digest of the FIPS Object Module file must be cal
On Thu, May 28, 2009, Bob Bell wrote:
>
> I have a basic question relative to the FIPS openSSL lib and US export
> control law. As I understand it, in order for the openSSL lib to run as a
> FIPS certified module, it must be configured to be loaded as a dynamically
> linked library.
>
No that i
On Thu May 28 2009, Bob Bell wrote:
> Folks -
>
> I have a basic question relative to the FIPS openSSL lib and US export
> control law. As I understand it, in order for the openSSL lib to run as a
> FIPS certified module, it must be configured to be loaded as a dynamically
> linked library. If tha
On Mon, Apr 27, 2009 at 12:07:57PM +0200, Steffen DETTMER wrote:
> The more secure way is to use existing
> crypto schemes (like TLS) and the safer way is to base on
> existing implementations (like stunnel), I think.
It should be noted that stunnel in client-mode does not verify the server
peern
>On Mon 27/04/09 3:07 PM , Sever P A gnu.se...@gmail.com sent:
>
>but, I search just a library functions that allows me to implement the
>steps presented in an earlier message. Does it really exist ?
>
>If so,
>
>a) Which function(s) for generate the keys,
>b) Which function(s) to obtain them,
>c)
Hello,
(Steffen said:)
> Generally it is strongly disencouradged to invent and implement
> own security schemes. The more secure way is to use existing
> crypto schemes (like TLS) and the safer way is to base on
> existing implementations (like stunnel), I think. There are so
> many things to cons
* Sever P A wrote on Mon, Apr 27, 2009 at 10:49 +0200:
> > (Steffen said:) I think stunnel could be suited well here.
>
> Maybe... but my idea was to implentent this functions in the
> C/C++ programm while the users has no computer expertise
> skills.
>
> I suddenly thought to integrate this in a
Hello,
> (Steffen said:) I think stunnel could be suited well here.
Maybe... but my idea was to implentent this functions in the C/C++
programm while the users has no computer expertise skills.
I suddenly thought to integrate this in a batch file but... I don't
really like this because complicat
* Sever P A wrote on Sat, Apr 25, 2009 at 13:35 +0200:
> I don't reach to understand how to implement all this steps. So:
I think stunnel could be suited well here.
oki,
Steffen
About Ingenico: Ingenico is the world’s leading provider of payment solutions,
with
Hello,
Thanks Carl,
Thanks Michael,
My idea is implement in C/C++ the following steps:
1) The client generates two keys: one used as private, the other, as public.
2) The client connects to server.
3) The client sends to sever the public key.
4) The server generates a "connection key".
5) The se
On Fri April 24 2009, Sever P A wrote:
> Hello,
>
> Maybe, in my last post, I didn't explain my problem as well...
>
> I'm trying to identify the functions to integrate in my client-server
> application (developped in C/C++ language) that allow me to construct an
> assimetric encryption system.
>
BODY { font-family:Arial, Helvetica, sans-serif;font-size:12px; }
First things first, I would recommend against developing your own
protocol. Look at using TLS if you can and if it fits into your
applications paradigm.
Secondly, asymmetric encryption is very slow compared to
On Fri, Aug 22, 2008 at 3:57 PM, Kenneth Goldman <[EMAIL PROTECTED]> wrote:
> If that's the rationale, I eagerly await 1.0. The lack of a stable
> API has hurt me far too many times. I encourage the developers
> to freeze the existing API.
The core OpenSSL developers already stick to that partic
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Kenneth Goldman wrote:
| > The decision in the case of OpenSSL was that 1.x would have a
stable API,
| > permitting shared libraries to be used interchangeably. OpenSSL
does not
| > have a stable API yet, officially.
|
| If that's the rationale, I
> The decision in the case of OpenSSL was that 1.x would have a stable API,
> permitting shared libraries to be used interchangeably. OpenSSL does not
> have a stable API yet, officially.
If that's the rationale, I eagerly await 1.0. The lack of a stable
API has hurt me far too many times. I enc
> We're thinking of using openssl in our company but wondering about the
version number.
Rach,
OpenSSL is a great product. It is very widely used and adopted throughout
the world. If you ripped it off the face of the planet right now, it would
be catastrophic because so many people and systems
Hi,
> Why the latest version is still 0.9.x, why it hasn't bumped up to 1.x in
> last 8 years. Generally 1.x defines a stable version.
hmm, I personally would not get hung up on '1.x is stable' -
having used dozens of platforms and software versions
to run network delivery solutions I can tell y
> Hi,
> We're thinking of using openssl in our company but wondering
> about the version number.
> Why the latest version is still 0.9.x, why it hasn't bumped up
> to 1.x in last 8 years. Generally 1.x defines a stable version.
> Any insight would be helpful in making a decision.
> Thanks,
> Ra
AIL PROTECTED]>
Sent by: [EMAIL PROTECTED]
09/22/2006 02:15 PM
Please respond to
openssl-users@openssl.org
To
openssl-users@openssl.org
cc
Subject
Re: Basic OpenSSL Question
This message (http://www.mail-archive.com/openssl-users@openssl.org/msg29864.html)
at least suggests that C
This message
(http://www.mail-archive.com/openssl-users@openssl.org/msg29864.html)
at least suggests that CTR mode actually is supported? All I can
really find are threads basically saying "Yup, AES is in there" but
without any useful followup. =(
~RMC
On 9/22/06, [EMAIL PROTECTED] <[EMAIL PROT
Suram Chandra Sekhar wrote:
How are the certificates classified. One way is based on the public key in the
certificates. That lead to RSA and DSS certificates.
Is there any way to classify certificates based on the use?
May be like SSL, TLS etc.
Where can I get complete information about thes
HI
I think you know what I am talking about.
Well I read this about in a Paper by Scheiner
"An Analysis of SSL 3.0 Protocol"
Actually I am an Indian Student doing my Internship in France. We
are working on extraction of Instrusion Detection Signatures from
Failed Proofs of Cryptographic Protocol
You are correct, it was timeouts. My pthread application was overloading
the SSL server and it wasn't returning within the timeout, so that is why I
kept receiving "Error with sockets". I have an additional question related
to SSL_write on a non-blocking IO. What is the proper method to check
> can please anybody help me with using this extension? I try to create and
sign a
> certificate. I define basicConstraints=CA:true, and that's ok. When I add
> (pathLengConstraint:0) I receive an error message that this name is
unknown. What
> can I do to make it work?
Try pathLengthConstra
Hi,
> "Schor, Bella" wrote:
>
> HI,
>
> can please anybody help me with using this extension? I try to create and sign
> a certificate. I define basicConstraints=CA:true, and that's ok. When I add
> (pathLengConstraint:0) I receive an error message that this name is unknown.
> What can I do to
There are code examples in the openssl installation under the apps
directory.
If you need a more detailed example, you can check out Eric Rescorla's book
"SSL and TLS". It has a complete chapter on coding and the code examples
from the book are available at http://www.rtfm.com/sslbook/examples
R
>I try to run the basic s_client/s_server application with elementary
communication (no certificats client and server),
>but when I give the same ciphers suite for client/server for SSLv3
(like RC4-MD5), I have got the msg : no_shared_ciphers: I don't understand
:~(
>And does these programs gen
>server.csr = Certificate signing request. This contains your server
>key and is used to request your server.crt from a certification
>authority. Guard this with your life also!
Huh? It sure contains your public key, but your private key is not in
there.
Grötjes, Remo
__
server.key = Your server's private key. Guard this with your life!
server.crt = Certificate signed by a certification authority.
server.csr = Certificate signing request. This contains your server key and
is used to request your server.crt from a certification authority. Guard
this with your life
server.csr is the certificate signing request (you send this to a CA and they return
you the server.crt which is basically the server.csr signed by the CA)
server.crt is the certificate itself
and server.key is the private key associated with the public key on the certificate.
-Mensaje ori
open ssl is really an open list :-)
(*no hard fealing*)
>
>Noch ein Hinweis in eigener Sache am Rande:
>sollten Sie Interesse an Chipkarten-gestuetzter Verschluesselung,
>Signatur oder Authentisierung haben (auch im Apache Kontext),
>so koennen wir Ihnen auch weiter helfen, da wir im Rahmen eine
Hallo!
Hubert Froehlich wrote:
>
> Hi there,
>
> I am rather new to Apache-SSL. I want to set up a SSL Web server that, hopefully, can
>
> also manage client authentication
>
> I have set up an Apache-SSL Web Server(1.2.6) with SSLeay 0.9.1b and it works.
>
> I worked through the articles by
39 matches
Mail list logo
