Hello,
> 1) Can I able to do both EPHEMERAL RSA and DH EPHEMERAL same time ??
No, in this situation both algorithms are use for the same purpose
(key exchange) so one may be used.
> Will Openssl call either EPHEMERAL RSA or DH EPHEMERAL depend what
> ciphers using ??
Depending on cipher suites.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Marek Marcola
Sent: Thursday, March 22, 2007 20:12
To: openssl-users@openssl.org
Subject: RE: Root Certificates dir
Hello,
> I asked you last week:
> > I have to interface with a client running
> >TLS_RSA_WITH_3DES_EDE_
Hello,
> I asked you last week:
> > I have to interface with a client running
> > TLS_RSA_WITH_3DES_EDE_CBC_SHA1. For me, it means:
> >..
> > Please very my thought is correctly . DH is not involved at all ??? I
> > always think that DH have to be involved when using symmetric key.
>
> Y
Subject: Re: Root Certificates dir
On Thu, Mar 22, 2007, Dinh, Thao V CIV NSWCDD, K72 wrote:
>
> I can not use temporary RSA keys because of:
>
> >Temporary RSA keys are only used in some export ciphersuites which
> >are
> now obsolete. The use of ephemeral
> >
On Thu, Mar 22, 2007, Dinh, Thao V CIV NSWCDD, K72 wrote:
>
> I can not use temporary RSA keys because of:
>
> >Temporary RSA keys are only used in some export ciphersuites which are
> now obsolete. The use of ephemeral
> > RSA keys actually violates the standards in that particular
> ciphersui
can I do to implement Ephemeral keying ??? Please help. I have
limited knowledge in this openssl.
Thank You
TD
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Marek Marcola
Sent: Thursday, March 15, 2007 14:03
To: openssl-users@openssl.org
Subject: RE: Root
Hello,
> Last year, you wrote that
> If you add to server initialization routine something like:
> > RSA *rsa;
> > rsa=RSA_generate_key(512,RSA_F4,NULL,NULL);
> > if (!SSL_CTX_set_tmp_rsa(SSL_context,rsa)){
> > ExitPostmaster(1);
> > }
> > RSA_free(rsa);
14:03
To: openssl-users@openssl.org
Subject: RE: Root Certificates dir
Hello,
> I have to interface with a client running
> TLS_RSA_WITH_3DES_EDE_CBC_SHA1. For me, it means:
>
> 1) Authentification with RSA
> 2) Key exchange RSA
> 3) Encrytion 3DES_EDE_CBC
> 4) Digest SHA1
I a
Hello,
> I have to interface with a client running
> TLS_RSA_WITH_3DES_EDE_CBC_SHA1. For me, it means:
>
> 1) Authentification with RSA
> 2) Key exchange RSA
> 3) Encrytion 3DES_EDE_CBC
> 4) Digest SHA1
I agree.
> My question is how do they get Key exchange if they not using DH ??
> Another thou
that DH have to be involved when using symmetric key.
Thank You
TD
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Marek Marcola
Sent: Monday, March 12, 2007 14:24
To: openssl-users@openssl.org
Subject: RE: Root Certificates dir
Hello,
> I have basic
Hello,
> I have basic question for Client-Sever using SSL. Both Client/Server
> have to use SL_CTX_load_verify_locations to load "Trust Root".
Yes.
> But Client will load its own private/public key, does not need to load
> "server" cert at all .
Yes, client loads its private key (which has publi
07 13:30
To: openssl-users@openssl.org
Subject: Re: Root Certificates dir
Hello,
> I am working on Client-Server applications using SSL. My Server has 3
> or 4 "Trust Root ' certs I use SSL_CTX_load_verify_locations pointing
> to a directory which stores all "Trust Root
rg
Subject: Re: Root Certificates dir
Hello,
> I am working on Client-Server applications using SSL. My Server has 3
> or 4 "Trust Root ' certs I use SSL_CTX_load_verify_locations pointing
> to a directory which stores all "Trust Root ' certs .
> I created a
On Mon, Mar 12, 2007 at 06:29:36PM +0100, Marek Marcola wrote:
> > 1) Do I have concatenant all "Trusted Root" in to one cert ?? ( cat
> > root1 root2 root3 > root) ?
>
> No, but you should execute c_rehash in that directory.
Speaking of "c_rehash" has anyone looked into fixing the script so tha
Hello,
> I am working on Client-Server applications using SSL. My Server has 3
> or 4 "Trust Root ' certs
> I use SSL_CTX_load_verify_locations pointing to a directory which
> stores all "Trust Root ' certs .
> I created a directory ( T1) and load all "Trust Root" certs into
> this T1 dir
15 matches
Mail list logo
