On Thu, Feb 10, 2022 at 11:48:06PM +, Ma Zhenhua wrote:
> Hi Team,
>
> My SSL/TLS server crashed with the following call stack.
> I'm using OpenSSL 1.1.1l. I compared 1.1.1l with 1.1.1 master branch and
> didn't find related fixes in crypto/asn1.
> Your advic
Hi Team,
My SSL/TLS server crashed with the following call stack.
I'm using OpenSSL 1.1.1l. I compared 1.1.1l with 1.1.1 master branch and didn't
find related fixes in crypto/asn1.
Your advice will be highly appreciated.
(gdb) 0 0x7f4cf7844ce6 in ASN1_OBJECT_free ()
Subject: I have successfully configured SSL/TLS for Postfix SMTP
outgoing mail server for a customer in Singapore on 25 Aug 2021 Wed
Good day from Singapore,
I have successfully configured SSL/TLS for Postfix SMTP outgoing mail
server for a customer in Singapore on 25 Aug 2021 Wed. It took me 7
Learning to use opessl, I managed to generate private keys and publish in
.pem format and I also signed where I was generated two types of private
files (.csr and .crt), my doubts on the linux server running (debian 10)
where I keep such keys because I want to serve web pages in the format
(https)?
On 18/06/2019 10:13, Alexander Gryanko wrote:
> Hello,
>
> I'm looking for the way to do something like SSL_CTX_set_alpn_select_cb but
> for
> ciphers and ssl/tls protocol version. As I see ssl_choose_server_version and
> ssl3_choose_cipher
Hello,
I'm looking for the way to do something like SSL_CTX_set_alpn_select_cb but
for ciphers and ssl/tls protocol version. As I see
ssl_choose_server_version and ssl3_choose_cipher has no any callbacks in
tls_early_post_process_client_hello. Is there any way to disable protocols
for some
Hi,
I have a question that is maybe similar to this one asked about a year ago:
https://mta.openssl.org/pipermail/openssl-users/2017-December/007050.html. I
want to experiment with trying to hide the keys and certificates used during
TLS session creation inside trusted hardware. I am not sure w
Hi,
What configuration parameters (NO-XXX) should be passed for the
openssl library to be built to support standard TLS/SSL required for
sending emails through the public smtp servers but at the least amount
of code needed.I have it working (only calls a few BIO_ and/or
SSL_ functions) but add
Hello,
I want to use only internal cache right now.
SSL_SESS_CACHE_CLIENT is not set by default. As I understand for client we
must:
1. Set SSL_SESS_CACHE_CLIENT flag with SSL_CTX_set_session_cache_mode()
2. Manually save SSL_SESSION object to be able to choose session with
SSL_set_session()
SSL/TLS are supported in openssl 1.0.1g
> Would any one be able to let me know what versions of SSL (if applicable)
> and TLS is supported in openssl 1.0.1g
>
All of them. Its up to you to trim what you don't want.
You can remove protocols (and other features) at compile time wit
> Would any one be able to let me know what versions of SSL (if applicable)
> and TLS is supported in openssl 1.0.1g
>
All of them. Its up to you to trim what you don't want.
You can remove protocols (and other features) at compile time with, for example:
./config no-ssl2 no-ssl3 no-comp
Or,
Hello,
Would any one be able to let me know what versions of SSL (if applicable) and
TLS is supported in openssl 1.0.1g
Thank you in advance.
> From: owner-openssl-users On Behalf Of Viktor Dukhovni
> Sent: Friday, November 01, 2013 18:12
> > > $ openssl ciphers -v DHE-RSA-CAMELLIA256-SHA
> > > DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH Au=RSA
> Enc=Camellia(256) Mac=SHA1
> > >
> > > $ openssl ciphers -v AES128-SHA256
> > >
On 03.11.2013 18:27, Viktor Dukhovni wrote:
On Sun, Nov 03, 2013 at 06:18:38PM +0100, Walter H. wrote:
how would I define forward-secrecy on Apache webserver?
If the server negotiated both ciphers, it already supports
forward-secrecy (aka PFS) if the client does too.
What about a browser that
On Sun, Nov 03, 2013 at 06:18:38PM +0100, Walter H. wrote:
> > >how would I define forward-secrecy on Apache webserver?
> >
> > If the server negotiated both ciphers, it already supports
> > forward-secrecy (aka PFS) if the client does too.
>
> What about a browser that shows this
>
> SSL_CIPHER
On 01.11.2013 23:12, Viktor Dukhovni wrote:
$ openssl ciphers -v DHE-RSA-CAMELLIA256-SHA
DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(256)
Mac=SHA1
$ openssl ciphers -v AES128-SHA256
AES128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(128)
Mac=SHA
> > $ openssl ciphers -v DHE-RSA-CAMELLIA256-SHA
> > DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(256)
> > Mac=SHA1
> >
> > $ openssl ciphers -v AES128-SHA256
> > AES128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(128)
> > Mac=SHA256
> >
> >Does your ap
Hello,
On 01.11.2013 22:34, Viktor Dukhovni wrote:
On Fri, Nov 01, 2013 at 09:56:10PM +0100, Walter H. wrote:
Which one of the following two is better (1) or (2)?
(1)
SSL_CIPHER=DHE-RSA-CAMELLIA256-SHA
$ openssl ciphers -v DHE-RSA-CAMELLIA256-SHA
DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=D
On Fri, Nov 01, 2013 at 09:56:10PM +0100, Walter H. wrote:
> Which one of the following two is better (1) or (2)?
>
> (1)
>
> SSL_CIPHER=DHE-RSA-CAMELLIA256-SHA
$ openssl ciphers -v DHE-RSA-CAMELLIA256-SHA
DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA1
> (
Hello,
Which one of the following two is better (1) or (2)?
(1)
SSL_CIPHER=DHE-RSA-CAMELLIA256-SHA
SSL_CIPHER_ALGKEYSIZE=256
SSL_CIPHER_EXPORT=false
SSL_CIPHER_USEKEYSIZE=256
SSL_COMPRESS_METHOD=NULL
SSL_PROTOCOL=TLSv1
SSL_SECURE_RENEG=true
(2)
SSL_CIPHER=AES128-SHA256
SSL_CIPHER_ALGKEYSIZE=
I'm going to try this questions again because it seems like there are some
anomalies in the OpenSSL implementation: which cipher suites are available in
which versions of SSL/TLS?
Using Appendix A.5 from the TLS 1.0, 1.1, and 1.2 RFCs, it looks to me as
though there are some cipher suit
t the cipher suite is at least support by SSL 3 and TLS 1.0 (and TLS
1.1 except for the export cipher suites as noted above). The "TLSv1.2"
designation means that the cipher suite is specific to TLS 1.2.
>
> I'm a little confused about which cipher suites are supported by
I'm a little confused about which cipher suites are supported by which SSL/TLS
protocol versions.
I'm using Appendix C of the TLS 1.0, 1.1, and 1.2 RFCs, respectively, as a
starting point for which cipher suites are supported in which version of the
protocol, but I'm not sure h
gards
Jaya
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Jeffrey Walton
Sent: Monday, October 29, 2012 11:05 PM
To: openssl-users@openssl.org
Subject: Re: Need inputs/suggestions on SSL/TLS protocol version fallback
gards
Jaya
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Jeffrey Walton
Sent: Monday, October 29, 2012 11:05 PM
To: openssl-users@openssl.org
Subject: Re: Need inputs/suggestions on SSL/TLS protocol version fallback
t; Sent: Monday, October 29, 2012 7:40 PM
> To: openssl-users@openssl.org
> Subject: RE: Need inputs/suggestions on SSL/TLS protocol version fallback
> mechanism.
>
> Do you call SSL_CTX_set_options() with bit flags (SSL_OP_ALL,
> SSL_OP_NO_SSLv3, etc.) to indicate the protocols you
...@openssl.org]
On Behalf Of Charles Mills
Sent: Monday, October 29, 2012 8:47 PM
To: openssl-users@openssl.org
Subject: RE: Need inputs/suggestions on SSL/TLS protocol version fallback
mechanism.
You should at least look into it. I am not sure what the defaults are without
looking at the docs
: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Bhat, Jayalakshmi
Manjunath
Sent: Monday, October 29, 2012 7:28 AM
To: openssl-users@openssl.org
Subject: RE: Need inputs/suggestions on SSL/TLS protocol version fallback
mechanism.
Hi Charles,
Thank you for
:40 PM
To: openssl-users@openssl.org
Subject: RE: Need inputs/suggestions on SSL/TLS protocol version fallback
mechanism.
Do you call SSL_CTX_set_options() with bit flags (SSL_OP_ALL, SSL_OP_NO_SSLv3,
etc.) to indicate the protocols you are willing to accept?
BTW, openssl-users (not -dev) is the
...@openssl.org] On Behalf Of Bhat, Jayalakshmi
Manjunath
Sent: Monday, October 29, 2012 5:27 AM
To: openssl-...@openssl.org; openssl-users@openssl.org
Subject: Need inputs/suggestions on SSL/TLS protocol version fallback
mechanism.
Hi All,
I have a client application that uses
have couple of question around this issue.
1. If I like to support the fallback mechanism, I need to implement the
same in the client application. SSL client state machine in OpenSSL does not
implement any fallback.
2. I did not see any recommendation in SSL/TLS RFC to implement
ext:
http://old.nabble.com/SSL-TLS-Testing-Specification-Suite-tp33518542p33518542.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
__
OpenSSL Project http://www.openssl.org
User Support Ma
> Pointing to a detailed article would also be helpful.
Good article is here:
http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html
__
OpenSSL Project http://www.openssl.org
User Support Mai
0.9.8r" + later security fixes backported to work with
version "0.9.8r" by your Linux vendor.
A Nessus security scan on our Linux server tells us that we may be
vulnerable to a potential DOS due to SSL/TLS Renegotiation
Vulnerability [CVE-2011-1473].
Renegotiation vulnerabilities are noto
Hello All,
We have openssl 0.9.8r on our Linux Server.
A Nessus security scan on our Linux server tells us that we may be
vulnerable to a potential DOS due to SSL/TLS Renegotiation
Vulnerability [CVE-2011-1473].
The suggestions of mitigating these (we believe) are:
1. Disable Re-Negotiation
remove
- J
|
-> ja...@yahoo.com
From: Dave Thompson
To: openssl-users@openssl.org
Sent: Tuesday, October 11, 2011 5:14 PM
Subject: RE: SSL/TLS - Error while trying to decrypt the premaster secret.
> From: owner-openssl-us...@openssl.org On Behalf Of
On Wednesday 12 October 2011 02:44 AM, Dave Thompson wrote:
From: owner-openssl-us...@openssl.org On Behalf Of nilesh
Sent: Monday, 10 October, 2011 07:35
I have an issue related to RSA decryption while using https.
I have setup a dummy https server and captured packets on wireshark.
If you
> From: owner-openssl-us...@openssl.org On Behalf Of nilesh
> Sent: Monday, 10 October, 2011 07:35
> I have an issue related to RSA decryption while using https.
> I have setup a dummy https server and captured packets on wireshark.
>
If you just want to decrypt a session and aren't aware of it,
Hi,
I have an issue related to RSA decryption while using https.
I have setup a dummy https server and captured packets on wireshark.
As per the RFC - in client key exchange message the premaster is
encrypted using Server's public key and sent to server.
So, I have captured the encrypted premas
-connect www.goeldi.ch:443 -servername www.goeldi.ch
-ssl3
OK
# Force TLS1
$ openssl s_client -connect www.goeldi.ch:443 -servername www.goeldi.ch
-tls1
OK
Without explicitly enforcing a SSL/TLS version, "SSL23 mode" seems to be
used even though the SSL version in both client and server
some corrections...
I mean “ciphersuites” under “ciphers”.
I have run test-file ssltest.exe and got next results:
Available compression methods:
NONE
TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 512 bit RSA
1 handshakes of 256 bytes done
On the page http://www.openssl.org/docs/apps/ciphers.html there is no such
cipher. Why? Seems it is supported,
Subject: How to disable SSL/TLS Renegotiation
I have two questions regarding to SSL/TLS Renegotiation:
1) Can SSL/TLS Renegotiation happen automatically during the normal
SSL_read and SSL_write operation on a SSL connection? Basically if the
application doesn't invoke the SSL_
I have two questions regarding to SSL/TLS Renegotiation:
1) Can SSL/TLS Renegotiation happen automatically during the normal SSL_read
and SSL_write operation on a SSL connection? Basically if the application
doesn't invoke the SSL_renegotiate function, can SSL/TLS Renegotiation still
h
p kiran p wrote on Wed, Aug 11, 2010 at 20:36 -0700:
> > Ours is an LDAP client application that fetches LDAP server names on
> > the fly using DNS SRV Resource Records. We then randomly pick one the
> > servers returned from DNS, establish an SSL/TLS connection with that
&
Hi!
* sandeep kiran p wrote on Wed, Aug 11, 2010 at 20:36 -0700:
> Ours is an LDAP client application that fetches LDAP server names on
> the fly using DNS SRV Resource Records. We then randomly pick one the
> servers returned from DNS, establish an SSL/TLS connection with that
> ser
openssl.org] On Behalf Of sandeep kiran p
Sent: August 12, 2010 07:58
To: openssl-users@openssl.org
Subject: Re: SSL/TLS with server names picked from DNS
We dont have any control on how the server generates its certificates.
As said earlier, we only control the client portion of SSL/TLS. Sites
where ou
behalf of that
company, which is quite hard to guard against, without going to rather onerous
levels.
Have fun.
Patrick.
On August 12, 2010 09:58:15 am sandeep kiran p wrote:
> We dont have any control on how the server generates its certificates. As
> said earlier, we only control the clie
sandeep kiran p wrote:
> Ours is an LDAP client application that fetches LDAP server names on the fly
> using DNS SRV Resource Records. We then randomly pick one the servers
> returned from DNS, establish an SSL/TLS connection with that server and then
> perform a bind operatio
said earlier, we only control the client portion of SSL/TLS.
> Sites where our client application runs, is handed over the location
> where trusted CA certs are stored and thats all we have.
> Secondly, as you pointed out, if we were to maintain a list of
> legitimate server certs, we cou
server generates its certificates.
> > As said earlier, we only control the client portion of SSL/TLS.
> > Sites where our client application runs, is handed over the location
> > where trusted CA certs are stored and thats all we have.
>
> > Secondly, as you p
Sandeep Kiran P wrote:
> We dont have any control on how the server generates its certificates.
> As said earlier, we only control the client portion of SSL/TLS.
> Sites where our client application runs, is handed over the location
> where trusted CA certs are stored and thats
We dont have any control on how the server generates its certificates. As
said earlier, we only control the client portion of SSL/TLS. Sites where our
client application runs, is handed over the location where trusted CA certs
are stored and thats all we have.
Secondly, as you pointed out, if we
On Wed, Aug 11, 2010 at 11:36 PM, sandeep kiran p
wrote:
[ ... ]
> Client would then blindly establish an SSL/TLS connection with that server
> and would end up handing over the user credentials to it. Note that, as part
> of the SSL handshake, the malicious serve would provide a ce
On 12-08-2010 05:36, sandeep kiran p wrote:
Hi,
Ours is an LDAP client application that fetches LDAP server names on the fly
using DNS SRV Resource Records. We then randomly pick one the servers
returned from DNS, establish an SSL/TLS connection with that server and then
perform a bind
Hi,
Ours is an LDAP client application that fetches LDAP server names on the fly
using DNS SRV Resource Records. We then randomly pick one the servers
returned from DNS, establish an SSL/TLS connection with that server and then
perform a bind operation using user credentials (DN and password
sandeep kiran p wrote:
> Ours is an LDAP directory enabled application where we use SSL/TLS to
> protect binds to the directory. Right now we are using OpenSSL 0.9.8g to
> do this. Our application depends on external directory servers for
> authentication which are not maintained by
Hi,
Ours is an LDAP directory enabled application where we use SSL/TLS to
protect binds to the directory. Right now we are using OpenSSL 0.9.8g to do
this. Our application depends on external directory servers for
authentication which are not maintained by us. So it is only the client side
of SSL
On Thu, Jun 26, 2008 at 12:50:14AM +0200, Dr. Stephen Henson wrote:
> On Wed, Jun 25, 2008, Patel Dippen-CDP054 wrote:
>
> > The way I understand is you can have authentication and encryption with
> > TLS. When you use a cipher suite, you can specify the type of
> > authentication, encryption, ha
On Wed, Jun 25, 2008, Patel Dippen-CDP054 wrote:
> The way I understand is you can have authentication and encryption with
> TLS. When you use a cipher suite, you can specify the type of
> authentication, encryption, hash, etc.
>
> So, for example, you could provide TLS_DHE_DSS_WITH_NULL_SHA me
up
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Vijay Kotari
Sent: Wednesday, June 25, 2008 4:03 PM
To: openssl-users@openssl.org
Subject: Re: SSL/TLS Authentication only
What exactly do you mean? What other possible kinds of authentication do
What exactly do you mean? What other possible kinds of authentication do you
have available? If you just want a TLS-based client and server, then OpenSSL
can serve your purpose.
Vijay K.
On Wed, Jun 25, 2008 at 9:01 PM, Patel Dippen-CDP054 <
[EMAIL PROTECTED]> wrote:
> Is it possible to use TL
Is it possible to use TLS authentication only? If so, how do I do this
using OpenSSL?
I think you are right about the current behaviour
When filling up the intermediate stack, the x609 verify cert break when the
verifydepth is reached as far as I see from the code, but it seems that
the ssl library doesn't set a verify depth?
But in this case the verifydepth would work I think
On Wed, Mar 08, 2006, Peter Sylvester wrote:
> Dr. Stephen Henson wrote:
> >On Wed, Mar 08, 2006, Peter Sylvester wrote:
> >
> >
> >>Another easy way is to use self signed certs of the acceptable CAs.
> >>
> >>
> >
> >I'm not sure that would work because the path building algorithm first
>
Dr. Stephen Henson wrote:
On Wed, Mar 08, 2006, Peter Sylvester wrote:
Another easy way is to use self signed certs of the acceptable CAs.
I'm not sure that would work because the path building algorithm first tries to
construct as much of the path as possible from the set of unstrus
On Wed, Mar 08, 2006, Peter Sylvester wrote:
> Another easy way is to use self signed certs of the acceptable CAs.
>
I'm not sure that would work because the path building algorithm first tries to
construct as much of the path as possible from the set of unstrusted CAs with
the exception of the
Another easy way is to use self signed certs of the acceptable CAs.
Dr. Stephen Henson wrote:
On Tue, Mar 07, 2006, Olaf Gellert wrote:
Samy Thiyagarajan wrote:
Hi,
May be changing the verification of the depth level solve this issue. (
I mean check the chain only upto User CA 1 and
On Tue, Mar 07, 2006, Olaf Gellert wrote:
> Samy Thiyagarajan wrote:
> >
> > Hi,
> > May be changing the verification of the depth level solve this issue. (
> > I mean check the chain only upto User CA 1 and not upto the Root CA )
> > In this case it should not report about missing valid root.
>
On 3/7/06, Olaf Gellert <[EMAIL PROTECTED]> wrote:
> Samy Thiyagarajan wrote:
> >
> > Hi,
> > May be changing the verification of the depth level solve this issue. (
> > I mean check the chain only upto User CA 1 and not upto the Root CA )
> > In this case it should not report about missing valid
: Choice of CAs in SSL/TLS handshake
Samy Thiyagarajan wrote:
>
> Hi,
> May be changing the verification of the depth level solve this issue. (
> I mean check the chain only upto User CA 1 and not upto the Root CA )
> In this case it should not report about missing valid root.
When you want to operate in this special "CA filtering" mode, you
could hook the OpenSSL certificate validation logic. Your callback
could then implement it's only validation logic and return a "reject"
when you see a certificate you want to deny (even though it's valid).
Randy
On Mar 7
Samy Thiyagarajan wrote:
>
> Hi,
> May be changing the verification of the depth level solve this issue. (
> I mean check the chain only upto User CA 1 and not upto the Root CA )
> In this case it should not report about missing valid root.
>
> Im not sure. this is just an idea.
Good idea. But
AIL PROTECTED]>
Sent by:
[EMAIL PROTECTED]
07.03.2006 12:56
Please respond to
openssl-users@openssl.org
To
openssl-users@openssl.org
cc
Subject
Choice of CAs in SSL/TLS handshake
Classification
Hi,
I came across the following problem: I do have
two user CAs under the same r
Gayathri Sundar wrote:
> you can put CA2 as part of the revocation list?
> if CA2 is part of the client's CRL, then it will automatically
> be rejected..is this what you want?
Nothing about revocation, both CAs are valid
and should stay valid. I do have a User CA 1
for one type of service (or one
26 PM
To: openssl-users@openssl.org
Subject: Choice of CAs in SSL/TLS handshake
Hi,
I came across the following problem: I do have
two user CAs under the same root CA:
Root CA
|-> User CA 1 -> User Certificate 1
|-> User CA 2 -> User Certificate 2
I want to tell a we
Hi,
I came across the following problem: I do have
two user CAs under the same root CA:
Root CA
|-> User CA 1 -> User Certificate 1
|-> User CA 2 -> User Certificate 2
I want to tell a webserver to accept certificates
from User CA 1 but not from User CA 2. But: In
openssl s_server
On 1/20/06, Dr. Stephen Henson <[EMAIL PROTECTED]> wrote:
>
> The s_client utility is a test utility which will continue with a connection
> after a certificate chain verification failure. A normal client would exit
> under those circumstances.
Hi Steve,
Thank you very much for the prompt reply.
T
On Fri, Jan 20, 2006, Lusiana Lusiana wrote:
>
> I tried to test this using OpenSSL s_client connecting to a web server
> whose certificate is self-signed. I didn't import server certificate
> to the client in prior to testing this.
> Therefore, I expected the session establishment would fail as
Hi,
I'm a newbie with SSL/TLS protocol and hoping someone can enlighten me
on a few things.
My understanding of the TLS protocol is the following:
During a session establishment a server always transmits its
certificate to the client, and the client must validate the
certificate.
Therefor
Hi all,
I am new to openSSL.I want to make SSLv3 node(client/server) to
communicate to TLSv1 node(client/server).Condition is that they work
only on protocols and not on other protocols.
eg.SSLv3 client will work only on SSLv3.
On creation of SSL_CTX , I do the following :-
::client side (TLSv1)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of David Schwartz
Sent: Wednesday, June 30, 2004 5:27 PM
To: [EMAIL PROTECTED]
Subject: RE: SSL/TLS
> If I look at the security mechanism used by a bank, citibank for example
> they use version 3. Versio
> If I look at the security mechanism used by a bank, citibank for example
> they use version 3. Version 3 is mentioned in Details->Version
> when I make a
> right-click on the lock symbol. This I hope means SSLv3 and not TLS. I
> checked also two other bank web pages which uses this version 3
> a
ses this version 3 as well. Is
this common to use SSLv3 instead of TLS?
Is TLS supported but still in a kind of development status and are there any
reasons why TLS should (completely) replace SSLv3 for a connection between a
client and a server?
It is often spoken of an SSL/TLS handshake. Do they be
Hi David,
Thanks for your help. I think that I misunderstood how I/O completion port
works. I believe that I/O doesn't wait for all specified bytes.
Thanks again.
Elie
At 10:44 AM 6/7/2004 -0700, David Schwartz wrote:
For some reason, my email client didn't want to indent your
message. S
For some reason, my email client didn't want to indent your message. So
I'll put your text on the left and mine indented. Sorry about that.
I think I need to explain my problem a little bit more. I am going to break
the problem into 2 parts.
Part 1: handshake
How do we know how many bytes
Hi David,
I think I need to explain my problem a little bit more. I am going to
break the problem into 2 parts.
Part 1: handshake
How do we know how many bytes does the I/O completion port need to read
without waiting forever (note that I can solve this problem by reading
one byte at a time from
> I'm currently implementing a server using overlapped I/O completion ports
> (Async socket), and I am using 2 BIOs (network/internal) to take care of
> encrypted/decrypted data. In my server, I need to know when the packet
> begins and ends so that I can executed accordingly. Is there a
> way to
Hi All,
I'm currently implementing a server using overlapped I/O completion ports
(Async socket), and I am using 2 BIOs (network/internal) to take care of
encrypted/decrypted data. In my server, I need to know when the packet
begins and ends so that I can executed accordingly. Is there a way to
D H
parameters" (only when I start the s_server without options !! (ssl2, ssl3
or tls1) ), but it works :) :)
someone know something about this???
then I hope it's will help :)
Gabrielle
From: "SECRET Defense" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: [EMA
Can someone tell me that can be specify the SSL/TLS completely in a
language like ASN
Thanks
Shalendra
-
Upset? Confused? Lost? Try Google.!!!Google is GOD!!!
| / \ |Shalendra Chhabra
Aslam <[EMAIL PROTECTED]> writes:
> I have a general question about :
>
> If while in ssl/tls handshake, one encounters an error, whether to send
> alert that time only or let the handshake get complete and then send an
> alert to the peer for closing the session.
Hi,
I have a general
question about :
If while in ssl/tls
handshake, one encounters an error, whether to send alert that time only or let
the handshake get complete and then send an alert to the peer for closing the
session..
Consider server
authentication fails on client side, then
Congratulations! I didn't know you were a scribe too.
I look forward to reading (and learning from) it.
What else are you doing now, btw? Open for contract assignments? Job
possibilities?
Regards,
_Vin
--
From: "Alan Roman" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Su
Where I work we are going to deploy a large secure
site, and the question comes up over and over again
about the bandwidth overhead involved with SSL/TLS
when using client authenticated certs.
By using openssl s_client to connect to our SSL
server here is the results:
content = 2529 bytes or
EMAIL PROTECTED]
Subject: Re: SSL/TLS and Secure-HTTP
Gregory Pietsch <[EMAIL PROTECTED]> writes:
> Second (and this is more complicated), what's the difference between using
> SSL/TLS and Secure HTTP (as defined in RFC 2660)? They are both similar.
> Is there any difference
mailto:[EMAIL PROTECTED]]On Behalf Of Jeffrey Altman
Sent: Thursday, September 21, 2000 11:58 AM
To: [EMAIL PROTECTED]
Cc: '[EMAIL PROTECTED]'
Subject: Re: SSL/TLS and Secure-HTTP
> First, I'm having trouble compiling the 0.9.6 betas "out of the box" using
>
Gregory Pietsch <[EMAIL PROTECTED]> writes:
> Second (and this is more complicated), what's the difference between using
> SSL/TLS and Secure HTTP (as defined in RFC 2660)? They are both similar.
> Is there any difference in use?
Actually, they're totally different. Sec
Since everyone didn't feel comfortable running proftpd on their servers,
there's now an alternative. I have made a port of the OpenBSD 2.7 ftpd
server and added the TLS code. For Linux, I have added shadow password
file support, but note that there's no PAM support (yet anyway). Tested
on Linux an
Vin McLellan wrote:
>
> Date: Mon, 29 Nov 1999 14:11:47 -0800
> From: Tom Weinstein <[EMAIL PROTECTED]>
> Organization: Geocast Network Systems
> Sender: [EMAIL PROTECTED]
>
> Jaroslav Pinkava wrote:
> >
> > Where can I get the last informations about present SSL security status?
> > I seek mo
1 - 100 of 101 matches
Mail list logo
