Hi,
>I’m new as can be with creating SSL certificates on my own. I downloaded
>the openssl binary and installed it. The instructions and tutorials on
>the website don’t help me much in terms of steps A,B,C; this could also be
>due to a lack of familiarity with technical terms used
Hi,
> On 04/26/11 3:06 AM, Matthew Fletcher wrote:
> > I've come to this list in search of help with slow https conenctions (via
> > the subversion, apache and finally mod_ssl lits).
> >
> > There is a 15 second ish delay whenever a client connects using https,
>
> 15 seconds sounds to *me* like
Hi,
> Thanks for the input guys, however the 15 second pause exists even if i
> explicitly disable reverse lookups in apache 'Hostnamelookups Off' in
> httpd.conf and my server is operating on an internal network in a company so
> although i cant say for sure i doubt there is much IPV6 stuff ar
Hi,
> Thank you! But now I'm spending my time with another issue with this: I
> cannot create certificate longer than I month:
>
> This is my CA certificate validity:
> ...
> Not Before: Aug 3 10:07:14 2011 GMT
> Not After : Aug 2 10:07:14 2012 GMT
> ...
>
Hi,
>
> Hey List,
>
> I am using Openssl for experimenting with the cryptographic accelerator
> on Sun machine. I am using this command
>
> openssl speed -engine pkcs11 -evp aes-128-cbc
>
> to have the results and this gives me number of bytes that are
> communicated between the processor and
hi,
you are using cryptodev with that Atom rather than just using software-only
OpenSSL?
alan
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@
Hi,
In an application that you use or one that you've written? Ie where is this low
cipher being seen?
alan
Hi,
> I just compiled openssl-1.0.0g on a Win7 box using MingW. All went well,
> except I got a virus alert from Avira for 'TR/Graftor.10418.101' found
> in the file .../openssl-1.0.0g/test/asn1test.exe. That virus was added
> to the Avira VDF file on 2012-01-18.
> Avira denies access to it, so th
hi,
this isnt OpenSSL or its config - this is an application question. you need
to check your squid.conf configuration file - if you were already doing
CA verification with old cert, the old config will be there - otherwise
you will need to check with the squid documentation on how to do it.
alan
hi,
your pkcs11 on the Sparc system is fast(!) its just the verification
that seems a little b0rked/slow :-|
alan
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
Hi,
> Hello everybody,
>
> The AMD Geode LX800 CPU has an on-chip AES 128-bit crypto accelerations
> block and a true random number generator, but OpenSSL is not using it.
>
> Please see the below link for test reports and openssl outputs
> http://debian.pastebin.com/faeff2a3
>
> Is there anybody
Hi,
> Hi,
>
> Since we are on the subject of hardware enhanced cryptography, does the
> HiFn chips used in the Soekris devices, have support in openssl?.
yes - for some time now. i happen to have a vpn1401 next to me which I used in
a FreeBSD box
alan
___
The wildcard is for a particular domain (* is value for any host within it) .
If your other server is in a different domain, then it won't work.
alan
Hi,
>I am not criticising the documentation for openssl, and will not; but I
>would encourage those who are responsible for maintaining and improving
>openssl to not neglect the documentation. It would be a mistake to leave
it is an Open Source project - thus there is also an onus on
Hi,
>Nonsense. No-one knows better how the code ought to be working than the
>folk who developed it. I begin with the assumption that all my coders are
i'd cite the cathedral and the bazaar ...or the 'many eyes make all bugs
shallow'
views - if you are given the API and the documents,
Hi
Likely to be already using it and you can verify this by running some
benchmarks - this is on a massive host and not virtualised platform? I guess a
related question is how to ensure that those functions are used by openssl
whenever possible. ... eg required openssl config in software that u
Use Google? ;)
mount_msdosfs -u x -m 700 /dev/usbdevice /mnt/
where -u is the uid of your required user.
alan
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
...or take the upstream fix...apply to your older version and keep the
heartbeat functionality. Which is what I believe the very latest redhat/centos
patches do
Alan
But its the apps that need these features. The app should either have the
option to disable features of not needed. .. or be coded to not accept such
extensions if it doesn't utilise them (which I believe is the correct way)
alan
https://www.openssl.org/news/changelog.html
1.0.1 introduced the heartbeat support.
1.0.0 and earlier are fortunate in that they didnt have it.but then they
didnt have things to stop you from being BEASTed so some you win, some you
lose. ;)
alan
"It seams that there is another difference between the two openssl
versions then only the heartbleed bugfix."
err, yes. The g release is a new minor release. I'd ALWAYS advise reading the
changelog before deploying. .. You'd then have seen the new features (this is
why vendors such as redhat a
hi,
>Will client respond for heart beat request even if server doesn't support
>heart beat . ?
no. both systems need to have some heartbeat code present.
>Which version of ssl this heart beat in introduced ?
same as all the original advisories have said 1.0.1 - fixed in 1.0.1g but
patches to
+1 for keeping the features (I use AmiSSL ;) )
alan
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
confirmed, i've seen dozens on one cert - far more preferable to do
that and have such numbers than a single wildcard cert (which has
issues on all sorts of platforms
for various purposes).
alan
On 26 April 2017 at 18:24, Blumenthal, Uri - 0553 - MITLL
wrote:
> > It’s been my understanding t
https://github.com/google/easypki ,
http://pki.fedoraproject.org/wiki/PKI_Main_Page etc etc - we wrote a
simple similar system when using OpenVPN years ago. it was (IMHO) very
good but the powers that be decided that OpenVPN wasn't the way to go
and so money was spent on a (inflexible and non-modif
hi,
> 2) How can i get the list of ciphers supported by openssl 01.01.0f ?
openssl ciphers -v ???
> These question looks to be very basic but i could not find any concrete
> information regarding the same googling.
Google provides the answers if your question is well formed. or you
could jus
Have you submitted a bug report for Apache (not honouring server config
cipher order) if one doesn't exist?
As for resistant to quantum computers, given the current aim is for systems
that can calculate things that would currently take the age of the universe
to calculate, resistance is futile ;)
27 matches
Mail list logo
