-Original Message-
From: Eric Murray [mailto:[EMAIL PROTECTED]]
Sent: Friday, August 25, 2000 10:04 PM
To: [EMAIL PROTECTED]
Subject: Re: I'm still so very confused about certificates
The certificate has no effect on the type of symmetric encryption that SSL
negotiates.
Hi,
We have two keys: RSA key for certificate and key for data encryption.
When you read Verisign's pages you read about RSA key length (certificate).
It is possible to use any combinations of key lengths for RSA and symmetric
algorithm, e.g. 40 bit certificate and RC4-MD5 (128 bit) data
Hmmm I'm not sure if I understand You correctly. Do you really mean that
Verisign wound be talking about RSA key lengths? That those keys were 40 or
128 bit long? That cannot be since RSA is a public key algorithm and usually
nowadays at least 1024 bits long. My humble question is still in
Actuall, my server is apache 1.3. The KeepAlive is on. By default,
It should be persistent connection without asking for Keep-Alive.
However, it does not work with either SSL(port 443) or without
SSL (port 80). I tested this with telnet:
- telnet host 80
GET / HTTP1.1
This always
Hi,
You need some random numbers! Solaris does not come with /dev/urandom,
get it here.
http://www.cosy.sbg.ac.at/~andi/
works for me
siva kumaran wrote:
hi,
I faced a problem when i was loading OpenSSL in
SunOS 2.6.I have installed the OpenSSL in the system ,but the commands
hi arne,
yes, u've been a great help.
how do u write the script that gives password? i've
tried to look for pp-filter(stated in modssl
guide)-unfortunately i can't find it. can u give me a
sample pls?
thanks.
tk
It will the ask for the private key protection
password
if
Hi,
We (Intelesoft Technologies Ltd.) are a software development company in
india.
We are providing software solutions to both indian as well as
intenational clients.
We are implementing e-commerce for few of our clients.
The project is being developed using Apache webserver version 1.3.12.
Now
Hi,
I'd prefer mod_ssl over Apache-SSL patch.
For an inside view how to use SSL with Apache and mod_ssl
see the mod_ssl manual or some helpful links at Apache.org.
Cheers, Arne
-Ursprüngliche Nachricht-
Von: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]Im Auftrag von Jatin Kochhar
You need to do a little more reading...
Sure you can 'rename' it, but that won't do you any good...
Anything with a '.so' extension is a shared library, and must be
compiled as such.
My .02...
Howard wrote:
ÄãºÃ£¡
I find "libssl.a" and "libcrypto.a" in the path "/usr/local/ssl/lib/".
-Original Message-
From: Miha Wang [mailto:[EMAIL PROTECTED]]
Sent: Thursday, August 24, 2000 12:55 PM
Actuall, my server is apache 1.3. The KeepAlive is on. By default,
It should be persistent connection without asking for Keep-Alive.
However, it does not work with either
On Mon, Aug 28, 2000 at 09:15:25AM +0300, Wirta, Ville wrote:
-Original Message-
From: Eric Murray [mailto:[EMAIL PROTECTED]]
Sent: Friday, August 25, 2000 10:04 PM
To: [EMAIL PROTECTED]
Subject: Re: I'm still so very confused about certificates
The certificate has no effect
Quick question.
We are getting ready to do some major upgrades on our network, thus
moving everything off the old. How would I go about transfering our
digital certificates, ect. from one server to another?
The reason I ask is that we use Verisign and I've heard from
"unreliable" sources that
I think you could try this:
Extract *.o files in the static library with
ar -x libssl.a
Then link them again with:
ld -rpath "/usr/local/ssl" -shared -o libssl.so *.o
The command "file libssl.so" reports then:
libssl.so: ELF 32-bit LSB shared object, Intel 80386, version 1, not
stripped
so
At 10:37 AM 8/28/00 -0500, you wrote:
Quick question.
We are getting ready to do some major upgrades on our network, thus
moving everything off the old. How would I go about transfering our
digital certificates, ect. from one server to another?
The reason I ask is that we use Verisign and I've
Ah, great! I was hoping that it would that simple and cost effective! :)
- Will
"Leland V. Lammert" wrote:
At 10:37 AM 8/28/00 -0500, you wrote:
Quick question.
We are getting ready to do some major upgrades on our network, thus
moving everything off the old. How would I go about
The certificate has no effect on the type of symmetric encryption that SSL
negotiates.
Except that if you have to support older "export-strength crypto"
browsers, then you can only have a 512bit key.
__
OpenSSL Project
Another one problem exists: the very first run of PRNG use only half
of that hash that cuts the search space half. That is, even properly
seed PRNG(several hundreds of bytes) will output first
MD_DIGEST_LENGTH/2 bytes subject to search-it-all attack with search
space MD_DIGEST_LENGTH/2
I was under the impression that the signature is the public key
signed by my private key. So, am I wrong about the signature or
does the CA actually do both?
--Moses
-Original Message-
From: Rodrigo Coronado [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, August 22, 2000 1:54 PM
To:
On Wed, Aug 23, 2000 at 10:03:42AM +0530, Amit Chopra wrote:
Steve mentioned that the size of the memory BIO can grow indefinitely
until memory allocations fail. I assume what he is referring to is that
when BIO_write is called a reallocation is done if the data to be
written is more than
Two common cert request formats are PKCS#10 and Netscape's SPKAC, which
is the "Signed public key and challenge." The challenge is primarily
to support completion of an enrollment/certification process when the
cert is retrieved OOB (cf. Verisign's enrollment process in which the
binding of
Rich Salz [EMAIL PROTECTED] writes:
The certificate has no effect on the type of symmetric encryption that SSL
negotiates.
Except that if you have to support older "export-strength crypto"
browsers, then you can only have a 512bit key.
Only REALLY REALLY old browsers that only support
I'm curious if anyone knows how commercial browser clients (IE, Netscape,
Opera, etc.) seed their PRNGs? Anyone know or have any guesses?
Thanks,
Glenn
__
OpenSSL Project http://www.openssl.org
I don't know what CA.pl -pkcs12 does nor what it does expect. Anyway, if
you simply need to create a PKCS12 file to import in netscape you need
at least the file containing the private key (say for example
newkey.pem) and the one with your certificate (say newcert.pem). If you
also have your
Thanks
It's working fine
"[EMAIL PROTECTED]" wrote:
I don't know what CA.pl -pkcs12 does nor what it does expect. Anyway, if
you simply need to create a PKCS12 file to import in netscape you need
at least the file containing the private key (say for example
newkey.pem) and the one with your
there has been a generation of browsers supporting SSLv3 AND USA export
restrictions as well: they where able to generate RSA keys limited to
512 bit length and simmetric key up to 40 bits (upgraded to 56
recently). Using such a netscape for example you were able to import a
PKCS12 file
"[EMAIL PROTECTED]"[EMAIL PROTECTED] writes:
there has been a generation of browsers supporting SSLv3 AND USA export
restrictions as well: they where able to generate RSA keys limited to
512 bit length and simmetric key up to 40 bits (upgraded to 56
recently). Using such a netscape for
Your are right, anyway export restrictions have been almost removed or
heavy modified and maybe we are going off topic :-)
Pietro
"[EMAIL PROTECTED]"[EMAIL PROTECTED] writes:
there has been a generation of browsers supporting SSLv3 AND USA
export
restrictions as well: they where able
On Mon, Aug 28, 2000 at 04:04:00PM -0500, Glenn Carr wrote:
I'm curious if anyone knows how commercial browser clients (IE, Netscape,
Opera, etc.) seed their PRNGs? Anyone know or have any guesses?
The code that Netscape developed to seed their PRNG after
their Great Random Number Debacle in
Hello Everyone,
I have a chain of version 1 certificates. "Root CA" signs "Intermediate
CA", which signs "client1" and "server1" certificates.
I also have two example client/server pairs. The first example only does
server authentication. The other example does both client and server
Hello:
I'm new to OpenSSL, I've started playing with the functions in the
Crypto library and the DSA signature functions. My question is how do
you extract the private and public keys from a DSA structure?.
Thanks,
Darío
31 matches
Mail list logo