-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Dave Thompson
Sent: 19 December 2013 08:36
To: openssl-users@openssl.org
Subject: RE: HTTPS TLSv1.2 Client-Auth negotiation
Yes, that Wireshark decode of (encrypted) renegotiation is clearly wrong.
Sending two ClientKX
Yes, that Wireshark decode of (encrypted) renegotiation is clearly wrong.
Sending two ClientKX would be wrong, sending (Client)Cert and ClientKX
is right, and the first size would match Cert and not ClientKX.
You might try is s_client -connect 23.66.176.239 -msg -debug
with redirect from a f
Hi,
Thanks for detailed information , since I am not very comfortable with
c/c++ , it is bit difficulty for me to design and implement a webserver
.
Is there simple open source webserver (which uses the boost lib and has the
option to include my modified openssl libs) for android ndk level .
On Thu, Nov 1, 2012 at 1:47 PM, Indtiny s wrote:
> Hi,
> Thanks for the information , actually I need to write simple webserver for
> the android (in the ndk level for some requirement) .
> I have added some new CIPHER suite to the openssl as per our requirement .
> now I need to write simple we
Hi,
Thanks for the information , actually I need to write simple webserver for
the android (in the ndk level for some requirement) .
I have added some new CIPHER suite to the openssl as per
our requirement . now I need to write simple webeserver which uses that
modified-openssl , hence I planned
On Wed, Oct 31, 2012 at 12:31 PM, Indtiny s wrote:
> Hi,
>
> Thanks for the suggestion , while browsing about openssl I came across this
> site http://www.rtfm.com/openssl-examples/
>
> which has code for server which is based on the openssl .
>
> Can I use that server code for my simple webserv
Absolutely!
Charles
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Andrey Koltsov
Sent: Tuesday, October 30, 2012 4:08 AM
To: openssl-users@openssl.org
Cc: Indtiny s
Subject: Re: https server using openssl
Hi.
I think that
Hi.
I think that you should write simple HTTP server first and add SSL
support to it afterwards.
Best regards,
Andrey Koltsov
software developer
29.10.2012 20:49, Indtiny s пишет:
Hi,
I have CCM chiper suite in the openssl and for some other requirement I have
write my own simple webs
It is not a firewall issue, I checked this from outside firewall. The
strange part of the problem is
it does not happen always, it works intermittently.
[root@gateway bin]# openssl s_client -bugs -connect
test.mydomain.com:443 -msg -state
CONNECTED(0003)
SSL_connect:before/connect initializati
On Tuesday 11 September 2012, Supratik Goswami wrote:
> Is there no one in the community who can help me to find the cause of
> the problem ?
Maybe You have firewall issues on "office IP" macine. Have You tried tcpdump or
similar utility to check if there is something being sent/received?
Regard
itly specified, which the OP
didn't. If the server wants client-auth and client doesn't provide
it or provides a cert (chain) which server doesn't trust, that will
give a handshake error, not a hang.
> -Mensagem original-
> De: owner-openssl-us...@openssl.org
>
Is there no one in the community who can help me to find the cause of
the problem ?
On Tue, Sep 4, 2012 at 7:21 PM, Supratik Goswami
wrote:
> I am using OpenSSL version : openssl-1.0.0j in our production.
>
> I am facing a strange problem where the SSL connection simply hangs
> during initial han
Hello Patrick,
Thanks for help ...
-
My Background:
Working with a server application that has a programming language (ADVPL),
in the server I am responsible for some protocols such as http/https -
server/client :) and now I am having to use an HSM.
Currently supports only the fo
Hello again:
Aaack - my bad for not re-reading the post - the openssl.cnf section should
be:
[ openssl_init ]
engines = engine_section
oid_section = new_oids
[ engine_section ]
lunahsm = luna_hsm
[ luna_hsm ]
engine_id = LunaCA3
init
Hi Ricardo:
On September 17, 2008 12:52:23 pm Ricardo Garcia Reis wrote:
> Hey fellows,
>
> I want your help, to implement an integration with SafeNet HSM Hardware. I
> know OpenSSL, but never used with PKCS#11.
>
The Engine interface is your friend :) And WHICH Safenet HSM? Have you taken a
look
#x27;UMshipzip'},
'UMshipcountry' => $form{'UMshipcountry'},
'UMshipphone' => $form{'UMshipphone'},
'UMcardauth' => $form{'UMcardauth'},
'UMpares'=> $form{'UMpares'},
'UMxid
Fax: 724-772-7889
email: [EMAIL PROTECTED]
www: http://www.trinityITsolutions.com
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kyle Hamilton
Sent: Thursday, June 19, 2008 12:32 PM
To: openssl-users@openssl.org
Subject: Re: HTTPS put file in perl
Solutions
>
>
>
> Trinity Solutions
> 604 Cassandra Dr.
> Cranberry Twp., PA 16066
>
>
>
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Jim Lynch
> Sent: Thursday, June 19, 2008 8:39 AM
> To: openssl-users@openssl.org
> Subject: Re: HTTPS
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jim Lynch
Sent: Thursday, June 19, 2008 8:39 AM
To: openssl-users@openssl.org
Subject: Re: HTTPS put file in perl
I don't have any examples, but check out
http://search.cpan.org/dist/libwww-perl/lib/HTTP/Request/Common.pm
Usin
I don't have any examples, but check out
http://search.cpan.org/dist/libwww-perl/lib/HTTP/Request/Common.pm
Using LWP and a PUT operation seems to be pretty straightforward if this
document is to be believed.
Jim.
On Wed, Jun 18, 2008 at 3:40 PM, David M. Funk <[EMAIL PROTECTED]> wrote:
> Anybo
Hello Ricardo,
Ricardo Garcia Reis schrieb:
Hello All,
I can not connect to a HTTPS server of WebServices.
(https://hnfe.sefaz.es.gov.br/Nfe/wsdl/nfeStatusServico.wsdl)
The error occurs when the function SSL_read() is calling, returning 0
and SSL_get_error () equals SSL_ERROR_ZERO_RETURN.
Message -
> From: <[EMAIL PROTECTED]>
> To:
> Sent: Thursday, January 17, 2008 6:01 PM
> Subject: Re: https + onpenSSL + firefox: 8101 error
>
>
> > Hello
> >> Thanks, I don't know what extensions are. I runned that command and it
> > shows th
Hello
> Thanks, I don't know what extensions are. I runned that command and it
shows this extensions:
>
> X509v3 extensions:
> X509v3 Basic Constraints:
> CA:FALSE
> Netscape Cert Type:
> SSL Client, S/MIME, Object Signing
>
Thanks, I don't know what extensions are. I runned that command and it shows
this extensions:
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Cert Type:
SSL Client, S/MIME, Object Signing
Netscape Comment:
Hello,
> I enabled https in my website on a Tomcat server.
>
> I created with openSSL the CA, I singed my web certificate and I added
the certifie of
> my CA in IE and Firefox. With IE 6 and 7 it run successfull securely,
but with firefox
> and netscape it shows this error acceder perfectamen
Hello,
Le 08-déc.-06 à 14:48, Victor Duchovni a écrit :
Yes, the security of unauthenticated TLS is rather questionable.
I, the guy who asked an innocent question at first in this long
thread, have well understood this point from the very first two
answers I got in this thread and passed
On 12/8/06, David Schwartz <[EMAIL PROTECTED]> wrote:
I think that's kind of a crazy thing to say. For what possible reason would
Microsoft want my credit card information to leak to a cracker? For what
possible reason would Microsoft want my computer to be hijacked?
It's unlikely that MS woul
On Fri, Dec 08, 2006 at 04:15:15AM -0800, David Schwartz wrote:
>
> > Actually, David, the truth is that your really not getting these
> > guarentees that
> > your looking for.
>
> Correct. In a technical sense, *you* do not get the guarantees, your end of
> the HTTPS connection does. Whether yo
> Actually, David, the truth is that your really not getting these
> guarentees that
> your looking for.
Correct. In a technical sense, *you* do not get the guarantees, your end of
the HTTPS connection does. Whether you choose to trust your end or not is a
separate issue.
> The problem is that t
- Original Message -
From: "David Schwartz" <[EMAIL PROTECTED]>
To:
Sent: Thursday, December 07, 2006 6:49 PM
Subject: RE: HTTPS security model
>
> > OK, I'm going to take a humourous punch at what you just said; if
> > authentication and authorizat
> OK, I'm going to take a humourous punch at what you just said; if
> authentication and authorization are the same thing, why are both
> required? Isn't one enough? Please make up your mind...
If A and B are the same thing, either neither is required or both are
required. Everything true about
> Proponents of the requested change believe that it is much
> likelier to have
> your communications observed by a passive attacker, than to have an active
> attacker in the path that masquerades as e.g. "amazon.com". Not that the
> later is impossible - just less probable and less frequent.
Exc
"I have seen this certificate before, and I assert that I want to
allow it for limited purposes -- if only because I want to make sure
that third-parties can't see what URLs I'm looking at. I do NOT want
to post my credit card or other sites' login information to this site,
so warn me if I do so.
In message <[EMAIL PROTECTED]> on Tue, 5 Dec 2006 13:45:13 -0800, "David
Schwartz" <[EMAIL PROTECTED]> said:
davids> Authentication and authorization are the same thing.
Generally speaking, that's incorrect, even if you might have a
specific case where your statement applies.
To take an example
> > There are security paradigms such as SSH where you use "leap of
> > faith": strictly you haven't authenticated the remote end, but you
> > "know" that your peer is the other box next to you, you
> > verified its PK fingerprint visually, so you approve ("authorize")
> > that peer from now on.
> > A secure connection to an unauthenticated source is of
> > no value because the unauthenticated source could be
> > the one person who the connection is supposed to be
> > secured from. If there's nobody the connection is
> > supposed to be secured from, why would you care
> > that the connect
On Wed, Dec 06, 2006 at 07:16:32PM +, [EMAIL PROTECTED] wrote:
[ Authentication vs. Authorization ]
Yes, the real issue is that encryption without authentication does
not necessarily provide confidentiality, the party on the other end of
the encrypted connection could be the same attacker tha
> I don't understand this argument at all. The two questions you > seem to
> think are being confused are the *same* question.I don't think so.> When I
> type in "https://www.amazon.com";, what I want> to know is - do I have a
> secure connection to Amazon?This is an authentication question.> A
> The difficulty for the end user here is that the little lock icon is
> overloaded: it is taken to mean both "session is secured against
> spying" AND "session is with a trusted partner". One could argue that
> this confounds authentication (verifying the cert.) and authorization
> (asserting tr
The difficulty for the end user here is that the little lock icon is
overloaded: it is taken to mean both "session is secured against
spying" AND "session is with a trusted partner". One could argue that
this confounds authentication (verifying the cert.) and authorization
(asserting trust of the
Dear,
Le 04-déc.-06 à 19:15, Victor Duchovni a écrit :
TLS includes anonymous cipher-suites (ADH) that do not require or use
server certificates. Postfix 2.3 clients using opportunistic TLS with
Postfix 2.3 (SMTP+STARTTLS) servers will use anonymous ciphers by
default, because SMTP server authe
> This will probably look like a dumb question, but anyway. Is there
> any provision and way, in SSL and/or HTTP, to establish a SSL link
> without trying to assert anything about the server identity? Such
> that a client (a web browser) would happily use the encrypted tunnel
> while obviously n
What I use it HTTP and LWP::UserAgent Perl modules
use LWP::UserAgent;
$ua = new LWP::UserAgent;
$ua->agent("AgentName/0.1 " . $ua->agent);
my $cgi = new CGI();
my $post = '';
# Create a request
my $req = new HTTP::Request POST => 'https://www.server.com';
$req->content_type('application/x-www
Thanks for the help guys ...the last thing that was missing was
actually an infrastructure problem :)
So - working now :)
cheers
--
Torsten
__
OpenSSL Project http://www.openssl.org
User Support M
On Mon, Nov 27, 2006, Torsten Curdt wrote:
> >> ssl_err = SSL_connect(hr->ssl);
> >> if (ssl_err < 0)
> >> {
> >> error_printf("Hard error %d on SSL_connect for fd %d\n",
> >> ssl_err, event->fd);
> >>
> >> I always get a -1 return code and the password callback is not ge
Try SSL_CTX_use_PrivateKey_file() to load private key
(and I suggest SSL_CTX_check_private_key() to check
private key to certificate compatibility).
Well, I thought for PEM SSL_CTX_use_certificate_chain_file() would
also load the private key (thought I read that somewhere) ...anway.
When I use
Hello,
> I am trying to add client certificate support to Daquiri which is
> using openssl for https connections already.
>
> http://omniti.com/~jesus/projects/
>
> So before creating the SSL with SSL_new I am loading our client
> certificate CA's certificate chain into the context with:
>
>
Hi,
I prefer the PKCS12 keystore type for certificates and private keys.
The PKCS12 keystore is supported by JDK, and you don't need to convert the
PKCS8 to JKS type (java only support JKS and PKCS12).
Regards,
HC
-Original Message-
From: "Eshwaramoorthy Babu" <[EMAIL PROT
Isn't SSL/TLS part of javax.security? At any rate, this is not a good
place for Java questions...
The IBM keyman program (google search...) seems to have better support for
some standard formats than the standard keytool does.
/r$
--
STSM, Senior Security Architect
SOA Appliances
Appl
Milan Tomic wrote:
Thank you Ted. It compiles now. :>
How can I set client certificate for SSL connection? I keep cert in
sslclient.pfx file.
Best regards,
Milan
You should have a look at the sample code for the SSL book, which is
downloadable on http://www.opensslbook.com/code.html
The cl
y, July 15, 2005 1:29 PM
> To: openssl-users@openssl.org
> Subject: Re: HTTPS
>
>
> Milan Tomic wrote:
>
> >Can "cli.cpp" run on Windows platform? I need Windows OpenSSL HTTPS
> >client.
> >
> >While compiling I got an error saying t
Have you looked at libwww from W3C?
--- Milan Tomic <[EMAIL PROTECTED]> wrote:
>
> Where can I find some HTTPS client app example using
> OpenSSL? I have
> found cli.cpp in the OpenSSL distribution but it
> connects to the server
> through sockets.
>
___
Milan Tomic wrote:
>
> Where can I find some HTTPS client app example using OpenSSL? I have
> found cli.cpp in the OpenSSL distribution but it connects to the server
> through sockets.
If you are looking for a binary that does the job you
may simply use "openssl s_client"...
Olaf
--
Dipl.Infor
Milan Tomic wrote:
Can "cli.cpp" run on Windows platform? I need Windows OpenSSL HTTPS
client.
While compiling I got an error saying that it can't find "sys/socket.h"
include file.
Thank you.
Uhh, hard times ahead if you want to code SSL and ask me such
questions... ;)
I guess you'll nee
Can "cli.cpp" run on Windows platform? I need Windows OpenSSL HTTPS
client.
While compiling I got an error saying that it can't find "sys/socket.h"
include file.
Thank you.
__
OpenSSL Project htt
Milan Tomic wrote:
Where can I find some HTTPS client app example using OpenSSL? I have
found cli.cpp in the OpenSSL distribution but it connects to the
server through sockets.
I guess cli.cpp is exactly what you are looking for. You first have to
set up the connection using sockets and th
To: [EMAIL PROTECTED]
Subject: Re: HTTPS with customized pfx files.
On Mon, May 10, 2004, Fabiano Reis wrote:
Content-Description: Mail message body
> Hi,
>
>
>
> I have an Apache webserver running with ssl enabled. I configured it to
use:
> SSLVerifyClient required optio
On Fri, 11 Jan 2002 08:47:58 -0600, Scott Frazor wrote:
>I tried looking at the RFC and it was not what I was looking for. I think
>now that I have read a couple of responses to my original question I am
>specificaly looking for how to impliment a POST through OpenSSL's API and
>receive the re
Sent: Thursday, January 10, 2002 8:20 AM
> To: '[EMAIL PROTECTED]'; 'Scott Frazor'
> Subject: RE: HTTPS Post
>
>
> Scott,
> Read http://www.ietf.org/rfc/rfc2616 for HTTP information
>
> -Original Message-
> From: Scott Frazor [mailto:[EMAIL
On Wed, 9 Jan 2002, Scott Frazor wrote:
> Can anyone give me a rough idea on how to prepare and send a https POST via
> openssl? I know how to open a socket and connect SSL, but I'm missing
> something when it comes to sending a HTTPS POST and RECEIVING the response.
> I'm not sure if I'm aski
2001 23:12:14 +0200 (EET)
> To: OpenSSL <[EMAIL PROTECTED]>
> Subject: Re: https
>
> On Tue, 20 Nov 2001, Keary Suska wrote:
>
>> ...
>> I would recommend that you remove Net::SSLeay and install Crypt::SSLeay. The
>> former is no longer being maintained (and
On Wed, 21 Nov 2001, Keary Suska wrote:
> ...
> It's your choice which to use, though the read me states that Net::SSLeay
> doesn't directly support LWP, so I imagine you will get better results with
> LWP if you use the library recommended by the author.
yes, this choice is a matter of opinion
On Tue, 20 Nov 2001, Keary Suska wrote:
> ...
> I would recommend that you remove Net::SSLeay and install Crypt::SSLeay. The
> former is no longer being maintained (and is considered deprecated), and may
> not function properly with newer openssl versions, but the latter is being
> actively maint
From: "Sean O'Riordain" <[EMAIL PROTECTED]>
> Reply-To: [EMAIL PROTECTED]
> Date: Wed, 21 Nov 2001 08:44:40 +
> To: [EMAIL PROTECTED]
> Subject: Re: https
>
> Keary Suska wrote:
>> I would recommend that you remove Net::SSLeay and install Crypt::SS
Ah.. the Camel ;-)) Well for one thing the exchange between https and your
browser is quite a bit different.. whereas plain http can be obtained simply
by GET [..] Which you can't do with https.. quite in the same way;-))
Hope that helps somewhat.. You also should use carp or something as it
wi
Hello yitzpick,
ysn> hi,
ysn> i'd like to know how to do GET / POST requests over HTTPS.
Actually, HTTPS is simply the HTTP over SSL.
So just use ssl_read & ssl_write to implement HTTP Protocol. :)
ysn> there's some demos/bio example,
ysn> but doesn't compile on Linux.
ysn> __
> Michael wrote:
> >
> > > hi,
> > >
> > > i'd like to know how to do GET / POST requests over HTTPS.
> > >
> > > there's some demos/bio example,
> > > but doesn't compile on Linux.
> > >
> > perl+ Net::SSLeay
> >
>
> My mistake. I guess I'm tired. I thought you were an internal
> Michael. S
Michael wrote:
>
> > hi,
> >
> > i'd like to know how to do GET / POST requests over HTTPS.
> >
> > there's some demos/bio example,
> > but doesn't compile on Linux.
> >
> perl+ Net::SSLeay
>
> [EMAIL PROTECTED]
> __
> OpenSSL P
Michael wrote:
>
> > hi,
> >
> > i'd like to know how to do GET / POST requests over HTTPS.
> >
> > there's some demos/bio example,
> > but doesn't compile on Linux.
> >
> perl+ Net::SSLeay
I'm not sure I understand your question. Examples of doing this in my
application are in the files HTTPin
> hi,
>
> i'd like to know how to do GET / POST requests over HTTPS.
>
> there's some demos/bio example,
> but doesn't compile on Linux.
>
perl+ Net::SSLeay
[EMAIL PROTECTED]
__
OpenSSL Project
On Tue, Feb 27, 2001 at 12:05:36PM +0100, [EMAIL PROTECTED] wrote:
> wwwlib examples don't work with https, all i found was this:
> http://www.w3.org/Library/src/SSL/WWWSSL.html
> ( Because US regulations on encryption .. )
>
> i'd be really happy if someone just told me how to fix OpenSSL demos/
One example of how to get
https or http is simply in the code of ocsp.c in the apps
directory.
The apps/ocsp.c code initialized optionally a normal or ssl
connection. Then you just send your http data stream into
it.
if you want to add proxy support for ssl: Use the proxy host
instaed, and
>From: "Vadim Fedukovich" <[EMAIL PROTECTED]>
> w3c-wwwlib from www.w3c.org
wwwlib examples don't work with https, all i found was this:
http://www.w3.org/Library/src/SSL/WWWSSL.html
( Because US regulations on encryption .. )
i'd be really happy if someone just told me how to fix OpenSSL d
Hi!
It's the same as using plain connection... The difference is that the
connection between client and server is encrypted...
Uro Gaber
PowerCom Gaber & Globocnik d.n.o.
http://www.powercom-si.com
eMail: [EMAIL PROTECTED]
Tel: 01/724-84-26 -- +386-1-7248426
Fax: 01/724-84-27 -- +386-1-7248427
You are trying to access the page via https,
secured http?
Use http://www.openssl.org
- Original Message -
From:
Tom Nichols
To: [EMAIL PROTECTED]
Sent: Wednesday, April 11, 2001 7:03
AM
Subject: Re: https://www.openssl.org/ ?
Kari Hurtta wrote:
https
Kari Hurtta wrote:
https://www.openssl.org/
goes to https://www.engelschall.com/title/
What is this?
--
/"\
| Kari
\ /
ASCII Ribbon Campaign | Hurtta
X
Against HTML Mail |
/ \
|
_
"Ray, Marla S" wrote:
>
> Please pardon what might seem like a simple question but I am very new to
> using the lwp and ssl modules and need some help.
>
> We are trying to use Perl to do a POST to an HTTPS location. Our post
> includes a file and optionally other form input. I can access and
Title: RE: HTTPS
http://sourceforge.net/projects/aphid/
http://www.apachetoolbox.com/
http://www.delouw.ch/linux/apache.phtml
If you're using a Unix based system, try to use one of those tools above. I used apachetoolbox, and it didn't done the entire job for me, but it helped
"Varga, Jack" <[EMAIL PROTECTED]> writes:
> Is the session_id resident in each ssl application
> data packet or just in the handshake packets? If so,
> is it always in the clear (i.e., not encrypted?
No, it's only in the ServerHello and (if resumption is being used) in
the ClientHello. However
"Varga, Jack" <[EMAIL PROTECTED]> writes:
> Along the lines of a Stephens TCP packet header illustration,
> is there something similar to describe an https (or http for that
> matter) packet header?
The first thing to realize is that HTTPS means "HTTP over SSL".
Ordinarily, HTTP traffic is carrie
Check http://www.modssl.org/docs/2.7/ssl_intro.html
and http://www.modssl.org/docs/apachecon2000/slide-006-l.html
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
__
OpenSSL Project
PROTECTED]Subject: Re: HTTPS:
errors
Hello,
We are using OpenSSL version 0.9.5a for a project and have noticed some
errors connecting to any of our HTTPS:// sites with IE4.0. We can use
the same machine with the same version browser and connect to several other
https: sites. One
Hello,
We are using OpenSSL version 0.9.5a for a project and have noticed some
errors connecting to any of our HTTPS:// sites with IE4.0. We can use the
same machine with the same version browser and connect to several other https:
sites. One thought was what version of SSL is being sent
+- On Sun, 05 Sep 1999 02:51:56 EDT, "Erik Aronesty" writes:
| When i use the s_client to connect to authorize.net on port 443,
| I get an error verifying the cert... but no browser gets this error?
I got a complaint about the CN not matching the site name.
/Michael
Luke Higgins wrote:
>
> Hello all,
>
> I just installed Net::SSLeay and OpenSSL-0.9.4 on my redhat 6.0 system and was
> looking for an example of using Net::SSLeay to perform a POST request on a
> https site that requires authentication. The example in the Net::SSLeay
> distribution (examples/g
Chris Schoenfeld wrote/schrieb/scribsit:
> I can do a simple GET:
> GET /
> That works fine.
>
> The problem is that the first line of input is immediately sent to the
> server and processed, there is no way for me to send additional information
> (headers, POST data, etc) required for more compl
86 matches
Mail list logo