Hi,
I am developing an IPSec stack for ixp1200 platform. I have successfully
completed IKE Phase I and Phase II and got the keying materials for ESP
traffic.
I sent a ping request from an IPSec client (Safenet SoftRemote client) and I
am seeing that the authentication data is only 12bytes(96 bits). I am
negotiating SHA1 authentication algorithm. I verified the data authenticity
depending on IP header length and it's correct.
When I get the Ping Request packet, I extract the payload and do SHA1
authentication and 3DES decryption. My aythentication is failing but
encryption is successful. So I sent the packet to IP stack and I got the
ping reply in plain text. Now I encrypt that packet and authenticate it. Add
IP header and sent to client. But on client side it's not getting the reply.
Can anyone tell me what's going wrong here? Is there any method to trace the
ESP processing on client side? Or any other Windows client give ESP packet
processing details?
Any help will be greatly appreciated.
Thanks & Best Regards,
BPaul
From: [EMAIL PROTECTED] (Theodor Isporidi)
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED] ()
Subject: Re: Signing certificates on Windows
Date: Wed, 8 Jan 2003 06:19:12 +0100
Hi !
> Why not use the 'openssl' directly, in a step-by-step manner?
Easier said than done if the openssl docs are almost nonexistant and
the mod_ssl docs state explicitly
Prepare a script for signing which is needed because the ``openssl ca''
command has some strange requirements and the default OpenSSL config
doesn't allow one easily to use ``openssl ca'' directly. So a script
named sign.sh is distributed with the mod_ssl distribution (subdir
pkg.contrib/). Use this script for signing.
without even giving a hint about how to do it manually.
> If not, there should be something at the Linux Documentation Project
> Lets, see..."google is your friend":
I know, but my search didn't turn up anything useful. I probably used
the wrong keywords.
> http://www.ibiblio.org/pub/Linux/docs/HOWTO/other-formats/pdf/SSL-Cert
> ficates-HOWTO.pdf
Thanks a lot, that document was just what I needed! I have my
certificates now.
But Apache is still giving me some headaches. Perhaps you could give me
a hand here too?
I'm starting Apache with -D SSL to have ssl.conf included and
uncommented the line
LoadModule ssl_module modules/mod_ssl.so in httpd.conf
to load mod_ssl.
So far so good. I want to have several virtual hosts for local testing
of several webpages. Some should only be served via http others only
via https. My config looks like this:
NameVirtualHost 127.0.0.1:80
ServerAdmin [EMAIL PROTECTED]
DocumentRoot /page1
ServerName localhost
ServerAdmin [EMAIL PROTECTED]
DocumentRoot /page2
ServerName localhost2
ServerAdmin [EMAIL PROTECTED]
DocumentRoot /page3
ServerName localhost3
and there is another Virtualhost in ssl.conf
NameVirtualHost 127.0.0.1:443
ServerAdmin [EMAIL PROTECTED]
DocumentRoot /page4
ServerName localhost4
SSLEngine on
SSLProtocol all
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
# The rest are default settings except for paths to certificates
Localhost, localhost2, localhost3 and localhost4 point to 127.0.0.1
(done with the hosts file).
What I think this should do is serve localhost, localhost2 and
localhost3 only via http and localhost4 only via https. But that
doesn't work. I can access all 4 via http and https on Netscape 4.79.
With IE 6.0 SP1 I can access all 4 via http but none at all via https.
What is wrong there?
Bye !
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
_
The new MSN 8 is here: Try it free* for 2 months
http://join.msn.com/?page=dept/dialup
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]