Tomcat and OpenSSL
Hi, I'm using OpenSSL + Tomcat 5. I have configured OpenSSL Tomcat successfully but it just 1-way authentication. Now I want both Server and Client authenticate each other. Can you help me? Thanks in advance! Hung. How low will we go? Check out Yahoo! Messengers low PC-to-Phone call rates.
BN_bn2hex(rsa-e) allways 010001
Hi all! RSA *rsa; rsa = RSA_new(); rsa = RSA_generate_key(512,RSA_F4,NULL,NULL); printf (E: %s\n,BN_bn2hex(rsa-e)); allways: E: 010001 is normal??? king regards, mark __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: BN_bn2hex(rsa-e) allways 010001
The RSA_F4 parameter is what gives you the E parameter value. Specifically 65537, or 010001 in hex. Steven Pauly Pitney Bowes GMS Nagy Zoltán Márk [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 04/05/2006 08:57 AM Please respond to openssl-users@openssl.org To openssl-users@openssl.org cc Subject BN_bn2hex(rsa-e) allways 010001 Hi all! RSA *rsa; rsa = RSA_new(); rsa = RSA_generate_key(512,RSA_F4,NULL,NULL); printf (E: %s\n,BN_bn2hex(rsa-e)); allways: E: 010001 is normal??? king regards, mark __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Desperate, commands to make an intermediate CA?
Hello world. I am getting crazy I can't find the solution. Could anyone be so kind of show me clues, examples, config files in order to make an intermediate CA? My scenario: I issue certificates with openssl line commands. I had issue a selfsigned CA root certificate and I could issue cert for servers,. etc, but i could not issue and sign a certficate to work as intermediate CA, it always issue me a server certificate.çç TIA. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Desperate, commands to make an intermediate CA?
You should be able to issue an intermediate cert by signing a CSR with basicConstraints=CA:TRUE, but I havent tried it in the wild, so YMMV On 4/5/06, Francisco Javier Martinez Martinez [EMAIL PROTECTED] wrote: Hello world. I am getting crazy I can't find the solution. Could anyone be so kind of show me clues, examples, config files in order to make an intermediate CA? My scenario: I issue certificates with openssl line commands. I had issue a selfsigned CA root certificate and I could issue cert for servers,. etc, but i could not issue and sign a certficate to work as intermediate CA, it always issue me a server certificate.çç TIA. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] -- Simple guidelines to happiness: Work like you don't need the money, Love like your heart has never been broken and Dance like no one can see you. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Desperate, commands to make an intermediate CA?
On Wed, Apr 05, 2006, Francisco Javier Martinez Martinez wrote: Hello world. I am getting crazy I can't find the solution. Could anyone be so kind of show me clues, examples, config files in order to make an intermediate CA? My scenario: I issue certificates with openssl line commands. I had issue a selfsigned CA root certificate and I could issue cert for servers,. etc, but i could not issue and sign a certficate to work as intermediate CA, it always issue me a server certificate.çç You don't say which commands so it isn't easy to say which option you should use. If you use CA.pl then the -signCA option will work. Otherwise you need to specify the configuration section v3_ca when you sign the request. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
indirect CRLs
Hello, is it possible to implement indirect Certificate Revocation Lists with OpenSSL? There is an entry in the man page to x509v3_config [1], saying it cannot currently be set or displayed... But maybe someone hacked it anyway (- by using ASN.1 or DER for example). If it's possible, how can it be done? Cheers, Holger PS: Yes, I intensely searched the archives and google co. [1] http://www.openssl.org/docs/apps/x509v3_config.html#CRL_distribution_points_ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Is x64 working?
I'm new to this group want to use the openssl library on Win x64 platform. I want to build on Visual Studio 2005 or 2003. I've tried to build the 0.9.8a release latest snapshots without success. I've followed instruction in the INSTALL.W64 file, but it does not successfully compile link. Have any one successfully build these on VS 2005 / x64 combination? Does anyone have .sln or .vcproj files?
RE: Is x64 working?
I have built OpenSSL for 64-bit Windows on an Itanium platform. Beware that if you use WinZip to untar the files, by default WinZip converts \n to \r\n in the makefiles and this breaks the Perl scripts. I built the code on a 32-bit Windows box using the Set Win Svr 2003 IA64 Build Env (Debug) command line that comes with VisualStudio 2003. I used the makefiles to run the build process. Nigel From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Parind Shah Sent: Wednesday, April 05, 2006 10:02 AM To: openssl-users@openssl.org Subject: Is x64 working? I'm new to this group want to use the openssl library on Win x64 platform. I want to build on Visual Studio 2005 or 2003. I've tried to build the 0.9.8a release latest snapshots without success. I've followed instruction in the INSTALL.W64 file, but it does not successfully compile link. Have any one successfully build these on VS 2005 / x64 combination? Does anyone have .sln or .vcproj files?
Re: indirect CRLs
On Wed, Apr 05, 2006, Holger Menzer wrote: Hello, is it possible to implement indirect Certificate Revocation Lists with OpenSSL? There is an entry in the man page to x509v3_config [1], saying it cannot currently be set or displayed... But maybe someone hacked it anyway (- by using ASN.1 or DER for example). If it's possible, how can it be done? You can create the things using OpenSSL 0.9.9-dev only. They are also displayed correctly. Correctly partitioning the CRLs is down to the user setting the config correctly. The config file format for that option isn't documented but it isn't hard to work out. Just include the string indirectCRL and it will set the flag. The OpenSSL verify code does not currently support them, it may well do in the not too distant future. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: Is x64 working?
I'm running this under the Visual Studio 2005 x64 Command Prompt (so that all the environment variables are set.) See if following error makes sense to you. ( I did unzip the tar using WinAce Archiver ) I'm not sure why its using the "out32dll" "tmp32" etc. 32 bit target/references for 64 bit build. == Setting environment for using Microsoft Visual Studio 2005 x64 cross tools. C:\Program Files\Microsoft Visual Studio 8\VCcd\sources C:\Sourcescd openssl-0.9.8a C:\Sources\openssl-0.9.8aperl Configure VC-WIN64AConfiguring for VC-WIN64A no-gmp [default] OPENSSL_NO_GMP (skip dir) no-krb5 [krb5-flavor not specified] OPENSSL_NO_KRB5 no-mdc2 [default] OPENSSL_NO_MDC2 (skip dir) no-rc5 [default] OPENSSL_NO_RC5 (skip dir) no-shared [default] no-zlib [default] no-zlib-dynamic [default]IsMK1MF=1CC =clCFLAG =-DOPENSSL_THREADS -DDSO_WIN32EX_LIBS =CPUID_OBJ =BN_ASM =bn_asm.oDES_ENC =des_enc.o fcrypt_b.oAES_ASM_OBJ =aes_core.o aes_cbc.oBF_ENC =bf_enc.oCAST_ENC =c_enc.oRC4_ENC =rc4_enc.oRC5_ENC =rc5_enc.oMD5_OBJ_ASM =SHA1_OBJ_ASM =RMD160_OBJ_ASM=PROCESSOR =RANLIB =trueARFLAGS =PERL =perlSIXTY_FOUR_BIT modeDES_INT usedRC4_CHUNK is unsigned long long Configured for VC-WIN64A. C:\Sources\openssl-0.9.8ams\do_win64a C:\Sources\openssl-0.9.8aperl util\mkfiles.pl 1MINFO C:\Sources\openssl-0.9.8aperl ms\uplink.pl win64a 1ms\uptable.asm C:\Sources\openssl-0.9.8aml64 -c -Foms\uptable.obj ms\uptable.asmMicrosoft (R) Macro Assembler (x64) Version 8.00.50727.42Copyright (C) Microsoft Corporation. All rights reserved. Assembling: ms\uptable.asm C:\Sources\openssl-0.9.8aperl util\mk1mf.pl no-asm VC-WIN64A 1ms\nt.mak C:\Sources\openssl-0.9.8aperl util\mk1mf.pl dll no-asm VC-WIN64A 1ms\ntdll.mak C:\Sources\openssl-0.9.8aperl util\mkdef.pl 32 libeay 1ms\libeay32.def C:\Sources\openssl-0.9.8aperl util\mkdef.pl 32 ssleay 1ms\ssleay32.def C:\Sources\openssl-0.9.8anmake -f ms\ntdll.mak Microsoft (R) Program Maintenance Utility Version 8.00.50727.42Copyright (C) Microsoft Corporation. All rights reserved. Building OpenSSL copy nul+ .\crypto\buildinf.h tmp32dll\buildinf.hnul.\crypto\buildinf.h 1 file(s) copied. copy nul+ .\crypto\opensslconf.h inc32\openssl\opensslconf.hnul.\crypto\opensslconf.h 1 file(s) copied. link /nologo /subsystem:console /opt:ref /dll /out:out32dll\libeay32.dll /def:ms/LIBEAY32.def @C:\DOCUME~1\pshah\LOCALS~1\Temp\nm59F.tmptmp32dll\uplink.obj : fatal error LNK1112: module machine type 'X86' conflicts with target machine type 'x64'NMAKE : fatal error U1077: '"C:\Program Files\Microsoft Visual Studio 8\VC\BIN\x86_amd64\link.EXE"' : return code '0x458'Stop. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Thompson, Nigel (Colorado Springs)Sent: Wednesday, April 05, 2006 12:10 PMTo: openssl-users@openssl.orgSubject: RE: Is x64 working? I have built OpenSSL for 64-bit Windows on an Itanium platform. Beware that if you use WinZip to untar the files, by default WinZip converts \n to \r\n in the makefiles and this breaks the Perl scripts. I built the code on a 32-bit Windows box using the Set Win Svr 2003 IA64 Build Env (Debug) command line that comes with VisualStudio 2003. I used the makefiles to run the build process. Nigel From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Parind ShahSent: Wednesday, April 05, 2006 10:02 AMTo: openssl-users@openssl.orgSubject: Is x64 working? I'm new to this group want to use the openssl library on Win x64 platform. I want to build on Visual Studio 2005 or 2003. I've tried to build the 0.9.8a release latest snapshots without success. I've followed instruction in the INSTALL.W64 file, but it does not successfully compile link. Have any one successfully build these on VS 2005 / x64 combination? Does anyone have .sln or .vcproj files?
RSA_public_encrypt return -1
Hi! I tired to use RSA encryption. unsigned char *rsa_in = Very secret message Very secret message Very secret m; OpenSSL_add_all_algorithms(); pad = RSA_PKCS1_PADDING; rsa_inlen = strlen(rsa_in); printf (rsa_inlen:%d\n,rsa_inlen); rsa = RSA_generate_key(512,RSA_F4,NULL,NULL); keysize = RSA_size(rsa); printf (Keysize:%d\n,keysize); rsa_out = OPENSSL_malloc(keysize); rsa_outlen = RSA_public_encrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad); printf (rsa_outlen:%d\n,rsa_outlen); }//end output : rsa_inlen:53 Keysize:64 rsa_outlen:64 is good, but if: unsigned char *rsa_in = Very secret message Very secret message Very secret me; . rsa_inlen:54 Keysize:64 rsa_outlen:-1 why? rsa_inlen is 53: working correctly rsa_inlen is 54 or above: segmentation fault. how to do RSA encrypt with very long string, or with file??? king regards, mark __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: RSA_public_encrypt return -1
Hello, Hi! I tired to use RSA encryption. unsigned char *rsa_in = Very secret message Very secret message Very secret m; OpenSSL_add_all_algorithms(); pad = RSA_PKCS1_PADDING; rsa_inlen = strlen(rsa_in); printf (rsa_inlen:%d\n,rsa_inlen); rsa = RSA_generate_key(512,RSA_F4,NULL,NULL); keysize = RSA_size(rsa); printf (Keysize:%d\n,keysize); rsa_out = OPENSSL_malloc(keysize); rsa_outlen = RSA_public_encrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad); printf (rsa_outlen:%d\n,rsa_outlen); }//end output : rsa_inlen:53 Keysize:64 rsa_outlen:64 is good, but if: unsigned char *rsa_in = Very secret message Very secret message Very secret me; .. rsa_inlen:54 Keysize:64 rsa_outlen:-1 why? rsa_inlen is 53: working correctly rsa_inlen is 54 or above: segmentation fault. You generated 512 bit key (64 bytes) so you can encrypt without padding max 64 bytes. Because you specified RSA_PKCS1_PADDING padding witch requires minimum 11 bytes of free space than you can encrypt max 53 bytes with this type of padding (your data is first padded and than encrypted). how to do RSA encrypt with very long string, or with file??? Usually only session keys, shared keys and this type of data is encrypted with RSA ... usually :-) Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
EVP +RSA
Hi! Is possible? Anybody give me an example code? i cant find doc and example on internet. { generate key pairs;// first 512bits get string from keyboard; //keyboard or from others, but more than 1024chars crypt string with public key; } i crypt only 53chars with 512bits keys with RSA_generate_key RSA_public_encrypt regards, mark __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: EVP +RSA
On Wed, Apr 05, 2006, Nagy Zoltn Mrk wrote: Hi! Is possible? Anybody give me an example code? i cant find doc and example on internet. { generate key pairs;// first 512bits get string from keyboard; //keyboard or from others, but more than 1024chars crypt string with public key; } i crypt only 53chars with 512bits keys with RSA_generate_key RSA_public_encrypt The EVP_Seal*() and EVP_Open*() functions can do this. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Problem connecting using SSL_connect
Hi, My application is very simple, a client that connects to a server and they verify each other's identity. Right now I'm just trying to get them to connect. I'm using OpenSSL 0.9.7. I started with the example application in the O'Reilly Network Security with OpenSSL book. I was able to integrate the client portion of the code in my application (with some mods). I tested it with the server they provided which demonstrated that the client code worked. When I integrated the server code into the application I had to make some serious mods because my server need only handle one connection (strange, but true). Anyway, it doesn't work and I can't figure out why. Here's the relevant client code: init_OpenSSL(); logInfo(Initialized OpenSSL library\n); /* IMPORTANT! * This must be properly seeded to ensure security. * look in chapter 4 for details on how to this. */ seed_prng(); ctx = setup_client_ctx(); logInfo(Loaded private key(s) and passphrase\n); conn = BIO_new_connect(SERVER : PORT); if (!conn) log_error(Error creating connection to BIO); if (BIO_do_connect(conn) = 0) log_error(Error connecting to remote machine); if (!(ssl = SSL_new(ctx))) log_error(Error creating an SSL context); SSL_set_bio(ssl, conn, conn); /* wait for eauth -s to become ready to establish SSL handshake */ if (SSL_connect(ssl) = 0) { logInfo(Error connecting to SSL object\n); } And here's the relevant server code. I suspect that the problem is here since the client used to work. The last thing I see in my logfile is step5: init_OpenSSL(); logInfo(Initialized OpenSSL library\n); seed_prng(); ctx = setup_server_ctx(); logInfo(Loaded private key(s) and passphrase\n); acc = BIO_new_accept(PORT); logInfo(step1\n); if (!acc) log_error(Error creating server socket); logInfo(step2\n); if (BIO_do_accept(acc) = 0) log_error(Error binding server socket); logInfo(step3\n); if (!(ssl = SSL_new(ctx))) log_error(Error creating SSL context); logInfo(step4\n); SSL_set_bio(ssl, acc, acc); logInfo(step5\n); if (SSL_accept(ssl) = 0) log_error(Error accepting SSL connection); else logInfo(SSL connection opened\n); err = SSL_read(ssl, sslbuf, sizeof(sslbuf)); Can anyone see any problems here? Probably something obvious that I'm missing? One more thing - the client is invoked up to one second before the server is invoked. Perhaps the client is attempting to connect before the server is ready? I tried the following but it never connected: if (SSL_connect(ssl) = 0) { logInfo(Error connecting to SSL object\n); } Is there any way to see --exactly-- what's going on? To log exactly what's going on during the connection/handshake procedure? Thank you very much, Robert Stober Senior Systems Engineer Platform Computing, Inc. 209-986-9298 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
closing client connection problem
If the server returns an error my client does not shut down the connection. I think i have to use SSL_Read and then if the return value is less than or equal to 0 then i just break. The problem is that when i use SSL_Read then my SSL_write does not seem to work...why is that.or is there a simpler way to check if the server has closed the connection?. How low will we go? Check out Yahoo! Messengers low PC-to-Phone call rates.
AIX 5.1 and 5.3 problem when calling SSL_accept
Hi, We're porting our product to 0.9.7i. Our last version worked fine with 0.9.7d and the new one is OK using 0.9.7i on most other platforms but not on AIX 5.1 or 5.3. On all platforms SSL_accept returns -1. On everything other than AIX SSL_get_error returns SSL_ERROR_WANT_READ. Adding debug code to the OpenSSL libraries I see that readsocket is returning -1 but errno is not set - it is zero before the call and zero after it. Does anyone have any suggestions as to what I can do to locate the source of the issue? Thanks, Adrian. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Using OpenSSL crypto library only
Dear OpenSSL working group , My name is Aidros doing Master study in SSL Development. I'm glad to participate and share knowledge with you. This is the firs participation. My project is to Improve Bulk data transfer phase performance (Record Layer) using Parallelism (reducing the processing time). To simulate this process I would like to get: the HMAC code followed by Encryption code, i mean: the code has four inputs: MAC key, Encryption key, IV if necessary and Data. the one output : (MAC and Data) encrypted I would like to ask whether it is possible to use crypto library for this purpose without openssl installation, or expected compilation errors will be appeared. The files is under openssl-0.9.7d\crypto folder. Let say i start my main function from hmactest.c then end up to with data plus MAC encrupted. My PC platform is Win XP. Thanks for your anticipation help. We keep in touch.
RE: Problem connecting using SSL_connect
The accept could have failed for any reason such as mismatch of ssl versions/ no matching ciphers/ untrusted certificate / so check on the wire whats going on. From your code snipped, am not sure what exactly setup_client_ctx() does or what ciphers have been set on the server ctx..the SSL_METHOD used.. Am dead sure its just a minor handshake issue coz of misconfiguration.. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Robert Stober Sent: Thursday, April 06, 2006 7:47 AM To: openssl-users@openssl.org Subject: Problem connecting using SSL_connect Hi, My application is very simple, a client that connects to a server and they verify each other's identity. Right now I'm just trying to get them to connect. I'm using OpenSSL 0.9.7. I started with the example application in the O'Reilly Network Security with OpenSSL book. I was able to integrate the client portion of the code in my application (with some mods). I tested it with the server they provided which demonstrated that the client code worked. When I integrated the server code into the application I had to make some serious mods because my server need only handle one connection (strange, but true). Anyway, it doesn't work and I can't figure out why. Here's the relevant client code: init_OpenSSL(); logInfo(Initialized OpenSSL library\n); /* IMPORTANT! * This must be properly seeded to ensure security. * look in chapter 4 for details on how to this. */ seed_prng(); ctx = setup_client_ctx(); logInfo(Loaded private key(s) and passphrase\n); conn = BIO_new_connect(SERVER : PORT); if (!conn) log_error(Error creating connection to BIO); if (BIO_do_connect(conn) = 0) log_error(Error connecting to remote machine); if (!(ssl = SSL_new(ctx))) log_error(Error creating an SSL context); SSL_set_bio(ssl, conn, conn); /* wait for eauth -s to become ready to establish SSL handshake */ if (SSL_connect(ssl) = 0) { logInfo(Error connecting to SSL object\n); } And here's the relevant server code. I suspect that the problem is here since the client used to work. The last thing I see in my logfile is step5: init_OpenSSL(); logInfo(Initialized OpenSSL library\n); seed_prng(); ctx = setup_server_ctx(); logInfo(Loaded private key(s) and passphrase\n); acc = BIO_new_accept(PORT); logInfo(step1\n); if (!acc) log_error(Error creating server socket); logInfo(step2\n); if (BIO_do_accept(acc) = 0) log_error(Error binding server socket); logInfo(step3\n); if (!(ssl = SSL_new(ctx))) log_error(Error creating SSL context); logInfo(step4\n); SSL_set_bio(ssl, acc, acc); logInfo(step5\n); if (SSL_accept(ssl) = 0) log_error(Error accepting SSL connection); else logInfo(SSL connection opened\n); err = SSL_read(ssl, sslbuf, sizeof(sslbuf)); Can anyone see any problems here? Probably something obvious that I'm missing? One more thing - the client is invoked up to one second before the server is invoked. Perhaps the client is attempting to connect before the server is ready? I tried the following but it never connected: if (SSL_connect(ssl) = 0) { logInfo(Error connecting to SSL object\n); } Is there any way to see --exactly-- what's going on? To log exactly what's going on during the connection/handshake procedure? Thank you very much, Robert Stober Senior Systems Engineer Platform Computing, Inc. 209-986-9298 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: closing client connection problem
AFAIK, tcp read can return Zero, as numbytes read, and does not mean than the fd is invalidated. I think you should use SSL_received_shutdown or something which checks if any close has been initiated by the server.. Attempting write when a close was received will result in sigpipe.. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of michael DorrianSent: Thursday, April 06, 2006 8:52 AMTo: openssl-users@openssl.orgSubject: closing client connection problemIf the server returns an error my client does not shut down the connection. I think i have to use SSL_Read and then if the return value is less than or equal to 0 then i just break. The problem is that when i use SSL_Read then my SSL_write does not seem to work...why is that.or is there a simpler way to check if the server has closed the connection?. How low will we go? Check out Yahoo! Messengers low PC-to-Phone call rates.