keyword QUIT
Dear OpenSSL Users, how can i deactivate in OpenSSL to handle the keyword "quit"? i dont want to stop my server connection if a client send the string "quit". if i receive quit then the server give an output "recv: Success"and exit the application. Kind Regards Stefan
Re: Unknown error being generated by openssl-0.9.8a
Hello, > We're not sure why right now but we think a piece of network equipment > (e.g. a firewall) is detecting an FTP session but gets confused when > the encrypted data starts and kills the connection. Cisco routers with IDS enabled do things like that. Best regards, -- Marek Marcola <[EMAIL PROTECTED]> __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: 0.9.8b windows binaries
Excellent. Many Thanks. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of hunter Sent: Wednesday, May 10, 2006 1:45 AM To: openssl-users@openssl.org Subject: Re: 0.9.8b windows binaries On 5/8/06, Parind Shah <[EMAIL PROTECTED]> wrote: > > Is it possible to include 64 bit binaries as well? > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Wai Wu > Sent: Monday, May 08, 2006 11:12 AM > To: openssl-users@openssl.org > Subject: RE: 0.9.8b windows binaries > > Yes. Please hunter. Please include the header files in the download. > Also, a small request, can you provide a build for static linking? > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of hunter > Sent: Sunday, May 07, 2006 12:56 PM > To: openssl-users@openssl.org > Subject: Re: 0.9.8b windows binaries > > On 5/7/06, Mike Ehlert <[EMAIL PROTECTED]> wrote: > > Oops. looks like I sent a blank reply to the list earlier this > morning. > > My apologies to all. > > > > >> Hummm. I downloaded the binary from http://hunter.campbus.com/, > > > > I was going to comment that this site does not offer the 0.9.8b > > binaries, but what I'm after now is some information on any tricks > > to compiling the DLL's with only the features needed for my > > application to reduce their size. I'd rather not try to blindly rip > > appart the source without some guidance as I am not a C++ coder, my > > former coding > > > skills were limited to masm. > > > > Regards, Mike > > > > __ > > OpenSSL Project http://www.openssl.org > > User Support Mailing List openssl-users@openssl.org > > Automated List Manager [EMAIL PROTECTED] > > > Mike, > > I provide the binaries for hunter.campbus.com. The files are actually > stored at brandleadershipmarketing.com/apache. You can take the > Archive and MD5 link from hunter.campbus.com. > > I have been busy and have not had time to build Openssl-0.9.8b. I will > be getting to the Apache builds in the next few days but I thought I > would try to address your issue - smaller binaries. I assume you also > need headers and libs for building your application. I will be waiting > for an update to mod_ssl for Apache 1.3.x. > > I noticed an option for the build to not statically link the engines. > This results in binaries that are a little smaller. I built the code > with 'no-static-engine' and used the 'install' option. Then I zipped > up the directory structure created by the makefile in c:\openssl. The > engine dll's can be found in the c:\openssl\lib\engines directory. > > Openssl-0.9.8b-no-static-engine-Win32.zip > > Try this build and let me know if it suits your needs. If it does I > will continue the build the updates in this form in addition to the > regular package, which is created to support Apache 1.3.x. Apache > 2.x.x are packaged with OpenSSL included. > > If you prefer you can build your own using these options, but let me > know so that I know if should continue to provide this form of package. > > Chris Lewis > __ > OpenSSL Project http://www.openssl.org > User Support Mailing Listopenssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] > __ > OpenSSL Project http://www.openssl.org > User Support Mailing Listopenssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] > __ > OpenSSL Project http://www.openssl.org > User Support Mailing Listopenssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] > Parind, I built 64 bit binaries. Openssl-0.9.8b-Win64-ia64.zip Openssl-0.9.8b-Win64-x64.zip at http://brandleadershipmarketing.com/apache I zipped up the entire build directory because I cannot test these. If they are ok I will figure out what parts to package. Your feed back would be appreciated. Chris. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: 0.9.8b windows binaries
Chris, I really appreciate you taking time to build 64 bit binaries. I'll try to use it and get back to you. Many thanks in advance, Parind. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of hunter Sent: Wednesday, May 10, 2006 1:45 AM To: openssl-users@openssl.org Subject: Re: 0.9.8b windows binaries On 5/8/06, Parind Shah <[EMAIL PROTECTED]> wrote: > > Is it possible to include 64 bit binaries as well? > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Wai Wu > Sent: Monday, May 08, 2006 11:12 AM > To: openssl-users@openssl.org > Subject: RE: 0.9.8b windows binaries > > Yes. Please hunter. Please include the header files in the download. > Also, a small request, can you provide a build for static linking? > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of hunter > Sent: Sunday, May 07, 2006 12:56 PM > To: openssl-users@openssl.org > Subject: Re: 0.9.8b windows binaries > > On 5/7/06, Mike Ehlert <[EMAIL PROTECTED]> wrote: > > Oops. looks like I sent a blank reply to the list earlier this > morning. > > My apologies to all. > > > > >> Hummm. I downloaded the binary from http://hunter.campbus.com/, > > > > I was going to comment that this site does not offer the 0.9.8b > > binaries, but what I'm after now is some information on any tricks > > to compiling the DLL's with only the features needed for my > > application to reduce their size. I'd rather not try to blindly rip > > appart the source without some guidance as I am not a C++ coder, my > > former coding > > > skills were limited to masm. > > > > Regards, Mike > > > > __ > > OpenSSL Project http://www.openssl.org > > User Support Mailing List openssl-users@openssl.org > > Automated List Manager [EMAIL PROTECTED] > > > Mike, > > I provide the binaries for hunter.campbus.com. The files are actually > stored at brandleadershipmarketing.com/apache. You can take the > Archive and MD5 link from hunter.campbus.com. > > I have been busy and have not had time to build Openssl-0.9.8b. I will > be getting to the Apache builds in the next few days but I thought I > would try to address your issue - smaller binaries. I assume you also > need headers and libs for building your application. I will be waiting > for an update to mod_ssl for Apache 1.3.x. > > I noticed an option for the build to not statically link the engines. > This results in binaries that are a little smaller. I built the code > with 'no-static-engine' and used the 'install' option. Then I zipped > up the directory structure created by the makefile in c:\openssl. The > engine dll's can be found in the c:\openssl\lib\engines directory. > > Openssl-0.9.8b-no-static-engine-Win32.zip > > Try this build and let me know if it suits your needs. If it does I > will continue the build the updates in this form in addition to the > regular package, which is created to support Apache 1.3.x. Apache > 2.x.x are packaged with OpenSSL included. > > If you prefer you can build your own using these options, but let me > know so that I know if should continue to provide this form of package. > > Chris Lewis > __ > OpenSSL Project http://www.openssl.org > User Support Mailing Listopenssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] > __ > OpenSSL Project http://www.openssl.org > User Support Mailing Listopenssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] > __ > OpenSSL Project http://www.openssl.org > User Support Mailing Listopenssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] > Parind, I built 64 bit binaries. Openssl-0.9.8b-Win64-ia64.zip Openssl-0.9.8b-Win64-x64.zip at http://brandleadershipmarketing.com/apache I zipped up the entire build directory because I cannot test these. If they are ok I will figure out what parts to package. Your feed back would be appreciated. Chris. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager
Regarding the IV in symertric encryption.
Do the Initial Vectors on both sides have to be the same? If they have to be the same, we not only have to exchange the key, but also the IV, No? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: keyword QUIT
On Wed, May 10, 2006 at 12:59:09PM +0400, Stefan Walter wrote: > Dear OpenSSL Users, > > how can i deactivate in OpenSSL to handle the keyword "quit"? > > i dont want to stop my server connection if a client send the string "quit". > > if i receive quit then the server give an output "recv: Success"and exit the > application. s_client(1) is a demo application useful primarily for debugging. It is not intended for production use. Perhaps you are looking for "stunnel". -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Regarding the IV in symertric encryption.
Wai Wu wrote: Do the Initial Vectors on both sides have to be the same? If they have to be the same, we not only have to exchange the key, but also the IV, No? Symmetric block cipher traffic contains the IV at the beginning of the ciphertext. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: keyword QUIT
On Wed, May 10, 2006 at 12:59:09PM +0400, Stefan Walter wrote: Dear OpenSSL Users, how can i deactivate in OpenSSL to handle the keyword "quit"? i dont want to stop my server connection if a client send the string "quit". if i receive quit then the server give an output "recv: Success"and exit the application. s_client(1) is a demo application useful primarily for debugging. It is not intended for production use. Perhaps you are looking for "stunnel". i dont use s_client(1). i wrote my own server, but if i send to this server QUIT then the server exit by themself. -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: keyword QUIT
On Wed, May 10, 2006 at 06:23:34PM +0400, Stefan Walter wrote: > >On Wed, May 10, 2006 at 12:59:09PM +0400, Stefan Walter wrote: > > > >>Dear OpenSSL Users, > >> > >>how can i deactivate in OpenSSL to handle the keyword "quit"? > >> > >>i dont want to stop my server connection if a client send the string > >>"quit". > >> > >>if i receive quit then the server give an output "recv: Success"and exit > >>the application. > > > >s_client(1) is a demo application useful primarily for debugging. It is > >not intended for production use. Perhaps you are looking for "stunnel". > > I dont use s_client(1). I wrote my own server, but if I send to this server > QUIT then the server exits by itself. There is no QUIT keyword in the OpenSSL protocol. -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
ssl3-md5 error
I'm trying to use TLS smtp options in muttng which uses libesmtp. In libesmtp there is a line: ctx = SSL_CTX_new (TLSv1_client_method ()); The return value is null as a result of this code in SSL_CTX_new if ((ret->md5=EVP_get_digestbyname("ssl3-md5")) == NULL) { SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES); goto err2; } What I'm trying to figure out is why this is EVP_get_digestbyname is returning NULL so I can track down if this is really a bug somewhere and where to report it. -- GaveUp [EMAIL PROTECTED] Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x959E3833 Fingerprint: 9EA4 0D98 5371 2C0B A0D6 B850 F2F4 9AB6 959E 3833 pgp9q387XiiQ4.pgp Description: PGP signature
Re: Regarding the IV in symertric encryption.
Hello, > Wai Wu wrote: > > > > Do the Initial Vectors on both sides have to be the same? If they have > > to be the same, we not only have to exchange the key, but also the IV, > > No? > > Symmetric block cipher traffic contains the IV at the beginning of the > ciphertext. IV must be known and the same on both sides. In SSL3 they are part of key_material generated by special procedure based on client_random, server_random and some other strange things :-) (In TLS1 instead of "special procedure" pseudo random function (PRF) is used). For other purposes IV (and key) may be generated with Password Based Key Derivation Functions (PKCS#5) and than only parameters of this functions must be known on both sides. Best regards, -- Marek Marcola <[EMAIL PROTECTED]> __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Regarding the IV in symertric encryption.
The IV is used only for decrypting the first block since after that the first block serves as the IV for the second block and so on. To answer ur question, the IV has to be known at both sides along with the key. regards, Girish --- Wai Wu <[EMAIL PROTECTED]> wrote: > > Do the Initial Vectors on both sides have to be the > same? If they have > to be the same, we not only have to exchange the > key, but also the IV, > No? > __ > OpenSSL Project > http://www.openssl.org > User Support Mailing List > openssl-users@openssl.org > Automated List Manager > [EMAIL PROTECTED] > __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Regarding the IV in symertric encryption.
Girish Venkatachalam wrote: The IV is used only for decrypting the first block since after that the first block serves as the IV for the second block and so on. To answer ur question, the IV has to be known at both sides along with the key. There is no sound cryptological argument for not conveying the IV as the first block of ciphertext. It should be a random nonce, and should never be repeated. This argues against using a shared value known in advance. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Kx=RSA vs Kx=RSA(1024)
Hello, Could someone please explain what the Kx=RSA denotes (By this I mean the RSA by itself)? It seems straight forward what Kx=RSA(512) and Kx=RSA(1024) mean but I don't understand what RSA without a bit specification would represent, and how it differs. Thanks for your time andy smime.p7s Description: S/MIME Cryptographic Signature
Re: Kx=RSA vs Kx=RSA(1024)
On Wed, May 10, 2006 at 05:10:18PM +0100, Andy Bontoft wrote: > Hello, > Could someone please explain what the Kx=RSA denotes (By this I mean the > RSA by itself)? > It seems straight forward what Kx=RSA(512) and Kx=RSA(1024) mean but I > don't understand what RSA without a bit specification would represent, > and how it differs. A quick grep of "openssl ciphers -v", shows that all the RSA(NNN) ciphers are "export" ciphers: EXP1024-DES-CBC-SHA SSLv3 Kx=RSA(1024) Au=RSA Enc=DES(56) Mac=SHA1 export EXP1024-RC2-CBC-MD5 SSLv3 Kx=RSA(1024) Au=RSA Enc=RC2(56) Mac=MD5 export EXP1024-RC4-SHA SSLv3 Kx=RSA(1024) Au=RSA Enc=RC4(56) Mac=SHA1 export EXP1024-RC4-MD5 SSLv3 Kx=RSA(1024) Au=RSA Enc=RC4(56) Mac=MD5 export EXP-DES-CBC-SHA SSLv3 Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export EXP-RC2-CBC-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export EXP-RC2-CBC-MD5 SSLv2 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export EXP-RC4-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export EXP-RC4-MD5 SSLv2 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 DES-CBC3-SHASSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1 DES-CBC3-MD5SSLv2 Kx=RSA Au=RSA Enc=3DES(168) Mac=MD5 AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1 RC2-CBC-MD5 SSLv2 Kx=RSA Au=RSA Enc=RC2(128) Mac=MD5 RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1 RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 RC4-MD5 SSLv2 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 RC4-64-MD5 SSLv2 Kx=RSA Au=RSA Enc=RC4(64) Mac=MD5 DES-CBC-SHA SSLv3 Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1 DES-CBC-MD5 SSLv2 Kx=RSA Au=RSA Enc=DES(56) Mac=MD5 -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Kx=RSA vs Kx=RSA(1024)
Hello Victor, Yes agreed, but I didn't think that the 'export' masking of the encryption algorithms key bits had anything to do with the key exchange algorithms. Was this view in error? If so, do you have an idea what key size the 'normal' key exchange RSA is using? andy Victor Duchovni wrote: On Wed, May 10, 2006 at 05:10:18PM +0100, Andy Bontoft wrote: Hello, Could someone please explain what the Kx=RSA denotes (By this I mean the RSA by itself)? It seems straight forward what Kx=RSA(512) and Kx=RSA(1024) mean but I don't understand what RSA without a bit specification would represent, and how it differs. A quick grep of "openssl ciphers -v", shows that all the RSA(NNN) ciphers are "export" ciphers: EXP1024-DES-CBC-SHA SSLv3 Kx=RSA(1024) Au=RSA Enc=DES(56) Mac=SHA1 export EXP1024-RC2-CBC-MD5 SSLv3 Kx=RSA(1024) Au=RSA Enc=RC2(56) Mac=MD5 export EXP1024-RC4-SHA SSLv3 Kx=RSA(1024) Au=RSA Enc=RC4(56) Mac=SHA1 export EXP1024-RC4-MD5 SSLv3 Kx=RSA(1024) Au=RSA Enc=RC4(56) Mac=MD5 export EXP-DES-CBC-SHA SSLv3 Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export EXP-RC2-CBC-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export EXP-RC2-CBC-MD5 SSLv2 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export EXP-RC4-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export EXP-RC4-MD5 SSLv2 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 DES-CBC3-SHASSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1 DES-CBC3-MD5SSLv2 Kx=RSA Au=RSA Enc=3DES(168) Mac=MD5 AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1 RC2-CBC-MD5 SSLv2 Kx=RSA Au=RSA Enc=RC2(128) Mac=MD5 RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1 RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 RC4-MD5 SSLv2 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 RC4-64-MD5 SSLv2 Kx=RSA Au=RSA Enc=RC4(64) Mac=MD5 DES-CBC-SHA SSLv3 Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1 DES-CBC-MD5 SSLv2 Kx=RSA Au=RSA Enc=DES(56) Mac=MD5 smime.p7s Description: S/MIME Cryptographic Signature
Re: Kx=RSA vs Kx=RSA(1024)
On Wed, May 10, 2006, Andy Bontoft wrote: > Hello Victor, > Yes agreed, but I didn't think that the 'export' masking of the > encryption algorithms key bits had anything to do with the key exchange > algorithms. Was this view in error? If so, do you have an idea what key > size the 'normal' key exchange RSA is using? > andy > It is from the old export restrictions. An RSA Kx with a bit restriction is the maximum size of RSA key that can be used for key exchange in that cipher suite. If the server certificate key size doesn't exceed the limit then it is used. If the server key size exceeds the key exchange limit then a temporary key of the appopriate size if used which is signed by the certified key. If no restriction is present on the Kx then the servers certified key is always used. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Kx=RSA vs Kx=RSA(1024)
Thanks very much, now I understand :) Dr. Stephen Henson wrote: On Wed, May 10, 2006, Andy Bontoft wrote: Hello Victor, Yes agreed, but I didn't think that the 'export' masking of the encryption algorithms key bits had anything to do with the key exchange algorithms. Was this view in error? If so, do you have an idea what key size the 'normal' key exchange RSA is using? andy It is from the old export restrictions. An RSA Kx with a bit restriction is the maximum size of RSA key that can be used for key exchange in that cipher suite. If the server certificate key size doesn't exceed the limit then it is used. If the server key size exceeds the key exchange limit then a temporary key of the appopriate size if used which is signed by the certified key. If no restriction is present on the Kx then the servers certified key is always used. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] smime.p7s Description: S/MIME Cryptographic Signature
Re: Kx=RSA vs Kx=RSA(1024)
On Wed, May 10, 2006 at 06:49:27PM +0200, Dr. Stephen Henson wrote: > If the server key size exceeds the key exchange limit then a temporary > key of the appopriate size if used which is signed by the certified > key. If no restriction is present on the Kx then the servers certified > key is always used. For a client that wants a secure channel with a given server, what is the best way to enforce a lower bound on the RSA key size of the server certificate? I know that the CA root certificates have what we (at least for now) believe to be adequate key sizes, but do I need to add code to check the server key size in the verification callback, or do the HIGH and MEDIUM ciphers include sensible RSA key size lower bounds? In the future non-RSA server credentials may become more ubiquitous. Right now client verification callbacks tend to only look only for X.509 credentials, are there any good examples of code that uses OpenSSL to handle non X.509 RSA authentication mechanisms (Kerberos, ...)? -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
ECC in Openssl!
Hi,I am trying to generate a 163 bit key in openssl using ECC but was not been able to do so. I am using openssl-0.9.8a version can anyone show me a example how to do that?Thanks a Ton!-- Regards,Puneet BaturaOpen Source Developer
openssl prime test
Hi! Which algorithm is use for test a generated possible prime random number? (openssl rsa) (Atkin-Morain ; Miller-Rabin ...etc) King regards, mark __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Win32 OpenSSL enhancements...
As of today, Win32 OpenSSL now supports Visual C++ more fully by including .lib files for the following compilation types: /MT /MTd /MD /MDd Both static and dynamic lib files of the default build of OpenSSL are included. This should eliminate the major difficulties people have with integrating OpenSSL with existing projects. On the downside, the download for Win32 OpenSSL is now 6MB. http://www.slproweb.com/products/Win32OpenSSL.html Win32 OpenSSL is a courtesy service to the OpenSSL community. Please support it with donations. -- Thomas Hruska Shining Light Productions Home of BMP2AVI, Nuclear Vision, ProtoNova, and Win32 OpenSSL. http://www.slproweb.com/ Ask me about discounts on any Shining Light Productions product! __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: openssl prime test
Hello, > Which algorithm is use for test a generated possible prime random > number? (openssl rsa) (Atkin-Morain ; Miller-Rabin ...etc) Miller-Rabin. Best regards, -- Marek Marcola <[EMAIL PROTECTED]> __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
OpenSSL-fips-1.0 portability question
Hi, Just a quick question with regarding to the OpenSSL-fips-1.0 version: I know in order to use fips validated module, an application has to link with fipscanister.o. But looking at fips_canister.c, I saw a bunch of assembly codes, my question is how portable is this code? If I'm using a non-mainstream processor (e.g. a proprietary embedded system), how hard/easy would it be to port fips_canister.c? Thanks, Joe G. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
ssl programming reference
Hi, I'am a newbie programmer. I want to learn how to build an application that communicate over SSL. Can anyone show me where to find the references? Thank you. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: openssl prime test
On Wed, May 10, 2006, Nagy Zoltn Mrk wrote: > Hi! > > Which algorithm is use for test a generated possible prime random > number? (openssl rsa) (Atkin-Morain ; Miller-Rabin ...etc) > Miller-Rabin after candidates pass a sieve test. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: OpenSSL-fips-1.0 portability question
On Wed, May 10, 2006, Joe wrote: > Hi, > > Just a quick question with regarding to the OpenSSL-fips-1.0 version: > > I know in order to use fips validated module, an application has to > link with fipscanister.o. But looking at fips_canister.c, I saw a > bunch of assembly codes, my question is how portable is this code? > If I'm using a non-mainstream processor (e.g. a proprietary embedded > system), how hard/easy would it be to port fips_canister.c? > The security policy document and the user guide will contain some info about how this works. However note that to be covered by this validation you cannot change anything in the OpenSSL-fips-1.0 version in any way nor can the build process be changed at all. The file fips_canister.c has a hash published in the security policy so you can't change that either. That effectively means that compilation has to be done natively and cross compilation isn't covered. If you are interested in a specific embedded system being covered in a follow up certification then you should contact OSSI. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: keyword QUIT
> i dont use s_client(1). i wrote my own server, but if i send to > this server > QUIT then the server exit by themself. I'm not sure how we can find a problem in code that you wrote yourself and don't tell us very much about. How exactly are you sending QUIT to the server? DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: ssl programming reference
The best documentation is in the s_client and s_server source code. -Kyle H On 5/10/06, Brad Brock <[EMAIL PROTECTED]> wrote: Hi, I'am a newbie programmer. I want to learn how to build an application that communicate over SSL. Can anyone show me where to find the references? Thank you. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: ssl programming reference
Brad Brock wrote: > Hi, I'am a newbie programmer. I want to learn how to > build an application that communicate over SSL. Can > anyone show me where to find the references? Thank you. Network Security with OpenSSL by John Viega, Matt Messier and Pravir Chandra, ISBN 059600270X -- Heikki Toivonen signature.asc Description: OpenPGP digital signature
Generating certificate
Hi,I am generating a self signed certificate for my application using rsa but i want to generate the certificate using ecc. This is what i am doing: openssl genrsa -out MilitaryGpsKey.pem 2048 openssl req -new -x509 -key MilitaryGpsKey.pem -out MilitaryGpsCert.pem -days 365now converting the format so tomcat use it: openssl pkcs12 -export -in MilitaryGpsCert.pem -inkey MilitaryGpsKey.pem -out MilitaryGpsCert.p12 -name tomcat i am using openssl-0.9.8a version. Please tell me how to generate a ecc keyThanks-- Regards,Puneet BaturaOpen Source Developer
Re: keyword QUIT
i dont use s_client(1). i wrote my own server, but if i send to this server QUIT then the server exit by themself. I'm not sure how we can find a problem in code that you wrote yourself and don't tell us very much about. How exactly are you sending QUIT to the server? I am sending ist by using a java client... connection.write("QUIT\n"); then automaticaly the server close the connection and exit himself. i didnt implement this... DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: ECC in Openssl!
puneet batura wrote: Hi, I am trying to generate a 163 bit key in openssl using ECC but was not been able to do so. I am using openssl-0.9.8a version can anyone show me a example how to do that? for example "openssl ecparam -name sect163k1 -out eckey.pem -genkey -noout" should work ... Cheers, Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]