Re: About ECC patent and OpenSSL ECC code
Hi there, On Thu, 10 Jan 2008, Rodney Thayer wrote: As far as I'm concerned... Your analysis was very helpful. Thanks very much. -- 73, Ged. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: How to dump SSL Handshake messages?
Hi there, On Fri, 11 Jan 2008, Vicky Ven wrote: I need to the capture the SSL handshake messages between my client application and server. How do we dump detailed SSL Handshake messages? Does OpenSSL offer some means? Depends on your platform. Try tcpdump if you have something that offers it - almost all Unix-like systems do. Wireshark is very much better but takes a little effort to install if you don't already have it. -- 73, Ged. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
How to dump SSL Handshake messages?
Hi, I need to the capture the SSL handshake messages between my client application and server. How do we dump detailed SSL Handshake messages? Does OpenSSL offer some means? Thanks, Vicky
Re: ECC Usage - using OpenSSL as the server and/or client
Hello, Does 'openssl s_server' support this? Are there public ECC TLS implementations this is known to interoperate with? You may look at Firefox source (NSS library). In Firefox (2.0) you may view/control ssl ciphersuites entering about:config url and next ssl as a filter word. Next you may view/control supported ciphersuites including ECC. Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Howto SSL_read
Hi all, I have DTLS server/client model. My server is blocked in SSL_read.If server received the packet from DTLS client how can I get the Client IP infomation from SSL_read function.How to get the senders information from SSL_read. thanks in advance. Regards Prasanna.P.M. Larsen Toubro Infotech Ltd. www.Lntinfotech.com This Document is classified as: LT Infotech Proprietary LT Infotech Confidential LT Infotech Internal Use Only LT Infotech General Business This Email may contain confidential or privileged information for the intended recipient (s) If you are not the intended recipient, please do not use or disseminate the information, notify the sender and delete it from your system. __
Re: How to dump SSL Handshake messages?
Hi, I have used ssldump tool. However I need to implement the logging capability in my application. For example, if the application recieves a particular Alert message , the application should dump all the messages that were exchanged for that particular handshake. Thanks, Vicky On 1/11/08, Vicky Ven [EMAIL PROTECTED] wrote: Hi, I need to the capture the SSL handshake messages between my client application and server. How do we dump detailed SSL Handshake messages? Does OpenSSL offer some means? Thanks, Vicky
AppName: perl.exe AppVer: 5.6.1.631 ModName: ssleay32.dll ModVer: 0.9.8.4 Offset: 00017e3c
Hi, I read on the site http://fixunix.com/openssl/157270-exception-ssleay32-dll.html there is some one with the problem that i have. windowsXp sp2 with all hotfixes and updates perl 5.6 openSSL package Crypt-SSLeay-0.53.tar.gz when i start a test from the command line, i get a error Is there a solutions for? have can i fix this? kind regards Peterinline: C2658118.gif
DTLS1 - how to use?
It's planned to possibly use OpenSSL's DTLS1 to secure connections in the DarkPlaces quake engine (possible purposes include nick name certificates to protect against imposters, protection against packet injection and a mutual player/clan trust system, server console access authentication). I understand that OpenSSL may be a bit oversized for that purpose (e.g. it isn't THAT bad if the underlying cryptography gets broken), but it's something that is already there and should spare us from reinventing the wheel. So I first tried to get DTLS1 running with s_client and s_server, but ran into the following problem: $ openssl s_server -cert foo.pem -dtls1 Enter pass phrase for foo.pem: Using default temp DH parameters Using default temp ECDH parameters ACCEPT ERROR 7978:error:1410242E:SSL routines:DTLS1_READ_BYTES:tlsv1 alert protocol version:d1_pkt.c:951:SSL alert number 70 shutting down SSL CONNECTION CLOSED ACCEPT $ openssl s_client -dtls1 CONNECTED(0003) 8031:error:140FE10B:SSL routines:DTLS1_GET_RECORD:wrong version number:d1_pkt.c:540: 8031:error:1410C0E5:SSL routines:DTLS1_WRITE_APP_DATA_BYTES:ssl handshake failure:d1_pkt.c:1148: What does this mean, what am I doing wrong, and how to fix this? I'm using OpenSSL 0.9.8e 23 Feb 2007 (Ubuntu). Or is this a bug that has already been fixed? If that's the case, is it a bug in s_client/s_server or in OpenSSL's internals? If it's a bug in the SSL library, we probably can't use this feature till major Linux distros carry a fixed version of OpenSSL, but if it's an issue in s_client or s_server, DarkPlaces could be programmed to be not affected by it. Also, is it possible to offload the SSL handshake overhead to another thread? I got the following timings using time openssl s_server and accepting 1000 SSLv3 connections (rows are server key length, columns are client key length) on my Athlon 64 3700+: 1024 2048 4096 client certificate key length 1024 2.6ms 2.5ms 2.8ms 2048 5.9ms 6.5ms 6.4ms 4096 29.2ms 29.7ms 29.7ms As it seems, only the length of the key in the SERVER certificate really matters. However, for my purposes it isn't required that the server authenticates to the client... so is it possible to run a server without any server certificate (just CAs) to speed this up (openssl s_server does not allow such operation), just like in regular HTTP SSL connections, the client has no certificate? Even if not - would there be any serious security impact from using a dummy 1024bit RSA certificate on the server and 4096bit RSA certificates on the client (that is, would this make it possible to break the client authentication easier)? I also got no significance of the CA key length on the CPU time needed on server side for the SSL handshake (actually, these tests were done with a 4096bit CA already). Best regards Rudolf Polzer __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: How to use ECDH_compute_key
To summarize ECDH_compute_key, you provide a pointer to one party's EC public Key, a pointer to another party's EC private key, and a pointer to a hashing routine and the function will compute a shared secret value. However, there is much more to key exchange than merely understanding how to use this function. It is more important to know how to use it correctly. I suggest that you read and understand the concepts of key exchange relating to ECC and ECDH in NIST Special Pub 800-56A http://csrc.nist.gov/publications/nistpubs/800-56A/SP800-56A_Revision1_M ar08-2007.pdf Determine whether your application requires the use of ephemeral keys and whether your key exchange needs to be one way or two way. Then start looking into the mechanics of the actual API calls you will need to use. Also keep in mind that good security design necessitates that you use symmetric, asymmetric and hashing algorithms of equivalent strength. Bill -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sateesh Babu Sent: January 11, 2008 7:03 AM To: openssl-users@openssl.org Subject: How to use ECDH_compute_key Hi, There is not enough documentation on the usage of ECDH_compute_key. Can anyone please help me in understanding its usage? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: About ECC patent and OpenSSL ECC code
Prakash Kamath wrote: My opinion: 2 times 2 = 4 no matter what approach you take, and so no one can sue you to doing that Math. However, if someone comes up with a math logic (software, hardware, combo, whatever) that does the same operation in a superior way, then that is patentable. I personally have been in the room when they've been threatening and they try to make it seem that if you THINK about ECC you're a bad implementor ;-) So it's been a thought-suppressing exercise. Note it took the Europeans to have the nerve to put this into OpenSSL to begin with. Nobody in North America would dare. Fortunately, the Internet actually has a bad memory so we're yet again reproducing this conversation. It's clearly better now. Any decade now this may become popular. Hopefully before someone breaks RSA. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: About ECC patent and OpenSSL ECC code
Larry Bugbee wrote: I'm seeing vendors beginning to support ECC, and a couple of CAs discussing and preparing their CPs. who? got names you can mention in public? Our challenge as developers is to understand and be ready. My point is that we've been in get ready for ECC mode since at least 1999. This has all been discussed before many times. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: How to dump SSL Handshake messages?
Hello, I have used ssldump tool. However I need to implement the logging capability in my application. For example, if the application recieves a particular Alert message , the application should dump all the messages that were exchanged for that particular handshake. You may set message peek callback with SSL_set_msg_callback() function. Look at examples in apps/ directory. Best regards, -- Marek Marcola [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
How to use ECDH_compute_key
Hi, There is not enough documentation on the usage of ECDH_compute_key. Can anyone please help me in understanding its usage? Also, it would be great if someone could point me to the usage of the ECC API. I am basically interested in: - the shared key generation using the provided public key and private key, - the extraction of raw key (of the private and public key) from EC Key Thank you, Sateesh __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: DTLS1 - how to use?
The OpenSSL DTLS implementation was significantly improved for 0.9.8f; it had some serious bugs in 0.9.8e (including a security advisory). You are recommended to use at least 0.9.8f for DTLS. See the 12-Oct-2007 Security Advisory note at http://openssl.org/ and the 0.9.8f and g release notes. As far as handshaking in a separate thread, OpenSSL does support the non-blocking I/O model which will allow you to do this. This is non-trivial to get working; I'd recommend starting with example code such as what's in the O'Reilly Network Security with OpenSSL book. - Ariel Rudolf Polzer wrote: It's planned to possibly use OpenSSL's DTLS1 to secure connections in the DarkPlaces quake engine (possible purposes include nick name certificates to protect against imposters, protection against packet injection and a mutual player/clan trust system, server console access authentication). I understand that OpenSSL may be a bit oversized for that purpose (e.g. it isn't THAT bad if the underlying cryptography gets broken), but it's something that is already there and should spare us from reinventing the wheel. So I first tried to get DTLS1 running with s_client and s_server, but ran into the following problem: $ openssl s_server -cert foo.pem -dtls1 Enter pass phrase for foo.pem: Using default temp DH parameters Using default temp ECDH parameters ACCEPT ERROR 7978:error:1410242E:SSL routines:DTLS1_READ_BYTES:tlsv1 alert protocol version:d1_pkt.c:951:SSL alert number 70 shutting down SSL CONNECTION CLOSED ACCEPT $ openssl s_client -dtls1 CONNECTED(0003) 8031:error:140FE10B:SSL routines:DTLS1_GET_RECORD:wrong version number:d1_pkt.c:540: 8031:error:1410C0E5:SSL routines:DTLS1_WRITE_APP_DATA_BYTES:ssl handshake failure:d1_pkt.c:1148: What does this mean, what am I doing wrong, and how to fix this? I'm using OpenSSL 0.9.8e 23 Feb 2007 (Ubuntu). Or is this a bug that has already been fixed? If that's the case, is it a bug in s_client/s_server or in OpenSSL's internals? If it's a bug in the SSL library, we probably can't use this feature till major Linux distros carry a fixed version of OpenSSL, but if it's an issue in s_client or s_server, DarkPlaces could be programmed to be not affected by it. Also, is it possible to offload the SSL handshake overhead to another thread? I got the following timings using time openssl s_server and accepting 1000 SSLv3 connections (rows are server key length, columns are client key length) on my Athlon 64 3700+: 1024 2048 4096 client certificate key length 1024 2.6ms 2.5ms 2.8ms 2048 5.9ms 6.5ms 6.4ms 4096 29.2ms 29.7ms 29.7ms As it seems, only the length of the key in the SERVER certificate really matters. However, for my purposes it isn't required that the server authenticates to the client... so is it possible to run a server without any server certificate (just CAs) to speed this up (openssl s_server does not allow such operation), just like in regular HTTP SSL connections, the client has no certificate? Even if not - would there be any serious security impact from using a dummy 1024bit RSA certificate on the server and 4096bit RSA certificates on the client (that is, would this make it possible to break the client authentication easier)? I also got no significance of the CA key length on the CPU time needed on server side for the SSL handshake (actually, these tests were done with a 4096bit CA already). Best regards Rudolf Polzer __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] -- - Ariel Salomon / Senior Software Engineer Real-Time Innovations (RTI) / www.rti.com 408 990-7439 / [EMAIL PROTECTED] RTI - The Real-Time Middleware Experts __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: ECC Usage - using OpenSSL as the server and/or client
[EMAIL PROTECTED] wrote: Hello, Does 'openssl s_server' support this? Are there public ECC TLS implementations this is known to interoperate with? You may look at Firefox source (NSS library). In Firefox (2.0) you may view/control ssl ciphersuites entering about:config url and next ssl as a filter word. Next you may view/control supported ciphersuites including ECC. That's great. I wonder what they tested it with. Probably the OpenSSL s_server tool ;-) I wonder if apache-ssl supports ECC... __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: ECC Usage - using OpenSSL as the server and/or client
Victor Duchovni wrote: OpenSSL s_server is a test tool, not an application. openssl the program, as built in the 'apps' directory of the openssl source tree, is a test tool APPLICATION that has been used for almost a decade to debug and interop test other (mostly commercial) TLS implementations. In 0.9.9 snapshot builds, s_server support ECDSA, just point your cert and key files at an ECDSA cert and private key. I have not checked whether it has a command-line option to select an EECDH curve, but this is not important. It's critical. If you can't test it it doesn't exist. You have to test it before a development team can soundly claim they test any pair of interoperating implementations. I only use OpenSSL, I have working code, slated for Postfix 2.6 in Q1 '09, that allows the SMTP server administrator enable EECDH and allows clients and servers to configure of a third cert/key pair (presumably ECDSA). With this, Postfix 2.6 will be able to do EECDH key exchange and ECDSA authentication. cool. what does it talk to? if it only talks to postfix, I would call that a terribly good first step and a wonderful basis for someone to explore ECC/TLS interoperability with Sendmail and Exchange. It may be some time before the first public CA signs an ECDSA cert (especially with an ECDSA CA cert). agreed. the vendors don't seem to care. However, with private-label CAs, or bilateral key exchange, the EC support in OpenSSL works now when both the server and client run OpenSSL. TLS support in email systems with no public certificate system to support it will be at least as sketchy as the current sorry state of affairs where nobody cares about the signature on their RSA certs :-( Hopefully the CA engine vendors (that'd be Oracle, Entrust, Microsoft, and others...) will wake up and figure this out. I don't have access to other implementations for interop testing. that's ok. someday someone like me will do a product review of someone's ECC/TLS/SMTP product and make sure it gets tested... if we're all really lucky some commercial enterprise will make sure it gets tested and the feedback is properly available in the open source community. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: ECC Usage - using OpenSSL as the server and/or client
On Fri, Jan 11, 2008, Victor Duchovni wrote:
On Fri, Jan 11, 2008 at 07:28:00PM +0100, Dr. Stephen Henson wrote:
On Fri, Jan 11, 2008, Rodney Thayer wrote:
I wonder if apache-ssl supports ECC...
Apache currently has algorithm specific code for keys and certificates with
only RSA and DSA included as standard. That means each new public key
algorithm needs to be added as a special case.
Is this a historical accident or deliberate choice? The easy way to
install certs with recent OpenSSL releases is not algorithm dependent...
/* Import cert */
if (SSL_CTX_use_certificate_chain_file(ctx, cert_file) = 0) {
tls_print_errors();
return (0);
}
/* Import key */
if (SSL_CTX_use_PrivateKey_file(ctx, key_file, SSL_FILETYPE_PEM) = 0) {
tls_print_errors();
return (0);
}
/* Check that key matches cert */
if (!SSL_CTX_check_private_key(ctx))
return (0);
return (1);
Just call this N times (with 0.9.9 N = 3) for N matching cert/key pairs
for a supported algorithm. Is Apache using an older API? Are they getting
some benefit from using lower-level algorithm-specific code?
It is using an older API in a number of places. The initial benefit was to
perform serialisation of keys but there have been portable ways to do that
without serialisation for some time.
Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Homepage: http://www.drh-consultancy.demon.co.uk
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Re: ECC Usage - using OpenSSL as the server and/or client
On Fri, Jan 11, 2008, Rodney Thayer wrote: I wonder if apache-ssl supports ECC... Apache currently has algorithm specific code for keys and certificates with only RSA and DSA included as standard. That means each new public key algorithm needs to be added as a special case. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: About ECC patent and OpenSSL ECC code
Hi Bob, I have received so many mails from open-ssl users about this issue. Really thanks for the information. After going through the mails and some documentation about the Certicom patents, I understand that Certicom has more patents in efficient implemenation of ECC and not in a way how we implement ECC normally. I need to find out if OpenSSL has any of those efficient implementiaons and did voilate any patents. If you know any information on this can you share it? Thanks. Also I have went through a Certicom document saying that certicom has patents in ECDSA usage in IKEv1/IKEv2. http://www.ietf.org/ietf/IPR/certicom-ipr-rfc-3446.pdf From this document I understand, that whoever wants use to IKEv1/IKEv2 with ECDSA has to get patent license. I hope you (Cisco) might have face same problem. Could you share any of your experience on this? Thanks a lot, Anil Bob Bell (rtbell) [EMAIL PROTECTED] wrote: Anil - There are a lot of legal issues surrounding the use of Certicom patented ECC code. One of the things that happened a couple of IETF meetings ago was that Certicom signed a letter allowing the use of some of their patents for things like TLS. However, there are a number of legal requirements attached, including the listing/displaying of the Certicom patents on splash screens or on the hardware device depending on the type of implementation. I would strongly urge you to have a lawyer research these licensing agreements and then research (with you) what additional patents might be involved (for instance Certicom has a patent on having an ECC public key in an X.509 cert signed using RSA) in your product. While ECC is a marvelous technology, there is a large minefield that still needs to be mapped. Bob Bell - From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Anilkumar Bollineni Sent: Thursday, 10 January, 2008 12:12 To: openssl-users@openssl.org Subject: About ECC patent and OpenSSL ECC code Hi there, I have a question on OpenSSL ECC (Elliptic Curve Cryptography) code. I saw that Sun systems has donated the the ECCcode to OpenSSL. Also I saw that Certicom has held 130 patents in ECC area and finally NSA has licensed that code. Suppose if I download the code from the OpenSSL and try to develop a product using the OpenSSL ECC code, does it violate any patent issue with certicom? Can anybody share any experience or information about this? Thanks for support. -Anil - Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. - Never miss a thing. Make Yahoo your homepage.
Create a p12 file with a Verisign Certificate and an Verisign Intermediate Certificate
I'm getting an error attempting to create a p12 file using OpenSSL. I can't seem to find anything that will lead me to a resolution. The error I'm getting is: unable to get local issuer certificate getting chain My setup is on a Windows server using Tomcat, with Apache. Apache listening on 80, and redirects to 8080 where the application lives. What I did [hope this is not too detailed]: - 2 years ago we purchased and downloaded an SSL cert from Verisign and named it server.crt, - Downloaded the Intermediate cert (chain). - Created an additional single file with the Intermediate cert, then the SSL cert below that text (concatenated the files with the intermediate on top), saved it as separate file called cachain.crt. - Ran the command: openssl pkcs12 -export -in server.crt -inkey server.key -out server.p12 -name tomcat -Cafile cachain.crt -caname root -chain - This gave me the server.p12 file that is being used right now. This expires in 12 days :( Now: - I gave our midrange team (who have the account with Verisign) a copy of the server.key file from my web server (from last year), they created a cert.csr file, sent it to Verisign - Sent me back a zip file that contained a cert.arm file (not familiar with an ARM file, but the text within is the certificate) cert.csr, and the server.key file - I downloaded a new Intermediate CA (Managed PKI Standard SSL Intermediate CA.txt) and created a file called cachain.crt (concatenated the files with the intermediate on top and the certificate below). Issue: - I've been attempting to create a server.p12 file using my notes from last year. Installed OpenSSL under c:\openssl -Copied all of the files to c:\openssl\bin Issue the command: C:\OpenSSL\binopenssl pkcs12 -export -in cert.crt -inkey server.key -o ut server.p12 -name tomcat -CAfile cachain2.crt -caname root -chain Loading 'screen' into random state - done Error unable to get local issuer certificate getting chain. Viewed all of the files using Textpad to ensure Notepad didn't add any funky characters, and also reproduced the same error on my second PC. A tip from another mail archive let me to run the following, and I'm not sure if the problem is here? Current arm file, and intermediate chain: openssl x509 -in cert.arm -issuer -noout issuer= /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at http s://www.verisign.com/rpa (c)05/CN=VeriSign Class 3 Secure Server CA openssl x509 -in chain.crt -issuer -noout issuer= /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority Here's what it shows on the production files that are working fine (but due to expire soon). Old crt file and chain (that is in production now) C:\OpenSSL\GnuWin32\binopenssl x509 -in chain_old.crt -issuer -noout issuer= /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority openssl x509 -in cert_old.crt -issuer -noout issuer= /O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign International Se rver CA - Class 3/OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 Ver iSign There is also the possibility that there is something wrong with the cert, but I just don't know. My midrange friends are on vacation for a while, so I'm on my own. Please help if you can. Thank you. *** Confidentiality Notice *** This email, its electronic document attachments, and the contents of its website linkages may contain confidential health information. This information is intended solely for use by the individual or entity to whom it is addressed. If you have received this information in error, please notify the sender immediately and arrange for the prompt destruction of the material and any accompanying attachments.
Re: ECC Usage - using OpenSSL as the server and/or client
On Fri, Jan 11, 2008 at 08:41:23AM -0800, Rodney Thayer wrote: That's great. I wonder what they tested it with. Probably the OpenSSL s_server tool ;-) I wonder if apache-ssl supports ECC... If it uses OpenSSL, and is linked against 0.9.9 (i.e. not yet), then ECDSA support requires no new application code provided you are willing to *switch* from RSA to ECDSA. If the application already supports both RSA and DSA certs (2 certificate slots), then it can be switched from RSA+DSA to RSA+ECDSA or DSA+ECDSA again with no code changes, just point it at the right cert(s). What does require new code (the ~10 lines I posted) is enabling EECDH by selecting a suitable curve. So ECDSA without forward secrecy is already supported by existing OpenSSL apps once they re-compile/re-link against a library with ECDSA support. Enabling forward-secrecy (EECDH) requires code to select the appropriate curve. -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: ECC Usage - using OpenSSL as the server and/or client
Victor Duchovni wrote: On Thu, Jan 10, 2008 at 10:25:00PM -0500, Victor Duchovni wrote: Does 'openssl s_server' support this? Are there public ECC TLS implementations this is known to interoperate with? OpenSSL s_server is a test tool, not an application. In 0.9.9 snapshot builds, s_server support ECDSA, just point your cert and key files at an ECDSA cert and private key. I have not checked whether it has a command-line option to select an EECDH curve, but this is not important. The command-line option is -named_curve, and if no curve is specified prime256v1 is used by default unless the -no_ecdhe option is supplied (in which case any name curve is also ignored). So, for what its worth, s_server and s_client fully support EECDH and ECDSA. thank you! That's great. I wonder if the out-of-the-box OpenSSL has enough code turned on to test this without being hassled by a patent holder. This has happened before, you know. Apple shipped IDEA in their OpenSSL on OS-X up until around 10.2 (that's when people started reporting it as a bug and the finally pulled it.) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: ECC Usage - using OpenSSL as the server and/or client
On Fri, Jan 11, 2008 at 07:28:00PM +0100, Dr. Stephen Henson wrote:
On Fri, Jan 11, 2008, Rodney Thayer wrote:
I wonder if apache-ssl supports ECC...
Apache currently has algorithm specific code for keys and certificates with
only RSA and DSA included as standard. That means each new public key
algorithm needs to be added as a special case.
Is this a historical accident or deliberate choice? The easy way to
install certs with recent OpenSSL releases is not algorithm dependent...
/* Import cert */
if (SSL_CTX_use_certificate_chain_file(ctx, cert_file) = 0) {
tls_print_errors();
return (0);
}
/* Import key */
if (SSL_CTX_use_PrivateKey_file(ctx, key_file, SSL_FILETYPE_PEM) = 0) {
tls_print_errors();
return (0);
}
/* Check that key matches cert */
if (!SSL_CTX_check_private_key(ctx))
return (0);
return (1);
Just call this N times (with 0.9.9 N = 3) for N matching cert/key pairs
for a supported algorithm. Is Apache using an older API? Are they getting
some benefit from using lower-level algorithm-specific code?
--
Viktor.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Re: Create a p12 file with a Verisign Certificate and an Verisign Intermediate Certificate
On Fri, Jan 11, 2008, Meurer, Jerry L. (STL) wrote: I'm getting an error attempting to create a p12 file using OpenSSL. I can't seem to find anything that will lead me to a resolution. The error I'm getting is: unable to get local issuer certificate getting chain My setup is on a Windows server using Tomcat, with Apache. Apache listening on 80, and redirects to 8080 where the application lives. What I did [hope this is not too detailed]: - 2 years ago we purchased and downloaded an SSL cert from Verisign and named it server.crt, - Downloaded the Intermediate cert (chain). - Created an additional single file with the Intermediate cert, then the SSL cert below that text (concatenated the files with the intermediate on top), saved it as separate file called cachain.crt. - Ran the command: openssl pkcs12 -export -in server.crt -inkey server.key -out server.p12 -name tomcat -Cafile cachain.crt -caname root -chain - This gave me the server.p12 file that is being used right now. This expires in 12 days :( Now: - I gave our midrange team (who have the account with Verisign) a copy of the server.key file from my web server (from last year), they created a cert.csr file, sent it to Verisign - Sent me back a zip file that contained a cert.arm file (not familiar with an ARM file, but the text within is the certificate) cert.csr, and the server.key file - I downloaded a new Intermediate CA (Managed PKI Standard SSL Intermediate CA.txt) and created a file called cachain.crt (concatenated the files with the intermediate on top and the certificate below). Issue: - I've been attempting to create a server.p12 file using my notes from last year. Installed OpenSSL under c:\openssl -Copied all of the files to c:\openssl\bin Issue the command: C:\OpenSSL\binopenssl pkcs12 -export -in cert.crt -inkey server.key -o ut server.p12 -name tomcat -CAfile cachain2.crt -caname root -chain Loading 'screen' into random state - done Error unable to get local issuer certificate getting chain. Viewed all of the files using Textpad to ensure Notepad didn't add any funky characters, and also reproduced the same error on my second PC. A tip from another mail archive let me to run the following, and I'm not sure if the problem is here? Current arm file, and intermediate chain: openssl x509 -in cert.arm -issuer -noout issuer= /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at http s://www.verisign.com/rpa (c)05/CN=VeriSign Class 3 Secure Server CA openssl x509 -in chain.crt -issuer -noout issuer= /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority Here's what it shows on the production files that are working fine (but due to expire soon). Old crt file and chain (that is in production now) C:\OpenSSL\GnuWin32\binopenssl x509 -in chain_old.crt -issuer -noout issuer= /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority openssl x509 -in cert_old.crt -issuer -noout issuer= /O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign International Se rver CA - Class 3/OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 Ver iSign There is also the possibility that there is something wrong with the cert, but I just don't know. My midrange friends are on vacation for a while, so I'm on my own. Please help if you can. Thank you. I suspect there were two certificates in the chain before and now there are three or the previous intermediate file included all CA certificates and now only includes the intermediate and not the root. See how many certificate are in the two chain.crt files? Then do: openssl x509 -subject -issuer -in chain.crt on each. The solution I suspect is to append the root CA file to the chain.crt file. This is probably the file certs/vsign3.pem in the OpenSSL distribution. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: About ECC patent and OpenSSL ECC code
Anil - Unfortunately, I am not intimately familiar with what OpenSSL has implemented. I know that we (Cisco) has been trying to negotiate the minefield I talked about earlier for the better part of a year, but is still working through it. I do know that when I talked with Certicom at the last RSA conference about the NSA license, they told me that it only covered stuff actually sold to the Federal Government and that if I sold any equipment (I work in the IP Telephony group), outside of the Federal Space, I would have to get a separate license. They also said that if a customer wanted to put an ECC key into a x.509 cert that was signed by an RSA key (and there are very very few CAs available that will sign certs with an ECC key), that the customer would have to get a license for that operation. I felt at the time that this basically invalidated the gift that they had made to IETF, but that is not a Legal opinion. It is my own personal one. So, as a result, I have basically put any implementation of ECC-based TLS or IKE on hold pending a decision from Cisco corporate. That is why I recommended very strongly that you consult a lawyer. There is a lot of grey area here that might be fine or it might be a very slippery slope to a serious legal hassle. Bob _ From: Anilkumar Bollineni [mailto:[EMAIL PROTECTED] Sent: Friday, 11 January, 2008 13:03 To: openssl-users@openssl.org; Bob Bell (rtbell) Subject: RE: About ECC patent and OpenSSL ECC code Hi Bob, I have received so many mails from open-ssl users about this issue. Really thanks for the information. After going through the mails and some documentation about the Certicom patents, I understand that Certicom has more patents in efficient implemenation of ECC and not in a way how we implement ECC normally. I need to find out if OpenSSL has any of those efficient implementiaons and did voilate any patents. If you know any information on this can you share it? Thanks. Also I have went through a Certicom document saying that certicom has patents in ECDSA usage in IKEv1/IKEv2. http://www.ietf.org/ietf/IPR/certicom-ipr-rfc-3446.pdf From this document I understand, that whoever wants use to IKEv1/IKEv2 with ECDSA has to get patent license. I hope you (Cisco) might have face same problem. Could you share any of your experience on this? Thanks a lot, Anil Bob Bell (rtbell) [EMAIL PROTECTED] wrote: Anil - There are a lot of legal issues surrounding the use of Certicom patented ECC code. One of the things that happened a couple of IETF meetings ago was that Certicom signed a letter allowing the use of some of their patents for things like TLS. However, there are a number of legal requirements attached, including the listing/displaying of the Certicom patents on splash screens or on the hardware device depending on the type of implementation. I would strongly urge you to have a lawyer research these licensing agreements and then research (with you) what additional patents might be involved (for instance Certicom has a patent on having an ECC public key in an X.509 cert signed using RSA) in your product. While ECC is a marvelous technology, there is a large minefield that still needs to be mapped. Bob Bell _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Anilkumar Bollineni Sent: Thursday, 10 January, 2008 12:12 To: openssl-users@openssl.org Subject: About ECC patent and OpenSSL ECC code Hi there, I have a question on OpenSSL ECC (Elliptic Curve Cryptography) code. I saw that Sun systems has donated the the ECCcode to OpenSSL. Also I saw that Certicom has held 130 patents in ECC area and finally NSA has licensed that code. Suppose if I download the code from the OpenSSL and try to develop a product using the OpenSSL ECC code, does it violate any patent issue with certicom? Can anybody share any experience or information about this? Thanks for support. -Anil _ Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try http://us.rd.yahoo.com/evt=51733/*http://mobile.yahoo.com/;_ylt=Ahu06i62sR8 HDtDypao8Wcj9tAcJ it now. _ Never miss a thing. Make Yahoo http://us.rd.yahoo.com/evt=51438/*http://www.yahoo.com/r/hs your homepage. smime.p7s Description: S/MIME cryptographic signature
Change expiration date
Hi everyone, I am using file private key with expiration time within 365 days. Now, I want to use it more than 365 days. Can I do this in openssl? and how can I do? thanks a lot! - Never miss a thing. Make Yahoo your homepage.
Re: Change expiration date
On Fri, Jan 11, 2008 at 07:01:51PM -0800, Khanh Nguyen wrote: I am using file private key with expiration time within 365 days. You are not. Private keys don't have expiration dates. Public key certificates have expiration dates, set by the certificate issuer. Now, I want to use it more than 365 days. Can I do this in openssl? On the other hand if something has expired, it would a security problem if you could unilaterally extend the validity date, so the answer is no, you cannot, unless you are the certificate issuer. -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: Change expiration date
Hi, I am trying to generate the correct pem file from our certs, but I never get a correct file output. Can you give me very general Noob guides that will help? Or some tips in the email would be fine. Thanks Best Regards, Mike Garcia [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
CertNo X509TrustManager implementation available
I wrote code using openssl in my application, one side is client in Java , and one is server in C. When client connect to server, there is an error below: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No X509TrustManager implementation available I use client.p12 and truststore for client. What is this error? Please show me how to solve this problem. Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
