Re: ssl handshake with multiple tcp connect?
On 8/25/2011 6:04 AM, Arjan Filius wrote: Hello, today i ran into a situation, where i notice firefox/chrome and gnutls-cli use 3 tcp sessions to get a single ssl session, where openssl s_client takes only one. one tcp session is what i expect, and i hope someone may have an explanation. compared the gnutls-cli with openssl s_client as thay would do no http interpretation, and are easely reproduced by commandline: gnutls-cli --insecure -V -r www.xs4all.nl /dev/null uses 3 tcp sessions to complete openssl s_client -connect www.xs4all.nl:443 /dev/null uses 1 tcp session to complete Any idea how that may come? until now, i was under the impression a ssl session setup should only use 1 tcp session (apart from ocsp/crl checks) Why are you passing '-r' to gnutls-cli? You are asking it to try to resume the session on a new TCP connection. (I count two connections.) DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: ssl handshake with multiple tcp connect?
Hello David, thanks for your reply, and that's correct. that was it for gnutls-cli. after a confusing day, one of the original item triggered my firefox browser, i thought reproduced with gnutls-cli. In the end it was a simpel favicon issue, which kept connecting (no cache). regards, On Thu, 2011-08-25 at 23:00 -0700, David Schwartz wrote: On 8/25/2011 6:04 AM, Arjan Filius wrote: Hello, today i ran into a situation, where i notice firefox/chrome and gnutls-cli use 3 tcp sessions to get a single ssl session, where openssl s_client takes only one. one tcp session is what i expect, and i hope someone may have an explanation. compared the gnutls-cli with openssl s_client as thay would do no http interpretation, and are easely reproduced by commandline: gnutls-cli --insecure -V -r www.xs4all.nl /dev/null uses 3 tcp sessions to complete openssl s_client -connect www.xs4all.nl:443 /dev/null uses 1 tcp session to complete Any idea how that may come? until now, i was under the impression a ssl session setup should only use 1 tcp session (apart from ocsp/crl checks) Why are you passing '-r' to gnutls-cli? You are asking it to try to resume the session on a new TCP connection. (I count two connections.) DS
Re: My bank has an invalid cert
Hi, On 08/25/2011 11:15 PM, t...@terralogic.net wrote: I know the theory. I'm also a programmer. I just never bothered to install a root cert before. But I do know how to make them. I'll dig around in FireFox and see where it is and how its done. As for the bank. We build it and they break it. Not my fault. TDWaterhouse can be accessed via HTTPs (EV cert). Am I correct in surmising that your bank wants you to install a root cert of their own? From which URL does it ask you to do that? (If that's not what is happening, can you please send me the issuer, serial number and hash value of the cert that you need to validate?) Firefox root certificates are stored in a file certdata.txt in their hg (and EV OIDs are stored directly in the cpp code, I can lookup the hg URLs if you want). I'm not sure where FF puts additional certs, but it will be on the local file system. Likely in PEM or DER, though, so grep won't help. A Google lookup on the moz.dev.security.policy or moz.dev.security.crypto groups might yield the answers, the topic occurs there from time to time. Ralph __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: My bank has an invalid cert
Use this openssl command to obtain the full hierarchy including the root CA. This should be what you need to import the certs into your version of Firefox. openssl s_client -connect webbroker.tdwaterhouse.ca:443 -showcerts If you wish to automate it, you do so via 'certutil' and using the directory that houses your 'cert8.db' file. On 08/25/2011 05:26 PM, t...@terralogic.net wrote: Web broker. Also they seem to have broken their web site in other ways. I just hate it when they figure they should reprogram my browser so I can't right click on a link and open in a new window. I do run multiple monitors and its nice to put a press release on one monitor and another press release on another monitor while having the main window on yet a 3rd monitor. Their mind set seems to be like if you want to use our service then switch your machine to windows... toss out the extra monitors and set the display to 800x600. Well not quite that bad but close. If I have much more trouble with them I'm going to close my accounts. On Thu, Aug 25, 2011 at 05:08:40PM -0400, Crypto Sal wrote: Do you log into 'Web Broker' or 'Easy Web'? On 08/25/2011 04:50 PM, t...@terralogic.net wrote: Sorry http://www.tdwaterhouse.ca/ Its my old cert chain which is broken. I jsut want to go to them and ask them to supply the root cert so I can install it and get rid of the error message which Firefox generates because I can't find the root cert. On Thu, Aug 25, 2011 at 04:44:07PM -0400, Crypto Sal wrote: Can you please *be* specific and provide us with an exact URL for those of thus that don't live in Canada or use TDWaterhouse? I see TD has several sites and this is why we need you to be specific so we can tell you which root to get. On 08/25/2011 03:06 PM, t...@terralogic.net wrote: TDWaterhouse In Canada. I'm in Calgary. THose idjots tell me to reboot my computer when their Apache servers in TO send me a misconfiguration message. I told them yesterday we build it and you break it. Something is desperatly wrong. On Thu, Aug 25, 2011 at 02:10:11PM -0400, Crypto Sal wrote: Firefox has its own certificate store. It doesn't share '/etc/ssl/certs'. If we had the bank URL, we would be able to better help you to resolve this issue. On 08/25/2011 01:45 PM, t...@terralogic.net wrote: I know you are trying to help. But it doesn't help me to defer to a package manager because I'm trying to fix what the last package managers screwed up. On Thu, Aug 25, 2011 at 04:09:44AM -0500, Michael S. Zick wrote: On Wed August 24 2011, t...@terralogic.net wrote: Top posting to a hijacked thread is not the way to get a quick and useful reply. Next time, start your own. Mailing list threads are cheap. I see my bank has an invalid cert. Likely I have an old cert chain. I'm running Debian Linux and firefox. Use anyone of the distribution provided package managers to download and install the most recently released package of certificates. Can anyone tell me where to install a valid root cert? Like what directory? I would think the bank should be able to provide the root of the chain. I'll need to know SPECICALLY what to ask them for. Asking the operator of the site you wish to authenticate for the certificate is similar to asking the Fox to guard your Chicken House. Get the root certificate from an independent, trusted, source. Using your distribution's package management will take care of that concern. I've created my own certs of course but just not recently. Also I never tried to install the CA cert for firefox. Your distribution's package manager already has that handled. All you have to do is use it. Mike __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing List
Re: My bank has an invalid cert
On Thu, Aug 25, 2011 at 03:39:59PM -0600, t...@terralogic.net wrote: Very good! I can write a little code to do that! The Firefox team already did it for you. In v3.6: Tools | Page Info | Security | View Certificate | Details | Certificate Hierarchy. Select any member of the chain and see details below. Thanx On Thu, Aug 25, 2011 at 05:24:14PM -0400, Crypto Sal wrote: You typically import certs through the Firefox certificate manager found via Edit - Preferences - Adv. - Encryption - View Certificates. It should be self explanatory from here. The only other question that remains is which Root CA. That can only be done by reading the certificate hierarchy that is presented by the bank's server, which it should provide you upon making an s_client connection. -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Asking whether markets are efficient is like asking whether people are smart. pgptNUiPZUJX2.pgp Description: PGP signature
Re: My bank has an invalid cert
On Thu, Aug 25, 2011 at 01:51:01PM -0700, Craig White wrote: the answer lies with the people who wrote the software for the certificate store since the whole point is trust. If users could manipulate the root certificate store, then it would be impossible to trust anything. Wht? Of course I can manipulate my browser's root certificate store. There's a nice bit of UI provided for exactly that purpose. I can install new certificates, remove ones I don't trust, examine all. Of course I can manipulate my OS' trust store. It's just files in /etc. There's no way to keep me out. Better to say: if users canNOT manipulate the root certificate store, then it would be impossible to trust anything. The whole point is *my* trust. (And yours.) -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Asking whether markets are efficient is like asking whether people are smart. pgp0wNS8oiuaN.pgp Description: PGP signature
Query regarding pseudo number generation error in OpenSSL
Hi, I am using openssl to one of my application. The application has support of multithreading and runs on Windows platform. This application uses openssl 0.9.8.0 version and has support of fips. The application listens on a particular port and for each new connection it creates a separate threads. Each thread separately invokes SSL APIs like SSL_accept()__ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: AES encryption using RSA keys
Thanks for your detailed Explanation Dave. I am going to encrypt using AES in server side using EVP , EVP_EncryptInit_ex(x, EVP_aes_256_cbc(), NULL, key,iv)) EVP_EncryptUpdate(x, outbuf, outlen, (const unsigned char*) intext, strlen(intext))) EVP_EncryptFinal_ex(x,outbuf+outlen,tmplen)) client will be using JAVE to decrypt the same. should i use the above same funtion to encrypt the or i must use AES_cbc_encrypt(); to encrypt the same. Thanks for your time, Krishnamurthy On Fri, Aug 26, 2011 at 5:20 AM, Dave Thompson dthomp...@prinpay.comwrote: From: owner-openssl-us...@openssl.org On Behalf Of krishnamurthy santhanam Sent: Wednesday, 24 August, 2011 02:32 Basically when we encrypt something using an RSA key (whether public or private), the encrypted value must be smaller than the key (due to the maths used to do the actual encryption). So if you have a 1024-bit key, in theory we could encrypt any 1023-bit value (or a 1024-bit value smaller than the key) with that key. More precisely, smaller than the modulus 'N' but large enough not to be subject to a trivial break. An RSA public key is the pair (e,n) where e is usually small, and the private key is in principle the pair (d,n) where d is usually a substantial fraction of n. RSA private keys may and in OpenSSL do also include additional 'Chinese Remainder Theorem' aka CRT information to make computation faster. Plus, most actual RSA encryption schemes add padding. In particular simply RSA-encrypting raw user data allows an adversary to determine if a guessed plaintext is correct, which in general is considered an unacceptable weakness. Thus the value size you can encrypt is somewhat less than the RSA modulus size because of this padding; the commonly used PKCS#1 v1.5 'classic' and v2 OAEP are 11 and 41 bytes. If used certain ways v1.5 has weakness (see Bleichenbacher's attack on early SSL) which is why OAEP was created. below is the code snippet i am trying to do AES Encryption. it works fine. if i see some example in openssl they are using KEY value EVP_MAX_KEY_LENGTH(32 bytes). can i use RSA public key(1024 bit) to encrypt the same value and use private to decrypt the value. It's not entirely 'fine', see below. EVP_MAX_KEY_LENGTH is the maximum length for *any* (supported) *symmetric* algorithm. It is useful if you want to write generic code that works for various algorithms selectable at runtime, as many common systems like SSL/TLS SMIME/CMS/PKCS7 PGP do. If you are using only a specific cipher you can use the key length for that cipher which might be smaller. However, the key lengths for *asymmetric* algorithms, including RSA, are all separate. You need to use the correct one for each. unsigned char key[] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15}; unsigned char iv[] = {1,2,3,4,5,6,7,8}; char intext[] = string to make the random number generator think it has entropy; // Straight encrypt EVP_CIPHER_CTX x; EVP_CIPHER_CTX_init(x); if(!EVP_EncryptInit_ex(x, EVP_aes_256_cbc(), NULL, key, iv)) printf(\n ERROR!! \n); The key for AES-256 is 32 bytes, and IV for AES-anything 16 bytes. You are using partly unknown possibly garbage values, which means you may be unable to decrypt the result in any other program. (Of course in any real use the IV should be random or at least unique and unpredictable, and the key should be random or at least secret.) if(!EVP_EncryptUpdate(x, outbuf, outlen, (const unsigned char*) intext, strlen(intext))) printf(\n ERROR!! \n); if(!EVP_EncryptFinal_ex(x,outbuf+outlen,tmplen)) printf(\n ERROR!! \n); outlen+=tmplen; In general when any OpenSSL call returns an error, you should look at the error stack: http://www.openssl.org/support/faq.html#PROG6 For these particular calls (symm encrypt without engine) it's not vital, but if and when you start doing other things it becomes valuable. } EVP_CIPHER_CTX_cleanup(x); This should be within the routine (before the closing brace). Now to your actual question: Yes in abstract you can encrypt and decrypt data directly with RSA. In practice people usually don't, because of the limitations. Most widespread systems like SSL/TLS and SMIME and PGP are 'hybrid', where for encryption the data is encrypted with a symmetric algorithm and a random 'working' or 'session' key, and public-key algorithms like RSA DH or ECDH are used to transfer or share that working key; in the simplest case, the working key is just RSA-encrypted. Similarly for signing people don't actually RSA-sign their data; instead a hash like SHA1 is computed from the data, and that hash (plus limited overhead like an OID) is signed by RSA or [EC]DSA. These
Re: OpenSSL FIPS module self signed certificate creation failed
On Thu, Aug 25, 2011, rockrider33 wrote: Hi All, I am new to linux and openssl stuff. I have tried to install OpenSSL (1.2.3 with fips)with FIPS module and it's successful. (built and installed) For building: i had used make and gcc version 4.3.4 I hope installation was successful and it created FIPS module and openssl binary (usr/local/ssl/fips1-0/bin) Note: my machine already installed with openssl 0.9.8h. I didnt uninstall it. what i tried is, 1.executed /usr/local/ssl/fips1-0/bin/openssl this binary and created self signed certificate key -successful 2.Using same command, trying to create certificate signing request and it failed with Invalid instruction 3.I saw system logs, it had an entry Aug 23 05:11:36 lglor248 kernel: [14103.238431] openssl[15942] trap invalid opcode ip:7fcb3cc886d0 sp:7fff7a02c9a8 error:0 in libcrypto.so.0.9.8[7fcb3cb9+16a000] I had some googling on this and found a relevant link: http://forum.doom9.org/archive/index.php/t-125808.html But i don't feel my gcc version would be causing this issue since that post was quite old and i have almost latest gcc. It will be appreciated if any one helps me out on this.. NOTE: i used the openssl command which i created and never used existing installation (old 0.9.8h). The usual cause of this is if you attempt to use the version of OpenSSL that comes with the validated module: don't do that as it is old and newer versions of gcc do horrible things when you try to use it. Instead use the validated tarball to build the module and then use the latest version of OpenSSL to link against the module, a so called FIPS capable OpenSSL. Details in the user guide. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org