date:20110924

query reg disabling hanshake and key exchange mechanism openssl

2011-09-24 Thread Siddharth Sharma

Hi,

 I am a network security researcher. We have designed and developed a
multifactor authentication  and secure key exchange protocol that can
counter man in the middle attack. I want to integrate my protocol with SSL
on apache.
I have written my own protocol for authentication and key exchange. My
protocol will be hosted on some port X. User app on client will call our
protocol for two way one time password authentication and key exchange. Once
user is authenticated and session key is generated, I will write that key to
key store of apache. Now I will forward the traffic to port 443 for use of
SSL. I dont want to use SSL's handhsake and key exchange protocols since
this part is already done by my protocol. Can you please help me regarding
how to configure open SSL in apache to stop the use of hanshake layer, that
takes care of authentication and key exchange. I still want SSL to change
cipher suite and do rest of the normal stuff.  Will appreciate your help.

regards,
Sid

Re: TLS 1.0 cracked...

2011-09-24 Thread Ben Laurie

On Fri, Sep 23, 2011 at 4:54 PM, Dr. Stephen Henson st...@openssl.org wrote:
 On Fri, Sep 23, 2011, Jakob Bohm wrote:


 Is openssl running out of bit values for SSL_OP_ constants?


 Well more ran out of contants. When a new flag was needed for TLS v1.2 all 32
 bits were used but fortunately two ancient ones were never used by anything
 AFAIK so could be reassigned.

 There is one left now.

 It will need redoing at some point so more flags are available. Splitting it
 up into separate fields for bug workaround and protocol selection options is
 one possibility.

Sounds like that last bit needs to be reserved for enable all future
SSL_OP_ALL options.


 Steve.
 --
 Dr Stephen N. Henson. OpenSSL project core developer.
 Commercial tech support now available see: http://www.openssl.org
 __
 OpenSSL Project                                 http://www.openssl.org
 User Support Mailing List                    openssl-users@openssl.org
 Automated List Manager                           majord...@openssl.org

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

certificate problems http://www.rtfm.com/openssl-examples/

2011-09-24 Thread mattj610


In regards to the examples given at http://www.rtfm.com/openssl-examples/ I
have been trying to set up pem files so that the connection will work by
self signed certificates. I can get the wclient to connect only with the -i
option, as I understand the example pem files expired long ago. I have been
looking for instructions on how to set up these files however none of them
have worked. If someone could please help me out with the short list of
commands to generate these files that would be great.

Matt.
-- 
View this message in context: 
http://old.nabble.com/certificate-problems-http%3A--www.rtfm.com-openssl-examples--tp32503893p32503893.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: Unable to enable GOST ciphers support

2011-09-24 Thread Andrey Kulikov

You config file is incorrect.
It should looks something like this:

==
openssl_conf = openssl_def

[openssl_def]
engines = engine_section

[engine_section]
gost = gost_section

==

On 19 September 2011 12:31, Peter Volkov p...@gentoo.org wrote:
 Hi! I'm trying to enable GOST ciphers in openssl-1.0.0e and so far I
 failed. What I've done so far:

 1. built openssl with ./config shared zlib enable-rfc3779
 --prefix=/tmp/gost-ssl-new
 2. updated config file as described in README.gost.

 I've straced openssl run and I'm sure it reads my configuration file
 (attached to this mail) and I'm sure there
 is /tmp/gost-ssl-new/lib/engines/libgost.so. But nevertheless openssl
 does not open this binary (conclusions from strace) and no GOST ciphers
 available. I've tried to do exactly same steps installing openssl system
 wide (prefix=/usr) but still no luck. Could you help me to understand
 what am I doing wrong? Is there any way to debug what openssl loads from
 configuration file and how it parses that?

 Thank you in advance for any pointers,
 --
 Peter.



__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: c/c++ and GOST is russian ciphers.

2011-09-24 Thread Andrey Kulikov

You need to initiualie engine first:


static ENGINE *e = NULL;

e = ENGINE_by_id(gost);
if (!e){
printf(Can't find engine \n);
return 1;
}
if (!ENGINE_init(e)){
printf(Engine initialization failed!\n);
ENGINE_free(e);
return 1;
}
 /* ENGINE_init() returned a functional reference, so free the structural
  * reference from ENGINE_by_id(). */
 ENGINE_free(e);

if (ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
printf(Engine %s(%s): Activated.\n, ENGINE_get_name(e),
ENGINE_get_id(e));
} else {
printf(Engine %s(%s): Initialized but not usable.\n,
ENGINE_get_name(e), ENGINE_get_id(e));
return 1;
}

// Optional?
OpenSSL_add_all_algorithms();
OpenSSL_add_ssl_algorithms();


Then do whatever you want.

On 19 September 2011 15:30, Dmitrij K kdi...@live.ru wrote:
 Hi guys!

 I need help, please.

 I don't know, how do it. Maybe anyone has experience with signing/verify a
 docs/strings with GOST, and he will help me with...

 I have little code, which has can't load `md_gost94'... And I don't know how
 to use API for the GOST... :(

 My code are:

 [CODE=cpp]

 #include openssl/conf.h
 #include openssl/err.h
 #include openssl/rsa.h
 #include openssl/sha.h
 #include openssl/md5.h
 #include openssl/pem.h
 #include openssl/x509.h
 #include openssl/x509v3.h
 #include openssl/crypto.h
 #include openssl/ssl.h
 #include openssl/ssl2.h
 #include openssl/ssl3.h
 #include openssl/ssl23.h
 #include openssl/evp.h
 #include openssl/engine.h
 #include stdio.h

 // g++ gost.cxx -o gost -lssl
 int main(){

 int ret = -1;

 SSL_library_init();

 const EVP_MD *md = NULL;

 if((md = EVP_get_digestbyname(md_gost94)) == NULL){
  printf(cannot load the `md_gost94'!\n);
  goto ENDFUNC;
 }

 else { printf(Ok!\n); }


 ret = 0;

 ENDFUNC:

 md = NULL;

 return ret;

 }

 [/CODE]

 PS:

 Platform: Linux
 Version of OpenSSL: 1.0.0e

 --
 Regards.

 --
 Regards.
 __
 OpenSSL Project                                 http://www.openssl.org
 User Support Mailing List                    openssl-users@openssl.org
 Automated List Manager                           majord...@openssl.org

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

query reg disabling hanshake and key exchange mechanism openssl

Re: TLS 1.0 cracked...

certificate problems http://www.rtfm.com/openssl-examples/

Re: Unable to enable GOST ciphers support

Re: c/c++ and GOST is russian ciphers.

5 matches

Site Navigation

Mail list logo

Footer information