Re: [openssl-users] CMS: Encrypt with binary encoding
> On Jun 22, 2016, at 11:40 AM, c.hol...@ades.at wrote: > > Yes, but then there is no MIME-Header. > Can I have MIME with binary encoding?? Not really. If you’re using raw binary output, the output wouldn’t be a MIME body (or body-part), so a MIME header would be inappropriate. MIME requires output to be 7-bit clean (i.e., the high bit of every byte is 0), with some special exceptions. Base64 is usually the preferred encoding, although many other encodings (e.g. uuencode) are allowed. Raw binary output would not be allowed (unless you could guarantee it meets the exceptional cases, which you can’t for something like this). You could always prepend a MIME header, but that wouldn’t make your output a MIME body. TOM -- +-++ | Thomas Francis, Jr. |Preserve wildlife --| | thomas.francis...@pobox.com | Pickle a squirrel! | | http://www.bbsclient.net/ || +-++ -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] CMS: Encrypt with binary encoding
Yes, but then there is no MIME-Header. Can I have MIME with binary encoding?? -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] CMS: Encrypt with binary encoding
On 22/06/2016 17:09, c.hol...@ades.at wrote: Hi! Is there a way to get binary (not base64) encoding out of CMS-encrypt?? openssl cms -encrypt -in plain.txt mycer.cer gives me a MIME-part with Content-Transfer-Encoding: base64 But I'd like to have binary. Thanks for help! Chris -outform DER Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] CMS: Encrypt with binary encoding
Hi! Is there a way to get binary (not base64) encoding out of CMS-encrypt?? openssl cms -encrypt -in plain.txt mycer.cer gives me a MIME-part with Content-Transfer-Encoding: base64 But I'd like to have binary. Thanks for help! Chris -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Record aggregation with TLS Client
By "a single packet", do you mean a single TCP segment? No, there's no way to ensure they're sent in separate TCP segments. TCP segmentation is a function of the TCP/IP stack. And your application knows nothing about it anyway; TCP is a byte-stream protocol. Why do you think you want to do this? (When people ask this question, for TLS or any other protocol, it almost always indicates that they don't understand TCP and have a broken design. TCP is not a record-based protocol.) Michael Wojcik Technology Specialist, Micro Focus From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Rajeswari K Sent: Tuesday, June 21, 2016 23:41 To: openssl-users@openssl.org Subject: [openssl-users] Record aggregation with TLS Client Hello Openssl users, Having a query on when our device acitng as TLS Client, we observed that both client certificate and client key exchange messages are going in a single packet. Is there any way to separate this? That means is there any option to avoid multiple records in a single packet? Thanks, Rajeswari. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] ECDSA vs RSA certificates
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of > Rajeswari K > Is there a way we can feed multiple certificates i.e. one with ECDSA and > other with RSA > to TLS server during SSL_CTX initialization? Yes, you can set a certificate of each known type (DSA, RSA, EC), see the Notes section at https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_use_certificate.html -spw -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] ECDSA vs RSA certificates
Hello Openssl users, Need pointers on how to use ECDSA vs RSA certificates. When our device acting as TLS server, we have support for both ECDSA and RSA based certificates. At first, we need to feed a certificate for the TLS server to accept the connections. >From the code, having a feel that, if we feed ECDSA based certificates, ECDSA based ciphers only get selected by server. But, what if client doesn't have a cipher matched with ECDSA? Does server choose RSA based cipher or because the certificate we fed is holding ECDSA signature, will it respond with "no shared cipher"? Is there a way we can feed multiple certificates i.e. one with ECDSA and other with RSA to TLS server during SSL_CTX initialization? Or Once Client hello is received, after examining client supported ciphers, do we need to feed respective (i.e. ECDSA/RSA) certificate? Thanks, Rajeswari. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users