Engine Overview
We're specifying (nominally) a SOHO-class accelerator to work with OpenSSL/X86 Linux in an embedded product. We're trying to guess at the development path with the fewest risks/landmines first, and the lowest unit cost second. To this end, I have a few question, 1. Is there a resource summarizing which engines are chip-level cryptographic accelerators, and which are board-level products? 2. Is there any planned OpenSSL support for the SafeNet CryptCore 1140? 3. Across all accelerator products, are there any particular engines that have a significant lead in terms of OpenSSL user base? Thanks! James Dabbs __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
OpenSSL + Engines + Neutrino
Has anyone used OpenSSL under Neutrino with a hardware accelerator? I would appreciate any configuration details you can share. Thanks, James Dabbs [EMAIL PROTECTED] TGA Technologies, Inc. Suite 140, 100 Pinnacle Way Norcross, GA 30071 770-441-2100 ext 126 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: OpenSSL and Lynx
I believe that LynuxWorks has a pre-built (or pre-configured) OpenSSL on their FTP site. -Original Message- From: Patrick Ash [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 01, 2001 1:19 PM To: [EMAIL PROTECTED] Subject: OpenSSL and Lynx I have successfully (?) built OpenSSL 0.9.6 for OS/2, and now I am trying to build Lynx with SSL support. I ran all the executable files that were created,and all work properly. Now, owever, I get the following error messages when I try to link the libraries with Lynx. configure:5995: checking if we can link to ssl library configure:6011: gcc -o conftest.exe -O -Zmt -D__ST_MT_ERRNO__ -I/usr/local/include -Zcrtdll -Zmt -Zcrtdll conftest.c -L/usr/local/lib -lssl -lcrypto 15 /usr/local/lib/crypto.a(tmp2\bss_sock.o): Undefined symbol _shutdown referenced from text segment /usr/local/lib/crypto.a(tmp2\bss_sock.o): Undefined symbol _shutdown referenced from text segment configure: failed program was: #line 5997 "configure" Can anyone offer any advice on this? I have rebuild OpenSSL 3 times now, and each time I get the same files with the same sizes, yet the error remains the same. There were no errors during the build of OpenSSL, so at this time I am stumped. Thanks for any info. Pat __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: Proxy or Firewall
I believe that many enterprises that do not allow an unbroken SSL connection directly from the client throught the proxy/firewall to the remote server. This is because security policy may allows/disallow certain MIME types in the entity of the HTTP response. For this reason, SSL is "broken" at the proxy, and reestablished with a seperate SSL session between the proxy and the remote server. This is not quite as tansparent to the client, but still fairly so. The proxy is much more complicated. It is my understanding that this scheme is becoming the prevailing security strategy in large corporations, gaining favor over transparent SSL pass through. Am I wrong on this? James Dabbs James Dabbs [EMAIL PROTECTED] Director of Engineering TGA Technologies, Inc. Suite 140, 100 Pinnacle Way Norcross, GA 30071 770-441-2100 ext 126 -Original Message- From: Hansknecht, Deborah A [SMTP:[EMAIL PROTECTED]] Sent: Friday, April 28, 2000 2:57 PM To: '[EMAIL PROTECTED]' Subject: RE: Proxy or Firewall A few comments included within... -Original Message- From: James Dabbs [mailto:[EMAIL PROTECTED]] Sent: April 28, 2000 5:37 AM To: [EMAIL PROTECTED] Subject: RE: Proxy or Firewall ..deleted stuff HTTP over SSL, though, works transparently through almost any proxy. This is because the HTTP client knows that the proxy exists. It sets an SSL session up with the proxy, and tells the proxy to set up a seperate SSL session with the actual server. As long as requests are initiated by the client, everything is OK. Perhaps I missed some context in other messages that makes the above statements correct (and I am probably veering off-topic), but as written this is not true. HTTP works over SSL thru a proxy transparently because the client knows that a proxy exists, (that much is true) but it DOES NOT set up an SSL session. The client sends HTTPS via CONNECT which the proxy just passes on to the end server. Your standard HTTP proxy does not negotiate any SSL session with either client or server. (that is obvious if you remember that you do not need an SSL aware proxy - i.e. Apache with mod-ssl or Apache-SSL - if all you want to do is proxy HTTP or HTTPS requests.) If you are "reverse-proxying" then the proxy DOES negotiate separate SSL sessions with client and server, but that is an entirely different bucket of worms and the client browser doesn't even know that you are using a proxy. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: Proxy or Firewall
Generally speaking, use of "raw" SSL through a proxy requires special setup changes in the proxy itself. Depending on the environment, this may also require a security waiver from the MIS department in charge of the proxy and a security screen on the endpoints in question. HTTP over SSL, though, works transparently through almost any proxy. This is because the HTTP client knows that the proxy exists. It sets an SSL session up with the proxy, and tells the proxy to set up a seperate SSL session with the actual server. As long as requests are initiated by the client, everything is OK. Proxies are like "internet diodes." As long as you follow their rules, everything is OK. James Dabbs [EMAIL PROTECTED] Director of Engineering TGA Technologies, Inc. Suite 140, 100 Pinnacle Way Norcross, GA 30071 770-441-2100 ext 126 -Original Message- From: Boyet, Adam C [SMTP:[EMAIL PROTECTED]] Sent: Thursday, April 27, 2000 4:18 PM To: '[EMAIL PROTECTED]' Subject: Proxy or Firewall Is it possible to use Net::SSLeay and OpenSSL to make a SSL request through a proxy or firewall. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: docs for openssl programming in C
Personally, I would prefer OpenSSL for Dummies. The Nutshell book would be an excellent follow on for advanced users. James Dabbs [EMAIL PROTECTED] Director of Engineering TGA Technologies, Inc. Suite 140, 100 Pinnacle Way Norcross, GA 30071 770-441-2100 ext 126 -Original Message- From: Richard Levitte - VMS Whacker [SMTP:[EMAIL PROTECTED]] Sent: Wednesday, April 26, 2000 8:45 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: docs for openssl programming in C robert The idea about a book is a good one.. Yep, absolutely. OpenSSL in a Nutshell anyone? Which animal should that be? :-) __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]