Re: [openssl-users] [openssl-dev] Kerberos
On 5/13/2015 10:19 AM, Matt Caswell wrote: On 08/05/15 09:40, Matt Caswell wrote: On 08/05/15 02:28, Jeffrey Altman wrote: Regardless, the inability to improve the support in this area has left the those organizations that rely upon 2712 with the choice of use insecure protocols or re-implement the applications. I do not believe that any sane OS or application vendor can with a straight face continue to ship 2712 support. As such it should be removed from OpenSSL master. I plan to start preparing the patches to remove it next week. FYI, these patches have now been applied to master. Matt Thank you. Jeffrey Altman smime.p7s Description: S/MIME Cryptographic Signature ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] [openssl-dev] Replacing RFC2712 (was Re: Kerberos)
On 5/13/2015 3:17 PM, Nico Williams wrote: Kerberos in particular supports PROT_READY. There is no Kerberos IV GSS mechanism, FYI. I'd never heard of GSS-SRP-6a; do you have a reference? Nico, Look for draft-burdis-cat-srp-sasl. It was never standardized but I believe there is an implementation in Cyrus/SASL. This is the most recent version I could find http://www.opensource.apple.com/source/passwordserver_sasl/passwordserver_sasl-159/cyrus_sasl/doc/draft-burdis-cat-srp-sasl-xx.txt Jeffrey Altman smime.p7s Description: S/MIME Cryptographic Signature ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Kerberos
On 5/8/2015 5:17 PM, Nathaniel McCallum wrote: I agree that the current situation is not sustainable. I was only hoping to start a conversation about how to improve the situation. For instance, there is this: http://tls-kdh.arpa2.net/ I don't see any reason this couldn't be expanded to do GSSAPI. I think that TLS-KDH is fundamentally flawed because it is tied to the Kerberos protocol. Most operating systems today support Kerberos but they do not support a stable standard Kerberos API because such a creature does not exist in the wild. If we want a TLS implementation to make use of Kerberos authentication on a broad range of operating systems that we must access Kerberos through GSS. Only by using GSS can userland TLS implementations hope to stack on top of the OS provided Kerberos in a portable way. But maybe this mailing list isn't the right place for such a discussion. Perhaps the right question to ask is how much interest there would be in improving this situation in the TLS WG and whether or not OpenSSL would have interest in implementing such a project. The IETF TLS WG and perhaps the IETF Kitten WG are the appropriate places to hold discussions. Or perhaps hold an IETF BOF first to explore the interest. The last time I was involved the work product was https://tools.ietf.org/html/draft-santesson-tls-gssapi-03 I still believe that is a reasonable approach. Jeffrey Altman smime.p7s Description: S/MIME Cryptographic Signature ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Kerberos
On 5/7/2015 8:40 PM, Viktor Dukhovni wrote: On Thu, May 07, 2015 at 08:00:17PM -0400, Nathaniel McCallum wrote: There have been some conversations behind Red Hat doors about improving the state of Kerberos/TLS in both standards and implementations. Could we maybe have a broader conversation about how to fix this situation? To be blunt, if you want better Kerberos support in TLS, the fix is to expand the TLS WG charter to explore new directions in TLS Kerberos support. Given all the current efforts on 1.3, this is not going to happen for quite some time. There's nothing that can be done in just OpenSSL, and the right immediate action is to drop support for the obsolete protocol. [ FWIW, Nico concurs. ] As do I and I am one of the individuals that pushed to get RFC 2712 passed the TLS WG and added to OpenSSL back in 1999. While Viktor is correct that GSS authentication used over TLS with appropriate channel bindings is a good option, it is not an option for everyone. It isn't easy to re-architect protocols that have been deployed for more than 15 years in production. There have been several efforts over the years to better integrate GSS and Kerberos into TLS. The approach that I prefer is one in which TLS relies upon GSS authentication to produce a shared secret key that is used to feed the TLS Pre-Shared Key (PSK) functionality. However that went nowhere. TLS is complicated enough and there were significant concerns that creating a GSS hole in the protocol would risk broader security and performance issues. SSH2 + GSS Key Exchange demonstrates how easy it should be to combine GSS Kerberos with a security protocol and remove the dependency on key management. I have often wondered if the real resistance to adding GSS to TLS is the negative impact it would have on the bottom lines of companies that sell server certificates. Regardless, the inability to improve the support in this area has left the those organizations that rely upon 2712 with the choice of use insecure protocols or re-implement the applications. I do not believe that any sane OS or application vendor can with a straight face continue to ship 2712 support. As such it should be removed from OpenSSL master. Jeffrey Altman smime.p7s Description: S/MIME Cryptographic Signature ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: Post-2010 future of the OpenSSL FIPS Object Module?
On 2/19/2010 11:00 AM, Michael Sierchio wrote: Steve Marquess wrote: In the three years since the open source based FIPS 140-2 validated OpenSSL FIPS Object Module became available many software vendors have directly or indirectly utilized it to realize substantial cost and schedule savings. We're glad to see the widespread benefits of these hard won validations Steve - Forgive my ignorance, but are you a 501(c)3? Can you communicate that in a signature line so it's obvious? Do you have a list of commercial vendors who use OpenSSL? A list of companies that use it internally (that would be nearly everyone who uses Linux, UNIX, *BSD, etc.)? That would be the basis of fundraising activity (I mean making phone calls, which is something nearly everyone can do). $150,000 is not an intimidating amount for anyone who's done fundraising. - M The OpenSSL Foundation is *NOT* a 501(c)3. This is described at http://www.openssl.org/support/donations.html Jeffrey Altman smime.p7s Description: S/MIME Cryptographic Signature
Re: win32 openssl w/o requiring the dreaded msvcr71.dll?
Bobby Krupczak wrote: Hi! I'm trying to build a multi-platform application using openssl. I'm using the win32 ssl libs built by Shining Path. However, those libs require msvcr71.dll whilst the rest of my apps are compiled such that they only require msvcr.dll Since I want my app to run out-of-box on win2k, winXP, win2003, vista, etc., I'd like to have my app only use the least-common denominator of libs. I'm somewhat confused by all the various version of msvcr.dll. Is it possible to obtain (or build) a version of 0.9.8g that can use an older version of msvcr.dll ? I'd prefer not to have to distribut msvcr711.dll with my app. Thanks, Bobby Build openssl from source. then you can use whatever you want. smime.p7s Description: S/MIME Cryptographic Signature
Re: What is an OpenSSL issue (was Re[2]: Vista 64 bit)
David Schwartz wrote: However, they generally require particular versions of OpenSSL or particular build environments. They impose their own requirements. If you can state and explain these requirements and reduce your question to one that is actually about OpenSSL, then I agree with you. And yet there are folks like Thomas Hruska who are distributing installer packages for end users (not developers) that are claimed to be the official OpenSSL win32 binary and application developers who don't want to link to crypto code because they are afraid of the legal issues surrounding crypto in some countries. Now when a user is told by their application documentation to go get OpenSSL and install it and there is someone claiming to provide the official build and there are packages specifically for non-developers, what are you expecting the non-developer users to do when they have a question? The application developer doesn't know enough to realize that they need to be careful about the OpenSSL version they use. The application developer wants to treat OpenSSL just like any other package that can be installed such as Kerberos or Perl. When they have a question they are going to come to the folks that developed the software they have a question about. Now perhaps the question should have been sent to Thomas Hruska because he distributes the builds he claims are official but when someone looks for OpenSSL they see the OpenSSL Users mailing list as free and Thomas' support costs money. Where do you think the user will go first? The best you can do is try to give end users a message to send back to the application developer and at the same time attempt to answer their question or point them at the official distributors and let Thomas deal with the fallout. Jeffrey Altman smime.p7s Description: S/MIME Cryptographic Signature
Re: Vista 64 bit
Thomas J. Hruska wrote: I'm holding back from a 64-bit build of the Win32(?) OpenSSL installer for another couple weeks because I need to purchase Visual Studio Professional 2008 (i.e. I can't use VC++ Express) for various reasons and my development computer gets unhappy when I install new development tools. I installed Python recently and pretty much instantly regretted doing so as it hosed portions of my dev. environment. So I'm dreading the VS install. Why can't you use the compilers that are provided as part of the free Windows SDK 6.0 download? They are the same compilers as shipped with VS2005 SP1 * Win32 might not be a good name to use anymore. I would use OpenSSL for Windows and OpenSSL for Windows (64-bit) smime.p7s Description: S/MIME Cryptographic Signature
Re: Vista 64 bit
Thomas J. Hruska wrote: I know about the 90 day trial. The VS 2008 install is going to hose my existing dev. environment. So, I'd rather just hose it once (install the full thing) than hose it twice (install the trial and then install the full thing). I have VS.2003, VS.2005, and VS.2008 all installed on the same machine. Just don't include the environment variables or paths in the System Environment. Use the batch files that come with the SDKs and the compilers to setup the development environment you need for the build you are making. I used to have VC.6 as well. There simply is no reason for it anymore. smime.p7s Description: S/MIME Cryptographic Signature
Re: Authenticode in Vista
Arno Garrels wrote: Hello, How do I get this MS-specific extension into a certificate? SPC_FINANCIAL_CRITERIA_OBJID 1.3.6.1.4.1.311.2.1.27 i.e. Value: 30 06 01 01 00 01 01 ff I don't know if it's necessary at all, however in Vista I cannot get rid of the nasty red security popups. It's either this missing extension or may be just the fact that a cert has to be issued by VeriSign, who knows? Arno Garrels The thawte certificates seem to be acceptable with XP but they are no longer being accepted by Vista nor are they being accepted by Microsoft for their Windows Crash Reporting service. The problem appears to be that only the Verisign Code Signing CA is now a trust anchor for validating Authenticode signatures. It looks like I will have to buy a cert from Verisign when the current one expires. Jeffrey Altman smime.p7s Description: S/MIME Cryptographic Signature
Re: Licenses...
Tyler MacDonald wrote: And it's not always even that simple: for example, the freeradius project's postgresql plugin links against the postgresql client library (naturally). Postgresql may or may not link against OpenSSL. If it does, then the freeradius-postgresql plugin is breaking the GPL's rules, but how the postgresql client library was compiled isn't neccessarily under freeradius's control. Maybe the problem is the GPL rules. Jeffrey Altman smime.p7s Description: S/MIME Cryptographic Signature
Re: Compilation of OpenSSL-fips-1.0 under Windows
Gianluca Varenni wrote: I'll fix the build system so it will also look for it in fipslibdir so you only have to copy it once. It worked! Now it builds successfully both the static version (out32) and the dynamic one (out32dll). Was I the first one successfully compiling the fips certified OpenSSL under Windows (apart from you)?!? :-) Thanks for the help GV Quite likely. That procedure is pretty daunting. Stephen: Do the procedures state that a particular compiler has to be used? For example, is there going to be a problem with using gcc 3 vs gcc 4? If not, what are the procedural steps that can not be supported by the native Microsoft development tools? Obviously, _chkstk.o provides code that is required and is currently missing from the Microsoft libraries. Are the sources to _chkstk.o under a license that would allow that code to be ported to the Microsoft Tools? Jeffrey Altman smime.p7s Description: S/MIME Cryptographic Signature
Peter Runestig has passed away
Last month, Peter Runestig [EMAIL PROTECTED] passed away from a heart attack. Peter was an active participant in the openssl community. He will be dearly missed by all that knew him. Jeffrey Altman smime.p7s Description: S/MIME Cryptographic Signature
Re: question -- should SSL server send certs for all CAs?
The server should send all of the certs which make up the chain but not the root cert. If the root certs is sent, the client must ignore it for purposes of validation of the chain. Microsoft used to distribute Intermediate certs as part of Windows and this resulted in the expectation that clients should have the intermediate certs installed on their machines. Intermediate certs expire more frequently then root certs. The administrators of the servers have a relationship with the issuers of the intermediate certs; the clients do not. Therefore, the server administrators can more easily update the intermediate certs when needed. Inclusion of the intermediate certs on the client requires the administrator of the client to remove the old intermediate cert and replace it with the new one. In practice, this will never happen in most cases because most clients do not have administrators. Jeffrey Altman Jason Keltz wrote: Hi. I have a question with respect to SSL protocol. Is it part of the protocol that the SSL server send to the client the public keys for the CAs making up the certificate chain? or is it acceptable to send just the server public key and expect the client to complete the chain on its own? I can demonstrate with two examples... assume a multi-level certificate chain -- Root CA - Intermediate CA - server I have two programs -- Apache httpd, and uw-imapd, and both operate differently in this respect. In terms of uw-imapd, the client connecting (Thunderbird 0.8) knew about the Root CA and not the intermediate CA. Thunderbird 0.8 was unable to verify the chain, so an SSL connection could not be made. However, placing the public key of the Intermediate CA in the key file for the server made the problem go away. In terms of Apache and running say Opera as a web client -- if the web client doesn't know about the intermediate CA, the server sends the information, and the client trusts the information without a word to the user. If the Root CA certificate is deleted from the client, the server sends both the Root CA public key and the intermediate CA public key, Opera prompts the user letting them know that it doesn't know about any of the 3 components and asking the user if he would like to trust the CAs. The fact that the client even knows about the Root CA means that the server is sending the whole chain along. I'm not writing to ask about either of these programs (Apache/uw-imapd) because that is obviously discussion for a different list. What I'm wondering about is the protocol in general -- should the server send the whole path, or not? Is there a standard? Thanks for any information you can provide.. Jason Keltz [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] smime.p7s Description: S/MIME Cryptographic Signature
Re: openssl, c-kermit and IBM information exchange
Your questions are really specific to C-Kermit so I suggest you use the comp.protocols.kermit.misc newsgroup in the future. I would suggest you follow the troubleshooting guidelines on the page http://www.kermit-project.org/ibm_ie.html as well as use the provided ibm_infoexchange script ftp://kermit.columbia.edu/kermit/scripts/ckermit/ibm_infoexchange to debug the TLS connection you want to turn on SET AUTH TLS VERBOSE ON SET AUTH TLS DEBUG ON Then you will see where in the TLS exchange the connection is being lost. 99% chance the reason you are losing is there is a firewall between you and IBM which does not permitted secure FTP sessions. Jeffrey Altman Kermit 95 Author Secure Endpoints Inc Vasseur, Peter wrote: Hello. I am trying to make a secure FTP connection to IBM Information Exchange from my UNIX machine. I am using C-Kermit 8.0.211, which I compiled for use with openssl on Solaris9 with gcc 3.3. I used openssl to convert the IBM certificates that I was assigned in PKCS#12 format to PEM format for use with c-kermit and openssl, with the following command. openssl pkcs12 -in pkcs#12_filename -out pem_filename As best as I can tell I have followed everything in the c-kermit documentation, as well as the IBM information exchange web site. however when I connect to the site I am asked for the PEM certificate passphrase both under TLS authentication. I correctly enter the passphrase I gave he PEM certificate (and KEY) and it accepts it, however it waits for approximately five minutes before it comes back again with an SSL/TLS connect COMMAND error (see below) and I have to re-enter the passphrase and wait five minutes until it times out again. Here is a transcript of what I get Connected to ieftpint2.services.ibm.com. TLS accepted as authentication type Enter certificate passphrase: ftp: SSL/TLS connect COMMAND error: error::lib(0):func(0):reason(0) TLS authentication failed Connected to ieftpint2.services.ibm.com. SSL accepted as authentication type Enter certificate passphrase: ftp: SSL/TLS connect COMMAND error: error::lib(0):func(0):reason(0) SSL authentication failed Connected to ieftpint2.services.ibm.com. USER command not allowed on insecure connection - use AUTH command. FTP login failed. C-Kermit 8.0.211, 10 Apr 2004, for Solaris 9 Copyright (C) 1985, 2004, Trustees of Columbia University in the City of New York. Type ? or HELP for help. I looked in the archives for this list, since I am a newbie, to not have to bother you, but the results for a search on ftp: SSL/TLS connect COMMAND error: error::lib(0):func(0):reason(0) did not help me find the answer. I have an IBM technical person working on this, but they had no clue what this was about --- but he would get right back to me.. Any advice you can provide will be greatly appreciated. Peter smime.p7s Description: S/MIME Cryptographic Signature
Re: Unorthodox SSL Questions
Marton Anka wrote: Message Hello, I am trying to solve a verypeculiar problem. In my application, there are three players: 1. Client - runs a regular web browser. 2. Proxy - runs my proxy application with OpenSSL 0.9.7c 3. Host - runs my host application with OpenSSL 0.97c Proxy accepts connections from both the Client and the Host. Proxy has a real CA certificate, therefore it is trusted by the Client and the Host. Host has an install-time generated self-signed certificate that is registered on the Proxy upon the first connection and verified upon subsequent ones. Is your goal to pay for one Verisign certificate and be able to use it for a large number of privately generated free certificates which would not be trusted by the client? Host connects to Proxy and waits. Client connects to Proxy and wishes to talk to Host. Client can verify Proxy's identity, and by trusting Proxy it can alsorely on Host's identity being verified as Host needs to authenticate with a client certificate towards Proxy. The client cannot trust the host because the client is not verifying the Host's certificate. The client has no way of knowing whether or not the proxy server has been compromised. Therefore it is not acceptable to trust the proxy to decrypt and reencrypt the data. You have now introduced a man in the middle. Now Proxy can shuffle data between Client and Host. The easy way to do it is by receiving data from Client through its SSL channel, (effectively decrypting) it, and sending it to Host (re-encrypting it) through Host's SSL channel. The response comes from Host, it's decrypted/re-encrypted, and transmitted to Client. Proxy cannot simply shuffle TCP traffic, obviously, because Client, being a standard browser, does not trust Host's certificate - and even if it did, the CN would not match. The first question is, is this cryptographically sound if we assume that Proxy has not fallen into the wrong hands? No. It is not a sound security process. The second question is, can this be improved? For example, can we get rid of the decryption/re-encryption phase? CanI somehow manage to get both Host and Client to negotiate the same cipher suite and session key? I have total control over the code that runs on Proxy and Host, but Client can be any web browser. The way the client and host negotiate the same cipher suite and session key is by establishing an SSL/TLS session between the client and the host without the involvement of the proxy. Please note that I am just an ordinary SSL user and do not understand its internal workings to 100% - so I apologize if the latter question is dumb. Furthermore, if someone werewilling to consultme on this matterI would, of course, be willing to pay appropirate compensation for their time. I am available for consulting. You may contact me at jaltman at secure-endpoints.com for that purpose. Thanks in advance, Marton Anka smime.p7s Description: S/MIME Cryptographic Signature
Re: Unorthodox SSL Questions
Marton Anka wrote: The client cannot trust the host because the client is not verifying the Host's certificate. The client has no way of knowing whether or not the proxy server has been compromised. Therefore it is not acceptable to trust the proxy to decrypt and reencrypt the data. You have now introduced a man in the middle. I think there's an error in your logic. First you state that the Client cannot trust the Host because it hasn't verified its certificate, then you go on to say that it is because it has no way of knowing whether Proxy has been compromised or not. I do not believe there is an error in my logic. You are using the client's trust of the Proxy to bootstrap whether or not the client trusts the Host with whom it is attempting to communicate securely. If the Proxy server becomes compromised, the Proxy will continue to be trusted by the clients even though all of the data exchanged between the Client and the Host will now be visible to an attacker. Or worse the proxy can redirect to a host which is not even yours. In my mind, the Client should not care one bit about the identity of the Proxy, the Proxy should simply being acting as a packet forwarder through which the SSL/TLS session between the Client and the Host is negotiated. Now what I see as your problem is that the Client (being a standard browser) is not going to trust the certificates which you are using for Host identification. I think this is two separate problems: 1. Verifying identities based on a trust chain. 2. Trusting or not trusting someone or someone's judgement by determining if they'd been compromised or not. I think 1) is solved by this process. I also think that 2) will dever be solved by anyone. Think about it this way: if Client were to connect to Host directly, it would still have no way of knowing if Host itself had been compromised or not. Of course not. However, I would hope that the security of your hosts (not being visible to the outside world) is going to be significantly better than the security of your external proxy. It all depends upon your threat model of course. SSL/TLS does not protect against host compromises. What it does protect against is the visibility and integrity of the data stream between a client and an authenticated server. If you are going to use SSL/TLS in such a way as to significantly reduce the strength of that functionality, you probably should use something other than SSL/TLS to protect your data. The first question is, is this cryptographically sound if we assume that Proxy has not fallen into the wrong hands? No. It is not a sound security process. Even if we assume that Proxy has not fallen into the wrong hands? Can you elaborate? There is nothing wrong with your model assuming that the client is willing to trust the proxy to protect the rest of the food chain. What you have to realize is that by making that assumption the Client really does not have any ability to trust that the data it sends really is received by the appropriate destination. Assuming that the Proxy has not fallen into the wrong hands is like assuming you will never be attacked. The point of security analysis of protocols is to determine where the weak points are and how those weak points could result in data compromise if they were to fail. Jeffrey Altman smime.p7s Description: S/MIME Cryptographic Signature
Re: ASN.1 overflows
It doesn't. OpenSSL does not use the Microsoft ASN.1 Library. Mark Foster wrote: http://www.us-cert.gov/cas/techalerts/TA04-041A.html Does this affect openssl running on Window'splatforms? __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: openssl+zlib /MD problem
I have been linking applications with both OpenSSL and ZLIB for many years now without difficulties. My guess is that either your app is not using the MSVCRT.DLL or that your are linking to some other library which is using an alternative C Runtime library. Jeffrey Altman Andrew Marlow wrote: The openssl FAQ and INSTALL.W32 warn about a corruption problem if an app does not use the multithreaded DLL option /MD, given that the build of openssl uses it. However, I am seeing the exact opposite of this problem. This is a desperate appeal for help. I build openssl using the following steps: cd opensslDir vcvars32 perl Configure -DZLIB -IzlibDir VC-WIN32 ms\do_ms nmake -f ms\ntdll.mak This causes it to be built using /MD. I link with a ZLIB that has also been built using /MD. I get what appears to be a C++ exception upon return from SSL_write. This cannot be, since openssl is written in C. I presume that some sort of corruption occurs. When my own app links with a ZLIB that does not use /MD, the problem goes away. I notice that someone else posted that there might be memory corruptions in 0.9.7b so I tried the snapshot that was made last night. Same problem. I also tried adding a call to CRYPTO_malloc_init() as the first line in subroutine main(). Again, no effect. Any ideas? Regards, Andrew Marlow There is an emerald here the size of a plover's egg! __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] smime.p7s Description: S/MIME Cryptographic Signature
Re: [ADVISORY] Timing Attack on OpenSSL
This is a different vulnerability. The one you patched two weeks ago was caused by a failure to decrypt messages when the MAC comparison failed. This vulnerability is a timing attack against the RSA algorithms. The Slashdot discussion is here: http://slashdot.org/article.pl?sid=03/03/14/0012214mode=threadtid=172 The paper is here: http://crypto.stanford.edu/~dabo/abstracts/ssl-timing.html Christopher Fowler wrote: Is this a new advisory. I've patched for a previous timing attack 2 weeks ago. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: ftp implicit ssl connection
PBSZ is used when you are negotiating the size of the buffer to be encrypted. If you are using FTP over SSL, the FTP protocol is not performing any authentication or encryption. Therefore, you do not use PBSZ. gomess wrote: It is very unclear to me what type of help you are looking for. There are many SSL/TLS FTP client and server implementations available as open source in addition to the specifications for the protocol which are available as an Internet-Draft. What do you need? well, in the previous 2 messages i tried to explain it... I'm writing an ftp client and i would like to add support for implicit ssl connection... the problem is that after the handshake i try to send the "PBSZ 0" command but i receive no answer from the server... this is the behavoiur with all of the ftp protocol commands... so, i need some help... even some source code of an ftp client that implement "implicit" (not the explicit one with AUTH command etc...) ssl connection... can u give me some help ? thank's :-) __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: ftp implicit ssl connection
It is very unclear to me what type of help you are looking for. There are many SSL/TLS FTP client and server implementations available as open source in addition to the specifications for the protocol which are available as an Internet-Draft. What do you need? gomess wrote: Nobody can help me ? :-(( Please... :-)
Re: Openssl and Kerberos
C-Kermit 8.0 http://www.kermit-project.org/ckermit.html implements it for both client and server sides. - Jeff Markus Moeller wrote: Are there any example programs documentations of how to use Openssl with Kerberos for authentication/encryption (rfc2712) ? Thank you Markus __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Openssl and Kerberos
Certs are not used when authenticating with Kerberos. You must have a Kerberos Ticket Getting Ticket retrieved via kinit. Everything else (other than restricting the cipher suite to Kerberos ciphers) should be transparent to the applications. Either the SSL_connect() and SSL_accept() succeed or they do not. - Jeff Markus Moeller wrote: On Tuesday 11 Mar 2003 12:12, Jeffrey Altman wrote: Jeff, thanks for the link. The only problem I have now is how to filter out of the hundred of options the ones related to openssl/kerberos? Also I was wondering, what you would need to do if you write your own little client/server program. (e.g. Is a kinit on the client side enough before you start the client. How does the server side create/verify the cert). ckermit does all this undercover for me, great program !! Regards Markus C-Kermit 8.0 http://www.kermit-project.org/ckermit.html implements it for both client and server sides. - Jeff Markus Moeller wrote: Are there any example programs documentations of how to use Openssl with Kerberos for authentication/encryption (rfc2712) ? Thank you Markus __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: openssl not thread-safe: any alternatives?
Are you using the mutex locks with blocking or non-blocking sockets? Using mutex locks with non-blocking sockets most definitely works. Folkert van Heusden wrote: So, my questions are: - am I doing something and IS openssl threadsafe? - is there an alternative for openssl doing which also does the key-exchange for me? YOU Just implement your own per-connection mutex and you won't YOU have any problems. Nope, won't work either! I had something like: send: pthread_mutex_lock(lock); send unlock(); and for receive: pthread_mutex_lock(lock); receive unlock(); well, you get my point. And strangely enough, the connection gets aborted: sometimes the next SSL_read and sometimes the next SSL_write fails with error 1 (not sure if it was one, cannot check right now). __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: OpenSSL 0.9.7a and versioning issues
OpenSSH and C-Kermit both perform checks of the version string of the library versus the version string of the headers the program was compiled with. This is done to ensure that the OpenSSL header constants and APIs used to build the program match those in the library. Both products must be either statically linked to OpenSSL or be rebuilt when OpenSSL changes. Phil Howard wrote: On Thu, Feb 20, 2003 at 12:23:40PM +0100, Richard Levitte - VMS Whacker wrote: | phil-openssl-users What I had to do to get around the problem was to | phil-openssl-users build critical programs like OpenSSH statically so | phil-openssl-users they had no dependency on the shared library. | | That doesn't matter. OpenSSH detects a difference in the shared | library, down to the patch level, so whenever you upgrade OpenSSL, | even within the same series, OpenSSH will stop working. That's | their choice, and I can understand it. If you understand it, could you explain that understanding? Is it because of the API changes? I guess I need to continue to build OpenSSH statically. And if their choice persist even after OpenSSL 1.0.0, that may have to be forever. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: OpenSSL 0.9.7a and versioning issues
That is how current versions of the software work. You can of course hack the code and remove the checks on your system if you would like. I do not predict what the future may hold. Phil Howard wrote: On Thu, Feb 20, 2003 at 06:17:02PM -0500, Jeffrey Altman wrote: | OpenSSH and C-Kermit both perform checks of the version string of the | library versus the version string of the headers the program was | compiled with. This is done to ensure that the OpenSSL header constants | and APIs used to build the program match those in the library. | | Both products must be either statically linked to OpenSSL or be rebuilt | when OpenSSL changes. Is this only during the OpenSSL beta version? Or will it be the case even after OpenSSL stablizes and is released as 1.0.0? __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Kerberos/PKINIT compliant subjectAltName?
Dr. Stephen Henson wrote: On Tue, Feb 11, 2003, Thomas Anders wrote: Hello, the Kerberos/PKINIT Internet draft (http://www.ietf.org/internet-drafts/draft-ietf-cat-kerberos-pk-init-16.txt, chapter 3.2.2.2) requires the KDC certificates to specify Kerberos realm and principal name in the subjectAltName extension with type-id 1.3.6.1.5.2.2. Is there a way to specify such a subjectAltName extension in openssl.cnf? If this can only be done by specifying "subjectAltName=DER:...", how can I create the appropriate DER data? Thats a rather weird extension: it uses an odd type and some unnecessary tagging. Creating it manually would be rather difficult. You could use the mini-ASN1 compiler in OpenSSL 0.9.8 but it doesn't currently directly handle GeneralString (its not apparent why the draft should use that as opposed to UTF8String) I'll fix it so it does. Kerberos is ASN.1 based. The Realm names in the current protocol specifications use GeneralString to represent REALM names. GeneralString is being replaced with a new type, KerberosString, in the next revision of the protocol. If you want to read the gory details, read Section 5.2.1 of http://www.isi.edu/people/bcn/krb-revisions/krbclar5-4.html As for PKINIT, I will predict that the current draft will not survive in its current form. The reason it is at revision 16 is not because there have been numerous revisions but because the I-D has simply been republished for years while the Kerberos Working Group is focused on getting out revisions to the core protocols.
Re: SSL_accept hang
As long as you are on a Windows system that implements WinSock2 all you need to do is specify int timeout = 15; setsockopt(socket, SOL_SOCKET, SO_RCVTIMEO, timeout, sizeof(int)); This will result in the following behaviors as described in http://msdn.microsoft.com/library/default.asp?url=""> Note When using the recv function, if no data arrives during the period specified in SO_RCVTIMEO, the recv function completes. In Windows versions prior to Windows 2000, any data received subsequently fails with WSAETIMEDOUT. In Windows 2000 and later, if no data arrives within the period specified in SO_RCVTIMEO the recv function returns WSAETIMEDOUT, and if data is received, recv returns SUCCESS. Tim Regovich wrote: What a lively discussion! One point that I thought was implicit in my comment when I started was that the timeout approach using some sort of alarm around a call to say SSL_accept, is that you cannot use the TCP timeouts, because SSL_accept wraps a whole serious of TCP transactions. My assertion is that given a situation where TCP transactions as taking place, it is difficult to come up with a reasonable timeout number. Furthermore, if you are using non blocking I/O you are doing it because you get better scalability/performance in an application that is managing a significant number of connections. Using non blocking I/O with OpenSSL is no more or less tricky than using non blocking I/O for any other application, but the point is well taken that if you are not familiar with socket programming and non blocking sockets/pooling/etc etc etc, then you will have problems layering OpenSSL on top of it! I am currently writing up a little HOWTO with some example code for handling non-blocking sockets, not using BIOs. I will include a very minimal connection manager/thread pooler that will hopefully clear up a lot of confusion. Regards, Tim Regovich
Re: SSL_accept hang
Can you please elaborate on the algorithm you are using to accept connections? The SSL_accept() does not take a server socket (the socket on which the accept() call is performed.) Therefore, I do not know why the SSL_accept() should block accept() calls unless you are calling them in sequence and not setting a timeout in the socket returned by accept(). listen(server_socket,queue_size); some loop { select(...); // listen for ready sockets to perform accept on client_socket = accept(server_socket); threadbegin(tls_accept, client_socket); //start tls accept thread } void tls_accept(void * param) { SOCKET socket = param; int timeout = 15000; int rc; // Allocate SSL Context to ssl_con setsockopt(socket, SOL_SOCKET, SO_RCVTIMEO, timeout, sizeof(int)); SSL_set_fd(ssl_con, socket); if (SSL_accept(ssl_con) = 0) { // Handle error } else { // Begin serving client ... } } Jasper Spit wrote: Bericht Don't know if this is appropriate for you, but if you're using a multithreaded app, make sure the SSL_accept call takes place in a seperate thread (dedicated for that client). That way if the connecting partynever initiates or completes a handshake, your application will still be able to serve other clients. BTW, there's no need for non-blocking I/O if you use a multithreaded server. You can build your own timeout mechanism using e.g. select() prior to each read or write. This works fine for me, and is platform independent. -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Namens Skip Rhudy Verzonden: vrijdag 24 januari 2003 21:43 Aan: [EMAIL PROTECTED] Onderwerp: SSL_accept hang Hello all, Recently we encountered behavior with SSL_accept() that can be exploited as a DOS attack. Ive noticed a similar thread posted, but it focuses on Apache (Slapper denial-of-service problem why isnt this fixed?) We use OpenSSL on in a Win2k environment. The latest code we have is 0.9.6h. If SSL_accept is called in blocking i/o mode, and the client on the other end never initiates a handshake, or never sends any data at all, the SSL_accept() call never returns. In the case of the particular server we are using, once that happens, further TCP accepts are blocked and so once the Winsock accept queue is full, the server stops responding. This can be confirmed using telnet to the SSL listen port. If telnet sends no data, the SSL library doesnt seem to timeout. Is there a timeout for handshake begin on the SSL_accept side? Is this a known issue? It sounds the same as the Slapper denial-of-service problem. Regards, Skip There are traders and there are CyberTraders. http://www.cybertrader.com/ CyberTrader does not accept buy or sell orders or cancels through this medium and is not responsible for any orders so placed. The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. WARNING: All email sent to or from this address will be received or otherwise recorded by the Charles Schwab corporate email system and is subject to archival, monitoring or review by, and / or disclosure to, someone other than the recipient. ~
Re: explicit linking question (6)
You can use LoadLibrary() to load the DLLs at runtime instead of linking to them at compile time. However, if you do this you will need to load each function pointer programatically. dan demers wrote: in the windows environment, is it possible to use the explicitly link the openssl dll(s) (ssleay32.dll and libeay32.dll) as needed from my application? i wanted to include in my general dll (used by all my programs) an ssl object the uses openssl and explicitly loads the dll(s) as needed if the ssl object is created. it this possible or do i always need to deliver the openssl dlls with my general dll which doesn't always use the ssl stuff. thanks, dan
Re: Socket call fails with OpenSSL 0.9.6h on Win32
WSAStartup() is required for Winsock 1.x as well. You should be calling this in your application. It would be inappropriate for this to be called from OpenSSL. Peter Aben wrote: I have used OpenSSL 0.9.6c in our application successfully on various platforms. After upgrading to 0.9.6h, on the Windows platform the socket() call fails with an error code 10093 (successful WSAStartup not yet performed). For compatibility reasons I don't use Winsock2, so no WSAStartup should be necessairy (and it wasn't with 0.9.6c). When I replace the new (0.9.6h) SSL dll's with the old ones (0.9.6c), it works fine again (without recompiling my application). The specific platform is NT4/SP6a. I use the default compilation procedure that comes with OpenSSL. The compiler is MSVC 5.00. Is anyone familiar with this problem? __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Slapper denial-of-service problem - why isn't this fixed?
Geoff: Since absolutely no one that is experiencing this problem has looked at a suffering process in a debugger it is impossible to know what is the cause of the problem. As far as I can tell all the theories that have been put forward as to what this is or is not are simply best guesses without much evidence to back them up. - Jeff Geoff Thorpe wrote: But before this gets way off-topic for the list ... are we agreed then that all this discussion *is* about network I/O timouts in Apache and *not* about any SSL/TLS vulnerabilities in OpenSSL?? If not, someone say so please. Cheers, Geoff __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: PROBLEM
As far as I am aware WS-FTP Pro does not use OpenSSL The following web page describes how to use Kermit 95 to access mailboxes via IBM Info Exchange: http://www.kermit-project.org/ibm_ie.html I am trying to set up my connection. I am using WS-FTP Pro and want to FTP to our IBM mailbox. I have my certficates and IBM told me to go to your sight and get SSL and that is where my confusion starts. I am not sure what to download or how to install it. Rick Gabriel Programmer/Analyst - EDI Systems Administrator Zurich North America IT Empire Insurance Companies (402) 963-5000 ext. 4246 *** PLEASE NOTE *** This E-Mail/telefax message and any documents accompanying this transmission may contain privileged and/or confidential information and is intended solely for the addressee(s) named above. If you are not the intended addressee/recipient, you are hereby notified that any use of, disclosure, copying, distribution, or reliance on the contents of this E-Mail/telefax information is strictly prohibited and may result in legal action against you. Please reply to the sender advising of the error in transmission and immediately delete/destroy the message and any accompanying documents. Thank you. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] Jeffrey Altman * Volunteer Developer Kermit 95 2.1 GUI available now!!! The Kermit Project @ Columbia University SSH, Secure Telnet, Secure FTP, HTTP http://www.kermit-project.org/Secured with MIT Kerberos, SRP, and [EMAIL PROTECTED] OpenSSL. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: IMPORTANT: The release of 0.9.6h is postponed
I would modify it as such: volatile unsigned char * CRYPTO_cleanse(volatile void *ptr, size_t len) { volatile static unsigned char foo = 0; volatile unsigned char *p = ptr; size_t loop = len; while(loop--) { *(p++) = foo++; foo += (17 + (unsigned char)(p 0xF)) } if(memchr(ptr, foo, len)) foo += 63; return(foo); } i know that probably this is not conern for now but doesn't this code is not thread safe , meaningly this could be even better , because erased buffer will be filled partially with values from several threads or this code could be worse , cause it will require some sort of lock before getting to function ?? or i'm wrong about this one ??? Its perfectly ok for this function to be called as written from multiple threads. It is the fact that there is a buffer that is read and written that is not entirely predictable that ensures the function cannot be optimized out. Jeffrey Altman * Volunteer Developer Kermit 95 2.1 GUI available now!!! The Kermit Project @ Columbia University SSH, Secure Telnet, Secure FTP, HTTP http://www.kermit-project.org/Secured with MIT Kerberos, SRP, and [EMAIL PROTECTED] OpenSSL. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: IMPORTANT: The release of 0.9.6h is postponed
In message [EMAIL PROTECTED] on Sat, 23 Nov 2002 13:36:43 -0500, Geoff Thorpe [EMAIL PROTECTED] said: geoff But then we already knew that - Peter Gutmann had pointed out in the past geoff that a single write of zeroes to disk or memory doesn't protect against geoff the previous values being retrieved if you have physical (power-off) geoff access. So aggressive compilers are simply forcing an issue we should geoff have confronted anyway - clean the memory properly. geoff geoff Eg. geoff CRYPTO_cleanse(void *ptr, size_t len) geoff { geoff static unsigned char foo = 0; geoff unsigned char *p = ptr; geoff size_t loop = len; geoff while(loop--) { geoff *(p++) = foo++; geoff foo += (17 + (unsigned char)(p 0xF)) geoff } geoff if(memchr(ptr, foo, len)) geoff foo += 63; geoff } I like that one. If noone sees a problem, I'll insert that as soon as I have some time. I would modify it as such: volatile unsigned char * CRYPTO_cleanse(volatile void *ptr, size_t len) { volatile static unsigned char foo = 0; volatile unsigned char *p = ptr; size_t loop = len; while(loop--) { *(p++) = foo++; foo += (17 + (unsigned char)(p 0xF)) } if(memchr(ptr, foo, len)) foo += 63; return(foo); } Jeffrey Altman * Volunteer Developer Kermit 95 2.1 GUI available now!!! The Kermit Project @ Columbia University SSH, Secure Telnet, Secure FTP, HTTP http://www.kermit-project.org/Secured with MIT Kerberos, SRP, and [EMAIL PROTECTED] OpenSSL. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: IMPORTANT: The release of 0.9.6h is postponed
The pointer to the buffer in the declaration of this function could be volatile. Then the compiler can't just get rid of the call since by definition something else could be referencing the memory. On Sat, 23 Nov 2002 22:00:24 -0500 (EST), Rich Salz wrote: As-if what? If the memory isn't zero, abort() is called. But the compiler could know that the memory is zero, inline the check, and then optimize it out. Every single byte of the area in question is checked. Please explain how it could be while preserving the semantics. The code does nothing, so under the as-if rule, it can be removed entirely. DS __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] Jeffrey Altman * Volunteer Developer Kermit 95 2.1 GUI available now!!! The Kermit Project @ Columbia University SSH, Secure Telnet, Secure FTP, HTTP http://www.kermit-project.org/Secured with MIT Kerberos, SRP, and [EMAIL PROTECTED] OpenSSL. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: IMPORTANT: The release of 0.9.6h is postponed
I thought making a memset() look-alike (somewhere in the discussion, setmem() was proposed) was enough to prevent it. No? There were three suggestions made that I had seen that appeared to work: . change all password buffers to volatile . replace memset() with your own function not called memset . use compiler specific command line options to turn off this optimization The problem with the first two is that they do have significant performance impacts. The problem with the last is that we do not want to need to know the command line options for each and every compiler. Jeffrey Altman * Sr.Software Designer Kermit 95 2.0 GUI available now!!! The Kermit Project @ Columbia University SSH, Secure Telnet, Secure FTP, HTTP http://www.kermit-project.org/Secured with MIT Kerberos, SRP, and [EMAIL PROTECTED] OpenSSL. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: IMPORTANT: The release of 0.9.6h is postponed
I am concerned about the performance impact of the use of 'volatile' memory access because it means that all access to the memory region must be performed without use of memory caches. You are worried about a performance impact of clearing a small password buffer? I would think the idea of changing memset() to a more secure function is an excellent idea and well worth a couple of days of delay. Heck, I have been waiting for release 0.9.7 for a couple of years! Ken I thought making a memset() look-alike (somewhere in the discussion, setmem() was proposed) was enough to prevent it. No? There were three suggestions made that I had seen that appeared to work: . change all password buffers to volatile . replace memset() with your own function not called memset . use compiler specific command line options to turn off this optimization The problem with the first two is that they do have significant performance impacts. The problem with the last is that we do not want to need to know the command line options for each and every compiler. Jeffrey Altman * Sr.Software Designer Kermit 95 2.0 GUI available now!!! The Kermit Project @ Columbia University SSH, Secure Telnet, Secure FTP, HTTP http://www.kermit-project.org/Secured with MIT Kerberos, SRP, and [EMAIL PROTECTED] OpenSSL. ___ ___ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ___ Support InterSoft International, Inc. Voice: 888-823-1541, International 281-398-7060 Fax: 888-823-1542, International 281-398-0221 [EMAIL PROTECTED] http://www.securenetterm.com __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] Jeffrey Altman * Sr.Software Designer Kermit 95 2.0 GUI available now!!! The Kermit Project @ Columbia University SSH, Secure Telnet, Secure FTP, HTTP http://www.kermit-project.org/Secured with MIT Kerberos, SRP, and [EMAIL PROTECTED] OpenSSL. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: OpenSSL on WIN2K
As documented on our web site http://www.kermit-project.org/k95.html#export Kermit 95 has been approved for export including an unrestricted version of OpenSSL integrated with a full implementation of MIT's Kerberos for Windows. Export Permission Export of cryptographic software is restricted by United States of America Export Administration Regulations. This is a matter of USA law, which governs the New York based Kermit Project. The United States Department of Commerce Bureau of Industry and Security (BIS), via CCATS # G025631 dated 07/16/2002, has granted to Kermit 95: * Export Control Classification Number (ECCN): 5D002 (Telecommunications and Information Security - Software), Paragraph C.1. * Export License Exception ENC (Encryption Commodities and Software) under Sections 740.17(A) and 740.17(B)(3) of the United States Export Administration Regulations (EAR). This allows export of the cryptographic version of Kermit 95 to all countries except Cuba, Iran, Iraq, North Korea, Libya, Sudan, and Syria. Of course the non-cryptographic version can be exported to any country at all. (If you disagree with the composition of the list of embargoed countries or any other facet of US export law, please direct your comments to the appropriate government or international bodies.) Date sent:Tue, 05 Nov 2002 13:12:27 To: [EMAIL PROTECTED] From: Thomas J. Hruska [EMAIL PROTECTED] Subject: Re: OpenSSL on WIN2K Send reply to:[EMAIL PROTECTED] Passing out this type of advice may end up getting application developers in a lot of hot water. The distribution of the OpenSSL dll's has no relation to the legal requirements involving the use of such dll's. I believe the term the US government uses for applications that do make use of such a concept is an open cryptographic interface. I have been told, but have no proof of such, the US Department of Commerce WILL NOT approve the export of any product that uses the OpenSSL dll's. Futher, all the applications I know of that have export approval, which use OpenSSL, is in fact static linked to the OpenSSL library. It would be interesting to know if any US based application, which has export approval, does use the OpenSSL dll's. Ken Jeffrey Altman * Sr.Software Designer Kermit 95 2.0 GUI available now!!! The Kermit Project @ Columbia University SSH, Secure Telnet, Secure FTP, HTTP http://www.kermit-project.org/Secured with MIT Kerberos, SRP, and [EMAIL PROTECTED] OpenSSL. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: Question about auth with client certificates
There are two things you need to do: authenticate and then authorize. C-Kermit provides hooks to organizations in the form of two functions: X509_to_user() - who does this certificate represent X509_userok() - may the user gain access with this certificate C-Kermit provides two implementations by default. One that maps the UID to the user; and the other that maps the Alt-Name to the user. http://www.kermit-project.org/security.html#xa3.11.2 However, you do not have to trust the certificate subject. If you want you can have the owner of the certificate submit the certificate to you out of band. You can then store in a database or directory the certificate (or its fingerprint) and associate that with a username. When the SSL handshake has successfully completed, grab the certificate, look it up in the database or directory and then use the username you have stored. This is what is done at Universities that do not want to put any personal information into the certificates. Ok, I get it. But I would be happier if I would be able to authenticate not the certificate subject, but the public key itself. Maybe I'm not the kind of people that trust in others to do the job. Thanks a lot for your help. Gastón Christen Jeffrey Altman * Sr.Software Designer Kermit 95 2.0 GUI available now!!! The Kermit Project @ Columbia University SSH, Secure Telnet, Secure FTP, HTTP http://www.kermit-project.org/Secured with MIT Kerberos, SRP, and [EMAIL PROTECTED] OpenSSL. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: openssl Newbie ( PRNG seed )
There is no need to call RAND_screen() more than once. 0.9.4 is vulnerable to attacks because the random number generator is not seeded with sufficient entropy. 0.9.6e takes more time in order to generate the necessary entropy. Using a hardcoded seed value with make your connections vulnerable. Hi, Thanks for the reply. But, I have another problem: My appln was initially using openssl 0.9.4 and it was calling RAND_screen() for each client. Now I have moved to openssl 0.6e and what I have observed is that the RAND_screen() takes a significant amount of time about 10 sec. and makes my appl'n slow. Also, my appl'n is multithreaded and the time RAND_screen() takes seems to be proportional to the number of threads (clients) I fire ( Each thread does call RAND_screen() only once ). I do not know how is that related ? Can anybody help ? Also, If my client uses a hardcoded seed but my server doesn't how am I (the connection) vulnerable ? Please help, Thanks, Neelay S Shah __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [ANNOUNCE] OpenSSL 0.9.6g released
Richard wrote: The trouble with such a scheme would be that the algorithm itself would still exist in the library, and can then potentially be used, just by a change in the INI file. Under those conditions, the algorithm is still there, even if not currently used (it's still usable, basically). There are fears that is enough to put you in trouble. Therefore, there are people who want to be able to physically remove the troublesome algorithms from the source, and build the library with the rest of it. No run-time INI file will help there... If it was that simple, we would already have done it a long time ago (that's my guess at least...). This is correct. Simply shipping a binary with an implemented algorithm (even when not used) opens the distributor to patent infringement claims. Jeffrey Altman * Sr.Software Designer Kermit 95 2.0 GUI available now!!! The Kermit Project @ Columbia University SSH, Secure Telnet, Secure FTP, HTTP http://www.kermit-project.org/Secured with MIT Kerberos, SRP, and [EMAIL PROTECTED] OpenSSL. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: patches for security advisory of 30th July [URGENT]
You might do better if you didn't post HTML to a text based mailing list. The patches posted to this mailing list come from an OpenSSL team member. They are similar to the patches that were incorporated into the current distributions of 0.9.6e and 0.9.7-beta3. The patches utilize the OpenSSLDie() function to cause the problem to terminate if one of the attack conditions is detected. This provides attackers with an easy denial of service attack against your application. Patches for 0.9.5a that avoid the DoS have not been issued. If you wish to continue using 0.9.5a you will need to back port the resulting subsequent fixes yourself. Jeffrey Altman * Sr.Software Designer Kermit 95 2.0 GUI available now!!! The Kermit Project @ Columbia University SSH, Secure Telnet, Secure FTP, HTTP http://www.kermit-project.org/Secured with MIT Kerberos, SRP, and [EMAIL PROTECTED] OpenSSL. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: [ANNOUNCE] OpenSSL 0.9.6g released
If you do not have the skill to deal with a missing export in a DLL, you do not have the skill to be working with security code. The problem is not that the release was made, the problem is that it was improperly labelled. By not saying that it was beta-quality, people were misled. There is a significant portion of the community that either doesn't have the skill or the inclination to deal with beta-quality software. The intent of not labelling the e, f, and g releases as beta was to have them widely distributed. However the opposite effect is happening as people will now be suspicious of the quality and will simply wait to see how things shake out. --- Jeffrey Altman [EMAIL PROTECTED] wrote: At 09:40 AM 8/9/2002 -0400, Gregg Andrew writeth: OK so is version 0.9.6e that I just compiled with Apache-2.0.39 any good? It was my understanding that all known security issues were addressed and fixed in 0.9.6e version, is this still true? I'm running on Solaris 8. Thanks Gregg Andrew I'm just going to wait for them to get their act together and release an official _STABLE_ release before I go and get the latest and greatest. Sure there might be some issues in the current stable version, but from what I'm seeing, they are putting out fixes without testing every platform. Given that the Windows platform is barely supported by the OpenSSL community, it is insane to constantly try the new updates only to find they don't compile or something else is wrong with them. Hope this helps! Actually it doesn't. The OpenSSL team is not capable of testing by themselves all of the platforms on which their code is used. That requires the help of the user community. Unfortunately, when they are trying to get out an emergency fix to close a security hole that can be used to compromise the integrity of any application or service that uses OpenSSL on any operating system it is a bit hard to have a two week public beta test. The OpenSSL team did what they felt was necessary and get a series of patches out for all versions of OpenSSL going back at least five years that when applied would alter the result of potential attacks by turning attacks into a denial of service rather than a system compromise. Granted, the applied patches did not work on some systems when used with shared libraries (Windows, VMS) but the greater community responded within several hours with: . a fix to the exports to allow the fix to be built on Windows . an analysis of the denial of service problem outlining the path to removing it entirely while still closing the security holes . a series of patches that removed the denial of service attack these were then integrated into OpenSSL snapshots the next day. These were released yesterday with several more fixes as 0.9.6f. Because it is addressing a pressing security concern there was no public beta and it was deemed necessary to get the build out right away before more companies shipped products incorporating the denial of service. There was a minor build problem on some systems, therefore 0.9.6g was announced today. I think the OpenSSL team and the community should be congradulated for their response to this problem. I only hope that vendors will be a quick to integrate these fixes into their products so as to avoid significant use of these holes for destructive purposes. - Jeff Jeffrey Altman * Sr.Software Designer Kermit 95 2.0 GUI available now!!! The Kermit Project @ Columbia University SSH, Secure Telnet, Secure FTP, HTTP http://www.kermit-project.org/Secured with MIT Kerberos, SRP, and [EMAIL PROTECTED] OpenSSL. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ Do You Yahoo!? HotJobs - Search Thousands of New Jobs http://www.hotjobs.com __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] Jeffrey Altman * Sr.Software Designer Kermit 95 2.0 GUI available now!!! The Kermit Project @ Columbia University SSH, Secure Telnet, Secure FTP, HTTP http://www.kermit-project.org/Secured with MIT Kerberos, SRP, and [EMAIL PROTECTED] OpenSSL. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated
Re: 0.9.7-beta3 : build problem on Win32 (FIXED ?)
This has been properly fixed in the current snapshots by removing the OpenSSLDie() function entirely from the distribution. I added the $(CRYPTOOBJ) above (see ). This single fix allowed the build to succeed. And the ms\test all pass. I would appreciate whoever is in charge of the win32 build maintenance to double-check this for me and update the build procedure before next beta or release. Thank you very much, Jeffrey Altman * Sr.Software Designer Kermit 95 2.0 GUI available now!!! The Kermit Project @ Columbia University SSH, Secure Telnet, Secure FTP, HTTP http://www.kermit-project.org/Secured with MIT Kerberos, SRP, and [EMAIL PROTECTED] OpenSSL. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Web Browsers and SSL Support
Can a web browser open a SSL connection to an FTP server that supports SSL? The server software that I've looked at says that it can't and I'm wondering which program is preventing it -the web browser or the server software. I don't understand SSL well enough to answer this question myself, so I was hoping someone out there might be able to shed some light. If it's the browser that isn't able to support the connection, is there a plugin available for doing this? How hard would it be write one? Thanks in advance. Bryon __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] Your browser does not implement FTP AUTH SSL. Use an FTP client that does such as C-Kermit 8.0 http://www.kermit-project.org/ckermit.html Jeffrey Altman * Sr.Software Designer Kermit 95 2.0 GUI available now!!! The Kermit Project @ Columbia University SSH, Secure Telnet, Secure FTP, HTTP http://www.kermit-project.org/Secured with MIT Kerberos, SRP, and [EMAIL PROTECTED] OpenSSL. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Web Browsers and SSL Support
Guess I should I have asked if there are any windoze web browsers that support FTP AUTH SSL. If not, I'm still interested in know how hard it would be to write a plugin that could do this type of thing. For Windows Kermit 95 is an FTP client that supports FTP AUTH SSL and FTP AUTH TLS. http://www.kermit-project.org/k95.html For web browsers I am unaware of a single one that supports FTP AUTH SSL. You could probably take the code that Peter Runestig wrote for the FTP clients that he supports on Unix and integrate it into Mozilla. Jeffrey Altman * Sr.Software Designer Kermit 95 2.0 GUI available now!!! The Kermit Project @ Columbia University SSH, Secure Telnet, Secure FTP, HTTP http://www.kermit-project.org/Secured with MIT Kerberos, SRP, and [EMAIL PROTECTED] OpenSSL. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: OpenSSL Security Altert - Remote Buffer Overflows
OpenSSL Security Advisory [30 July 2002] Does this affect Apache Web Servers? If they are compiled with OpenSSL support then 'yes'. Jeffrey Altman * Sr.Software Designer Kermit 95 2.0 GUI available now!!! The Kermit Project @ Columbia University SSH, Secure Telnet, Secure FTP, HTTP http://www.kermit-project.org/Secured with MIT Kerberos, SRP, and [EMAIL PROTECTED] OpenSSL. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: backwards connection
I assume you mean do something like this in the Application client: ctx = SSL_CTX_new( SSLv3_server_method() ); I tried this, SSL_connect/SSL_accept returns 0, with the following error: 328:error:140C5022:SSL routines:SSL_UNDEFINED_FUNCTION:called a function you should not call:ssl_lib.c:1639: I must be missing something. My client basically does the following: SSL_library_init(); SSL_load_error_strings(); ctx = SSL_CTX_new( SSLv3_server_method() ); SSL_CTX_use_certificate_file( ctx, cert, SSL_FILETYPE_PEM ) SSL_CTX_use_PrivateKey_file( ctx, key, SSL_FILETYPE_PEM ) SSL_CTX_set_verify( ctx, ( SSL_VERIFY_NONE ), ssl_verify_callback ); SSL_CTX_set_verify_depth( ctx, 4 ); SSL_CTX_set_options( ctx, SSL_OP_ALL ); ...connect to port... SSL_new() SSL_connect( ) /* returns 0 */ This should be SSL_accept(); My server process does the following: SSL_library_init(); SSL_load_error_strings(); ctx = SSL_CTX_new( SSLv3_client_method() ); SSL_CTX_load_verify_locations( ctx, root.pem, NULL ) SSL_CTX_set_verify( ctx, ( SSL_VERIFY_NONE ), ssl_verify_callback ); SSL_CTX_set_verify_depth( ctx, 4 ); SSL_CTX_set_options( ctx, SSL_OP_ALL ); ...bind to port... SSL_new() SSL_accept( ) /* returns 0 */ This should be SSL_connect(); Jeffrey Altman * Sr.Software Designer Kermit 95 2.0 GUI available now!!! The Kermit Project @ Columbia University SSH, Secure Telnet, Secure FTP, HTTP http://www.kermit-project.org/Secured with MIT Kerberos, SRP, and [EMAIL PROTECTED] OpenSSL. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: starting TLS Telnet server
Thanks for the help, This has developed into a few more questions now. First let me make sure that I did everything correctly. I commented out the old telnet server line in /etc/xinetd.d/telnet and added the path to my tls server /usr/local/sbin/telnetd This is the TLS Telnet Daemon (I have another telnet file (server) --- /usr/local/bin/telnet that was created the same day and time as the one that I have my path set to ??? Any ideas) This is the TLS Telnet client Anyway, I try to connect to it and I am getting errors during the handshake. I am sure that it is because I am running a Microsoft Test Certificate on the client (Win2K box) and an OpenSSL self signed certificate on the server (RedHat 7.3) How do I set up the list of accepted CA's for both machines to allow these test certificates? I have tried exporting my Win2K cert. w/o the key and importing it as a signer in Crypto Manager, but I get an error that it is not a signer cert. I also imported it into Netscape and it worked fine?? What are you using as a TLS Telnet client on Win2K? If you are not using a TLS Telnet client on Win2K, how is Win2K involved? I think you need to read the text files that Peter provides in his distribution. Jeffrey Altman * Sr.Software Designer Kermit 95 2.0 GUI available now!!! The Kermit Project @ Columbia University SSH, Secure Telnet, Secure FTP, HTTP http://www.kermit-project.org/Secured with MIT Kerberos, SRP, and [EMAIL PROTECTED] OpenSSL. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: starting TLS Telnet server
I have no idea whether your shareware client properly implements START_TLS or not; or whether or not it supports client certificates. Peter's TLS Telnet distribution comes with both a client and a server. The docs describe how to configure the server to authenticate itself to the client. For the server to authenticate the client certs you must compile the Telnet server to support that functionality using one of the sample functions for doing so; or write one that meets the requirements of your authentication and authorization system. For the client, the man page describes how to specify client certs and keys for authenticating the client to the server. If you want a Windows Telnet client that not only properly supports the START_TLS option but all has good documentation about it, look at Kermit 95: http://www.kermit-project.org/k95.html The security docs which you may find useful in any case are located at http://www.kermit-project.org/security.html I read all the docs, but as I said earlier, I am new to both Linux and SSL and I didn't know how to get both the client and the server to accept the test certificate's CA that I am using for both parties' authentication. I think that I got both of them setup finally. For Win2K, I downloaded a shareware client from Tucows just to be sure that the TLS Telnet server is correctly configured. As for all the questions, I am implementing SSL support for all the network utilities in TOAD (Quest Software, Inc.) and no one here has ever implemented SSL before and our Unix guy is across the country so unless if I want to wait 2 more weeks, I have to set the Linux box up myself. Thanks, Michael - Original Message - From: Jeffrey Altman [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Wednesday, July 03, 2002 9:00 AM Subject: Re: starting TLS Telnet server Thanks for the help, This has developed into a few more questions now. First let me make sure that I did everything correctly. I commented out the old telnet server line in /etc/xinetd.d/telnet and added the path to my tls server /usr/local/sbin/telnetd This is the TLS Telnet Daemon (I have another telnet file (server) --- /usr/local/bin/telnet that was created the same day and time as the one that I have my path set to ??? Any ideas) This is the TLS Telnet client Anyway, I try to connect to it and I am getting errors during the handshake. I am sure that it is because I am running a Microsoft Test Certificate on the client (Win2K box) and an OpenSSL self signed certificate on the server (RedHat 7.3) How do I set up the list of accepted CA's for both machines to allow these test certificates? I have tried exporting my Win2K cert. w/o the key and importing it as a signer in Crypto Manager, but I get an error that it is not a signer cert. I also imported it into Netscape and it worked fine?? What are you using as a TLS Telnet client on Win2K? If you are not using a TLS Telnet client on Win2K, how is Win2K involved? I think you need to read the text files that Peter provides in his distribution. Jeffrey Altman * Sr.Software Designer Kermit 95 2.0 GUI available now!!! The Kermit Project @ Columbia University SSH, Secure Telnet, Secure FTP, HTTP http://www.kermit-project.org/Secured with MIT Kerberos, SRP, and [EMAIL PROTECTED] OpenSSL. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] Jeffrey Altman * Sr.Software Designer Kermit 95 2.0 GUI available now!!! The Kermit Project @ Columbia University SSH, Secure Telnet, Secure FTP, HTTP http://www.kermit-project.org/Secured with MIT Kerberos, SRP, and [EMAIL PROTECTED] OpenSSL. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[no subject]
I am new to the whole SSL thing and I want to set up an SSL Telnet = server (not SSH). Is there a package that does this or do I use = OpenSSL? Can I just apply SSL to the existing RedHat telnet server? Thanks, Mike Michael Staszewski II Associate Developer Quest Software Inc. See http://www.kermit-project.org/telnetd.html for a list of servers that support START_TLS Jeffrey Altman * Sr.Software Designer Kermit 95 2.0 GUI available now!!! The Kermit Project @ Columbia University SSH, Secure Telnet, Secure FTP, HTTP http://www.kermit-project.org/Secured with MIT Kerberos, SRP, and [EMAIL PROTECTED] OpenSSL. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: (forgot to add subj. last time) SSL Telnet servers
What files are you attempting to download? The Telnet Servers are not stored on the Kermit site. What are you attempting to download them with? How can I download the files from the kermit site? I get TLS subsystem failed error. Do I need a certificate to download these files? Thanks. Mike - Original Message - From: Jeffrey Altman [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Monday, July 01, 2002 11:57 AM I am new to the whole SSL thing and I want to set up an SSL Telnet = server (not SSH). Is there a package that does this or do I use = OpenSSL? Can I just apply SSL to the existing RedHat telnet server? Thanks, Mike Michael Staszewski II Associate Developer Quest Software Inc. See http://www.kermit-project.org/telnetd.html for a list of servers that support START_TLS Jeffrey Altman * Sr.Software Designer Kermit 95 2.0 GUI available now!!! The Kermit Project @ Columbia University SSH, Secure Telnet, Secure FTP, HTTP http://www.kermit-project.org/Secured with MIT Kerberos, SRP, and [EMAIL PROTECTED] OpenSSL. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] Jeffrey Altman * Sr.Software Designer Kermit 95 2.0 GUI available now!!! The Kermit Project @ Columbia University SSH, Secure Telnet, Secure FTP, HTTP http://www.kermit-project.org/Secured with MIT Kerberos, SRP, and [EMAIL PROTECTED] OpenSSL. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Problem RAND_Status
Not all of the methods used in crypto/rand/rand_win.c to extract entropy from the system are safe to use under all circumstances. You are going to have to hack the code to disable the calls that do not return under your locked process. I have a dll development that lock the process execution, this is a background process that load this dll and use SSL to encrypt/Decrypt files. The problem is in this lines: srand(time(NULL)); do { r = rand(); RAND_seed(r, sizeof(int)); } while(0 == RAND_status()); The thread is never returning when execute RAND_status function. I tried executing this DLL from a custom program and work well, It only fail when the execution is under background process. Please I haven#8217;t clues about what is going on, I appreciate any help. Thank, David Pineda __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] Jeffrey Altman * Sr.Software Designer Kermit 95 2.0 GUI available now!!! The Kermit Project @ Columbia University SSH, Secure Telnet, Secure FTP, HTTP http://www.kermit-project.org/Secured with MIT Kerberos, SRP, and [EMAIL PROTECTED] OpenSSL. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: telnetd-ssl
Then it looks like Debian's telnet does not support client certificates. I don't know what telnet-ssl is or was. If this was Tim Hudson's old implementation using the TELNET AUTH SSL hack then it should be abandoned in favor of one that supports the IETF TELNET START_TLS option. The code that Peter Runestig and I wrote supports START_TLS as well as the TELNET FORWARD-X option for securing X Windows sessions. It also supports TLS session reuse for improved performance. It also provides several sample implementations of the X509_to_user() function so you can specify how your client's certificates once verified should be mapped to userid's. You can find it at: http://www.runestig.com/osp.html It comes with a client as well. However, the best TLS Telnet client for *nix is C-Kermit 8.0: http://www.kermit-project.org/ckermit.html Security description at http://www.kermit-project.org/security.html -Mensaje original- De: Jeffrey Altman [mailto:[EMAIL PROTECTED]] Enviado el: jueves, 06 de junio de 2002 19:58 Para: [EMAIL PROTECTED] CC: [EMAIL PROTECTED] Asunto: Re: telnetd-ssl That depends on whose Telnetd you are using and how you want the client's to be authorized. -I'm on a Debian 2.4.6 with telnetd-ssl and telnet-ssl (0.17), openssl = 0.9.6-c and their libs, latest libc6 and depending libs. This is testing = versi=F3n on Debian. -I've talked with the responsible of package and he said that the = original sources are from telnetssl and he never tested the = authentication certificate client. I've tried to do this with this = config: -CA root certificate installed and accessible. -Two x509 certs verified certs created with demoCa (signed by CA root = certificate):=20 *telnetd cert subject and issuer subject=3D/C=3DES/ST=3DCastellon/L=3DCastellon/O=3DIN3 = S.A./OU=3DTelnet/CN=3Dzidane.in3.es issuer =3D/C=3DES/ST=3DCastellon/L=3DCastellon/O=3DIN3 Certificate = Authority/OU=3DIN3 Certificate Authority/CN=3DIN3 *newcert cert subject and issuer subject=3D/C=3DES/ST=3DCastellon/L=3DCastellon/O=3DIN3 = S.A./OU=3Dstaff/CN=3Duser name, where user name is valid user system issuer =3D/C=3DES/ST=3DCastellon/L=3DCastellon/O=3DIN3 Certificate = Authority/OU=3DIN3 Certificate Authority/CN=3DIN3 -telnetd entry on inetd.conf: telnets stream tcp nowait telnetd.telnetd /usr/sbin/tcpd = /usr/sbin/in.telnetd -z cert=3D/etc/ssl/certs/telnetd.pem -z = key=3D/etc/ssl/private/telnetd.key -z certrequired -z secure -z = verify=3D1 -z certsok -command line from bash: telnet-ssl -z cert=3Dnewcert.pem -z debug -z verbose -z = key=3Dnewcert.key -z verify=3D1 zidane.in3.es 992 The exit during execeution of client: [SSL - attempting to switch on SSL] [SSL - handshake starting] SSL_connect:UNKWN before/connect initialization SSL_connect:23WCHA SSLv2/v3 write client hello A SSL_connect:3RSH_A SSLv3 read server hello A Certificate[0] subject=3D/C=3DES/ST=3DCastellon/L=3DCastellon/O=3DIN3 = S.A./OU=3DTelnet/CN=3Dzidane.in3.es Certificate[0] issuer =3D/C=3DES/ST=3DCastellon/L=3DCastellon/O=3DIN3 = Certificate Authority/OU=3DIN3 Certificate Authority/CN=3DIN3 = Certificate Authority SSL_connect:error in 3RSC_B SSLv3 read server certificate B SSL_connect:error in 3RSC_B SSLv3 read server certificate B [SSL - FAILED (-1)] telnet: Unable to ssl_connect to remote host: Success 3752:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate = verify failed:s3_clnt.c:769: [SSL - SSL_accept error] Connection closed by foreign host. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] --_=_NextPart_001_01C20DFE.B2E6AE54 Content-Type: text/x-vcard; name=Manuel Guerrero.vcf Content-Description: Manuel Guerrero.vcf Content-Disposition: attachment; filename=Manuel Guerrero.vcf Content-Transfer-Encoding: base64 QkVHSU46VkNBUkQNClZFUlNJT046Mi4xDQpOOkd1ZXJyZXJvO01hbnVlbA0KRk46TWFudWVsIEd1 ZXJyZXJvDQpFTUFJTDtQUkVGO0lOVEVSTkVUOm1ndWVycmVyb0BpbjMuZXMNClJFVjoyMDAxMDUy OVQxNjMxMTBaDQpFTkQ6VkNBUkQNCg== --_=_NextPart_001_01C20DFE.B2E6AE54-- __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] Jeffrey Altman * Sr.Software Designer Kermit 95 2.0 GUI available now!!! The Kermit Project @ Columbia University SSH, Secure Telnet, Secure FTP, HTTP http://www.kermit-project.org/Secured with MIT Kerberos, SRP, and [EMAIL PROTECTED] OpenSSL
Re: telnetd-ssl
That depends on whose Telnetd you are using and how you want the client's to be authorized. Peter Runestig and I provide some possible methods in his Telnetd distribution. ftp://ftp.runestig.com/ Hi all ssl-ers. =20 Questions. =20 Anybody knows how to configure telnetd-ssl for authenticate by client = certificate ? =20 Anybody knows the handshake process flow on this case ? =20 When telnetd-ssl has to verify certs of telnet-ssl (client) where does = it searchs CA cert and key ?=20 =20 Anybody have a problem to understand the configuration of telnetd-ssl ? = On Debian linux ? S:-( =20 Zanx. =20 Manuel Guerrero Martos IN3 S.A.L. C/ Prim, 16 A - Bajo 12003 Castell=F3n 964723680 [EMAIL PROTECTED] www.in3.es =20 Jeffrey Altman * Sr.Software Designer Kermit 95 2.0 GUI available now!!! The Kermit Project @ Columbia University SSH, Secure Telnet, Secure FTP, HTTP http://www.kermit-project.org/Secured with MIT Kerberos, SRP, and [EMAIL PROTECTED] OpenSSL. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: telnetd-ssl
Verifying the client certificate is only half the issue. The other half is deciding whether or not the holder of the cert is authorized to access the service and with what user name(s). This requires more than simply checking to see if the client cert can be validated by a CA Root cert. Have many options, SSLTelnet for example. But maybe more easy is use stunnel, this too works fine for this case (verify client certs). regards, ./nelson -murilo Hi all ssl-ers. =20 Questions. =20 Anybody knows how to configure telnetd-ssl for authenticate by client = certificate ? =20 Anybody knows the handshake process flow on this case ? =20 When telnetd-ssl has to verify certs of telnet-ssl (client) where does = it searchs CA cert and key ?=20 =20 Anybody have a problem to understand the configuration of telnetd-ssl ? = On Debian linux ? S:-( =20 Zanx. =20 Manuel Guerrero Martos IN3 S.A.L. C/ Prim, 16 A - Bajo 12003 Castell=F3n 964723680 [EMAIL PROTECTED] www.in3.es =20 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] Jeffrey Altman * Sr.Software Designer Kermit 95 2.0 GUI available now!!! The Kermit Project @ Columbia University SSH, Secure Telnet, Secure FTP, HTTP http://www.kermit-project.org/Secured with MIT Kerberos, SRP, and [EMAIL PROTECTED] OpenSSL. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Securing Telnet
You other option is to install a Secure Telnet Daemon on the AIX server. See http://www.kermit-project.org/telnetd.html for some options. Sorry if this is a lame question, but I've not been able to find the answers to my question anywhere else. We've been given the task of giving an external company access to a AIX 4.1 box which only runs telnet. And since it looks like OpenSSH needs AIX 4.3 we are not able to nativly support SSH on the box. Is it possible to set up a SSH session on a linux host in DMZ which will forward any SSH connections on a given port to the AIXs telnet port? There will be a couple of users needing access, and we need to be able to have them log on to the AIX box with their own username/password. From the examples I've seeen it is possible to set up SSH forwarding to a telnet session that is already logged on, but tha's not quite what we need. We are looking for a proxy type SSH gateway. The clients will be running Windows. I hope someone can give me a good idea on how to solve this. Best Regards, Thomas __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] Jeffrey Altman * Sr.Software Designer Kermit 95 1.1.21 available now!!! The Kermit Project @ Columbia University SSH plus Telnet, FTP and HTTP http://www.kermit-project.org/ secured with Kerberos, SRP, and [EMAIL PROTECTED]OpenSSL. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Prevent apache from giving out server cert?
The only way that the server would not send the certificate is if the client requests a negotiation of an Anonymous cipher. In that case no certificate would be used. Or if the virtual host the client is connecting to does not support SSL. Well it might not be such a good design, but what I asked initially was only if it is possible to restrict apache from giving the cert out, and if that somehow can stop people from connecting to the server without having the certificate. This is necessary since I am using a stripped SSL implementation on the client side that does not support client authentication (The clients will be Digital-TV set-top-boxes with OpenTV OS). Thanks for all your responses, /Tobbe [EMAIL PROTECTED] 04/18/02 04:10PM On 18 Apr 2002, Eric Rescorla wrote: Erwann ABALEA [EMAIL PROTECTED] writes: No. The client normally performs the verification of the challenge signed by the server. But it can eventually skip this verification, and go on talking SSL with the server... No, this is incorrect most of the time (whenever you're doing static RSA key exchange). The client ENCRYPTS the PreMasterSecret under the server's public key. This necessitates knowing the public key. Yes, that's right. But to me it seems that enhancing access restriction using the server cert is not a good idea. That means the server cert is a secret known only by the trusted users. By definition, a certificate is public, so it cannot be a secret. And again, that's using symetric cryptosystems techniques with asymetric algorithms. It's a bad design (tm). -- Erwann ABALEA [EMAIL PROTECTED] - RSA PGP Key ID: 0x2D0EABD5 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] Jeffrey Altman * Sr.Software Designer Kermit 95 1.1.21 available now!!! The Kermit Project @ Columbia University SSH plus Telnet, FTP and HTTP http://www.kermit-project.org/ secured with Kerberos, SRP, and [EMAIL PROTECTED]OpenSSL. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: using X.509 certificates in Ckermit 8.0
I know this is sort of off topic... but I wanted to see if anyone on the list have used the x.509 (pem) certificates in the newest ckermit 8.0 ftp client. Not exactly sure where to import into the kermit so the cert can be used by the ftp server. Read http://www.kermit-project.org/security.html SET AUTH TLS DSA-CERT-FILE SET AUTH TLS DSA-CERT-KEY SET AUTH TLS RSA-CERT-FILE SET AUTH TLS RSA-CERT-KEY Jeffrey Altman * Sr.Software Designer C-Kermit 8.0 available now!!! The Kermit Project @ Columbia University includes Telnet, FTP and HTTP http://www.kermit-project.org/ secured with Kerberos, SRP, and [EMAIL PROTECTED]OpenSSL. Interfaces with OpenSSH __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Is OpenSSL Production Ready?
On Fri, Apr 05, 2002 at 08:15:04AM -0500, Mark H. Wood wrote: On Thu, 4 Apr 2002, Lutz Jaenicke wrote: To be precise: according to the OpenSSL license every program that uses the library and advertises its SSL capabilities also must advertise the use of OpenSSL. Actually this is a problem -- it means you can't link OpenSSL libraries with any GPLed code which you intend to distribute. I'm facing the necessity of having to use the not-quite-ready-for-prime-time GNUtls package instead of OpenSSL for a project I'm contemplating, because it builds on an application licensed under the GPL. (And I have no idea how hard it's going to be to get *both* compatibly installed on one box.) IIRC the Ethereal folk have also run up against this problem. I'm not asking for anything at this time; I just wanted to provide a couple of data points. Besides the OpenSSL license itself large parts of the code were written by EAY and his license still applies without any option of the OpenSSL team to influence it as long as EAY does not change his license. The OpenSSL team members are aware of this problem but there is not much we can do for the reason stated above. Best regards, Lutz There is an answer to this of course. It is do not link against OpenSSL but instead load the libraries and functions manually as OpenSSL does with the DSO interface. Then the two programs are separate with separate licenses. Jeffrey Altman * Sr.Software Designer C-Kermit 8.0 available now!!! The Kermit Project @ Columbia University includes Telnet, FTP and HTTP http://www.kermit-project.org/ secured with Kerberos, SRP, and [EMAIL PROTECTED]OpenSSL. Interfaces with OpenSSH __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Is OpenSSL Production Ready?
Richard wrote: brian Does anyone actually use OpenSSL for a production, business brian operation? The are many programs out there that use OpenSSL. A popular one that I use myself is the Opera browser. brian We're having a heck of a time with the FAQ-documented Page brian Could Not Load / DNS Error page failures with IE browsers, brian even after applying the fixes recommended in the FAQ. DNS Error hardly sounds like something SSL-related... Richard: The famous DNS Error or Server not found error message from IE is used whenever there is a failure to connect to a host. This includes such things as CRL location not specified in certificate errors when CRL verification is turned on. There are any number of reasons why this message may be generated. - Jeff Jeffrey Altman * Sr.Software Designer C-Kermit 8.0 available now!!! The Kermit Project @ Columbia University includes Telnet, FTP and HTTP http://www.kermit-project.org/ secured with Kerberos, SRP, and [EMAIL PROTECTED]OpenSSL. Interfaces with OpenSSH __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: FTP with SSL
secure ftp isn't very advanced yet. there's no rfc of ssl/tls-ftp yet, only a draft. which ftp-server are you using? as far as i know very few ftp-servers have secure ftp implemented yet. glftpd is one of them (www.glftpd.com). There are many servers that have TLS FTP support. See http://www.kermit-project.org/ftpd.html for one list. Jeffrey Altman * Sr.Software Designer C-Kermit 8.0 available now!!! The Kermit Project @ Columbia University includes Telnet, FTP and HTTP http://www.kermit-project.org/ secured with Kerberos, SRP, and [EMAIL PROTECTED]OpenSSL. Interfaces with OpenSSH __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: OpenSSL 0.9.7-stable-SNAP-20020310
From: Kenneth R. Robinette [mailto:[EMAIL PROTECTED]] Sent: Monday, March 11, 2002 8:36 AM As a followup to my previous note, kssl.c also requires the following to be added at or near line 98: #ifdef krb5_rc_initialize #undef krb5_rc_initialize #endif ... A style note: the #ifdef / #endif is unnecessary and clutters the source. As of at least C90 #undef with a name that is not currently defined is ignored. See ISO 9899-1990 6.8.3.5. If only this were true. OpenSSL compiles with strict checking and all warnings are considered errors. Jeffrey Altman * Sr.Software Designer C-Kermit 8.0 available now!!! The Kermit Project @ Columbia University includes Telnet, FTP and HTTP http://www.kermit-project.org/ secured with Kerberos, SRP, and [EMAIL PROTECTED]OpenSSL. Interfaces with OpenSSH __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Help! SSL Telnet client-server deadlock problem.
You can use Stunnel in conjunction with Telnet. You just need a Telnet client that supports it. See Case Study: Secure Telnet Using C-Kermit 7.1 with Stunnel http://www.kermit-project.org/case21.html Alas, I am limited to implementing a SSL proxy solution for backward compatibility with existing software which is based on a telnet-like protocol. If I simply wanted a secure remote login service I would use SSH (which I do). Can a transparent SSL proxy solution along the lines of stunnel work in principle for plain telnet and similar protocols? Or is there a sound technical reason why telnet+stunnel cannot work (at least to the extent of avoiding the client-server deadlock problem I observe)? Jeffrey Altman [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 08/03/2002 23:19 Please respond to openssl-users To: [EMAIL PROTECTED] cc: OpenSSL User Support Mailing List [EMAIL PROTECTED] Subject:Re: Help! SSL Telnet client-server deadlock problem. I would suggest that you use a supported implementation of Telnet that supports START_TLS. Read http://www.kermit-project.org/telnetd.html Please help. I have a major problem with SSL Telnet. When I connect with SSL-MZtelnet-0.11.2 client from my FreeBSD 4.4 box through a SSL proxy to a telnet server on AIX 4.3.2 and run ls -l command screen output sometimes does not complete. If I hit enter then last few lines are displayed. There is obviously some kind of deadlock situation occurring. Tried several different SSL proxy software packages, all based on OpenSSL: Stunnel, SSLWrap, SSLProxy, DeleGate. Same deadlock problem occurs with every one of these to some extent. Tried upgrading OpenSSL version on AIX - no effect. Tried running Stunnel proxy on FreeBSD instead of AIX - no effect. Tried modifying the DeleGate SSL code based on what I read about SSL client-sever deadlocks in Eric Rescorla's excellent (but too short) book on SSL - no effect but that could be my coding. I also have a similar deadlock problem when I run a propietary application under Windows which uses Telnet over SSL to connect to the AIX server. Any suggestions welcome. I have run out of ideas at this point. Are there any other SSL proxies I could try, commercial and free? __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] Jeffrey Altman * Sr.Software Designer C-Kermit 8.0 available now!!! The Kermit Project @ Columbia University includes Telnet, FTP and HTTP http://www.kermit-project.org/ secured with Kerberos, SRP, and [EMAIL PROTECTED]OpenSSL. Interfaces with OpenSSH __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] Jeffrey Altman * Sr.Software Designer C-Kermit 8.0 available now!!! The Kermit Project @ Columbia University includes Telnet, FTP and HTTP http://www.kermit-project.org/ secured with Kerberos, SRP, and [EMAIL PROTECTED]OpenSSL. Interfaces with OpenSSH __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Using SSL_clear to reuse SSL object
Hmm. This brings up the question, what SSL_clear() should actually do. I would consider SSL_clear() to be not much different from doing SSL_free()/SSL_new(), but obiously it is. Unfortunately EAY did not leave documentation about his intentions... Does anybody have any more insights? Should we actually deprecate using SSL_clear() as we don't know for sure what special side effects it has and recommend using SSL_free()/SSL_new() instead??? Best regards, Lutz -- My impression has been that if you wanted to reuse a session object as a new object that you needed to perform SSL_clear(ssl); SSL_set_session(ssl,NULL); SSL_set_accept_state(ssl); I believe I got this code from some very old ssleay applications. However, this has not worked with OpenSSL since at least 0.9.5. Jeffrey Altman * Sr.Software Designer C-Kermit 8.0 available now!!! The Kermit Project @ Columbia University includes Telnet, FTP and HTTP http://www.kermit-project.org/ secured with Kerberos, SRP, and [EMAIL PROTECTED]OpenSSL. Interfaces with OpenSSH __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: RAND_poll hangs on WINNT 4.0
Stefan: I wrote the comment. The reason the code was excluded from Win2000 is because as the release was occuring someone reported a problem on Win2000 and we could figure out why. We never got additional information from the user. I've read through the docs on DllMain() a bit more and it precludes almost everything that is done within RAND_poll() because DllMain() is not thread safe. It provides suggestions for how application specific initialization routines should be implemented so that functions such as RAND_poll() are not called from DllMain(). The suggestion is to use a semaphore to check to see if the application specific initialization routine has been called and if not, to call the routine. I suggest you make this change. Otherwise, you need to remove not just the Performance Data query but also the Network calls and perhaps the process, thread, and heap checks. Otherwise, the behavior will be unpredictable. You remove all this and we don't have a lot of entropy to play with. - Jeff Hello Jeff, I would say that the problem is the use of HKEY_PERFORMANCE_DATA in RAND_poll. The performance counter DLLs can contain any code and any application can install its own counters. RAND_poll() calls RegQueryValueEx(HKEY_PERFORMANCE_DATA, Global, ...), which retrieves all (well, almost) performance data in the system. So there is no way to tell what will happen when RAND_poll() is called. Also, the performance data collection is already removed for Windows 2000 due to some exception at random times in ADVAPI32.DLL (according to comments in the source code). There have been several reports on openssl-dev from people with RAND_poll problems on NT4 that probably would be solved if the code was removed from NT also. (mine sure would :-) /Stefan -Original Message- From: Jeffrey Altman [mailto:[EMAIL PROTECTED]] Sent: den 20 februari 2002 18:25 To: [EMAIL PROTECTED] Cc: '[EMAIL PROTECTED]' Subject: RE: RAND_poll hangs on WINNT 4.0 Stefan: This is helpful information. So the problem is not the use of HKEY_PERFORMANCE_DATA on NT4 but how applications are using calls to RAND_poll(). - Jeff Hello, I have seen this too on a few NT4 machines (SP5, SP6). I use OpenSSL in a DLL that is used by several different applications. I (implicitly) call RAND_poll in an init function for the library. The problem (at least for me) is that some performance counter DLL calls CoInitializeEx. This is bad in two ways in my case: 1. One app calls my init and then OleInitialize which fails because COM is already initialized with another threading model. This causes the app to quit. 2. Another app calls my init function from DLLMain. Microsofts documentation says that it is illegal to call CoInitialize from DLLMain. The result is a deadlock. Removing the performance data query solved the problem. There have been some other reports of this problems on the openssl-dev list, check the archives (search for HKEY_PERFORMANCE_DATA). Stefan Lindberg Front Capital Systems AB email: [EMAIL PROTECTED] -Original Message- From: Jerry Napoli [mailto:[EMAIL PROTECTED]] Sent: den 20 februari 2002 17:10 To: [EMAIL PROTECTED] Subject: RAND_poll hangs on WINNT 4.0 We use a static initializer in our dynamic library to seed openssl's PRNG. We've noticed curious behavior on WINNT 4.0 where RAND_poll hangs on the Windows registry function, RegQueryValueEx, when trying to extract performance behavior. There is a documented bug with the ANSI version of RegQueryValueEx (KB Q226371) and they suggest using the UNICODE version of it directly, yet it still hangs even with that version. For the time being, we removed the section where it polls the performance data entirely and that works. Has anyone experienced this behavior? For the record, we're using OpenSSL 0.9.6c. Thanks, Jerry Napoli [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] Jeffrey Altman * Sr.Software Designer C-Kermit 8.0 available now!!! The Kermit Project @ Columbia University includes Telnet, FTP and HTTP http://www.kermit-project.org
Re: Win 2000 Services and SSL
I'm not sure what your problem is but when I use OpenSSL in my service I have mo problem connecting to it: [C:/kermit/] C-Kermitiks localhost DNS Lookup... Trying 127.0.0.1... (OK) SSL_DEBUG_FLAG on ?Unable to load verify-file: C:/Documents and Settings/All Users/Application Dat a/kermit 95/ca_certs.pem ?Unable to load verify-file: C:/Documents and Settings/jaltman/Application Data/ kermit 95/ca_certs.pem ?Unable to load crl-file: C:/kermit/crls ?Unable to load crl-file: C:/Documents and Settings/All Users/Application Data/k ermit 95/crls ?Unable to load crl-file: C:/Documents and Settings/jaltman/Application Data/ker mit 95/crls SSL/TLS init done! [TLS - handshake starting] SSL_handshake:UNKWN before/connect initialization SSL_connect:UNKWN before/connect initialization SSL_connect:3WCH_A SSLv3 write client hello A SSL_connect:3RSH_A SSLv3 read server hello A SSL_connect:3RSKEA SSLv3 read server key exchange A SSL_connect:3RSD_A SSLv3 read server done A SSL_connect:3WCKEA SSLv3 write client key exchange A SSL_connect:3WCCSA SSLv3 write change cipher spec A SSL_connect:3WFINA SSLv3 write finished A SSL_connect:3FLUSH SSLv3 flush data SSL_connect:3RFINA SSLv3 read finished A SSL_handshake:SSLOK SSL negotiation finished successfully Warning: Server didn't provide a certificate, continue? (Y/N) y TLS client finished: CB 02 3C 42 B7 C0 5D 0C 5B D2 D4 5F TLS server finished: 6E 20 06 00 AC E6 3B 35 15 60 7E 07 [TLS - OK] [TLS - ADH-AES256-SHA SSLv3 Kx=DH Au=None Enc=AES(256) Mac=SHA1 Compression: zlib compression Hi there, I have a small problem with designing services which use openssl. When I design server and client programs as exe files and install them on Win2000, the system operates as it is expected. Then I have put both programs to operate as Win2000 services. What has happened is that when I put local host in the client as localhost or 127.0.0.1 the system will not simply work at all. When I put its real IP address or DNS name such as mytestingcomputer, the client is able to locate sever (operates as Windows2000 service). Then I have stripped the programs of ssl, and redesign it with tcp, the system operates OK. After that, I have debuged my program and locate BIO_set_conn_hostname. The input value to this instruction was ok. Then I have redesigned the program and used different openssl instructions based on socket implementation, where I have been able to follow the local address of the host implementation. The problem is that inside openssl the localhost and 127.0.0.1 are not simply recognised at all, and they are interpreted as unknown address. I have experimented with Service and its property (logon) under setting, but it still failed to resolve the local host address. I believe that there is some interaction between Win2000 service and openssl implementation, but I do not know where to look inside the code to find bug. I appreciate any help or suggestion. Thanks in advance. Alex Cosic __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] Jeffrey Altman * Sr.Software Designer C-Kermit 8.0 available now!!! The Kermit Project @ Columbia University includes Telnet, FTP and HTTP http://www.kermit-project.org/ secured with Kerberos, SRP, and [EMAIL PROTECTED]OpenSSL. Interfaces with OpenSSH __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: OpenSSL Key Generation GUI for Windows
I was under the impression that on windows OpenSSL uses RAND_screen which will obtain random data from the screen and mouse events? = Shouldn't you use that? OpenSSL uses a combination of method including walking the Process and Thread tables; importing network state information; walking the memory allocation tables; reading screen data; and including data from the Windows crypto apis. Jeffrey Altman * Sr.Software Designer C-Kermit 8.0 available now!!! The Kermit Project @ Columbia University includes Telnet, FTP and HTTP http://www.kermit-project.org/ secured with Kerberos, SRP, and [EMAIL PROTECTED]OpenSSL. Interfaces with OpenSSH __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Why DNS/IP in certificate?
It depends on what you need. All you know in that case is that the certificate you have is one of the you do not know how many certificates signed by the CA. If all you are doing is providing blind authorization to all members of a group, that is enough. However, if you are doing pretty much any else, you need to be able to determine if the certificate you received belongs to the entity you are expecting to communicate with. If the DNS is not present as CN, the certificate simply states that the CA (that I trust) did issue the private key to corresponding to the public key contained within the certificate. And since the private key is needed for signing and decryption, is this not security enough for data transfer? /Jan Jeffrey Altman * Sr.Software Designer C-Kermit 8.0 available now!!! The Kermit Project @ Columbia University includes Telnet, FTP and HTTP http://www.kermit-project.org/ secured with Kerberos, SRP, and [EMAIL PROTECTED]OpenSSL. Interfaces with OpenSSH __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: Problem with openssl.exe
You either create an environment variable SET OPENSSL_CONF=drive:path/filename before executing openssl.exe or specify the config file on the command line with the -config option. Hum, I don't really know. I only saw SSLEAY in the perl script CA.pl. So I thought I have to set it. -Original Message- From: Jeffrey Altman [mailto:[EMAIL PROTECTED]] Sent: mercredi 9 janvier 2002 06:13 To: [EMAIL PROTECTED] Cc: '[EMAIL PROTECTED]' Subject: Re: Problem with openssl.exe How does openssl.exe knows the SSLEAY environment variable under WNT4? When I type openssl, I have the following error: Using configuration from /usr/local/ssl/openssl.cnf you mean OPENSSL_CONF ? Jeffrey Altman * Sr.Software Designer C-Kermit 8.0 available now!!! The Kermit Project @ Columbia University includes Telnet, FTP and HTTP http://www.kermit-project.org/ secured with Kerberos, SRP, and [EMAIL PROTECTED]OpenSSL. Interfaces with OpenSSH __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: RSA keys auth.
Besides the fact that using raw public/private key pairs is in my mind a disaster waiting to happen to all SSH users: . they have no notion of identity associated with them . they have no notion of trust associated with them . they have no notion of usage associated with them . they have no ability to be expired . they have no ability to be revoked if compromised private keys are stored in most cases on the disks of insecure operating systems protected only by a passphrase chosen by a end user that knows nothing about security. An insecure OS is one that is either unmanageable or one that is not properly maintained from a security perspective. No OS maintained by the end user is secure. A passphrase consisting of human readable/typable text provides approximately 2 bits of entropy per character. Therefore, to provide an equivalent strength key to protect a 1024 bit private key would require a passphrase at least 64 characters long. Since most passphrases are significantly shorter, not more than an 8 character password, dictionary attacks to extract the private key are highly effective. I am simply waiting for the virus/worm that as part of its operation steals SSH identity and known_hosts files and sends them off to be dictionary attacked. The difference between raw public/private key pairs and X.509 certs is that the cert is a centrally managed object that can be revoked. Something that is revoked cannot be used again by the end user. In other words, the end user cannot simply copy re-use their previous generated key pair. If the user can generate a public/private key pair then they can with appropriate tools provided by you generate a Certificate Signing Request, send the CSR to your host, have it signed and installed. Its more work on your part not on the end users. - Jeff Hi! I am trying to use OpenSSL to build secure authenticated channel between client and server. I want server to allow connections only from certain clients, and I want client to be sure it is connected to the right server. I see how it could be done using certificates. However for my application generating certificates would be to complex for end user. The simplest way I see it would be to use RSA public/private keys: the way SSH does. So client and server each would have private/public key pairs generated. When, I would manually add server public key to client side and client public key to server side (server will possibly have more that one client key). If there is anything wrong with the way I am planning to do it? It seems to me that this should be pretty common usage. If somebody done this before I would appreciate any advice. I am new to openssl and still learning basics. Sincerely, Vadim -- La perfection est atteinte non quand il ne reste rien a ajouter, mais quand il ne reste rien a enlever. (Antoine de Saint-Exupery) __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] Jeffrey Altman * Sr.Software Designer C-Kermit 8.0 available now!!! The Kermit Project @ Columbia University includes Telnet, FTP and HTTP http://www.kermit-project.org/ secured with Kerberos, SRP, and [EMAIL PROTECTED]OpenSSL. Interfaces with OpenSSH __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Echo is openssl
When Telnet protocol is used, echoing is performed by the host. The host has complete control over the echoing. The control is gained by the host by negotiating the TELNET ECHO option. If this option is not negotiated then echoing is handled by the local application. If you have replaced Telnet with raw TLS and have not changed the application in any other way, the client is probably performing echoing. Although, there is no reason why you can use Telnet protocol over TLS. Marcos, I dont see what obtaining input from the user has to do with OpenSSL? You should be able to take all the openssl code out of your application and still be able to obtain input from the console. Maybe we are confused about what your problem is? - Andrew - Original Message - From: Marcos D. Marado Torres [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, December 12, 2001 12:19 PM Subject: Re: Echo is openssl Well... So, I don't know. This code works out with telnet connections or used in any other program, but it doesn't work here... Any clue? Regards, Mind Booster On Wed, 12 Dec 2001, Andrew T. Finnell wrote: Marcos, However if you look through the openssl source code it has a method that turns echoing off for it's own passphrase obtaining method. You could consult that code on how to turn off the echo. But Lutz is correct console operations have nothing to do with OpenSSL. - Andrew - Original Message - From: Lutz Jaenicke [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, December 12, 2001 11:55 AM Subject: Re: Echo is openssl On Wed, Dec 12, 2001 at 12:31:30PM +, Marcos D. Marado Torres wrote: Hi there... I posted this problem once, but as I didn't have any reply I'm trying again: I'm working on a SSL server using openSSL. Problem is, when I'm asking for a string to the user, I don't want that string to echo... I tried to do that with the ways I do to telnet connections (sending some chars that are interpreted by terminal) but nothing works with openssl. I'm using openssl libraries for the server, and openssl to the client connection to the server. Your problem has nothing to do with openssl. Sending terminal control sequences should be transparent to TLS/SSL layer around it. Best regards, Lutz -- Lutz Jaenicke [EMAIL PROTECTED] BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/ Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129 Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] -- === Marcos Marado AKA Mind Booster === Visit Mind Booster NetWorks on: http://mindbooster.cjb.net Mail me to: [EMAIL PROTECTED] === It is so very hard to be an on-your-own-take-care-of-yourself-because-there-is-no-one-else-to-do-it-for- you grown-up. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] Jeffrey Altman * Sr.Software Designer C-Kermit 8.0 Beta available The Kermit Project @ Columbia University includes Secure Telnet and FTP http://www.kermit-project.org/ using Kerberos, SRP, and [EMAIL PROTECTED] OpenSSL. SSH soon to follow. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: FTP over OpenSSL
See http://www.kermit-project.org/ftpd.html for a list of FTP Servers that support SSL/TLS. Hello, I am new to the list and OpenSSL. As the company programmer I have been assigned to setup FTP over SSL and am looking for pointers. From what I have been able to read online I don't think it will be that difficult. The script I will need to modify to go over SSL is as follows: sprintf(action, cd %s; ftp -ni %s /dev/null 21 !\n %s user %s %s\n %s ls * %s\n bye\n !\n, DOWNLOAD_DIR, Host, Address, Login, flfvend.password, CurDirectory, FLIST); system(action); My main problem is that I don't know C or *nix that well at all. If someone could give me some pointers it would be greatly appreciated. Also if someone wants to make some extra money and has a bit of time, I would pay someone to do this for me. Just submit what you would charge and how long it would take. Thanks, Daniel Franks Senior Programmer CompuNet Credit Services, Inc. http://www.compunetcredit.com O: 520-680-9449 x.246 F: 520-680-4382 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] Jeffrey Altman * Sr.Software Designer C-Kermit 8.0 Beta available The Kermit Project @ Columbia University includes Secure Telnet and FTP http://www.kermit-project.org/ using Kerberos, SRP, and [EMAIL PROTECTED] OpenSSL. SSH soon to follow. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: SSL for telnet
I've been trying to find telnet-ssl client and server code. Does anybody know of any current implementations? The few I've run across are all built on old SSLeay. If someone could throw me a few url's I'd be grateful... See the list at http://www.kermit-project.org/telnetd.html Jeffrey Altman * Sr.Software Designer C-Kermit 8.0 Beta available The Kermit Project @ Columbia University includes Secure Telnet and FTP http://www.kermit-project.org/ using Kerberos, SRP, and [EMAIL PROTECTED] OpenSSL. SSH soon to follow. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: telnet 993 asks for PEM passphrase
The PEM password is most likely for a client certificate. --- chirs charter [EMAIL PROTECTED] wrote: HEllo, I uncomented the imaps entry in /etc/cyrus.conf. Now if I telnet to localhost on port 993 I am prompted to enter a PEM pass phrase. Somethings seems misconfiugred no? If I enter the PEM passphrase for the server's cert it fails. I know something is wrong here I am just unsure what. If you could give me some feedback I would greatly appreciate it. Thanks. Here is the transcript: Ccatfish# telnet localhost 993 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. Enter PEM pass phrase:XX * BYE Fatal error: tls_init() failed Connection closed by foreign host. Confused. --- chirs charter [EMAIL PROTECTED] wrote: What line is that? I made my imapd.conf file by hand? Are you maybe talking about /etc/cyrus.conf ? I am confused. Thanks again. --- Jeremy Howard [EMAIL PROTECTED] wrote: chirs charter wrote: Does Outlook Express use STARTTLS? No. When you check the 'secure server' checkbox it will switch to port 993 automatically. However, if you've got STARTTLS working in IMAPd OK, all you have to do to get imaps working is to uncomment the appropriate line in /etc/imapd.conf. __ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ __ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ __ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] Jeffrey Altman * Sr.Software Designer C-Kermit 8.0 Beta available The Kermit Project @ Columbia University includes Secure Telnet and FTP http://www.kermit-project.org/ using Kerberos, SRP, and [EMAIL PROTECTED] OpenSSL. SSH soon to follow. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: SSL vs SSH
All, From a client application perspective, is SSL/TLS the same as SSH. If = not then what is the difference? Cheers Mike They are completely different and incompatible protocols. Jeffrey Altman * Sr.Software Designer C-Kermit 8.0 Beta available The Kermit Project @ Columbia University includes Secure Telnet and FTP http://www.kermit-project.org/ using Kerberos, SRP, and [EMAIL PROTECTED] OpenSSL. SSH soon to follow. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Feature or bug in 96b ?
Did you recompile your application for 0.9.6b? 0.9.5a is not binary compatible with the newer release. Hello openssl-users, I use openssl pretty long time, but only in simple mode. Recently , installed version 96b (major release) and found that my application become to crash. I checked it and found that crash happens in RSA_check_key function when i pass public key to it. I installed v. 95a and it worked fine for me. is it bug or i do something wrong ? You can reproduce this bug simply takes loadrsa.c from demos\eay\ and after public key created with line : pub_rsa=d2i_RSAPublicKey(NULL,p,(long)len); simply insert RSA_check_key (pub_rsa) and it will crash. I use VC++ 6 with SP4 and WinNT Best regards, Kubyshev Andrey [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: FTP over SSH2
SSL FTP encrypts both the control channel and the data channel(s). The data channels are negotiating using SSL/TLS session caching for rapid connections. You can find patches to several FTP clients and daemons at Peter Runestig's ftp site ftp://ftp.runestig.com/pub/ C-Kermit 8.0 is a scriptable FTP client which support SSL/TLS security. http://www.kermit-project.org/ck80.html hi Dustin, Well for one it would no longer be FTP per se.. if you want to offer encrypted ftp service you could say for instance try some of the SSLed FTP stuff.. Try freshmeat for pointers.. Note that those clients that can do SSLed ftp only encrypt the control port not the data port.. Since FTP decided to used 2 ports instead of one which i have never really understood exactly.. There is also as Pawel mentioned you can tunnel for instance the OpenSSH where you can tunnel to the server if you want.. Well hope that helps you somewhat.. Best Regards [EMAIL PROTECTED] Dustin, OpenSSH has something called sftp, in sshd_config You can setup sftp_server as subsystem. But I haven't seen pure ftp over SSH. Cheers, Pawel -Original Message- From: Dustin Wiseman [mailto:[EMAIL PROTECTED]] Sent: Monday, July 23, 2001 10:07 PM To: [EMAIL PROTECTED] Subject: FTP over SSH2 Where can I find detailed instructions on setting up an FTP server on Red Hat Linux utilizing the SSH2 protocol? Thank You, Dustin __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] Jeffrey Altman * Sr.Software Designer C-Kermit 8.0 Beta available The Kermit Project @ Columbia University includes Secure Telnet and FTP http://www.kermit-project.org/ using Kerberos, SRP, and [EMAIL PROTECTED] OpenSSL. SSH soon to follow. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: Weakness in Openssl PRNG
Jeff, We're in the late stage of release and thought may be too much work to upgrade since I have ported 9.6a to work on Vxworks. Are you contributing the patches back to OpenSSL? I'm sure that the VxWorks port will be very similar to the work that needs to be done for PalmOS. In that case porting the crypto/rand directory should be fine. But check the announcement, it has details of what needs to be changed if you are doing a partial port. Another question I had Is openssl PRNG ANSI X9.17 compatible ?. I have no idea. Jeffrey Altman * Sr.Software Designer C-Kermit 7.1 Alpha available The Kermit Project @ Columbia University includes Secure Telnet and FTP http://www.kermit-project.org/ using Kerberos, SRP, and [EMAIL PROTECTED] OpenSSL. SSH soon to follow. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Browser Support for TLS/HTTP Upgrade?
The upgrade method also has the added benefit of supporting new technologies more easily - e.g. Kerberos over HTTP. A HTTP client or server app can provide modules for all of the encryption support - new module, new upgrade method. I would hope that anyone interested in implementing Kerberos in HTTP do so by using the TLS Kerberos cipher suites. Jeffrey Altman * Sr.Software Designer C-Kermit 7.1 Alpha available The Kermit Project @ Columbia University includes Secure Telnet and FTP http://www.kermit-project.org/ using Kerberos, SRP, and [EMAIL PROTECTED] OpenSSL. SSH soon to follow. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Kurt Seifred's article on securityportal
Eric Rescorla wrote: This isn't a MITM attack, however. Sorry, Eric -- if you don't know or trust the signer, then you only know that the presenter (could be a MITM) has the private key associated with the pubkey in the cert. This means that a MITM attack is entirely possible. Trust in the CA is required to assure the binding of the SubjectPublicKeyInfo to the DN. That's the feature that prevents the MITM attack. There's also the convention among browser implementations that the CN should be the FQHN, which is a PITA for numerous reasons. Of course, your browser presents no warnings whatsoever for certs signed by any number of CAs that are "trusted" simply because their root certs are bundled with the browser. And unless you manually retrieve a CRL, you only know that a cert was valid when it was issued. But as Eric said, this is not a protocol problem. This is a user training issue. There is only so much that software can do. Jeffrey Altman * Sr.Software Designer C-Kermit 7.1 Alpha available The Kermit Project @ Columbia University includes Secure Telnet and FTP http://www.kermit-project.org/ using Kerberos, SRP, and [EMAIL PROTECTED] OpenSSL. SSH soon to follow. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Kurt Seifred's article on securityportal
It is indeed an SSL problem -- the protocol and its components rely on PKI, but PKI isn't really there yet. A mutually authenticated channel, in which the server presents the DNs of trusted signing authorities as part of the handshake, offers a lot more protection even for the client. Again, not an SSL problem since SSL does not require the use of PKI ciphers. Feel free to use a non-PKI cipher in your SSL implementation. This is a problem with the implementations found in Netscape and Microsoft browsers. Jeffrey Altman * Sr.Software Designer C-Kermit 7.1 Alpha available The Kermit Project @ Columbia University includes Secure Telnet and FTP http://www.kermit-project.org/ using Kerberos, SRP, and [EMAIL PROTECTED] OpenSSL. SSH soon to follow. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Sending data on a socket before SSL_Accept
Can I send data to a client via normal send() call before I call = SSL_Accept? I would like to send a message to my client that identifies = the server and it's options, like if SSL is being used or not? Will this = mess up the SSL handshake ? You will need to ensure that you synchronize the peers and clear the data channel prior to beginning the SSL/TLS handshake. There is a security concern that you must be aware of. Since everything that is being sent over the wire prior to the use of SSL/TLS is in plaintext, it can be tampered with. Therefore, you can't trust its contents. You absolutely should not use the contents of the plaintext data to determine if you should negotiate SSL/TLS. Jeffrey Altman * Sr.Software Designer The Kermit Project * Columbia University 612 West 115th St * New York, NY * 10025 * USA http://www.kermit-project.org/ * [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: There will be a third beta...
Just figured out why I stopped being able to produce the problem after switching to Win2000. in the openssl-snap-2919\out32dll directory after a successful execution on Win2000 or Win98 there will be produced a .rnd file if the .rnd file exist the error is not reported, if the file is deleted the error is reported. Loading 'screen' into random state - done unable to load 'random state' Now this indicates that the problem is only being noticed in the 'x509' command because only that command in the test calls app_RAND_load_file(). In that situation the value of entropy in ssleay_rand_status() is 4 after RAND_poll() has been called twice. Now, this is one of those situations where RAND_poll() is called twice because it is first called as part of RAND_screen() but the call via RAND_screen() can not set the 'initialized' flag used within crypto/rand/md_rand.c because that flag is static. Jeffrey Altman * Sr.Software Designer The Kermit Project * Columbia University 612 West 115th St * New York, NY * 10025 * USA http://www.kermit-project.org/ * [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: There will be a third beta...
Continuing the debugging process yields the following: . the value of 'entropy' is too low because RAND_add() is only called with a non-zero 'add_entropy' parameter in two places: - when the GlobalMemoryStatus() data is added - when the Module Walking data from the ToolHelp32 routines is added . since the ToolHelp32 routines are not available on NT4, the value of 'entropy' is only increased by 1.0 for each call to RAND_poll(). RAND_poll() is called twice, therefore, the value of 'entropy' when RAND_status() completes is 2.0. Question: why is RAND_add() called so frequently with an 'add_entropy' value of 0 in RAND_poll()? I would assume the 'add_entropy' value is supposed to indictate the relative strength of the entropy being passed in, but I doubt that it should be 0.8 in most cases. Jeffrey Altman * Sr.Software Designer The Kermit Project * Columbia University 612 West 115th St * New York, NY * 10025 * USA http://www.kermit-project.org/ * [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: Apps over SSL
Have you looked at stunnel? An excellent question. My whole goal is to be able to create a module which will not only create an SSL session and pipe any other app over it, but also let me entitle the user according to the credentials obtained from the client certificate. s0ulfire Jeffrey Altman * Sr.Software Designer The Kermit Project * Columbia University 612 West 115th St * New York, NY * 10025 * USA http://www.kermit-project.org/ * [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: OpenSSL version 0.9.6 Beta 2 (problems with Win 98)
Initialize the function pointers acquire, gen, release, netstatget, netfree to 0. Error-detail on desktop - OPENSSL verursachte einen Fehler durch eine ungültige Seite in Modul Unbekannt bei :0095a5d5. Register: EAX=0072f166 CS=017f EIP=0095a5d5 EFLGS=00010216 EBX=0095a5d0 SS=0187 ESP=0072f134 EBP= ECX=81622bc8 DS=0187 ESI=00953ec0 FS=2e27 EDX=bffc9490 ES=0187 EDI=bff7 GS= Bytes bei CS:EIP: 64 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Stapelwerte: 0046823f 004cd210 0072f16c bfea bff5 Jeffrey Altman * Sr.Software Designer The Kermit Project * Columbia University 612 West 115th St * New York, NY * 10025 * USA http://www.kermit-project.org/ * [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Problem compiling openssl engine beta2 on NT
Try replacing LMSTR with LPWSTR in crypto/rand/rand_win.c I tried to compile on a Win32 platforom openssl engine beta2, and the OpenSSL beta2, and I recieve in both case this error: cl /Fotmp32dll\rand_win.obj -Iinc32 -Itmp32dll /MD /W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DWIN32 -DWIN3 2_LEAN_AND_MEAN -DL_ENDIAN /Fdout32dll /GD -D_WINDLL -D_DLL -c .\crypto\rand\rand_win.c rand_win.c .\crypto\rand\rand_win.c(175) : error C2143: syntax error : missing ')' before '*' .\crypto\rand\rand_win.c(175) : error C2143: syntax error : missing '{' before '*' .\crypto\rand\rand_win.c(175) : error C2059: syntax error : ')' .\crypto\rand\rand_win.c(175) : error C2059: syntax error : ';' .\crypto\rand\rand_win.c(190) : error C2065: 'NETSTATGET' : undeclared identifier .\crypto\rand\rand_win.c(190) : error C2146: syntax error : missing ';' before identifier 'netstatget' .\crypto\rand\rand_win.c(190) : error C2065: 'netstatget' : undeclared identifier .\crypto\rand\rand_win.c(191) : error C2275: 'NETFREE' : illegal use of this type as an expression .\crypto\rand\rand_win.c(176) : see declaration of 'NETFREE' .\crypto\rand\rand_win.c(191) : error C2146: syntax error : missing ';' before identifier 'netfree' .\crypto\rand\rand_win.c(191) : error C2065: 'netfree' : undeclared identifier .\crypto\rand\rand_win.c(201) : error C2146: syntax error : missing ';' before identifier 'GetProcAddress' .\crypto\rand\rand_win.c(202) : warning C4047: '=' : 'int ' differs in levels of indirection from 'unsigned long (__stdc all *)(unsigned char *)' .\crypto\rand\rand_win.c(209) : error C2063: 'netstatget' : not a function .\crypto\rand\rand_win.c(212) : error C2063: 'netfree' : not a function .\crypto\rand\rand_win.c(214) : error C2063: 'netstatget' : not a function .\crypto\rand\rand_win.c(217) : error C2063: 'netfree' : not a function NMAKE : fatal error U1077: 'cl' : return code '0x2' Is there a solution to this problem? Thanks, ERIC __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] Jeffrey Altman * Sr.Software Designer The Kermit Project * Columbia University 612 West 115th St * New York, NY * 10025 * USA http://www.kermit-project.org/ * [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Import Export Restrictions
If I am using SSL 128 Bit Encryption considered "retail" encryption by the federal government? We desire to use it in an application where encrypted data is transported from a ASP in the USA to Mexico and back, however we are unsure of the legal implications can you please help or send us to someone that can. Our understanding is that SSL would have to apply with the federal government to classify it as "retail". yet the government does not publish the list of encryption tools that are considered "retail". They state that the company themselves could tell us. Protocols are not considered "retail", "mass market", or otherwise. Only applications can be considered "retail", "mass market", ... Jeffrey Altman * Sr.Software Designer The Kermit Project * Columbia University 612 West 115th St * New York, NY * 10025 * USA http://www.kermit-project.org/ * [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: windows client needed
I've been trying, unsuccessfully to find a windows based (binary preferred) telnet client that supports SSL, specifically that can communicate with an openssl enabled server. Kermit 95. Supports Telnet START_TLS as well as Tim Hudson's Telnet AUTH SSL and Telnet over SSL/TLS. http://www.kermit-project.org/k95.html Jeffrey Altman * Sr.Software Designer The Kermit Project * Columbia University 612 West 115th St * New York, NY * 10025 * USA http://www.kermit-project.org/ * [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Windows 2000
Does anyone know if OpenSSL fully supports Windows 2000 and if not whether this is likely to be added in the near future. I have written an application that seems to work on NT 4 but locks up on Windows 2000. I've been using OpenSSL on Windows 2000 for over a year. Jeffrey Altman * Sr.Software Designer The Kermit Project * Columbia University 612 West 115th St * New York, NY * 10025 * USA http://www.kermit-project.org/ * [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Serious Bug in ssl3_get_record
Have you tried using the SSLv23_method() instead of the SSLv3_method()? The problem is that if I use SSLv3_method to connect to a client that supports SSLv2 ONLY. Then we function ssl3_get_record always returns "WRONG VERSION NUMBER". Should I try to connect again with SSLv2_method?? On Sat, Sep 09, 2000 at 09:19:34AM +0800, Fung wrote: If you look at the source code, you will see the following static int ssl3_get_record(SSL *s) [...skipped] n=ssl3_read_n(s,SSL3_RT_HEADER_LENGTH, SSL3_RT_MAX_PACKET_SIZE,0); if (n = 0) return(n); /* error or non-blocking */ s-rstate=SSL_ST_READ_BODY; p=s-packet; /* Pull apart the header into the SSL3_RECORD */ rr-type= *(p++); ssl_major= *(p++);-- WRONG!! ssl_minor= *(p++);-- WRONG!! version=(ssl_major8)|ssl_minor; n2s(p,rr-length); If you smart enough, you will see that ssl_major and ssl_minor is wrongly assigned and will NEVER get the correct version. Because the version number is stored at the 3rd and the 4th byte of p. According to what specification?! According to RFC 2246 (and, similarly, the SSL 3.0 drafts), the version number immediately follows the ContentType byte. And that's also where it is located in real life: $ openssl s_client -debug -connect www.microsoft.com:443 [...] read from 00156C48 [0015E320] (7 bytes = 7 (0x7)) - 16 03 01 02 a9 02 .. 0007 - SPACES/NULS [...] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] Jeffrey Altman * Sr.Software Designer The Kermit Project * Columbia University 612 West 115th St * New York, NY * 10025 * USA http://www.kermit-project.org/ * [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: client certificate
This is a really bad model. You are putting all of the client's secret keys in a place where they will be vulnerable to attack. Why does the connection between the Client and the CGI Proxy have to be protected by SSL such that the CGI Proxy can view the data? This is a bad mode, I think toobut Until now, my customers have used end-end SSL connection at their system. Their www servers use client authentication. And now, we propose introdution of Tursted OS into the front end of their system. If we reconstruct their system on Trusted OS, all go well. But they don't want to modify their system. If we introduce Trusted OS, end-end SSL connection is divided, client to Trusted OS and Trusted OS to backend www server. So I dicided to develop CGI Proxy. I put All of the client's secret keys in a place. But the machine's OS that holds all keys is Trusted OS. So I think that their secret keys are safe...maybe. This is all wrong. It doesn't matter if the proxy machine is a trusted OS or not if you are using end to end SSL connections. The authentication of the end box via verification of its certificate will ensure that there is no man in the middle. If the proxy is on a Trusted OS, that is great. But it doesn't change the security model one bit. The proxy should not be interfering with the end to end properties of SSL. Jeffrey Altman * Sr.Software Designer The Kermit Project * Columbia University 612 West 115th St * New York, NY * 10025 * USA http://www.kermit-project.org/ * [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: client certificate
The answer to your question is 'yes'. The proxy service if designed this way would require access to the client's private key.Why not do what every other proxy service does, just proxy the raw bytes and let the SSL/TLS connection be end to end through the proxy service. hello everyone. Sorry. I noticed that this question was FAQ. I should have used s_client.c and s_server.c sample codes. then, I have one more question. I am developping SSL proxy program. This proxy has following functions. 1) proxy receives client certificate from client (browser). 2) with this certificate, proxy establishes SSL conection to www server When proxy establishes SSL connection, does it need client's private key ? If so, I think it is impossible to realize this SSL proxy. Please give me your help. thanks. --- nakamura [EMAIL PROTECTED] -Original Message- From: Nakamura,TakayukiTKSSC Sent: Monday, August 21, 2000 7:03 PM To: OpenSSL Subject: client certificate Hello everyone, I am now testing OpenSSL with sample program in openssl-0.9.5a.tar.gz . These sample doesn't use client certificate. So, I'd like to change client to send certificate to server. I added following lines to cli.cpp. - #define HOME "./" #define CERTF HOME "client.pem" if (SSL_CTX_use_certificate_file(ctx, CERTF, SSL_FILETYPE_PEM) = 0) { ERR_print_errors_fp(stderr); exit(3); } -- Program finished succesfully.But server couldn't receive client certificate. Please tell me how to receive client certificate. Thanks, - Takayuki Nakamura [EMAIL PROTECTED] MITSUI Co.,Ltd. Solution Business Div. TEL +81 3 5641 2202 / FAX +81 3 5641 2205 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] Jeffrey Altman * Sr.Software Designer The Kermit Project * Columbia University 612 West 115th St * New York, NY * 10025 * USA http://www.kermit-project.org/ * [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: transport layer question
SSL/TLS can only work on top of TCP. SSL/TLS is a connection oriented protocol. It does not provide support for connectionless sockets. That is the reason that WTLS was developed for wireless devices. Nope, it doesn't. As far as I know, SSL works on top of UDP too. Have a look in the spec for this. alas, I don't know if OpenSSL works on top of other protocols, but it shoukd: you might want to use BIO's to fake 'normal' sockets. Jeffrey Altman * Sr.Software Designer The Kermit Project * Columbia University 612 West 115th St * New York, NY * 10025 * USA http://www.kermit-project.org/ * [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Legality - just heated up
I believe that he did read this stuff. From the initial posting in this thread it appears that the RSA sales force is now claiming that because Eric A. Young is now an employee of RSA and because the SSLeay source code was used as the foundation for a commercial RSA product that RSA is now claiming that they own SSLeay and all products derived from it. Hence, they claim that they own OpenSSL and use of OpenSSL requires payments to RSA. In the README file there is a section marked PATENTS. The only thing that really needs to be added, is that the patent on the RSA algorithm expires on Sept 20, 2000, but then *everybody* knows that. :) Tell your boss that OpenSSL has some patented intellectual property and you need some time with a lawyer to understand the issues. Take the README, the note about the patent expiration, and give it to said lawyer to look at. While s/he is doing so, you should read the INSTALL file and figure out how to remove rc5 and idea. I mean, sheesh, you did read these things before bleating for help on a world-wide mailing list, didn't you? /r$ __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] Jeffrey Altman * Sr.Software Designer * Kermit-95 for Win32 and OS/2 The Kermit Project * Columbia University 612 West 115th St #716 * New York, NY * 10025 http://www.kermit-project.org/k95.html * [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: FTP SSL
This is completely inaccurate. FTP data channels when using AUTH SSL or AUTH TLS regardless of whether or not passive mode is in use are secured in exactly the same way. Regardless of which end created the connection the FTP Server is the SSL/TLS Server and the FTP Client is the SSL/TLS client. The session information from the Control Channel are used to authenticate and secure the data channel. The trouble is that when an FTP Client connects to an FTP Server, the Client gets a "Control Channel". That's all fine and easy - he is still a client and can do "normal" client stuff like accept the Server's certificate, etc. However, when a Client does something like, say, request a file from the FTP Server, the CLIENT creates a SERVER socket and sends its address over the control channel to the Server. The FTP Server then connects back to the Client using a CLIENT SOCKET. This means that the FTP Client would have to so all the things that an SSL Server does, like sign Client Certificates, etc. It's still quite possible, but that's the problem. If, however, you aren't validating the Client and requesting Certificates from him, it's probably not too bad. Disclaimer: I am an SSL moron! I can barely get certificates generated for my Server and Client software, and I can't get an SSL Handshake to complete because the two ends can't agree on a Cipher suite. [I have no idea why, and the code in 's3_lib.c(ssl3_choose_cipher) is fairly cryptic to the uninitiated. I have no idea what the problem is except that a mask doesn't compare favorably with the mask for any of the available ciphers. Any help?] Keep that in mind when you're reading the above statements. I DO know exactly how FTP works, as I've written both Client and Server code before, so the parts above about how FTP works are indeed correct, but the interaction with SSL may be in question. I think it's right, though. I hope this helps a little, and if anyone can help me figure out what's up with my SSL handshake trouble, I would appreciate it. Bill Rebey -Original Message- From: Arun Venkataraman [mailto:[EMAIL PROTECTED]] Sent: Friday, June 16, 2000 1:37 PM To: [EMAIL PROTECTED] Subject: Re: FTP SSL -Original Message- From: Michael Sierchio [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] Date: Friday, June 16, 2000 10:14 AM Subject: Re: FTP SSL Arun Venkataraman wrote: This is an old gripe :( Ppl don't seem to have attempted seriously to use SSL over something else other than http. Huh-wah? You have it backwards (HTTP over SSL). And there are Oops! you are right. plenty of examples of LDAP, POP, SMTP and other protocols over SSL. FTP is inherently problematic (except if restricted to passive mode) because of the way connections are made -- SSL, itself running atop TCP, isn't really suitable for this. IPSec, SKIP, and other attempts to secure information at the packet level, are probably much better. I wasn't aware of these technical difficulties. When I went over to ftp://ftp.psy.uq.oz.au/pub/Crypto/SSLapps it seemed like people had successfully patched wu-ftpd, an ftp client and a telnet client to work with SSL. However, all the patches etc. seemed out of date and meant for SSL-eay. This made me wonder if it was simply a problem of updating those patches for openssl. Arun. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] Jeffrey Altman * Sr.Software Designer * Kermit-95 for Win32 and OS/2 The Kermit Project * Columbia University 612 West 115th St #716 * New York, NY * 10025 http://www.kermit-project.org/k95.html * [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: FTP SSL
-Original Message- From: Michael Sierchio [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] Date: Friday, June 16, 2000 10:14 AM Subject: Re: FTP SSL Arun Venkataraman wrote: This is an old gripe :( Ppl don't seem to have attempted seriously to use SSL over something else other than http. Huh-wah? You have it backwards (HTTP over SSL). And there are Oops! you are right. plenty of examples of LDAP, POP, SMTP and other protocols over SSL. FTP is inherently problematic (except if restricted to passive mode) because of the way connections are made -- SSL, itself running atop TCP, isn't really suitable for this. IPSec, SKIP, and other attempts to secure information at the packet level, are probably much better. I wasn't aware of these technical difficulties. When I went over to ftp://ftp.psy.uq.oz.au/pub/Crypto/SSLapps it seemed like people had successfully patched wu-ftpd, an ftp client and a telnet client to work with SSL. However, all the patches etc. seemed out of date and meant for SSL-eay. This made me wonder if it was simply a problem of updating those patches for openssl. Arun. Peter Runestig has a current set of patches implementing the current FTP over TLS Internet-Draft at ftp://ftp.runestig.com/ Jeffrey Altman * Sr.Software Designer * Kermit-95 for Win32 and OS/2 The Kermit Project * Columbia University 612 West 115th St #716 * New York, NY * 10025 http://www.kermit-project.org/k95.html * [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]