Re: SSL renegotiation
you can enable using this directive SSLInsecureRenegotiation please refer http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslinsecurerenegotiation documentation. On Mon, Jul 16, 2012 at 11:37 AM, Sebastian Raymond ray.s...@gmail.comwrote: Hello, I was investigating the SSL renegotiation in Openssl. When I emulate the server with s_server and the client with s_client, I can renegotiate by sending R. But when I try the same thing with the server s_server replacing with Apache 2.2.14 web server, the renegotiation fails with the following error. *3077585640:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:591* Can anyone tell me why does this happen? Is there any way to enable SSL renegotiation in the Apache web server? Thank You! -- Regards, *Sebastian*
reject client hello
Hi All, I would like to reject if the client hello doesn't contain secure renegotiation info(RFC 5746). I could close the ssl connection after it established. As per the RFC 5746 section 4.3 server shall terminate the connection immediately upon failure to negotiate the use of secure renegotiation Is it possible to reject as soon as i receive client hello message.? If so how can i do it. Thanks JJ
Re: Intermediate CA
Thanks for the response.. You have to get the IC to the client somehow. The usual method is to have the server send it. Does the server software provide a way to supply a certificate chain? What do you mean by server sending it? is it on TLS negotiation? What do you mean by certificate chain? is it rootCA and IntermediateCA combined in a pem file?. Thanks Jijo On Thu, Jan 13, 2011 at 9:39 AM, David Schwartz dav...@webmaster.comwrote: On 1/12/2011 3:19 PM, Jijo wrote: Hi All, I hope this a basic question for you guys.. I'm trying to setup TLS connection between Client and Server. In the server i did following things, 1. Created a selfsigned rootCA 2. Created IntermediateCA and signed with rootCA. 3. Create a Server Certificate and signed with intermediateCA. 4. Appened the rootCA also to the server Certficate. In the Client. 1. Create a Server Certificate and signed with rootCA. 2. Stored CA as rootCA Now i made a TLS connection from Client to Server and the client returns an error:20 Unable to get Local Issuer Certficate. If the client doesn't have the intermediate certificate, how can it know the server's certificate is valid? I don't see this error if i use intermediateCA as CA in Client Am i supposed to use intermediateCA as CA in Client? You have to get the IC to the client somehow. The usual method is to have the server send it. Does the server software provide a way to supply a certificate chain? DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Intermediate CA
Hi All, I hope this a basic question for you guys.. I'm trying to setup TLS connection between Client and Server. In the server i did following things, 1. Created a selfsigned rootCA 2. Created IntermediateCA and signed with rootCA. 3. Create a Server Certificate and signed with intermediateCA. 4. Appened the rootCA also to the server Certficate. In the Client. 1. Create a Server Certificate and signed with rootCA. 2. Stored CA as rootCA Now i made a TLS connection from Client to Server and the client returns an error:20 Unable to get Local Issuer Certficate. I don't see this error if i use intermediateCA as CA in Client Am i supposed to use intermediateCA as CA in Client? Please let me know how it shall be used.. Thanks in advance.. Jijo