Re: domain check vs pubkey check
"David Schwartz" <[EMAIL PROTECTED]> writes: >> Hi, a question about the SSL: >> >> In SSL, the server certificate is checked by the >> client as to whether the server actually holds the >> private key of it. This is done by client sending the >> session key signed by server's public key. >> >> So, why there is a need for a check of domain name in >> the server certificate? Shouldn't the above check be >> enough? > > Absolutely not. If I type "https://www.paypal.com"; and I get connected to a > secure server run by some bad guys, knowing they own the certificate they > present to me isn't good enough. I need to make sure the certificate was > issued to paypal.com and signed by a certificate authority I trust. > > Anyone can obtain a certificate and confirm that it is their certificate. If > the certificate is signed by a CA I trust, I then know who I am talking to. > But knowing I am talking to someone I don't trust, and still sending them my > credit card information, would be really stupid. Perhaps wandering a bit off-topic, but in practice many CAs which are trusted by most browsers will issue certificates to whomever controls a domain at the time the cert is issued, and so there's very little difference between trusting DNS and trusting DNS+SSL for site authentication (though of course SSL has the advantage of encrypting the connection). In other words, the difference between the model Soner expected and reality is the purchase of a certificate for a few tens of dollars from one of the many CAs that do minimal checking before issuing certificates. Scott. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: huge memory allocation on simultaneous ssl handshakes.
Lutz Jaenicke <[EMAIL PROTECTED]> writes: [...] > Yes, only 100MB might be actually used but the 2GB would still be > reserved in memory. > To get an idea about this behavior you can write a simple program like And just to elaborate a little, if other processes need this memory, the OS will swap out the unused memory after a short time. So the memory consumed will take up swap space, but will not take up actual memory if the OS has a better use for it. If this presents a real problem, the general solution is to use a specialized malloc, which uses a memory allocation method that allows returning memory to the OS, such as mmap. I'm not sure how to use a custom malloc with OpenSSL, but hopefully this will give you something useful to Google for. And it's worth noting that it this sort of memory usage doesn't usually cause a real problem. Good luck! Scott. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Patch Openssl
"Sara978 (sent by Nabble.com)" <[EMAIL PROTECTED]> writes: > I have tried to write: > > patch -p1 < ts-20060225-0_9_8a-patch.gz You have to uncompress the patch file first: gunzip ts-20060225-0_9_8a-patch.gz patch -p1 http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Securing passwords
David Irvine <[EMAIL PROTECTED]> writes: [...] > Apart from that what is the most effective way of entering a > password to stop keyloggers I have been racking my brain thinking of > a defeat for them but can't come up with one yet although I'm sure > there is an answer somewhere. Consider the use of one-time passwords. A google search for this phrase turns up most of the interesting information; RSA's SecurID is a popular example. Challenge-response mechanisms, with the response calculated on a device completely controlled by the user (such as a cellphone, PDA, or specialized device), are a similar idea. S/Key is a well-known example of this, although there may be newer ones. Both of these are vulnerable to man-in-the-middle attacks, but will significantly reduce risk, and protect you from keyloggers that don't transmit their results within a few seconds after they are sent. These probably don't present turnkey solutions to your immediate problem, but will hopefully get you pointed in a useful direction. Good luck, -Scott. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Using the command line tool talk to a socket
Raymond DeGennaro II <[EMAIL PROTECTED]> writes: > Can the command line tool be used to talk to a socket? See if: openssl s_client -help gives you the information you need. ---Scott. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
dhparam question
Hello, I'm putting together a short step-by-step guide to using SSL with qmail and sslserver. sslserver requires a "dhparam" file generated by "openssl dhparam -out dhparam 1024"; I know how to generate it, but not exactly what it does. I'd like to include a brief explanation, and I was hoping somebody could tell me: * What types of parameters does the dhparam file contain? For example is it a key, or a seed, or a configuration a la openssl.conf? Does it need to be kept secret? * Is it necessary to generate a unique dhparam for each server, or can they safely be shared? For example, since it takes a long time to generate one, could I generate one and post it on my Web site for users to download, or would that compromise/reduce their security? Thanks for any help! ---ScottG. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Announcement: OpenSSL 0.9.6e (Security related upgrade)
Lutz Jaenicke <[EMAIL PROTECTED]> writes: > OpenSSL version 0.9.6e released > === > > OpenSSL - The Open Source toolkit for SSL/TLS > http://www.openssl.org/ > > The OpenSSL project team is pleased to announce the release of version > 0.9.6e of our open source toolkit for SSL/TLS. This new OpenSSL version > is a security and bugfix release and incorporates several changes to the > toolkit (for a complete list see http://www.openssl.org/source/exp/CHANGES). > > The most significant changes are: > > o Important security related bugfixes. > o Various SSL/TLS library bugfixes. I've done some work on running SSL/TLS code as a separate process in a chroot jail as an unprivileged user, communicating with the daemon it's doing encryption for via UNIX domain sockets. This approach massively mitigates the possible damages from the bugs discovered in the last day or two. OpenSSL is good code, but it's over 200,000 lines. It makes sense to isolate it from the special privileges daemons often have. The work I've done is with stunnel. See: http://www.suspectclass.com/~sgifford/stunnel/ http://www.suspectclass.com/~sgifford/stunnel/stunnel-patches.txt http://www.suspectclass.com/~sgifford/stunnel/stunnel3.22+paranoia0.1-openfd0.1.patch for the patch to stunnel (and some related patches; I'll be happy to split out just the paranoia patch if anybody wants it without the others), and the various README files in: http://www.suspectclass.com/~sgifford/stunnel-tlsproxy/ for some examples. It currently works fine, has been tested with several SSL/TLS clients, and is in production use at a client's site for about a month. The stuff that's there right now isn't real user-friendly, but hopefully these patches or something similar will get incorporated into stunnel sometime in the near future, and then things will get a little easier; if there's an interest I can write up some more documentation. Please send along any comments, questions, criticisms, etc. to me or to the list. -ScottG. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: valgrind and BIO_new_mem_buf
"Shaun R." <[EMAIL PROTECTED]> writes: > valgrind --leak-check=yes shows the below message, trying to figure > out what i need to do to correct this. i do have > BIO_free(verify_bio); before the function returns Not sure if it addresses your problem directly, but this FAQ entry might be helpful: http://openssl.org/support/faq.html#PROG13 -Scott. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Reducing OpenSSL per-session memory usage
Hello, We're working on a server that will be used to serve a large number of mostly-idle clients over SSL connections. As we are starting to test our scalability, we are finding that the memory used by each SSL connection is one of our limiting factors. We are measuring about 10K per session when we use just TCP, and closer to 50K when we use SSL over TCP. We are using SSL3.1/TLS1.0. Both our TCP server and SSL/TCP server are implemented using boost::asio. Looking around at the problem, we found this change to OpenSSL in the CVS repository: http://cvs.openssl.org/chngview?cn=17238 We installed a copy of openssl-SNAP-20081210 (which includes this change) to test with, and modified our code to set the SSL_MODE_RELEASE_BUFFERS flag on the context. This appears to be working as its supposed to: when I run everything under the debugger and set a breakpoint on the call to OPENSSL_malloc in freelist_extract, it gets called a few times, then is not called again while I'm bringing up my test connections. However, memory usage remains about the same; over 1K connections my process goes from 10MB RAM to 48MB RAM, about 38KB/connection. We're a bit stumped about what to do next. I was hoping somebody who was more familiar with the OpenSSL code could suggest some other ways we could reduce memory usage, or perhaps troubleshoot our use of SSL_MODE_RELEASE_BUFFERS. Thanks for any suggestions, Scott. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Question about buffers
Hello, I'm trying to reduce the per-client memory usage on my OpenSSL-enabled server. I'm having a hard time figuring out what the different buffers are used for, though. I can see in ssl3.h that SSL3 sessions will have a read and write buffer (rbuf and wbuf), and also a read and write record (rrec and wrec). The SSL sessions also have a BIO object. I'm not quite getting when things are buffered into the rbuf and wbuf, and when they are buffered into the BIO object. Also, I think the rdbuf and wbuf have to be at least 16KB to accomodate a maximum-size SSL record. Does the BIO need to be 16KB also? Any tips on where to go to get a better understanding of this? Any other tips or suggestions on reducing memory usage will be very much appreciated. Thanks! Scott. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Where to store client PEM certificates for an application
Edward Diener writes: [...] > In this last case I do not understand how the client can encrypt > data going to the server if it has no private key of its own. Each combination of algorithms that can be used when only one party has a key must provide some way to do this. When RSA is used and only one party has a private key, the party without the key (usually the client) generates a secret, then sends it to the server using its public key. The client knows the secret because it made it up. The server knows the secret because it can decrypt it with its private key. But an observer cannot figure out the secret, so it is secure. This secret is used as part of the key generation process, and the generated key can be used with a conventional symmetric cipher (like DES or AES) to communicate securely. Alternately, the Diffie-Hellman(-Merkle) key-exchange protocol can be used to establish a shared secret. See the Wikipedia entry: http://en.wikipedia.org/wiki/Diffie-Hellman These are the two most commonly used ways. [...] > For what books do I look to specifically understand how these > certificates work with public key-private key pairs ? SSL books ? > Cryptography public key-private key books ? For a general understanding of cryptography, I learned from Bruce Schneier's "Applied Cryptography". That provided enough basic background information to get me by for a number of years. Recently I'm having to understand more of the details, and I'm reading Eric Rescorla's "SSL and TLS: Designing and Building Secure Systems" to learn about the SSL protocol, and the O'Reilly book "Network Security with OpenSSL" to learn about the OpenSSL library and its API. Hope that helps! Scott. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: TLS SSL and virtual hosts
"Kevin Murphy" writes: [...] > I came accross a couple "howto" articles for setting up one certificate that > will cover all virtual hosts on a web server... one static IP, one > certificate, > multiple sites, lots of saved money! Hi Kevin, Those sites describe a way to put multiple certificates on the same IP address, so they will save you IP addresses, not certificates. The only way I know of to put multiple hosts on the same certificate is to use a wildcard certificate, and make sure all host names match the wildcard. [...] > These posts are all made in 2006 - 2007, I can't find any recent howto's or > information as to whether OpenSSL or Apache still require recompiling (I don't > have any experience with that, just "apt-get install..." and configure) or > whether this can really be done effectively as the Apache docs claim it cannot > be (http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#vhosts). It looks like a patch is required, so regular Apache could not do this, but a patched Apache could. The docs are for the unpatched Apache. All of these things involve experimental patches, custom compilation, etc. If you're uncomfortable with that, your best bet is probably to wait until this feature makes its way into regular OS distributions. Good luck! Scott. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: IE can share the SSL conncetion made by Openssl
lampa writes: > Hello All: > At first , I make SSL connection By OpenSSL ,and then ,I want IE can share > this connection ,which means that IE do not need SSL authentication again > ,so IE can connect the WEB server on the SSL tunnel. > > Now,SSL connection is built by OpenSSL. But ,I do not know IE how to share > the SSL connection. Hello, It is hard to understand exactly what you mean. One thing that is possible is to create an SSL tunnel from your machine to a remote server using SSL. Then your local Web browser can connect via this tunnel without using SSL. stunnel would pick up the plain TCP connection, forward it to the SSL connection, then forward the response back. stunnel is a good tool for doing this, though you could certainly implement it yourself if your needs are more complicated. Apart from tunneling like this, I don't think it's possible to make IE or any Web browser use an already-established connection to a Web server, or share the connection between a browser and another application. Hope this helps, -Scott. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: openssl TLS query
"Pickford, Steve" writes: > I wonder if you can help me, I can connect to our Active Directory server with > ldapsearch compiled and running with TLS under linux. > > If I do this with my mingw version I get :- > > TLS trace: SSL3 alert write:fatal:unknown CA You need to tell it where your list of acceptable CAs is. On the commandline with s_client, you use something like: -CApath arg - PEM format directory of CA's -CAfile arg - PEM format file of CA's I don't remember the equivalent in the API, but I'm sure some searching will turn it up. Good luck! --Scott. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Starting a c++ program with openssl support
dratone writes: > I've read the documentation (3 times over), but can't fully make sense > of it. Could someone show me an example of how to create a listening ssl > socket, and a connecting ssl socket? I would consider boost::asio: http://www.boost.org/doc/libs/1_37_0/doc/html/boost_asio.html We used it for a recent project and are very happy with it. It has SSL support using OpenSSL. asio is easy to use and reliable (though its scalability could be improved a little, if you will have thousands of simultaneous connections). Good luck! Scott. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: On the fly certificate generation to send to the client
AngelWarrior writes: > I need some Info.I have a client and server application which > requires a secure medium for the transferring of data between each > other. Currently I am using openssl to achieve this using private > and public key certificates with RSA encryption. I don't want to > ship the certificate with each every and client application. Hello, The easiest way to transfer data securely between a client and server over the network is to simply use an SSL connection. It will only require a certificate on the server, and will take care of all of the necessary details to set up a secure channel. Is there a reason this won't work for you and you need to use RSA directly? If so, please explain the reason; it will probably affect what sort of solution will be workable for you. -Scott. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: On the fly certificate generation to send to the client
AngelWarrior writes: > but this still requires a CA kind of certificate right.I dont know if the > client will be have a CA certificate to authenticate it.If I am wrong please > explain me how it can be done. Regular SSL only requires a certificate on the server. Encrypted Web browsing with https, for example, doesn't require a client certificate. Scott. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: send encrypted data to remote server
skar writes: [...] > I have a file on my server which needs to reach several client machines > safely and to remain encrypted there. You may want to consider using PGP for this, it sounds like your scenario is exactly what it was designed for. Each client would generate its own private and public key, then the sender would add the public keys to its PGP keychain and encrypt and sign a message to all of them. PGP would take care of making this work (IIRC it would encrypt the file using a symmetric key, then include copies of the symmetric key encrypted with each recipient's public key). An alternative would be to use straight symmetric cryptography, where there is one secret key which is known by the server and all the clients. Then you could just encrypt the data with something like: openssl enc -aes-256-cbc and on the other end use: openssl dec -aes-256-cbc Hope this helps! -Scott. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
