On Tue, Feb 29, 2000 at 11:51:06AM +0100, Lutz Jaenicke wrote:
> I just experienced the same problem (but I have been prepared :-)
> OpenSSL 0.9.5 is more picky about the correct seeding of the PRNG
> (pseudo random number generator). It seems (did not check this out *) that the
> internal seed g
Osvaldo Brito <[EMAIL PROTECTED]>:
> $ openssl s_client -host localhost -port 443
> 14228:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block
> type is not 01:rsa_pk1.c:100:
>
> 14228:error:04067071:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check
> failed:rsa_eay.c:394:
>
On Mon, Dec 20, 1999 at 10:19:54AM +0100, Matthias Loepfe wrote:
>>> [MS-StepUp]
>> Is there a spec for it?
> http://www.microsoft.com/security/tech/sgc/TechnicalDetails.asp
>
> or
>
> http://www.microsoft.com/security/tech/sgc
Is there more than internal server errors (VBScript runtime erro
On Mon, Jul 12, 1999 at 03:36:47PM +0200, Ralf S. Engelschall wrote:
> I've still not seen any benchmarks, but the shared memory based session cache
> is certainly a magnitude faster then the disk-I/O dependent DBM based session
> cache, of course.
Presumable the difference wouldn't really be no
On Wed, Jun 02, 1999 at 08:45:24AM +0200, Ralf S. Engelschall wrote:
> On Tue, Jun 01, 1999, Brian Behlendorf wrote:
>> Hi. O'Reilly is hosting an Open Source Convention in Monterey, CA at the
>> end of August (aug. 21-24 to be precise)
USENIX Security Symposium is August 23-26 ...
>> [...] we
gt;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Date: Fri, 21 May 1999
On Fri, May 21, 1999 at 07:47:00PM +0200, Bodo Moeller wrote:
> I've done some tests now ... IE sends its request and ignores both the
> server's shutdown *and* the TCP FIN (while Netscape finally gets the
> idea of closing a connection when the FIN arrives). Finally the
&
On Fri, May 21, 1999 at 11:27:55PM -0700, Brian D. Kohl wrote:
> First of All: I created a temp certificate with my private key and the
> HTTPS site works (unknown CA, but works).
> Scenario: I got my server.crt back from Verisign. No worky.
> Error: My ssl_engine log gives me:
>
On Fri, May 21, 1999 at 11:05:38AM -0400, Adam D. McKenna wrote:
> From: Bodo Moeller <[EMAIL PROTECTED]>
>>> From what I've heard even RSAREF is not legal to use inside the US
>>> for commercial purposes. However, verisign (a division of RSA)
>>> doe
On Thu, May 20, 1999 at 03:57:21PM -0400, Adam D. McKenna wrote:
> From what I've heard even RSAREF is not legal to use inside the US for
> commercial purposes. However, verisign (a division of RSA) does not have a
> problem issuing certificates for servers running OpenSSL (SSLeay is actually
>
>> You can try just:
>> SetEnvIf User-Agent ".*MSIE.*" ssl-unclean-shutdown
>>
>>> Why does it affect https but not http?
>>
>> Don't ask me: It's a problem in MSIE AFAIK.
What does the shutdown sequence in Apache with mod_ssl look like?
With a different SSL application, I have observed strange
On Wed, Apr 14, 1999 at 09:41:34AM +0200, Ralf S. Engelschall wrote:
> On Tue, Apr 13, 1999, Gary Carroll wrote:
>> I think you may find that you can only use SSL with IP-based vhosts. For
>> name-based vhosts you need to have established the connection to read
>> the Host: header, which for SSL
On Fri, Mar 26, 1999 at 11:45:41AM +, John Imrie wrote:
>> I just discovered I couldn't connect to this site with Mac IE 4.
[...]
>> "Unable to estabish a secure connection ... there is a problem with the
>> security certificate from this site." It's not like I have option to
>> trust the sit
I'd like to suggest that future version of mod_ssl and Apache-SSL
support the ephemeral Diffie-Hellman cipher suites, i.e. the ones
that SSLeay/OpenSSL calls EDH-..., such as DH-RSA-DES-CBC3-SHA, which
is officially known as follows:
CipherSuite TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = { 0x00,
On Wed, Mar 10, 1999 at 10:35:11AM +0100, Ralf S. Engelschall wrote
(to the sw-mod-ssl mailing list):
> On Wed, Mar 10, 1999, Juergen Rensen wrote:
>> I tried to setup
>> virtual SSL hosts on the same IP address, but Apache always returned one
>> and the same default site. Has this changed?
>
mod_ssl's dbm session cache can be shared between virtual hosts (and I
think the example configuration does that). Question: Can this lead
to clients using the wrong session on one virtual host (thus possibly
bypassing client authorization, or using a session established with a
client certificate
On Sun, Jan 24, 1999 at 12:12:36PM +0100, Ralf S. Engelschall wrote:
> On Sun, Jan 24, 1999, Bodo Moeller wrote:
>> What I'm looking for is a possiblity to start httpd which can _not_
>> ask for passphrases even if someone screwed up the configuration
>> files. [...
On Fri, Jan 22, 1999 at 01:11:04PM -0800, Tom Vaughan wrote:
> Bodo Moeller <[EMAIL PROTECTED]> writes:
>> What I'd like to have is a third variant of starting up Apache with
>> mod_ssl which enables SSL, but disables asking for passwords (so that
>> start-up m
On Wed, Jan 20, 1999 at 03:08:08PM +0100, Ralf S. Engelschall wrote:
> On Wed, Jan 20, 1999, Magnus Stenman wrote:
>> It would be nice if httpd would check
>> its name when starting up -- if its
>> httpsd, define SSL, otherwise don't
> The problem is that now with Apache 1.3.4 a simple --target=
RANDFILE from
ssleay.cnf (e.g. ~/.rnd) is used by SSLeay's "req" application.
In any case, the documentation of the software packages should state
where randomness is collected and, possibly, how much entropy we could
hope to g
20 matches
Mail list logo
