Hi there,
Is there somebody involved in development of mod_ssl module for Apache?
Question is - since support for GOST cryptography is added to OpenSSL
0.9.9, we are now going to implement support of GOST ciphersuites in the
Apache (because https is most frequent use of TLS with national
I was asked by one user if we are planning to provide PKCS#11 module,
based on OpenSSL (it was in the context of adding GOST algorithms
support to the Mozilla-based software).
I doubt is this solution is technically feasable.
As far as I know, most people do it other way around - write
There are some things that are quite hard problems doing it the other way
round. FIPS certification with the OpenSSL engine plugin active is probably
the worst.
With PKCS#11 on top of OpenSSL you have an industry standard API, which
most hardware cards support. So you could swap a FIPS certified
On 2007.11.19 at 20:46:36 +1000, Peter Waltenberg wrote:
There are some things that are quite hard problems doing it the other way
round. FIPS certification with the OpenSSL engine plugin active is probably
the worst.
With PKCS#11 on top of OpenSSL you have an industry standard API, which
Victor B. Wagner wrote:
Is there somebody involved in development of mod_ssl module for Apache?
Probably the mod_ssl mailing list is a better place for finding such
person(s), see http://www.modssl.org/support/.
Ciao,
Richard
--
Dr. Richard W. Könning
Fujitsu Siemens Computers GmbH
I installed it a few years back
On Mon, Nov 19, 2007 at 02:30:52PM +0100, Richard Koenning wrote:
Victor B. Wagner wrote:
Is there somebody involved in development of mod_ssl module for Apache?
Probably the mod_ssl mailing list is a better place for finding such
person(s), see
OpenCryptoki's Soft token based on openssl, was never intended to be a
FIPS capable function, its simply intended to be an example for those
who might wish to
a) test PKCS#11 applications without having to have a card
b) implement a token for an accelerator, other examples in opencryptoki
are
I believe that Sun contributed a pretty robust PKCS#11 engine for openSSL.
Soft token exists in opencryptoki today, if i ever find time, I will be
porting this to OSX
Alon Bar-Lev wrote:
On Nov 6, 2007 11:07 AM, Victor B. Wagner [EMAIL PROTECTED] wrote:
I was asked by one user if we are
On Nov 19, 2007 10:52 PM, Steven Bade [EMAIL PROTECTED] wrote:
I believe that Sun contributed a pretty robust PKCS#11 engine for openSSL.
It support a single static (compile time) provider, and even does not
login to the token...
I don't understand why it is packed as a patch and not as separate
On Mon, 19 Nov 2007, Alon Bar-Lev wrote:
On Nov 19, 2007 10:52 PM, Steven Bade [EMAIL PROTECTED] wrote:
I believe that Sun contributed a pretty robust PKCS#11 engine for openSSL.
It support a single static (compile time) provider, and even does not
the idea is that if you have pkcs#11
I was just using FIPS as one of the examples where PKCS#11 OVER OpenSSL is
a potentially better solution than the engine backends. I'm dealing with
FIPS certification issues all the time, so this was the obvious example -
it's caused me the most pain.
The other obvious problem is where you have
On 2007.11.19 at 14:51:16 -0600, Steven Bade wrote:
OpenCryptoki's Soft token based on openssl, was never intended to be a
FIPS capable function, its simply intended to be an example for those
who might wish to
a) test PKCS#11 applications without having to have a card
It is what I need.
12 matches
Mail list logo