iphers than the ones specified.
Maybe something like this:
[ global ]
default_bits= 4096
default_md = sha512
# for backward compatibility. Not to be used in a post-prism era.
#default_bits= 1024
#default_md = sha1
[ ca ]
default_md = global
...
regards,
skyper
Two concerns:
1. Openssl should create a 4096 bit key if the default setting is 4096 bit.
2. Openssl should not show that a 4096 bit key is generated and then
generate something much weaker.
regards,
skyper
27;
but dont blame me for asking :)
Thanks for brainstorming with me about these rather simple questions :)
skyper
--
PGP: dig @segfault.net skyper axfr|grep TX|cut -f2 -d\"|sort|cut -f2 -d\;
__
OpenSSL Project
s
user data so SSL_read() does not return until the re-keying data
is also read in the second example (16 bytes send before re-keyin data).
Or, to simplify the question: Can I use the above scenario without
risking that C stucks in SSL_read().
skyper
--
PGP: dig @segfaul