To much fiddling to force openssl to use strong crypto.

iphers than the ones specified. Maybe something like this: [ global ] default_bits= 4096 default_md = sha512 # for backward compatibility. Not to be used in a post-prism era. #default_bits= 1024 #default_md = sha1 [ ca ] default_md = global ... regards, skyper

Openssl generating 1024 bit keys when default_bits is set to 4096 bit

Two concerns: 1. Openssl should create a 4096 bit key if the default setting is 4096 bit. 2. Openssl should not show that a 4096 bit key is generated and then generate something much weaker. regards, skyper

Questions for implementing a crypto protocol (DH + blowfish)

27; but dont blame me for asking :) Thanks for brainstorming with me about these rather simple questions :) skyper -- PGP: dig @segfault.net skyper axfr|grep TX|cut -f2 -d\"|sort|cut -f2 -d\; __ OpenSSL Project

select, who is first, data or re-keying?

s user data so SSL_read() does not return until the re-keying data is also read in the second example (16 bytes send before re-keyin data). Or, to simplify the question: Can I use the above scenario without risking that C stucks in SSL_read(). skyper -- PGP: dig @segfaul