384 bits is too small to be secure, and too small to hold the encrypted
pre-master secret + PKCS#1 padding. The browser should really refuse to make
such a connection anyway. I wouldn't be surprised if you just bumbled onto a
bug in Netscape.
use 1024-bit or larger moduli.
__
After I do the SSL initialization, I do the following in my server code.
while(1){
if((s=accept(sock,0,0))<0)
err_exit("Problem accepting");
sbio=BIO_new_socket(s,BIO_NOCLOSE);
ssl=SSL_new(ctx);
SSL_set_bio(ssl,sbio,sbio);
SSL_CTX_set_verify(ctx, SSL_VERI
Hello everyone,
Does anyone has a working example of a client code that uses client
certificates and sends post requests prefferably in C++?
I wrote some code that works just fine when a server doesn't requires a
client cert, but when a server is set to require them, I started to get
error 403.7
Yes, this is possible. We already have such product out in the market.
Check out our product, iVest, at http://www.ivest.com.my
At 16:22 22-03-01 +0100, you wrote:
>Hi there,
>
>I'm new to openssl and want to implement a client/server SSL connection.
>The difficulty is that the private key is o
You need to do the SSL_CTX_set_verify() *before* you do the SSL_new(). The
SSL * sort of inherits all of the settings from the parent SSL_CTX *, kind
of like a fork(). If you need to customize a setting for a particular SSL
session, you do this to the SSL * object.
___
Thanks Greg
Moving the SSL_CTX_set_verify() above the SSL_new() did the job of fixing
the problem.
Ramdas
-Original Message-
From: Greg Stark [mailto:[EMAIL PROTECTED]]
Sent: Thursday, March 22, 2001 5:51 PM
To: [EMAIL PROTECTED]
Subject: Re: Strange behaviour with SSL_CTX_set_verify
Hello all,
Greg, I guess 384 is too small...I tried with
400..even that gave problems...with 500,512,1000,1024
there were no problems..
Does anyone know what would be a safe lower-limit?
TIA,
Pradeep
--- Greg Stark <[EMAIL PROTECTED]> wrote:
> 384 bits is too small to be secure, and too small
Hi
Thanks for the info! I tried that but I got a key values mismatch error.
I used the following command to generate the 2 levels of CA and a server
certificate
# self signed certifcate for root CA
% openssl genrsa -des3 -rand /export/home/pli/.cshrc -out ca1.key 1024
% openssl req -new -key /
Hi, all
After test my SSL server with self-signed certificate, now I have
bought one from verisign, but when I override old .crt with new .crt,
I can not start my server again, the error msg is show below, can
u tell me the reason, thanks in advance.
[Fri Mar 23 14:13:55 2001] [error] mod_ssl:
