On Mon, Jan 14, 2002 at 01:55:53PM -0800, Eric Rescorla wrote:
> Adam Wosotowsky <[EMAIL PROTECTED]> writes:
> > If the clocks are within say 30 minutes of each other the SSL handshake
> > will go through without a hitch and communications will flow smoothly.
> > However, if the clock is set quite
"Stuart Walsh" <[EMAIL PROTECTED]> writes:
> Since switching my server to non blocking I/O, I've been having all
> sorts of problems. I've read the docs over and over, but the stuff
> about SSL_write() and SSL_ERROR_WANT_WRITE make little sense and are
> very complicated.
>
> Basically, at diffe
Rob Beckers <[EMAIL PROTECTED]>:
[...]
> I'm glad you can reproduce the problem, that's half the battle. I'm using
> OpenSSL's internal cache (single threaded program using async sockets, so
> no need for external cache), and as stated it's not re-using.
>
> There's no particular hurry to get
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
Since switching my server to non blocking I/O, I've been having all
sorts of problems. I've read the docs over and over, but the stuff
about SSL_write() and SSL_ERROR_WANT_WRITE make little sense and are
very complicated.
Basically, at differen
Adam Wosotowsky <[EMAIL PROTECTED]> writes:
> On Mon, Jan 14, 2002 at 09:26:22AM -0800, Eric Rescorla wrote:
>
> > SSL does not require that the client and server have synchronized
> > clocks, except in the loose sense that a certificate verifier's
> > clock should have some relation to the real
On Mon, Jan 14, 2002 at 09:26:22AM -0800, Eric Rescorla wrote:
> SSL does not require that the client and server have synchronized
> clocks, except in the loose sense that a certificate verifier's
> clock should have some relation to the real time in order to avoid
> falsely evaluating expiry.
>
I created a new CA and user certs and ran a program that have developed
and it had been working with some other certs that I generated earlier
but now I get a message:
16451:error:0906B072:PEM routines:PEM_get_EVP_CIPHER_INFO:unsupported
encryption:pem_lib.c:506:
Anybody know why I would get this
Peter Cesarz wrote:
>
> Hi,
> Are there additional libraries necessary to work with
> things like the EVP Cipher routines? Or has anyone
> observed a mismatch of evp.h and the statement
> "EVP_EncryptInit() et.al. are obsolete...". The evp.h
> file I got from the latest release of OpenSSL has
>
Adam Wosotowsky <[EMAIL PROTECTED]> writes:
> I've thrown this out to the list before but recieved no responses,
> so I'm going to do it again.
>
> SSL encryption seems to fail if there is too much skew between the
> clocks. I've read "5 minutes", but I think that it is longer than that
> (there
hello,
I've thrown this out to the list before but recieved no responses,
so I'm going to do it again.
SSL encryption seems to fail if there is too much skew between the
clocks. I've read "5 minutes", but I think that it is longer than that
(there _is_ a 5 minute timeout, but I do not think th
> While I agree with the other points:
> OpenSSL itself does not contain any code to performs these checks:
> therefore it does not do it wrong but it also does not do it right;
> it doesn't do anything :-)
>
> Best regards,
> Lutz
Lutz is right. I've been looking at so much Open* softwar
On Mon, Jan 14, 2002 at 04:11:28PM -, [EMAIL PROTECTED] mentioned:
> I don't know about -multi, or the aep code. Someone on the openssl-dev list
> might know what the current situation is. My guess (and that's all it is) is
> that the manufacturer may not have released any code or information
>-Original Message-
>From: John P. Looney [mailto:[EMAIL PROTECTED]]
>Sent: 14 January 2002 15:56
>To: [EMAIL PROTECTED]
>Subject: Re: ./openssl speed -multi 1000 -engine aep ?
>
>
>On Mon, Jan 14, 2002 at 03:52:18PM -,
>[EMAIL PROTECTED] mentioned:
>> The openssl-engine versions also
- Original Message -
From: "Stanley Hopcroft" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, January 14, 2002 10:36 AM
Subject: Re: Why DNS/IP in certificate?
> Deear Ladies and Gentlemen,
>
> I am writing to thank you for your comments about this matter and ask
>
> On Thu
Hello
everybody,We are implementing an new engine (based on openssl 0.9.6c) to use
the RSAPKCS11 interface of our crypto hardware (Bull Trustway
CC2000).We would like to access our C_GenerateKeyPair PKCS11 function
through theopenssl RSA_generate_key.So we are adding a new entry gen_key
in
On Mon, Jan 14, 2002 at 03:52:18PM -, [EMAIL PROTECTED] mentioned:
> The openssl-engine versions also support "openssl speed".
But not -multi ? (at least not 0.9.6c - I don't know of any more recent
ones).
John
--
___
John Looney Chief Scien
The openssl-engine versions also support "openssl speed".
-
John Airey
Internet systems support officer, ITCSD, Royal National Institute for the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED]
Agnostic (Greek) = Ignoramus (Latin)
It seems that the 0.9.7 snapshots are the only ones that support running
"openssl speed" concurrently. I was looking to test an AEP card here, and
the 0.9.7 snapshots don't have AEP accelleration merged yet.
I was wondering - is there version of 0.9.7 with the AEP engine merged
into it yet ? Is
I haven't yet seen discussion of one interesting aspect of this
issue from the viewpoint of the TLS specification.
The TLS specification says (in RFC 2818) that the client must first
compare all subjectAltName extensions with type dNSName to the
intended server's identity. That can include wildc
A good example of a NAT device would be the Linksys Cable/DSL
router. This device is perfect for a small office that needs
connection to the Internet and provides hardware firewall
protection by limiting the IP addresses and ports that are
forwarded on to backend servers. It has multiple hardwar
>is it possible to have an OpenSSL server located behind a Network Adress
>Transalation device (a NET device is sometimes part of firewalls, eg
>the Cisco PIX) and still have the client handshake complete without
>error ?
Yes, you can use NAT devices quite easily since they really are just a
simp
Personally I would have a second server outside the NAT device that proxies
requests in and out of the server behind the firewall. There seems to me
little point in having a firewall if you allow public access straight
through it!
In that case you can secure the connection between the outside mac
Deear Ladies and Gentlemen,
I am writing to thank you for your comments about this matter and ask
On Thu, Jan 10, 2002 at 09:34:50AM -0500, Neff Robert A wrote:
>
> The client needs to verify who it is connected to.
> Anyone in the world can present a certificate to
> establish an ssl connectio
Hello
I know that OpenSSL 0.9.7 will support AES, that's not my question ;) My
question is, will we be able to use AES in SSL communication? I mean, it's
all well and good to see AES in libcrypto, but it would be nice to use it
in libssl as well.
Thank you
Martin
--
Martin Sjögren
[EMAIL P
On Fri, 11 Jan 2002 08:47:58 -0600, Scott Frazor wrote:
>I tried looking at the RFC and it was not what I was looking for. I think
>now that I have read a couple of responses to my original question I am
>specificaly looking for how to impliment a POST through OpenSSL's API and
>receive the re
25 matches
Mail list logo
