You can use OpenSSL0.9.6g.
Detailed instructions are given in 'INSTALL' file, located in directory
where you extracted the openssl archive.
- Sunil
-Original Message-
From: Deng Lor [mailto:deng_lor;hotmail.com]
Sent: Tuesday, November 12, 2002 10:51 PM
To: [EMAIL PROTECTED]
Subject:
Hello,
I don't know of any option in the clients (browsers) that support your scenario.
You could use stunnel (www.stunnel.org), and that could work perfect, but you will
have to install one instance of stunnel client on each workstation. Technically, it
is possible to encrypt the channel to
Presumably the point of this exercise is to be able to analyze normally
encrypted traffic. It would be easier to write a proxy that simply
negotiated with the server as a client and with the browser as a server.
Sure, the browser would detect that the server certificate was incorrect
(actually a
This sounds like it could be handled by a reverse proxy setup to me.
I'm pretty sure Apache Web Server can do this (see the
ProxyPass/ProxyPassReverse|| directives).
-- Tim
We are trying to set up a system where a server can act as a proxy for
http, while automaticaly encrypting all proxied
The former supports several external cryptographic accelerator cards, and
the latter does not. Otherwise, the two versions are the same.
Lynn Gazis
Rainbow Technologies
-Original Message-
From: ANKIT K SHAH [mailto:anshah;us.ibm.com]
Sent: Wednesday, November 13, 2002 11:01 AM
To:
On Wednesday 13 November 2002 12:17 pm, you wrote:
$ openssl x509 -noout -modulus -in server.cert | openssl md5
unable to load certificate
26567:error:0906D066:PEM routines:PEM_read_bio:bad end
line:pem_lib.c:762:
d41d8cd98f00b204e9800998ecf8427e
D'oh! An unfaithful cut-n-paste added an
does anyone know why these files no longer appear in the distribution? They
were in the openssl-0.9.6b-11 version but not in openssl-0.9.6b-29 version.
John d'Alelio
Sr System Engineer
Psynapse Technologies LLC
Washington D.C. 20007
On Wed, Nov 13, 2002 at 04:24:38PM -0300, Alejandro Rusell wrote:
I don't know of any option in the clients (browsers) that support
your scenario.
BTW, what do you mean with analyze unencrypted network traffic?
Should it be encrypt/protect unencrypted network traffic?
We have a web system
In message [EMAIL PROTECTED] on Wed, 13 Nov
2002 14:43:49 -0500, John d'Alelio [EMAIL PROTECTED] said:
jdalelio does anyone know why these files no longer appear in the distribution? They
jdalelio were in the openssl-0.9.6b-11 version but not in openssl-0.9.6b-29 version.
I think you're asking
Mike Alberghini [EMAIL PROTECTED] writes:
On Wed, Nov 13, 2002 at 04:24:38PM -0300, Alejandro Rusell wrote:
I don't know of any option in the clients (browsers) that support
your scenario.
BTW, what do you mean with analyze unencrypted network traffic?
Should it be encrypt/protect
Hi Experts:
THANKS to Mr. Lance for his reply.
I tried to modify my /jboss/server/default/deploy/tomcat4-service.xml file
as shown below:
--
Server
Service name = JBoss-Tomcat
If it's RedHat, AFAIK we have the following situation and the following fix.
0.9.5b is libcrypto.so.0 and libssl.so.0
0.9.6 is libcrypto.so.1 and libssl.so.1
0.9.6b is libcrypto.so.2 and libssl.so.2
Recreate these symlinks:
ln -s /usr/local/ssl/lib/libcrypto.so
Presumably the point of this exercise is to be able to analyze normally
encrypted traffic.
That's what I thought when I first read your problem description.
IMHO, you're going at this the wrong way. Set up a second box running
snort. Set it up to read the encrypted traffic... and use a
Oops, I'm not an expert on mbeans, etc. so I'm not wasn't sure what all you needed
Here's what we're using
for the tomcat-service.xml file.
(I've 'd out the private pieces.) The keystore is located in the
jboss/server/default/conf/ directory.
I would seriously recommend upgrading
Lin
No I am not an OpenSSL developer. However I have built several server and
client applications using OpenSSL.
The the following code works with IE 5.0 and the simple client program I
sent you.
BIO_puts(io,HTTP/1.1 100 Continue\r\n);
BIO_puts(io,Server: Microsoft-IIS/5.0\r\n);
On Wed, Nov 13, 2002 at 09:35:47AM +0100, Karl-Michael Werzowa wrote:
letters, etc. (If you use an Ö or Ä it may be easy, but what about
hungarian, slovak, croatian characters? How to type these? Do you know the
possible transcripts?)
The best way seems to be to have an ascii transcript and
On Wed, Nov 13, 2002 at 09:53:34AM -0800, Lin Ma wrote:
I have a client program using Openssl to send request to and receive
response from a web server. SSL_read hangs if the web server sends the
following headers.
The following is the header dump without SSL. I think the problem is the
As we're starting up our release process again, we'd need to have as
many as possible test the latest snapshots for us. I can personally
cover Debian GNU/Linux on i386.
--
0.9.6h:
One of the upcoming releases will be 0.9.6h (basically to fix all bugs
that have been
At 11:42 14.11.2002 +1300, you wrote:
On Wed, Nov 13, 2002 at 09:35:47AM +0100, Karl-Michael Werzowa wrote:
letters, etc. (If you use an Ö or Ä it may be easy, but what about
hungarian, slovak, croatian characters? How to type these? Do you know the
possible transcripts?)
The best way seems
Richard
Exactly what are you testing, installation, routines etc.
I have RH Linux on i686, Windows 2000 Server and Windows Professional.
Marcus
- Original Message -
From: Richard Levitte - VMS Whacker [EMAIL PROTECTED]
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Wednesday, November
In message 002301c28b72$8d1d1060$142c2e04@internet on Wed, 13 Nov 2002 16:12:32
-0800, marcus.carey [EMAIL PROTECTED] said:
marcus.carey Exactly what are you testing, installation, routines etc.
Tests that need to be performed:
- configuration and build
- test suite
- installation (be wise and
Can someone please confirm for me that, by default, OpenSSL never requests a
renegotiation and that if you want it to initiate a renegotiation, you have
to specify a timeout or byte count.
DS
--
David Schwartz
[EMAIL PROTECTED]
On Tue, Nov 12, 2002, Henry E. Thorpe wrote:
Question:
Is there a standard for how the e-mail address is supposed to be
contained in the Subject or Alternative name extension of an x509
certificate?
We have some folks trying to set up a PKI using a Microsoft
Certificate server. I noted
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi!
Problem:
I am in the following situation:
I have generated a CA using openssl.
I have a smart card containing a private key.
How do I generate a certificate request based on an already existing
certificate containing the public key which is
I am compiling OpenSSL on Windows 2000.
I read INSTALL.W32 that came with the source. I had a
successful compile using Mingw32. Further down in INSTALL.W32
I see the following note...
libcrypto.a and libssl.a are the static libraries. To use the
DLLs,
link with libeay32.a and libssl32.a instead.
25 matches
Mail list logo