Can you tell me what are the application dependency factor here so we'll be
able to chase a limit?
It is used as an RSA key exchange certification/private key pairing.
Thanks...
JoelKatz wrote:
On 7/26/2011 4:38 AM, Katif wrote:
I need to know in advance the maximum length of the
Hi,
I am using openssl-1.0.0d. downloaded the source and built the library.
Can anyone suggest how to do the following:
a) testing NULL Encryption:
While building openssl i modified the macro SSL_DEFAULT_CIPHER_LIST to
#define SSL_DEFAULT_CIPHER_LIST eNULL
My understanding is the above
Hi,
I am using openssl-1.0.0d.
I would prefer to disable encryption in the ssl protocol and have only
authentication integrity.
ie application data is sent without encryption.
Is there a way to do this is in openssl?
Does usage of eNULL in the default cipherlist provides this?
Thanks.
Hello,
openssl.exe s_client -connect services.gmf.fr:443
exits with the message missing export tmp rsa key
The server selects RSA_EXPORT_WITH_DES40_CBC_SHA and sends an 1024bit RSA
key. If I increase the RSA key size limits like below:
- #define SSL_EXPORT_PKEYLENGTH(a) (SSL_IS_EXPORT40(a) ?
Hello everyone,
I've found some issues using the function X509_verify() on a simple X509
certificate. After the creation, if I call:
X509_verify(certificate,ca_key);
the function returns 1, but if I call the i2d_X509() function on the
certificate and then the d2i_X509() on the obtained byte
On Wed, Jul 27, 2011 at 02:53:09AM -0700, navin gopalakrishnan wrote:
a) testing NULL Encryption:
While building openssl i modified the macro SSL_DEFAULT_CIPHER_LIST to
#define SSL_DEFAULT_CIPHER_LIST eNULL
That was unwise, don't do that.
My understanding is the above modification? would
Yeah, it does seems to do that. I tested it with s_client and s_server, (s_server with -cipher eNULL),and if client also were not with -cipher -eNULL, then connection failed.So, there might be need to explicitly configure both ends of connection. Citējot navin gopalakrishnan k_nav...@yahoo.com:
One of our customers is trying to setup a TLS for SIP trunk. Self-signed
certificates (2048 bit) non encrypted configuration on SIP trunk work but
a CA signed certificate does not.
Going by this SSL/TLS detail example
http://technet.microsoft.com/en-us/library/cc785811%28WS.10%29.aspxhttp://
The way I would verify this is by writting the original X509 object into PEM
file and dumping the X509 object resulted from d2i_x509() into another PEM
file and compares both files using the openssl ; either using asnparse or
x509 command.
On Wed, Jul 27, 2011 at 9:46 AM, Andrea Saracino
On 20 Jul 2011, at 2:25 AM, Vinay Kumar wrote:
Hi All,
I am using OpenSSL OpenSSL 0.9.8e. The OpenSSL function sometimes
sha1_block_host_order () crashes on Linux. Is there any fix available for
this issue or what are the modifications need to be done? Please guide me.
The core back
On 26 Jul 2011, at 10:16 PM, Katif wrote:
Can you tell me what are the application dependency factor here so we'll be
able to chase a limit?
It is used as an RSA key exchange certification/private key pairing.
Thanks...
The two things that are variable size are the key material itself,
Hello,
I am working on a product where we are upgrading from openssl-0.9.8.d to
version 1.0.0, and we want to transition from using 1024 bit keys to 2048.
I am coming up to speed with SSL in general. My question is: was key
length of 2048 already supported on openssl-0.9.8.d? I did read about it
I need some help.
I am basically stuck and don't know how to fix the handshake and must be
missing something.
Perhaps it is something with the certificates.
I have a server certificate/privatekey and a CA certificate.
Server loads its server certificate and private key ( self-signed by a CA
On 27 Jul 2011, at 1:52 PM, castre...@gmail.com wrote:
Using memory buffers and blocking IO.
I begin the handshake by the client intiating hello message.
The server reads message, and data is put in its ssl output. This is sent
back to client.
The client read the data ( SSL_read) and
On 7/26/2011 10:16 PM, Katif wrote:
Can you tell me what are the application dependency factor here so we'll be
able to chase a limit?
It is used as an RSA key exchange certification/private key pairing.
Thanks...
Maximum RSA key size supported.
Extensions supported.
DS
Hi Erwin, thanks for your fast answer.
I dumped both the certificates in 2 PEM files, then I used the
X509_print_fp() to obtain the readable version of both of them. The two
resulting files are identical. Perhaps there is something wrong in the
invocation of the i2d/d2i functions. I'm posting an
On 27 Jul 2011, at 4:37 PM, castre...@gmail.com wrote:
There is no data to send to the client ( I have checked the BIO out and there
is no pending data to send out).
This is my main problem.
When I check the clients state using SSL_state_string from the last read it
returns UNKWN.
I would not use the X509_print_fp(), since it does not give you the PEM or DER
file.
Use intead PEM_write_bio or write_bio() for PEM and DER respectively.
Also check for error for the status of these two bio write function.
hopefully it helps
From: Andrea Saracino
Sent: Wednesday, July 27,
By the way sorry for the font size, it does not mean anything, it just mixed
up during cut and paste.
The function to dump x509 into a certificate is is PEM_write_bio_X509() and
the function to dump a x509 der file is bio_write(). Here is the doc on
bio_write
You metion that:
Server loads its server certificate and private key ( self-signed by a CA
that I created).
I would liem to clarify: the server cert is a self signed cert? or the CA
cert is a self signed cert?
If the server cert is a self signed cert, the server is actually the ca,
which in this
20 matches
Mail list logo