On Fri, Aug 12, 2011, Dave Thompson wrote:
>
> 1.0.0 allows any cert sig alg whose name includes "WithRSA".
>
> Adjacent in the code, 1.0.0 like 0.9.8 allows kECDH*e* only for cert
> signed ECDSA+SHA1, though 1.0.0 otherwise handles ECDSA+SHA2family.
> That probably needs a similar upgrade.
>
Hi,
I've gotten OpenSSL to work for me using examples from the Network
Security with OpenSSL book.
I've got two questions that I know are very basic - Mr Google was not
very helpful here
1) how do I set SO_REUSEADDR option on my OpenSSL server?
2) when a client connects to the my server, h
On 08/13/2011 04:20 PM, yyy wrote:
> In that openssl.cnf file add section section [server]
Thanks, I've just figured it out :) it's strange that the default
openssl.cnf lacks a [server] section, shouldn't it be inserted by default?
_
On 08/13/2011 04:28 AM, Dave Thompson wrote:
> Adjacent in the code, 1.0.0 like 0.9.8 allows kECDH*e* only for cert
> signed ECDSA+SHA1
Now, this is interesting. I have tried an OpenVPN setup using elliptic
curves certificates generated with OpenSSL 1.0.0, and in fact I've found
that I couldn't u