On 8/25/2011 6:04 AM, Arjan Filius wrote:
Hello,
today i ran into a situation, where i notice firefox/chrome and
gnutls-cli use 3 tcp sessions to get a single ssl session, where openssl
s_client takes only one.
one tcp session is what i expect, and i hope someone may have an
explanation.
comp
> From: owner-openssl-us...@openssl.org On Behalf Of TMS Brokers / Lukasz
Kosciesza
> Sent: Tuesday, 23 August, 2011 09:44
> I'm trying to create a pkcs#7 detached signature with openssl.
> I analysed the signature with the signature created by other
> tool, and only one part is different when c
> From: owner-openssl-us...@openssl.org On Behalf Of krishnamurthy
santhanam
> Sent: Wednesday, 24 August, 2011 02:32
> Basically when we encrypt something using an RSA key (whether public
> or private), the encrypted value must be smaller than the key (due to
> the mat
Very good!
I can write a little code to do that!
Thanx
On Thu, Aug 25, 2011 at 05:24:14PM -0400, Crypto Sal wrote:
> You typically import certs through the Firefox certificate manager found
> via "Edit -> Preferences -> Adv. -> Encryption -> View Certificates". It
> should be self explanatory
Web broker.
Also they seem to have broken their web site in other ways.
I just hate it when they figure they should reprogram my browser so I can't
right click on a link and open in a new window. I do run multiple monitors and
its nice to put a press release on one monitor and another press
You typically import certs through the Firefox certificate manager found
via "Edit -> Preferences -> Adv. -> Encryption -> View Certificates". It
should be self explanatory from here. The only other question that
remains is which Root CA. That can only be done by reading the
certificate hierarc
On Thu August 25 2011, t...@terralogic.net wrote:
> Sorry
>
> http://www.tdwaterhouse.ca/
>
> Its my old cert chain which is broken.
> I jsut want to go to them and ask them to supply the root cert so I can
> install it and get rid of the error message which Firefox generates because
> I can'
Good idea.
Ya. I know. But what percentage of the computers the bank deals with are
filled with malware?
On Thu, Aug 25, 2011 at 04:06:02PM -0500, Michael S. Zick wrote:
> On Thu August 25 2011, t...@terralogic.net wrote:
> > Sorry
> >
> > http://www.tdwaterhouse.ca/
> >
> > Its my old ce
I know the theory. I'm also a programmer. I just never bothered to install a
root cert before. But I do know how to make them.
I'll dig around in FireFox and see where it is and how its done.
As for the bank. We build it and they break it. Not my fault.
On Thu, Aug 25, 2011 at 01:51:01P
Do you log into 'Web Broker' or 'Easy Web'?
On 08/25/2011 04:50 PM, t...@terralogic.net wrote:
Sorry
http://www.tdwaterhouse.ca/
Its my old cert chain which is broken. I jsut want to go to them and ask them
to supply the root cert so I can install it and get rid of the error message
which
On Thu August 25 2011, t...@terralogic.net wrote:
> Sorry
>
> http://www.tdwaterhouse.ca/
>
> Its my old cert chain which is broken. I jsut want to go to them and ask
> them to supply the root cert so I can install it and get rid of the error
> message which Firefox generates because I can't f
the answer lies with the people who wrote the software for the certificate
store since the whole point is trust.
If users could manipulate the root certificate store, then it would be
impossible to trust anything.
Generally, you can add certificates by double clicking them and choosing the
cor
Sorry
http://www.tdwaterhouse.ca/
Its my old cert chain which is broken. I jsut want to go to them and ask them
to supply the root cert so I can install it and get rid of the error message
which Firefox generates because I can't find the root cert.
On Thu, Aug 25, 2011 at 04:44:07PM -0400, C
Can you please *be* specific and provide us with an exact URL for those
of thus that don't live in Canada or use TDWaterhouse? I see TD has
several sites and this is why we need you to be specific so we can tell
you which root to get.
On 08/25/2011 03:06 PM, t...@terralogic.net wrote:
TDWate
I already know its my certificate store. I only asked how to load in their
noew root cert
On Thu, Aug 25, 2011 at 01:09:20PM -0700, Craig White wrote:
> Go to an entirely different computer and try accessing - you will know if
> it's your computer or their certificates.
>
> If it's your compu
Go to an entirely different computer and try accessing - you will know if it's
your computer or their certificates.
If it's your computer, it's either your browser or your OS Certificate store
(Windows and Macintosh use entirely different methods to accomplish).
Firefox uses it's own certificat
TDWaterhouse In Canada. I'm in Calgary. THose idjots tell me to reboot my
computer when their Apache servers in TO send me a misconfiguration message. I
told them yesterday we build it and you break it. Something is desperatly
wrong.
On Thu, Aug 25, 2011 at 02:10:11PM -0400, Crypto Sal wr
Firefox has its own certificate store. It doesn't share '/etc/ssl/certs'.
If we had the bank URL, we would be able to better help you to resolve
this issue.
On 08/25/2011 01:45 PM, t...@terralogic.net wrote:
I know you are trying to help. But it doesn't help me to defer to a package
manage
I know you are trying to help. But it doesn't help me to defer to a package
manager because I'm trying to fix what the last package managers screwed up.
On Thu, Aug 25, 2011 at 04:09:44AM -0500, Michael S. Zick wrote:
> On Wed August 24 2011, t...@terralogic.net wrote:
> >
>
> Top posting to a
I see said the blind man... It took a while to figure out what you were asking
(EKU) but I had to set my apache server to 'SSLVerifyClient none' unless I can
induce clients to install not only the CA cert but also a user cert. Now onto
Nginx ;-)
Thanks
Craig
On Aug 24, 2011, at 3:43 PM, Edua
Bonjour,
Hodie VIII Kal. Sep. MMXI, Arjan Filius scripsit:
> Does one know it the tls sessionticket consept could work with
> loadbalancer afinity/persistence?
It is perfectly suited to dumb loadbalancers. The session state is the
ticket, and is saved by the client, encrypted by the server's priv
Hello,
a question about ssl persistence in loadbalancers.
Until now we'd used SSL Session ID in loadbalancer to get some ssl and
application affinity to the backend.
But is it possible with the TSL sessiontickets extension?
In the first tcp/ssl session i can't see any ssl session ID, (as it is
Hello,
today i ran into a situation, where i notice firefox/chrome and
gnutls-cli use 3 tcp sessions to get a single ssl session, where openssl
s_client takes only one.
one tcp session is what i expect, and i hope someone may have an
explanation.
compared the gnutls-cli with openssl s_cli
Hi,
I am using openssl to one of my application. The application has support
of multithreading and runs on Windows platform. This application uses openssl
0.9.8.0 version and has support of fips. The application listens on a
particular port and for each new connection it creates a separate
Hi All,
I am new to linux and openssl stuff.
I have tried to install OpenSSL (1.2.3 with fips)with FIPS module and it's
successful. (built and installed)
For building:
i had used make and gcc version 4.3.4
I hope installation was successful and it created FIPS module and openssl
binary (usr/l
Hi
I am attempting to compile Openssl 0.9.8r on a sparc based solaris10 machine.
I am hitting an error when I run "make test", the majority of the tests pass
successfully, but when It gets to the AES tests I am getting a cyphertext
mismatch:
Testing cipher AES-128-ECB(encrypt)
Key
00 01
Hi All,
I am trying to build the latest fips-capable openssl
(openssl-1.0.1-stable-SNAP-20110823 against openssl-fips-2.0-test-20110823)
on 32-bit windows XP platform using vs9.0. I managed to build fips object
module and run the fips test suite and test vectors. However, while trying
to build fip
Hi,
>
> Hey List,
>
> I am using Openssl for experimenting with the cryptographic accelerator
> on Sun machine. I am using this command
>
> openssl speed -engine pkcs11 -evp aes-128-cbc
>
> to have the results and this gives me number of bytes that are
> communicated between the processor and
What EKU are you using for the HTTP server cert?
Sent from my Windows Phone
From: Craig White
Sent: 8/24/2011 6:03 PM
To: openssl-users@openssl.org
Subject: Re: being my own ca
Definitely there in Keychain_Access.app and specifically indicated to 'Always
Trust' f
On Wed August 24 2011, t...@terralogic.net wrote:
>
Top posting to a hijacked thread is not the way to get
a quick and useful reply.
Next time, start your own. Mailing list threads are cheap.
> I see my bank has an invalid cert. Likely I have an old cert chain. I'm
> running Debian Linux and f
Reposting as my original message doesn't seem to have been added to the mailing
list.
> From: Steve Marquess [mailto:marqu...@opensslfoundation.com]
> Sent: Tuesday, 23 August 2011 10:34 a.m.
> To: Harvey Shepherd
> Cc: openssl-users@openssl.org
> Subject: Re: Using the FIPS Object Module
>
> ...
Hey List,
I am using Openssl for experimenting with the cryptographic accelerator
on Sun machine. I am using this command
openssl speed -engine pkcs11 -evp aes-128-cbc
to have the results and this gives me number of bytes that are
communicated between the processor and accelerator in 3 sec
> From: Steve Marquess [mailto:marqu...@opensslfoundation.com]
> Sent: Tuesday, 23 August 2011 10:34 a.m.
> To: Harvey Shepherd
> Cc: openssl-users@openssl.org
> Subject: Re: Using the FIPS Object Module
>
> ...
> >> Please, please always keep in mind that the OpenSSL FIPS
> Object
>
Hey List,
I am using Openssl for experimenting with the cryptographic accelerator
on Sun machine. I am using this command
openssl speed -engine pkcs11 -evp aes-128-cbc
to have the results and this gives me number of bytes that are
communicated between the processor and accelerator in 3 sec (o
34 matches
Mail list logo