RE: What is the difference between green and yellow address bars in browser for certificate's fields?

Hi all! > Many public CAs suggest Extended Validation for certificates > of web servers. [...] I had a talk with a specialist > of technical support of Thawte [...] He also refused > to answer how browser determines what bar to display - > green or yellow? See thawte Certification Practice St

Re: OpenSSL and GOST engine issue (statically linked library )

Hi. I think you should add OpenSSL_add_all_algorithms(); in your initialization part. Best regards, Andrey Koltsov software developer 13.06.2012 17:21, Abyss Lingvo написал: Hi all ! This is my first mail to openssl mailing list. I have a problem with statically linked openSSL library and G

Re: TLSv1.2 backward compatibility

On Wed, Jun 13, 2012, Garrison, Jim (ETW) wrote: > > -Original Message- > > From: owner-openssl-us...@openssl.org [mailto:owner-openssl- > > us...@openssl.org] On Behalf Of Dr. Stephen Henson > > Sent: Wednesday, June 13, 2012 5:23 PM > > To: openssl-users@openssl.org > > Subject: Re: TLSv

RE: TLSv1.2 backward compatibility

> -Original Message- > From: owner-openssl-us...@openssl.org [mailto:owner-openssl- > us...@openssl.org] On Behalf Of Dr. Stephen Henson > Sent: Wednesday, June 13, 2012 5:23 PM > To: openssl-users@openssl.org > Subject: Re: TLSv1.2 backward compatibility > > On Wed, Jun 13, 2012, Garrison

Re: TLSv1.2 backward compatibility

On Wed, Jun 13, 2012, Garrison, Jim (ETW) wrote: > Is anybody else having trouble with newer SSL clients (1.0.1c specifically) > causing older servers to hang? > Yes, see PR#2771. > > Reading the 1.0.1c release notes I see > > 3. If all else fails setting OPENSSL_NO_TLS1_2_CLIENT wi

Re: Is Sha2 supported for signing certs?

Yes it worked this time, may be I was picking up the older openssl. FYI - On Wed, Jun 13, 2012 at 3:06 PM, Dr. Stephen Henson wrote: > On Wed, Jun 13, 2012, Pushkar Pathak wrote: > > > Hi All, > > > > I am trying to sign a certificate with SHA2. I have my own CA certificate > > and want to sign

TLSv1.2 backward compatibility

Is anybody else having trouble with newer SSL clients (1.0.1c specifically) causing older servers to hang? I asked about this earlier, before I fully understood the problem, in a thread titled "Configure OpenSSL to skip SSL1 & SSL2?" in which I was incorrectly assuming that my client was starti

Re: What is the difference between green and yellow address bars in browser for certificate's fields?

On Wed, Jun 13, 2012 at 12:57 PM, Vladimir Belov wrote: > Hello. > > Many public CAs suggest Extended Validation for certificates of web servers. > These certificates cost much more expensive but in browser we can only see > green address bar instead of yellow or blank. Race to the bottom FTW! I

Re: Is Sha2 supported for signing certs?

On Wed, Jun 13, 2012, Pushkar Pathak wrote: > Hi All, > > I am trying to sign a certificate with SHA2. I have my own CA certificate > and want to sign an end entity certificate with sha2. Is SHA 2 supported? > > The commands that I tried were > > openssl ca -md sha2 > openssl ca -md sha2

Re: Is Sha2 supported for signing certs?

On Wed, 13 Jun 2012 11:11:50 -0700 Pushkar Pathak wrote: > openssl ca -md sha256 This one works - however openssl ca --help doesn't mention it. So it's undocumentet, but works. I've used it to do this test installation: https://sha2.hboeck.de/ "sha2" can't work, because there is no sha2-algor

Re: Is Sha2 supported for signing certs?

Thanks Josh! On Wed, Jun 13, 2012 at 12:13 PM, Joshua Bowman wrote: > On 6/13/2012 11:11 AM, Pushkar Pathak wrote: > > Hi All, > > > > I am trying to sign a certificate with SHA2. I have my own CA > certificate and want to sign an > > end entity certificate with sha2. Is SHA 2 supported? > > > >

Re: Is Sha2 supported for signing certs?

On 6/13/2012 11:11 AM, Pushkar Pathak wrote: > Hi All, > > I am trying to sign a certificate with SHA2. I have my own CA certificate and > want to sign an > end entity certificate with sha2. Is SHA 2 supported? > > The commands that I tried were > > openssl ca -md sha2 > openssl ca -md sha

Re: What is the difference between green and yellow address bars in browser for certificate's fields?

Thank you for the hyperlink, Joshua. I will investigate this. I'm not sure why the guy at Thawte got secretive and rude to you, because it's open information Maybe I had a talk with a bad technical specialist. --

Re: Question about EVP_PKEY_decrypt() with 4K RSA key

On Wed, Jun 13, 2012, Oleksiy Lukin wrote: > Hi again! > > Andrey, thanks for testing. Seems it is platform-depended bug. My > development platform is Linux, Fedora 17, x86_64 > I just tested It on OpenBSD 5.0/x86, it works fine too. > I've answered this before. The problem is your cast to (si

Re: What is the difference between green and yellow address bars in browser for certificate's fields?

On 6/13/2012 10:05 AM, Vladimir Belov wrote: > I need to make some corrections. > > So, I think maybe there is a arrangement of CA's companies(Verisign,Thawte > and others) with > browser's companies(Microsoft, Opera, Mozilla) that a special root or trusted > CA’s certificate > is use for Extende

What is the difference between green and yellow address bars in browser for certificate's fields?

Hello. Many public CAs suggest Extended Validation for certificates of web servers. These certificates cost much more expensive but in browser we can only see green address bar instead of yellow or blank. I thought what is the difference between green and yellow address bars in browser for certi

OpenSSL and GOST engine issue (statically linked library )

Hi all ! This is my first mail to openssl mailing list. I have a problem with statically linked openSSL library and GOST crypto engine.  Openssl 1.0.0g   I have simple client/server application using GOST keys and certificates. It works fine with GOST keys but only if I use dynamically linked

Re: Question about EVP_PKEY_decrypt() with 4K RSA key

Hi again! Andrey, thanks for testing. Seems it is platform-depended bug. My development platform is Linux, Fedora 17, x86_64 I just tested It on OpenBSD 5.0/x86, it works fine too. To OpenSSL developers: If you find my program useful as an example of EVP/PK, please feel free to publish it. 13.0

Re: Question about EVP_PKEY_decrypt() with 4K RSA key

Hi. Here is a result on my Cygwin + OpenSSL "1.0.1c 10 May 2012" Reading keys...keys are ready. Encrytion/decryption with RSA-based function is OK. Encrytion/decryption with EVP-based function is OK. Signature chek is OK. It seems it works fine. Best regards, Andrey Koltsov 13.06.2012 15:5

Re: Question about EVP_PKEY_decrypt() with 4K RSA key

Hi, openssl hackers! I wrote little program that demonstrates problem, see attached file. It's a bit long but it shows that only EVP_PKEY_decrypt() fails with 4K keys. Rest of functions are just fine. See evp_decrypt_with_pvtk() function for failure. 06.06.12 05:40, Dave Thompson написав(ла): >>

Re: [openssl-users] Question regarding renegotiation in openssl-1.0.1

Why should it be different? -- Erwann ABALEA - gérontopropulsion prurigineuse: abus d'excès caractérisé par trop d'exagération (se fait quand on pousse mémé dans les orties) Le 13/06/2012 13:30, ankur dwivedi a écrit : Hi, I am observing that after doing a renegotiation, the new cipher i

Question regarding renegotiation in openssl-1.0.1

Hi, I am observing that after doing a renegotiation, the new cipher is same as what was used while initial handshake. Is this a normal behavior ? -- Thanks Ankur Dwivedi