On Tue, Dec 11, 2012 at 7:10 PM, Michael Mueller abaci@gmail.comwrote:
On Tue, Dec 11, 2012 at 6:10 PM, Dave Thompson dthomp...@prinpay.comwrote:
From: owner-openssl-us...@openssl.org On Behalf Of Michael Mueller
Sent: Tuesday, 11 December, 2012 15:45
Could I get a nudge. I'd like to
On 12/11/2012 09:45 PM, Michael Mueller wrote:
Could I get a nudge. I'd like to get the SANs to show up in my certs.
in my request:
Requested Extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
Digital Signature, Non
Hello,
when using
openssl ocsp ...
in a CGI skript, you must use -noverify
because without, this creates the line
Response verify OK
neither /dev/null nor 21 file nor 21 /dev/null, let this line
disappear
so this shoots either a 500 page or an invalid OCSP response is sent,
which results
A typical method is to use PKCS#7 padding.
On 12/12/2012 9:07 AM, Hailei Hu wrote:
Hi, everyone!
I am testing openssl AES encrypt and decrypt using AES_cbc_encrypt.
for example, I have a file which has 10 bytes, after using
AES_cbc_encrypt, the encrypted file become 16 bytes. But when
On Wed, Dec 12, 2012, Walter H. wrote:
Hello,
when using
openssl ocsp ...
in a CGI skript, you must use -noverify
because without, this creates the line
Response verify OK
neither /dev/null nor 21 file nor 21 /dev/null, let this line
disappear
so this shoots either a 500 page
neither /dev/null nor 21 file nor 21 /dev/null, let this line
disappear
Redirections happen left-to-right. So do this:
/dev/null 21
Or the simpler
2/dev/null
--
Principal Security Engineer
Akamai Technology
Cambridge, MA
Hi all
Thanks for the swift replies.
On 12/11/2012 11:51 AM, Jakob Bohm wrote:
- With a given key being reused for all encrypted files, the IV from my
understanding is central to the strength of the encryption. So a unique
random IV needs to be used for each file. Does this mean that for
The problem is that aes_cbc is a block cipher and works on 16-byte blocks,
typically. By default, any data block that is less than this size is
padded, as is the case for you. Since you're only sending in 10 bytes, your
10 bytes are being padded with zeros to make the block 16 bytes.
So, to
On Tue, Dec 11, 2012 at 6:27 PM, redpath redp...@us.ibm.com wrote:
When using this command
openssl genrsa -out test.pem 2048
an RSA pair is created. Its not so much I want to know how a pair is
randomly selected
but how secure is that random selection.
It depends. In theory, the way
Until someone breaks the website, spoofs it, buys out the owner, etc.
Q2.4: Are the numbers available in a secure fashion?
Yes, since April 2007 you can access the server via https://www.random.org/
I should probably note that while fetching the numbers via secure HTTP would
protect them from
On Wed, Dec 12, 2012 at 12:39 PM, Salz, Rich rs...@akamai.com wrote:
Until someone breaks the website, spoofs it, buys out the owner, etc.
Q2.4: Are the numbers available in a secure fashion?
Yes, since April 2007 you can access the server via https://www.random.org/
I should probably note
On Tue, Dec 11, 2012 at 6:27 PM, redpath redp...@us.ibm.com wrote:
When using this command
openssl genrsa -out test.pem 2048
an RSA pair is created. Its not so much I want to know how a pair is
randomly selected
but how secure is that random selection.
It depends. In theory, the way
Hey Michael Mueller,
do you think I can work with you to get this resolved? I am my own CA as well
and have made all of the changes mentioned by the group members.
Thanks,
Hector L. Jaquez Jr.
Data Security Analyst II
HQ AAFES, Information Technology Governance
W 214-312-4449
BB 214-794-3641
Thanks for the reply Florian,
Can't I just call SSL_CTX_set_options on the current SSL context I am
using before I initiate the connection?
Another question is how to enforce the 'server' side preference of the
cipher suite selection? Is it also part of the SSL_CTX_set_options() API?
On
Got it working .. The issue was in creating the cert via the CA
Thanks,
Hector L. Jaquez Jr.
Data Security Analyst II
HQ AAFES, Information Technology Governance
W 214-312-4449
BB 214-794-3641
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Jaquez
Is there a document that lists the appropriate 800-56a standards the
OpenSSL FIPS module conforms to and for each applicable section listed in
the 800-56a standard as conforming, is there a listing for all statements
that are not shall (that is, shall not, should, and should not)? If
the included
Sorry for the duplicate post - was not signed up with the forum and might have
missed a response to my question . Please resend your answers if you have
already replied to my query.
All ,
What would the default_ca section look like while using
LunaCA3 HSM for storing CA private key.
17 matches
Mail list logo