Robert Moskowitz wrote:
> On 8/29/19 9:20 AM, Michael Richardson wrote:
>> Robert Moskowitz wrote:
>> > I am writing an Internet Draft that will include transmission of a
CSR, so I
>> > need to reference the proper source. No more sloppy, "well it
works...".
>>
>> >
I have a note from 2017 in my code to the effect that
SSL_get_certificate() is broken in that it returns the last
cert loaded rather than the one passed out to the client
(on the server).
Is this still the case? I can't track down any obvious fix in the
OpenSSL git.
I'd like to use it to pick
On 29/08/2019 17:05, Hubert Kario wrote:
On Wednesday, 28 August 2019 23:20:49 CEST Marcelo Lauxen wrote:
...
that server is willing to negotiate ECDHE_RSA ciphers, you'd be better off
disabling ciphers that use DHE and RSA key exchange and using ECDHE_RSA
instead of trying to make 1024 bit
* I've another question, based on your suggestion Salz Rich, this config
@SECLEVEL can be set per host/domain, or is it impossible?
It totally depends on which webserver you are running and what it’s
configuration allows. I’m not able to answer webserver config questions BTW.
Thank you guys for the answers!
I've another question, based on your suggestion Salz Rich, this
config @SECLEVEL can be set per host/domain, or is it impossible?
On Thu, Aug 29, 2019 at 12:38 PM Salz, Rich wrote:
>
>- We haven't control of the server who are using DH key size of 1048
>
Robert Moskowitz wrote:
> I am writing an Internet Draft that will include transmission of a CSR,
so I
> need to reference the proper source. No more sloppy, "well it works...".
> Some digging said it is in PKCS#10 - CSR. But I did not stop with
> that.
RFC2986 is PKCS10.
> On Aug 28, 2019, at 9:30 PM, Blumenthal, Uri - 0553 - MITLL
> wrote:
>
>>> Do you have an ASN.1 definition fit the content of CSR, or are you willing
>>> to create one?
>>
>> For now working with ASN.1.
>
> In that case, I would use one of the available defined standards, which are
>
A CSR is most commonly a PKCS#10 object and therefore defined in ASN.1 and
encoded in DER.
https://github.com/openssl/openssl/blob/master/crypto/include/internal/x509_int.h#L53
On 8/29/19 9:20 AM, Michael Richardson wrote:
Robert Moskowitz wrote:
> I am writing an Internet Draft that will include transmission of a CSR,
so I
> need to reference the proper source. No more sloppy, "well it works...".
> Some digging said it is in PKCS#10 - CSR. But I
On Wednesday, 28 August 2019 23:20:49 CEST Marcelo Lauxen wrote:
> Our server runs with DH key size of 2048 bits and we are trying to make
> requests with httparty(https://github.com/jnunemaker/httparty) to a server
> that uses DH key size of 1024 bits, i want to now for what reason we are
>
On 8/29/19 11:20 AM, Salz, Rich wrote:
A CSR is most commonly a PKCS#10 object and therefore defined in ASN.1
and encoded in DER.
https://github.com/openssl/openssl/blob/master/crypto/include/internal/x509_int.h#L53
thanks, Rich
It all fits together now
* We haven't control of the server who are using DH key size of 1048 bits.
In order to work with this kind of server (terribly poor security
characteristics), you need to add “@SECLEVEL=0” to your OpenSSL configuration.
12 matches
Mail list logo
