share me sample SSL based client server
programme which I could use to measure performance.
Regards,
Alok
On Tue, Sep 9, 2014 at 3:54 AM, Iñaki Baz Castillo i...@aliax.net wrote:
2014-09-08 19:46 GMT+02:00 Alok Sharma alokonm...@gmail.com:
One thing I observerd by looking into scp
code
connection */
}
close(server); /* close server socket */
SSL_CTX_free(ctx); /* release context */
}
On Sun, Sep 7, 2014 at 8:11 PM, Viktor Dukhovni openssl-us...@dukhovni.org
wrote:
On Sun, Sep 07, 2014 at 01:00:17PM +0530, Alok Sharma wrote:
I am writing
is that is there an alternative way to use open ssl read or
write to improve performance. I searched in scp code and found it does not
use SSL_read/SSL_write. So if there is another set of APIs which I can use
or any idea how I can meet the same performance as scp.
Regards,
Alok
Hi Steve,
I am also seeing AES along with GCM and RC4 in my search if I disable
CBC. So can it guarantee that still client and server can communicate. Also
if I use both end points as having same version of openssl than also there
can be any problem.
Regards,
Alok
On Tue, Nov 12, 2013 at 8
Hi,
I am using 0.9.8.s openssl and due to some limitation I cann't upgrade to
latest versions to tackle CVE-201300169. So is there any easy process to
disable CBC based ciphers.
Also is there a way to know which ciphers client and servers are using?
Regards,
Alok
Hi Steve,
Thanks for reply. Do you have idea how CBC ciphers can be disabled?
Regards,
Alok
On Tue, Nov 12, 2013 at 8:23 PM, Dr. Stephen Henson st...@openssl.orgwrote:
On Tue, Nov 12, 2013, Alok Sharma wrote:
One of the openSSL vulnerabilities is:
CVE-2013-0169:
The TLS
or 0.9.8y
we use DTLS 1.0 protocol.
Does anyone know of any setting in openssl configuration that can be
tweaked to mitigate this vulnerability? E.g. a setting to not allow use of
algorithms with CBC etc.?
Regards,
Alok
Hi,
Thanks for the help, it resolved my problem.
Regards,
Alok
On Fri, Sep 23, 2011 at 5:59 PM, Dr. Stephen Henson st...@openssl.orgwrote:
On Fri, Sep 23, 2011, alok sharma wrote:
Hi,
Ok I got your point. I think it will be helpful.Do you have any link
or
precedure to setup
Hi,
So is there any method on Windows to generate non-predictable
randomnumbers. I think mostly FileSytem time is used to seed randomness
which is failing in my case.
Regards,
Alok
On Mon, Sep 19, 2011 at 4:52 PM, Dr. Stephen Henson st...@openssl.orgwrote:
On Mon, Sep 19, 2011, alok sharma
,RAND_R_PRNG_STUCK);
ctx-error = 1;
fips_set_selftest_fail();
return 0;
}
}
memcpy(ctx-last, R, AES_BLOCK_LENGTH);
Regards,
Alok
On Fri, Sep 23, 2011 at 4:46 PM, Dr. Stephen Henson st...@openssl.orgwrote:
On Fri, Sep 23
Hi,
Ok I got your point. I think it will be helpful.Do you have any link or
precedure to setup these call backs or these are just function pointers
which needs to be initialized at ssl initialization time.
Regards,
Alok
On Fri, Sep 23, 2011 at 5:22 PM, Dr. Stephen Henson st
generated for current as well as for last request. Is there any provision
inside Openssl which ensures that unique randon numbers will be generated or
application need to add some delay for each new connection request.
Regards,
Alok
On Thu, Sep 15, 2011 at 6:02 PM, Jakob Bohm jb-open...@wisemo.com
openssl version 0.9.8o.
Regards,
Alok
Hi,
I am using openssl to one of my application. The application has
support of multithreading and runs on Windows platform. This application
uses openssl 0.9.8.0 version and has support of fips. The application
listens on a particular port and for each new connection it creates a
separate
issues in openssl? Is there any way to avoid such kind of issue?
Regards,
Alok
Try saying that to a web banking manager :-)
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of lwoods (sent by
Nabble.com)
Sent: Saturday, December 03, 2005 10:22 AM
To: openssl-users@openssl.org
Subject: Ignorant of SSL: I have a dumb
, I can read from the file?
-thanks
Alok
try using the log value?
- Original Message -
From: Victor Duchovni [EMAIL PROTECTED]
To: openssl-users@openssl.org
Sent: Sunday, August 07, 2005 6:56 AM
Subject: Re: need function to get cube root
On Sat, Aug 06, 2005 at 05:36:52PM -0700, Anirban Banerjee wrote:
Can someone please
Jagannadha Bhattu wrote:
Hi,
I am new to SSL and want to know more about BIOs. Is there a tutorial
on how to use and on their uses.
Thanks
JB
__
OpenSSL Project http://www.openssl.org
User
Hello :(
As usual trolling..
The particular pages or components retrieved over the SSL link (the one
retrieved through URLs beginning with 'https'), will be sent over encrypted
links. In addition, the endpoint will be validated. So that if you retrieve
Hi,
Joshua Juran wrote:
On Apr 1, 2005, at 4:37 AM, alok wrote:
Can someone exactly explain why one cannot typecast a bio( ) to a
UNIX domain socket/IPC/fd?
I'll give this a shot.
Unix allows you to read() to and write() from stream-like objects such
as files, pipes, character devices
Can someone exactly explain why one cannot typecast a bio( ) to a UNIX
domain socket/IPC/fd?
-thanks
Richard Levitte - VMS Whacker wrote:
In message [EMAIL PROTECTED] on Wed, 30 Mar 2005 16:51:37 -0800, David Brock
[EMAIL PROTECTED] said:
dbrock-openssl I'm fairly new to openSSL so forgive me
Hi Brian,
Brian Hurt wrote:
Lecture warning.
On Mon, 14 Mar 2005, alok wrote:
Yeah, you need large key sizes- 128 bits keys just aren't enough
(they allow birthday attacks to be computationally feasible). But I
note that all the AES finalists went to 256 bit key sizes. This
would put
I doubt many people would actually use it if they know it can be easily
broken..
Like someone said on the list hey everyone uses it, it must be secure
is the mental genere.
-A
Ted Mittelstaedt wrote:
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of
Personally, I'd like to see OpenSSL start using private key crypto as
hashing functions. The reason that work on dedicated hashing
algorithms kinda died off after MD[45]/SHA* came out was that people
figured out that they were the equivelent of private key encryption.
IIRC, you can turn any
Yeah, you need large key sizes- 128 bits keys just aren't enough (they
allow birthday attacks to be computationally feasible). But I note
that all the AES finalists went to 256 bit key sizes. This would put a
birthday attack at about 128 bits of complexity- sufficient. Anything
less than
.Who has enough time, no patience and is inquisitive and irritated
enough to work backwards on symmetric encryption algorithms
Please unicast your replies.
-thanks
Alok
__
OpenSSL Project
if this sounds stupid though..
-thanks
Alok
- Original Message -
From: Bernhard Froehlich [EMAIL PROTECTED]
To: openssl-users@openssl.org
Sent: Wednesday, January 19, 2005 6:10 AM
Subject: Re: Even CA's make mistakes..
Alok wrote:
[...]
lets take PKI out for a moment and talk simple block
into it.
-Alok
Andrew
Alok wrote:
Maybe am a bit off my head
but given a rubik cube, and a fixed axes of orientation defining it in
space,
are there more than one ways to get the cube into a particular
formation?
(not that I can solve the cube manually either...)
Are block algorithms
ok per block, it is still a function (on a set) = output
Sorry, I don't understand your analogy with rubik's cube (most possibly
because that's just not the way my brain's working... ;))
:o)
A block cypher has a defined output for a defined input, so if you
encode the same
But how do you guarantee that the web server is who he says he is?
Iin theory, an ISP could, hack up a DNS to point to my local server. What
verifies that the machine I am connecting to is indeed that machine which it
claims to be?
- Original Message -
From: R. Markham [EMAIL PROTECTED]
to sign the
certificates.
One of the keys is probably what the browser has and the other is the key
used to sign the webserver's digital cert generated from the csr.
-hth
Alok
- Original Message -
From: R. Markham [EMAIL PROTECTED]
To: openssl-users@openssl.org
Sent: Wednesday, January
A bit off the thread...
Ever wondered if one can break PKI given that the 1st request to a server is
mostly GET / in https?
Any ideas?
- Original Message -
From: Shaun Lipscombe [EMAIL PROTECTED]
To: openssl-users@openssl.org
Sent: Wednesday, January 19, 2005 4:57 AM
Subject: Even CA's
* Alok wrote:
A bit off the thread...
Ever wondered if one can break PKI given that the 1st request to a
server is
mostly GET / in https?
The GET /HTTP/1.0 is done using a symetric cipher like RC2 or RC4 etc.
The PKI is only used to transfer the symetric key between hosts. Using
Abderrahmane wrote:
--- Alok [EMAIL PROTECTED] a écrit :
sorry,
i meant the key corresponding to mycert.pem
you sign with the private key wich corresponds to
mycert.pem, but you can also encrypt the data with the
public key wich corresponds to the same private key in
mycert.pem because
)??
El hallabi-Kettani Abderrahmane wrote:
--- Alok [EMAIL PROTECTED] a écrit :
But when you sing with your public key, and encrypt
with your public key,
how will he decrypt it if he does not have your
private key?
you sign with the private key existed in mycert.pem or
in a separate file
El hallabi-Kettani Abderrahmane wrote:
--- Alok [EMAIL PROTECTED] a écrit :
I think there is a reason why you cant encrypt a
message without 1st
signing it using smime
By your logic, any preshared key would do the
trick , why bother with
the cert ?
(in other words, hiscert or mycert, if all
Thanks,
something I would appreciate if you could clarify:
David C. Partridge wrote:
Not correct.
You sign the message with YOUR private key. The signature is verified by
the recipient using your certificate which is issued by a CA.
agreed,
If you are also enveloping, then the data is
David C. Partridge wrote:
The one shot symmetric key is purely random.
how?
No it's not a function of anyone's private or public key.
then it is open to man in the middle
Once generated, it is encrypted using the public key of the recipient and
included with the message.
but then if i do
Not at all, there's no man in the middle issue at all because the
certificates which are issued by a trusted TP g'tee the ownership of the
public key.
The logic goes like this:
You generate a random DES key known only to you. Let's call this KDE
You use this to encrypt the data. Lets call this
Painter, Philip wrote:
I don't think you're wrong there Alok. The E(KDE)PUBK is
A random Des key taken as _data_ and encrypted asymmetrically
With the recipient's public key. Only the recipient will be
Able to decrypt it, with her private key.
what do you mean by encrypted assymetrically
into which I can feed this data and get something out.
Will just the sever side APIs and feeding the data into the ctx for the
same suffice?
Alok
__
OpenSSL Project http://www.openssl.org
User Support
42 matches
Mail list logo