RE: Friendly name

Possibly do an asndump on a cert that has a friendly name and see what it's really doing? -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Hopkins, Nathan Sent: Thursday, December 01, 2011 4:36 PM To: openssl-users@openssl.org

RE: The best way to limit cipher strength

had originally asked - limit the library to just "strong" ciphers - most correctly? From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Diffenderfer, Randy Sent: Wednesday, August 18, 2010 12:43 PM To: openssl-users@openssl.org Subject: The best way

The best way to limit cipher strength

What is the "correct" way to limit cipher suite strength, as in get rid of "weak" ciphers? I am contemplating building an openssl version with no support for export ciphers, and no support for SSLv2 cipher suites. I tried the config args of "no-ssl2" and "no-export", and got half the intended

Verbosity Level Tweak?

Folks, Am trying to sort out "mysterious" TLS setup failures within sendmail. Are there any runtime symbols I can twiddle to cause the library to be more forthcoming about what it's doing? Have wandered through sendmail and he pretty much treats the openssl calls as a black box, with very little

RE: Unable to locate the keystore/certificate store or private key

Title: Message I don't see the execution platform given here.  Perhaps you might consider doing an 'strace' (if linux)?  Anything that is opened and "secretly" imported into the program should be discernible from this.   Just a thought...   rnd -Original Message-From: [EMAIL

RE: Hiding headers for OpenSSL

Title: Message Folks,   For the sake of closure (and finality, one would hope :-) ), the relevant Apache configuration parameter is "ServerTokens".  There is also a spiffy module available to do just about anything you might desire here: modsecurity.   Works for me... rnd -Origina

FW: The *right* way to get "-g" in compiler options

Title: FW: The *right* way to get "-g" in compiler options It would appear that the *right* way is to simply stick the '-g' option in the config argument list, ./config -g … I thought it would be easy… :-) rnd  -Original Message- From:   Diffenderfer, Ran

The *right* way to get "-g" in compiler options

Title: The *right* way to get "-g" in compiler options Folks, This should be easy! What is the *right* way to include the "-g" option in CFLAG when building openssl-0.9.8b? I have several undoubtedly *wrong* ways I can choose, but I'd rather take the high road here… Thanks, rnd

"Random" errors in openssl apps

Title: "Random" errors in openssl apps Folks, Using RedHat ES3.0 stock openssl RPM, for which "openssl version" yields 'OpensSSL 0.9.7a Fed 19 2003", I get "random" SEGVs while doing pk7out or verify operations using "openssl smime -pk7out" or "openssl smime -verify".  The discouraging thin

FW: Using OpenSSL Command Line Apps To Generate Signed Digests

e surprise (to me) was that *an ASN1 structure* was what was encoded, not just the raw digest info.  Hadn't run across the DigestInfo structure before in my travels.  Now I know. Hope this helps the next n00b! :-) rnd  -Original Message- From:   Diffenderfer, Randy  Sent:   Thu

Using OpenSSL Command Line Apps To Generate Signed Digests

Title: Using OpenSSL Command Line Apps To Generate Signed Digests Folks, I am trying to work out a string of command line things that can deal with signatures and any/all intermediate objects. Using the 'dgst' app, I can generate a digest and a signed digest in either hex or binary with n