Possibly do an asndump on a cert that has a friendly name and see what it's
really doing?
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Hopkins, Nathan
Sent: Thursday, December 01, 2011 4:36 PM
To: openssl-users@openssl.org
had
originally asked - limit the library to just "strong" ciphers - most correctly?
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Diffenderfer, Randy
Sent: Wednesday, August 18, 2010 12:43 PM
To: openssl-users@openssl.org
Subject: The best way
What is the "correct" way to limit cipher suite strength, as in get rid of
"weak" ciphers? I am contemplating building an openssl version with no support
for export ciphers, and no support for SSLv2 cipher suites. I tried the config
args of "no-ssl2" and "no-export", and got half the intended
Folks,
Am trying to sort out "mysterious" TLS setup failures within sendmail.
Are there any runtime symbols I can twiddle to cause the library to be
more forthcoming about what it's doing? Have wandered through sendmail
and he pretty much treats the openssl calls as a black box, with very
little
Title: Message
I
don't see the execution platform given here. Perhaps you might consider
doing an 'strace' (if linux)? Anything that is opened and "secretly"
imported into the program should be discernible from this.
Just a
thought...
rnd
-Original Message-From:
[EMAIL
Title: Message
Folks,
For
the sake of closure (and finality, one would hope :-) ), the relevant Apache
configuration parameter is "ServerTokens". There is also a spiffy module
available to do just about anything you might desire here:
modsecurity.
Works
for me...
rnd
-Origina
Title: FW: The *right* way to get "-g" in compiler options
It would appear that the *right* way is to simply stick the '-g' option in the config argument list,
./config -g …
I thought it would be easy… :-)
rnd
-Original Message-
From: Diffenderfer, Ran
Title: The *right* way to get "-g" in compiler options
Folks,
This should be easy!
What is the *right* way to include the "-g" option in CFLAG when building openssl-0.9.8b?
I have several undoubtedly *wrong* ways I can choose, but I'd rather take the high road here…
Thanks,
rnd
Title: "Random" errors in openssl apps
Folks,
Using RedHat ES3.0 stock openssl RPM, for which "openssl version" yields 'OpensSSL 0.9.7a Fed 19 2003", I get "random" SEGVs while doing pk7out or verify operations using "openssl smime -pk7out" or "openssl smime -verify". The discouraging thin
e surprise (to me) was that *an ASN1 structure* was what was encoded, not just the raw digest info. Hadn't run across the DigestInfo structure before in my travels. Now I know.
Hope this helps the next n00b! :-)
rnd
-Original Message-
From: Diffenderfer, Randy
Sent: Thu
Title: Using OpenSSL Command Line Apps To Generate Signed Digests
Folks,
I am trying to work out a string of command line things that can deal with signatures and any/all intermediate objects.
Using the 'dgst' app, I can generate a digest and a signed digest in either hex or binary with n
11 matches
Mail list logo