Hi
the folowinfg function shoudl do it.
from openssl/include/ssl.h
int SSL_CTX_set_cipher_list(SSL_CTX *,const char *str);
Refers to ttthe man for further explanation.
regards
Fred
-Original Message-
From: [EMAIL PROTECTED] on behalf of Basel Katt
Sent: Wed 5/24/2006 11:12 AM
Hi all,
Here is a good link about block cipher algorithm that explains this.
It also explain the mode: ECB, EFB, OFB, CBC (in SSL/TLS CBC one is used)
http://www.cacr.math.uwaterloo.ca/hac/
Chapter 7 - Block Ciphers
regards,
Fred
-Original Message-
From: Michael Sierchio
Hi,
Maybe you could have a look at ssl/man/man3/engine.3, there is some
explanation on how engine works.
Some sample code could also be found in fiel apps/apps.c the following function:
ENGINE *setup_engine(BIO *err, const char *engine, int debug)
You could also have a lok at apps/engine.c
Hi,
I think you could use the i2d_X509_bio and d2i_X509_bio function that help
using BIO and X509 struture.
from openssl/x509.h
#define d2i_X509_bio(bp,x509) (X509 *)ASN1_d2i_bio((char *(*)())X509_new, \
(char *(*)())d2i_X509, (bp),(unsigned char **)(x509))
#define
Hi,
I think you made an error:
- RSA with AES and SHA is: AES256-SHA
Just have a look at openssl ciphers -v ouput.
[EMAIL PROTECTED] gcb]$ LD_LIBRARY_PATH=/usr/local/ossl-0.9.8/lib
/usr/local/ossl-0.9.8/bin/openssl ciphers -v | grep AES
DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA
are the same with last openssl 0.9.7i.
Fred
-Original Message-
From: Daniel Tiefnig [mailto:[EMAIL PROTECTED]
Sent: Wed 11/30/2005 6:24 PM
To: openssl-users@openssl.org
Cc:
Subject:Re: cipher suite names in 0.9.8
Frédéric Donnat wrote:
I think you made an error
Hi,
You could have a look at apps/s_client.c code looking for nbio option.
It seems that there is two way of doing such thing:
- craete nbio BIO and then connect, etc..
- connect (a socket for example) and then set non blocking IO
(with the socket utilities)
hope it could help
Fred
Hi,
Here is something working fine in 0.9.7x but failing in 0.9.8 (as far as i have
tested it).
My engine name is zencod as you could see.
openssl_conf = openssl_init
[ openssl_init ]
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
Hi,
AES is included in openssl 0.9.7x and 0.9.8x versions.
openssl ciphers -v for SSL use
openssl enc -h for crypto use
-Original Message-
From: Pj [mailto:[EMAIL PROTECTED]
Sent: Wed 11/9/2005 3:03 AM
To: openssl-users@openssl.org
Cc:
Subject:AES
Hi,
Does
Hi all,
Any news about that?
Nothing seems have changed on the CVS.
Regards.
-Original Message-
From: Claudiu Dragalina-Paraipan [mailto:[EMAIL PROTECTED]
Sent: Fri 10/28/2005 3:07 PM
To: openssl-dev@openssl.org
Cc:
Subject:BIO_do_connect does not connect (bug?)
Hi,
I know that 0.9.7x version have probleme in dynamic loading.
especially IMPLEMENT_DYNAMIC_BIND_FN() function.
We have corrected this in our engine by re-defining this macro.
You should find a thread about this in mailing list archive.
Regards,
Fred
-Original Message-
From:
Hi,
To replace OpenSSL RNG, you just have to make your own ENGINE.
You have some example of such engine in engines directory of openssl 0.9.8.
regards,
Fred
-Original Message-
From: Andrew Amargo [mailto:[EMAIL PROTECTED]
Sent: Thu 10/20/2005 5:35 AM
To:
Hi,
In fact, to see if algorithm are really available, you could
OPENSSL_add_All_algorithm() (or a similar function OPENSSL_add_all_digest()),
and then try to get them using their name using some EVP_get_digestbyname().
hope it could help.
Fred
-Original Message-
From: Dmitry
Hi,
I should have a look at evp.h file and the d2i_PrivateKey_xxx and
i2d_PublicKey_xxx functions which allow to use DER representation (in a char[]
buffer) of public/private key.
regards,
Fred
-Original Message-
From: guvenma (sent by Nabble.com) [mailto:[EMAIL PROTECTED]
Sent:
Hi,
OpenSSL has a specific path for dynamic ENGINE libraries.
If you use the --prefix=/path_to_openssl option when building openssl, then
- the openssl libraries are in /path_to_ossl/lib
- the openssl ENGINE libraries are in /path_to_ossl/lib/engines
So it's easy to know the path. ;)
After
: Thu 10/6/2005 8:30 PM
To: openssl-users@openssl.org
Cc:
Subject:RE: question on linking dynamic engines
What about the name of the library is it specified using the SO_PATH control
command?
THanks,
-Anil
Frédéric Donnat [EMAIL PROTECTED] wrote:
Hi,
OpenSSL has a specific path
Hi,
Yes Null assume that default rsa_eay method is used (be carefull in openssl
0.9.8 RSA struct has change du to the key_generation method).
For exmaple if you do some RSA_pub_enc(), rsa_eay_pub_enc() will be called and
then your ibmca_bn_mod_exp()...
Just have a look at the source code to
Hi,
It depends on what you mean by compatible!
For example, 0.9.7 has a FIPS part that is not in 0.9.8 (for now).
SHA-256 are part of openssl 0.9.8, whereas it is only in the FIPS module of
0.9.7.
Also have a look at RSA structure change in 0.9.8 (ENGINE have changed too).
You should have a
Hi,
You could also have a look at:
- demos/selfsign.c
Or the OpenSSL tools:
- apps/req.c
- apps/ca.c
- apps/x509.c
Fred
-Original Message-
From: Dr. Stephen Henson [mailto:[EMAIL PROTECTED]
Sent: Wed 9/28/2005 3:12 PM
To: openssl-users@openssl.org
Cc:
Subject:
Hi,
hello I have one questionDose creating a self-signed certificate using
OpenSSL for use with Microsoft Internet Information Services (IIS) 5,
give me 40-bit key or 128-bit key?
As far as i know it the key in the certificate is an asymmetric one and is
use for the authentication and key
Hi all,
Is there an easy way to use symmetric algorithm of openssl 0.9.8 in CTR mode?
I have a look at the evp.h file but do not see anything about it.
Or maybe i've missed something.
regards,
Fred
__
OpenSSL Project
serial number
Frédéric Donnat wrote:
Hi,
Sorry for the mistake (nothing to deal with openssl.cnf file). I was just
looking for ca.txt file.
Is it normal behavior of openssl to be able to view a certificate without
serial number using (without any error mentioned):
openssl x509
-Original Message-
From: Frédéric Donnat
Sent: Mon 8/29/2005 11:51 AM
To: openssl-users@openssl.org
Cc:
Subject:/usr/local/ossl-0.9.8/ssl/openssl.cnf
Hi all,
Could someone telle where i can find the following file: ca.txt
I'm reading opthe HOWTO and i see
Hi all,
Could someone telle where i can find the following file: ca.txt
I'm reading opthe HOWTO and i see the following comment (cetificates.txt):
This is NOT the recommended way to create a
CA certificate, see ca.txt.
regards,
Fred
Hi all,
In crypto/x509/x509.h header i can see th following:
typedef struct x509_cert_aux_st
{
STACK_OF(ASN1_OBJECT) *trust; /* trusted uses */
STACK_OF(ASN1_OBJECT) *reject; /* rejected uses */
ASN1_UTF8STRING *alias; /*
Hi,
According to the man page, d2i_xx method is able to allocate memory for you.
d2i_PUBKEY_xxx
If you are using OpenSSL 0.9.7 or later then this can be simplified to:
int len;
unsigned char *buf;
buf = NULL;
len = i2d_X509(x, buf);
if (len 0)
mail server test please ignore
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager
Mail server tests, please ignore
winmail.dat
Hi all,
I'm using openssl-0.9.7x and s_client option without any problem.
openssl s_client -connect etc...
I've just test this with openssl-0.9.8-beta4 and this does not work.
LD_LIBRARY_PATH=/usr/local/ossl-0.9.8-beta4/lib
/usr/local/ossl-0.9.8-beta4/bin/openssl version
OpenSSL 0.9.8-beta4 06
Hi,
As we have an ENGINE in this demo (with some asym/symm crypto), if we could
help, just let me know.
regards,
Fred
-Original Message-
From: [EMAIL PROTECTED] on behalf of Richard Levitte - VMS Whacker
Sent: Tue 4/19/2005 12:26 AM
To: openssl-users@openssl.org; [EMAIL
Hi,
I think ubsec driver in included in FreeBSD release, so you should be able to
use the ENGINE related to /dev/crypto. (hw_cryptodev.c)
Ubsec ENGINE should be ok for BroadCom FreebSD driver.
I think that you should not mix them.
Hope it could help,
Fred
-Original Message-
From:
Hi nCipher ENGINE is called chill. ;))
openssl engine -t chil
(chil) nCipher hardware engine support
[RSA, DH, RAND]
Maybe nCipher a board based on a bcm582x chip (which allows ubsec ENGINE use).
Hope it could help.
Regards
Fred
-Original Message-
From: [EMAIL PROTECTED] on behalf
Sorry my mistake i forget to give you the man page for ENGINE use.
In your openssl source tree:
- doc/crypto/engine.pod
Regards
Fred
-Original Message-
From: [EMAIL PROTECTED] on behalf of Frédéric Donnat
Sent: Fri 4/8/2005 10:22 AM
To: openssl-users@openssl.org; openssl-users
Hi
I always buuild my test httpd-2.0.x as follow:
[] CFLAGS=-DSSL_EXPERIMENTAL -DSSL_ENGINE ./configure \
--prefix=/path_to_apache_install \
--enable-ssl=shared \
--with-ssl=/path_to_openssl \
After i just get a certificate and a private key for my http 2.0 from an
Hi,
In fact your ldap server is running TLS (everything can be seen with ldapsearch
in debug mode).
the problem comes from ldap using SASL mechanism. As i'm not expert in this, as
can just suggest you to have a look at SASL documentation. There is some sort
of authentication before the real
Sorry,
I think your ldap server is NOT running TLS.
I just try a s_client on an ldap server without ssl and here is the result:
[EMAIL PROTECTED] donnatfr]# openssl s_client -connect 192.168.0.70:389 -ssl3
-debug
CONNECTED(0003)
write to 0814B438 [081551F0] (88 bytes = 88 (0x58))
-
:27 +0100, Frédéric Donnat
[EMAIL PROTECTED] wrote:
Hi,
Just take a look at man engine.. ;)
We already encouter this probleme when implementing our one ENGINE for our
NSCrypto board, especially xhen adding symmetric ciphering..
The error you describe could comes from a bad symmetric enc
Hi,
You can specify the protole to use with -ssl3 or -tls1 otherwise s_client send
a ssl v2 client hello. Moreover some debug info with -state or -debug could be
usefull to find what happened. ;)
Hope it could help.
Fred
-Original Message-
From: [EMAIL PROTECTED] on behalf of
Hi,
First of all the HEX line are important because they contained information
about the connection (SSL protocol layer: record, alert etc...), in fact in
acts as -msg option (openssl 0.9.7e).
In your case, it seemes that your server closed the connection:
read from 080ABC00 [080B1838] (7
Hi,
Just take a look at man engine.. ;)
We already encouter this probleme when implementing our one ENGINE for our
NSCrypto board, especially xhen adding symmetric ciphering..
The error you describe could comes from a bad symmetric enc/dec.
A bad mac record with READ sounds like openssl
Hi,
I remember some error like this, when implemeting SSL in java and testing whith
openssl.
This can be due to a bad use of encryption/decryption (i advise you to check if
data before encrption are the same as the one after decryption).
Fred
-Original Message-
From: [EMAIL
Hi,
I have the same probleme because I have more than one openssl installed.
Try uising LD_LIBRARY_PATH=/path-to-you-ossl/lib /path-to-your-ossl/bin/openssl
Hope it could help
Fred
-Message d'origine-
De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de Dan O'Brien
Hi all,
I've no probleme generating CA, client key, CSR, and certificate even export
in, pkcs12 format.
I do not succeded to create certificate chain.
I have a look at x509, pkcs7 pkcs12 options without any success. Maybe i missed
something...
As someone the answer?. Or can anyone put me in
, Frédéric Donnat wrote:
Hi all,
I've no probleme generating CA, client key, CSR, and certificate even
export in, pkcs12 format.
I do not succeded to create certificate chain.
I have a look at x509, pkcs7 pkcs12 options without any success. Maybe
i missed something...
As someone the answer
Hi,
If you have a crypto-board you can use it through engine use.
One way is to initialize openssl librairy with the engine and then use random number
generation function.
Fred
-Message d'origine-
De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de Mateus
Envoyé : mardi 29
Hi,
Ithink you should provide all the code.
This is not enough to see if the parameters you used are correctly initialized.
For example, I'd like to see how you handle the multiple call.
Fred
-Message d'origine-
De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de Gorelik,
Hi,
In fact, I think you should have a look at java SSL mailing list because JSSE is java.
Apache is using openssl, so you should have a look at apache ssl_error.log or
ssl_engine.log.
As far as I know it RC4 alogorithm does not required any IV (at DES or 3DES opposite
for example) that's why
Marcus Carey a crit :
Can
someone explain the following warning?Client-SSL-Warning:
Peer certificate not verifiedActivePerl
623Windows IIS 5.0Windows
2000 ServerCrypt-SSLeay
from Activestate repositoryMarcus
Hi !
This should be a warning due to the verification of the Server Certificate
48 matches
Mail list logo