Re: Help! SSL Telnet client-server deadlock problem.

? > > Or is there a sound technical reason why telnet+stunnel cannot > work (at least to the extent of avoiding the client-server > deadlock problem I observe)? > > > > > > > > Jeffrey Altman <[EMAIL PROTECTED]> > Sent by: [EMA

RE: OpenSSL 0.9.7-stable-SNAP-20020310

SSL compiles with strict checking and all warnings are considered errors. Jeffrey Altman * Sr.Software Designer C-Kermit 8.0 available now!!! The Kermit Project @ Columbia University includes Telnet, FTP and HTTP http://www.kermit-project.org/ secured with Kerberos, SRP,

Re: FTP with SSL

TLS FTP support. See http://www.kermit-project.org/ftpd.html for one list. Jeffrey Altman * Sr.Software Designer C-Kermit 8.0 available now!!! The Kermit Project @ Columbia University includes Telnet, FTP and HTTP http://www.kermit-project.org/ secured with Kerbe

Re: Is OpenSSL Production Ready?

t is do not link against OpenSSL but instead load the libraries and functions manually as OpenSSL does with the DSO interface. Then the two programs are separate with separate licenses. Jeffrey Altman * Sr.Software Designer C-Kermit 8.0 available now!!! The Kermit Project @ Columbia Uni

Re: Is OpenSSL Production Ready?

Server not found" error message from IE is used whenever there is a failure to connect to a host. This includes such things as "CRL location not specified in certificate" errors when CRL verification is turned on. There are any number of reasons why this message may be generate

Re: using X.509 certificates in Ckermit 8.0

www.kermit-project.org/security.html SET AUTH TLS DSA-CERT-FILE SET AUTH TLS DSA-CERT-KEY SET AUTH TLS RSA-CERT-FILE SET AUTH TLS RSA-CERT-KEY Jeffrey Altman * Sr.Software Designer C-Kermit 8.0 available now!!! The Kermit Project @ Columbia University includes Telnet, FTP and H

Re: Prevent apache from giving out server cert?

symetric cryptosystems techniques with asymetric > algorithms. It's a bad design (tm). > > -- > Erwann ABALEA <[EMAIL PROTECTED]> - RSA PGP Key ID: 0x2D0EABD5 > > > __ > OpenSSL Project http://www.openssl.org > User Suppo

Re: Securing Telnet

_ > OpenSSL Project http://www.openssl.org > User Support Mailing List[EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > Jeffrey Altma

Re: telnetd-ssl

to understand the configuration of telnetd-ssl ? = > On Debian linux ? S:-( > =20 > Zanx. > =20 > Manuel Guerrero Martos > IN3 S.A.L. > C/ Prim, 16 A - Bajo > 12003 Castell=F3n > 964723680 > [EMAIL PROTECTED] > www.in3.es > =20 Jeffrey Altman * Sr.Software Design

Re: telnetd-ssl

ero Martos > > IN3 S.A.L. > > C/ Prim, 16 A - Bajo > > 12003 Castell=F3n > > 964723680 > > [EMAIL PROTECTED] > > www.in3.es > > =20 > > > __ > OpenSSL Project http://www.openssl.org > User Support Mail

RE: telnetd-ssl

ml Security description at http://www.kermit-project.org/security.html > -----Mensaje original- > De: Jeffrey Altman [mailto:[EMAIL PROTECTED]] > Enviado el: jueves, 06 de junio de 2002 19:58 > Para: [EMAIL PROTECTED] > CC: [EMAIL PROTECTED] > Asunto: Re: telnetd-ssl > >

Re: Problem RAND_Status

t is going on, I > appreciate any help. > > > Thank, > David Pineda > __ > OpenSSL Project http://www.openssl.org > User Support Mailing List[EMAIL PROTECTED] > Autom

[no subject]

t; Associate Developer > Quest Software Inc. See http://www.kermit-project.org/telnetd.html for a list of servers that support START_TLS Jeffrey Altman * Sr.Software Designer Kermit 95 2.0 GUI available now!!! The Kermit Project @ Columbia University SSH, Secure Telnet, Secure FTP, HT

Re: (forgot to add subj. last time) SSL Telnet servers

files? > > Thanks. > Mike > - Original Message - > From: "Jeffrey Altman" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Cc: <[EMAIL PROTECTED]> > Sent: Monday, July 01, 2002 11:57 AM > > > > > > > > I am new to the whole

Re: starting TLS Telnet server

nt on Win2K, how is Win2K involved? I think you need to read the text files that Peter provides in his distribution. Jeffrey Altman * Sr.Software Designer Kermit 95 2.0 GUI available now!!! The Kermit Project @ Columbia University SSH, Secure Telnet, Secure FTP, HTTP http://www.kermi

Re: starting TLS Telnet server

for all the network utilities in TOAD (Quest > Software, Inc.) and no one here has ever implemented SSL before and our Unix > guy is across the country so unless if I want to wait 2 more weeks, I have > to set the Linux box up myself. > > Thanks, > Michael > - Original Message

Re: backwards connection

; ctx = SSL_CTX_new( SSLv3_client_method() ); > SSL_CTX_load_verify_locations( ctx, "root.pem", NULL ) > SSL_CTX_set_verify( ctx, ( SSL_VERIFY_NONE ), ssl_verify_callback ); > SSL_CTX_set_verify_depth( ctx, 4 ); > SSL_CTX_set_options( ctx, SSL_OP_ALL ); > >

RE: OpenSSL Security Altert - Remote Buffer Overflows

> > OpenSSL Security Advisory [30 July 2002] > > Does this affect Apache Web Servers? If they are compiled with OpenSSL support then 'yes'. Jeffrey Altman * Sr.Software Designer Kermit 95 2.0 GUI available now!!! The Kermit Project @ Columbia University SSH, Sec

Re: Web Browsers and SSL Support

[EMAIL PROTECTED] > Your browser does not implement FTP AUTH SSL. Use an FTP client that does such as C-Kermit 8.0 http://www.kermit-project.org/ckermit.html Jeffrey Altman * Sr.Software Designer Kermit 95 2.0 GUI available now!!! The Kermit Project @ Columbia University

Re: Web Browsers and SSL Support

UTH SSL and FTP AUTH TLS. http://www.kermit-project.org/k95.html For web browsers I am unaware of a single one that supports FTP AUTH SSL. You could probably take the code that Peter Runestig wrote for the FTP clients that he supports on Unix and integrate it into Mozilla. Jeffrey Altman *

Re: 0.9.7-beta3 : build problem on Win32 (FIXED ?)

is in charge of the win32 build maintenance > to double-check this for me and update the build procedure before next > beta or release. > > Thank you very much, Jeffrey Altman * Sr.Software Designer Kermit 95 2.0 GUI available now!!! The Kermit Project @ Columbia University SSH

RE: [ANNOUNCE] OpenSSL 0.9.6g released

fect is > happening as people will now be suspicious of the quality and will > simply wait to see how things shake out. > > --- Jeffrey Altman <[EMAIL PROTECTED]> wrote: > > > At 09:40 AM 8/9/2002 -0400, Gregg Andrew writeth: > > > >OK so is version 0.9.

Re: [ANNOUNCE] OpenSSL 0.9.6g released

there... If it was that simple, we would already have done it a > long time ago (that's my guess at least...). This is correct. Simply shipping a binary with an implemented algorithm (even when not used) opens the distributor to patent infringement claims. Jeffrey Altman * Sr.Softwa

Re: patches for security advisory of 30th July [URGENT]

back port the resulting subsequent fixes yourself. Jeffrey Altman * Sr.Software Designer Kermit 95 2.0 GUI available now!!! The Kermit Project @ Columbia University SSH, Secure Telnet, Secure FTP, HTTP http://www.kermit-project.org/Secured with MIT Kerberos, SRP, and [

RE: openssl Newbie ( PRNG seed )

There is no need to call RAND_screen() more than once. 0.9.4 is vulnerable to attacks because the random number generator is not seeded with sufficient entropy. 0.9.6e takes more time in order to generate the necessary entropy. Using a hardcoded seed value with make your connections vulnerable.

RE: Question about auth with client certificates

people that trust in others to do the job. > Thanks a lot for your help. > > Gastón Christen Jeffrey Altman * Sr.Software Designer Kermit 95 2.0 GUI available now!!! The Kermit Project @ Columbia University SSH, Secure Telnet, Secure FTP, HTTP http://www.kermit-project.org/S

Re: OpenSSL on WIN2K

gt; Commerce WILL NOT approve the export of any product that uses the > OpenSSL dll's. Futher, all the applications I know of that have > export approval, which use OpenSSL, is in fact static linked to the > OpenSSL library. > > It would be interesting to know if any US

Re: IMPORTANT: The release of 0.9.6h is postponed

d every compiler. Jeffrey Altman * Sr.Software Designer Kermit 95 2.0 GUI available now!!! The Kermit Project @ Columbia University SSH, Secure Telnet, Secure FTP, HTTP http://www.kermit-project.org/Secured with MIT Kerberos, SRP, and [EMAIL PROTECTED]

Re: IMPORTANT: The release of 0.9.6h is postponed

ed memset > > . use compiler specific command line options to turn off this >optimization > > The problem with the first two is that they do have significant > performance impacts. > > The problem with the last is that we do not want to need to know the > command line o

Re: IMPORTANT: The release of 0.9.6h is postponed

; User Support Mailing List[EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > Jeffrey Altman * Volunteer Developer Kermit 95 2.1 GUI available now!!! The Kermit Project @ Columbia University SSH, Secure Telnet, Secure FTP, H

Re: IMPORTANT: The release of 0.9.6h is postponed

me time. I would modify it as such: volatile unsigned char * CRYPTO_cleanse(volatile void *ptr, size_t len) { volatile static unsigned char foo = 0; volatile unsigned char *p = ptr; size_t loop = len; while(loop--) { *(p++) = foo++; foo += (17 + (unsigned char)(p &

Re: IMPORTANT: The release of 0.9.6h is postponed

m wrong about this one ??? Its perfectly ok for this function to be called as written from multiple threads. It is the fact that there is a buffer that is read and written that is not entirely predictable that ensures the function cannot be optimized out. Jeffrey Altman * Volunteer Develop

Re: PROBLEM

http://www.openssl.org > User Support Mailing List[EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > Jeffrey Altman * Volunteer Developer Kermit 95 2.1 GUI available now!!! The Kermit Project @ Columbia University SS

Re: W2K Installation

Whether you are using VC6 or VC7 (.NET) you need to define your command line environment variables using the .BAT files provided with the development tools version you are attempting to use. For VC7 the BAT file is \Program Files\Microsoft Visual Studio .NET\VC7\BIN\vcvars32.bat Do not move th

Re: Slapper denial-of-service problem - why isn't this fixed?

Geoff: Since absolutely no one that is experiencing this problem has looked at a suffering process in a debugger it is impossible to know what is the cause of the problem. As far as I can tell all the theories that have been put forward as to what this is or is not are simply best guesses wit

Re: Socket call fails with OpenSSL 0.9.6h on Win32

WSAStartup() is required for Winsock 1.x as well. You should be calling this in your application. It would be inappropriate for this to be called from OpenSSL. Peter Aben wrote: I have used OpenSSL 0.9.6c in our application successfully on various platforms. After upgrading to 0.9.6h, on the

Re: explicit linking question (6)

You can use LoadLibrary() to load the DLLs at runtime instead of linking to them at compile time. However, if you do this you will need to load each function pointer programatically. dan demers wrote:     in the windows environment,   is it possible to use the explicit

Re: SSL_accept hang

As long as you are on a Windows system that implements WinSock2 all you need to do is specify   int timeout = 15;   setsockopt(socket, SOL_SOCKET, SO_RCVTIMEO,  &timeout, sizeof(int));   This will result in the following behaviors as described in http://msdn.microsoft.com/library/default.asp

Re: SSL_accept hang

Can you please elaborate on the algorithm you are using to accept connections?  The SSL_accept() does not take a server socket (the socket on which the accept() call is performed.)  Therefore, I do not know why the SSL_accept() should block accept() calls unless you are calling them in sequence

Re: Kerberos/PKINIT compliant subjectAltName?

Dr. Stephen Henson wrote: On Tue, Feb 11, 2003, Thomas Anders wrote: Hello, the Kerberos/PKINIT Internet draft (http://www.ietf.org/internet-drafts/draft-ietf-cat-kerberos-pk-init-16.txt, chapter 3.2.2.2) requires the KDC certificates to specify Kerberos realm and principal name

Re: OpenSSL 0.9.7a and versioning issues

OpenSSH and C-Kermit both perform checks of the version string of the library versus the version string of the headers the program was compiled with. This is done to ensure that the OpenSSL header constants and APIs used to build the program match those in the library. Both products must be ei

Re: OpenSSL 0.9.7a and versioning issues

That is how current versions of the software work. You can of course hack the code and remove the checks on your system if you would like. I do not predict what the future may hold. Phil Howard wrote: On Thu, Feb 20, 2003 at 06:17:02PM -0500, Jeffrey Altman wrote: | OpenSSH and C-Kermit

Re: openssl not thread-safe: any alternatives?

Are you using the mutex locks with blocking or non-blocking sockets? Using mutex locks with non-blocking sockets most definitely works. Folkert van Heusden wrote: So, my questions are: - am I doing something and IS openssl threadsafe? - is there an alternative for openssl doing which

Re: Openssl and Kerberos

C-Kermit 8.0 implements it for both client and server sides. - Jeff Markus Moeller wrote: Are there any example programs documentations of how to use Openssl with Kerberos for authentication/encryption (rfc2712) ? Thank you Markus _

Re: Openssl and Kerberos

() succeed or they do not. - Jeff Markus Moeller wrote: On Tuesday 11 Mar 2003 12:12, Jeffrey Altman wrote: Jeff, thanks for the link. The only problem I have now is how to filter out of the hundred of options the ones related to openssl/kerberos? Also I was wondering, what you would need to do if

Re: ftp implicit ssl connection

It is very unclear to me what type of help you are looking for. There are many SSL/TLS FTP client and server implementations available as open source in addition to the specifications for the protocol which are available as an Internet-Draft. What do you need? gomess wrote: Nobod

Re: ftp implicit ssl connection

PBSZ is used when you are negotiating the size of the buffer to be encrypted. If you are using FTP over SSL, the FTP protocol is not performing any authentication or encryption.  Therefore, you do not use PBSZ. gomess wrote: It is very unclear to me what type of help you are looking

Re: [ADVISORY] Timing Attack on OpenSSL

This is a different vulnerability. The one you patched two weeks ago was caused by a failure to decrypt messages when the MAC comparison failed. This vulnerability is a timing attack against the RSA algorithms. The Slashdot discussion is here: http://slashdot.org/article.pl?sid=03/03/14/0012

Re: openssl+zlib /MD problem

I have been linking applications with both OpenSSL and ZLIB for many years now without difficulties. My guess is that either your app is not using the MSVCRT.DLL or that your are linking to some other library which is using an alternative C Runtime library. Jeffrey Altman Andrew Marlow wrote

<    1   2