es mean that version numbers differ from the
latest version, which is frankly a minor inconvenience.
Details of all of this and how to build openssl without patent restrictions
on your systems is in the openssl FAQ.
--
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Ro
with "Include
conf.d/*.conf" in httpd.conf), but the configuration will have to go in the
httpd.conf file.
Can you send me more details off list? I've not come across this before and
I've not had to change this ssl.conf file at all. I suspect that you may be
trying to run
ess you are testing with
> Outlook 97 which i think has its problems with S/MIME
>
> Thorsten
>
Don't use Outlook 97, not even for a joke. It's seriously broken in many
other ways too. 98 is passible but 2000 is fairly reliable. YMMV of course.
-
John Airey, BSc (Jt Hons),
hen support ceased.
However, if you wish to use a different version of openssl with apache, you
would be best advised to recompile both openssl and apache. Details of how
to do this are in the openssl documentation.
www.redhat.com and https://rhn.redhat.com are a good place to start.
-
John Airey, BSc
faking addresses, and in some cases send viruses back to someone
who hadn't even sent it!
Given all these difficulties, a virus scanner would probably create more
problems than it solves.
-
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
ve the security updates.
"rpm -q --changelog openssl | more" shows that the security fixes were added
on Sep 23 2003.
Before suggesting they upgrade, find out what version of Linux they are
running please. Otherwise they may come back with more problems that what
they started with.
Thank yo
s openssl already installed is so
that you don't have issues where your programs are executing the wrong
version. It's surprising how many times that happens.
You might also find that the distro version is sufficient for your needs
too, especially now the engine code is included. (I reme
ry
rpm -q openssl
To see if it is. If it is then try
rpm -e openssl --test
You'll probably see a list of packages that depend on it. If you don't, then
you are free to stick with the defaults. If you do, then follow the build
instructions in the openssl FAQ that refer to Red Hat.
-
John A
ntents:
tar -zxvf openssl-0.9.7c.tar.gz.tar
To be really sure, use this first:
tar -ztvf openssl-0.9.7c.tar.gz.tar
To ensure there are no errors with the tar file.
-
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road
wall version 6.3.x. I don't think there is a
way to get a certificate onto a Pix, as the "ca" commands can only create
certificates. Have a look at the version 6.3 command reference at
http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_command_refer
ence_book09186a008017284e.
or them in IE, they can be
more trouble than they are worth. Most of these problems can be overcome
however. I keep meaning to write a book including all this, as I don't think
anyone has yet. Maybe this year I will...
Getting back to the posters original point, is it at all possible that
enssl.
However, your time might be better spent upgrading to a newer version of
Linux.
-
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [
f date the last time I tried.
-
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED]
Evolution isn't true just because
need to use patent restricted code there'll
be no need.
If you haven't built against one of these versions, you'll either need to
recompile or use the Red Hat supplied mod_ssl package. Whichever you choose
is up to you.
-
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support
about which I am completely clueless as I currently
have no business reason to use them).
Anyway, the proof of the pudding is in the eating. Can you point me to a
secure site that uses a key size >1024 bits? I can't find one for love nor
money.
-
John Airey, BSc (Jt Hons), CNA, RHCE
Inter
Try globalsign www.globalsign.com, 175 Euro ($189 or £116.91 in proper
money).
-
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL
You are right about the price Jo. They've hiked their prices a lot (must be
to pay for Mark Shuttleworth's space trip...).
If you are representing a charity you may be able to negotiate a lower
price. We did that last year and received a wildcard certificate at a
discount.
-
John Aire
What are you using to build it with? I've managed to build 0.9.7 fine on
RedHat 7.3 with "./config" and "./config shared"
-
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE
Can you give us more details about the move, like where, who, and whether it
has bigger bandwidth please Ralf? Sorry for being late in replying, but I've
been unwell.
Thanks.
-
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
If you don't give a passphrase, you can copy the contents of the id_dsa.pub
to $HOME/.ssh/authorized_keys on the remote server, chmod this file to 600,
chmod the .ssh directory to 700 and then ssh should let you in with this key
from that host rather than via a password.
-
John Airey,
he packages have changed. (I really like rpm -V, it helps me to
check whether anything has been tampered with).
I hope that helps.
-
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1
only there because of US patent restrictions.
-
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED]
Theories of evolutio
!! as I
> think their RPM packages are rubbish and buggy also.
> [snip]
Link to aforementioned post:
http://www.mail-archive.com/openssl-users@openssl.org/msg28006.html
-
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell
gt; think their RPM packages are rubbish and buggy also.
> [snip]
I should have mentioned that someone did recently post a method to this list
detailing how to remove openssl from Red Hat and build it. A search of the
archives should bring it up.
-
John Airey, BSc (Jt Hons), CNA, RHCE
Inter
that much
differently to how you are building them.
I'm also a big fan of Red Hat Network now as I'm able to see that my systems
are up to date with all the released patches at a glance. I should also add
that I'm not on any commission from Red Hat to say this (sadly ;-) ).
-
John Airey
ll in memory.
Could you give some more details about your other problems please? eg,
version of apache and mod_ssl? You may need to upgrade these. For example,
there is a recent update to apache (1.3.27) that contains several "new"
security fixes.
-
John Airey, BSc (Jt Hons), CNA,
In addition, that was your key and certificate that you sent, not just . So
I'd hope you have a pass-phrase on your key or the key and certificate that
you sent aren't ones that you intend to use.
-
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Roya
ate of release of openssl-0.9.6e, which according to CERT is
the version that will fix it.
I can't get into the openssl site at the moment to check anything else.
Mornings aren't my best time of day...
-
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Ro
dea to leave compilers on public web servers, but there are
occasions where you might need to.
-
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848
Maximum Linux Security - ISBN 0-672-31670-6 is also very useful. Despite the
title, it covers UNIX based security fairly well.
John
> -Original Message-
> From: Matthew Hannigan [mailto:[EMAIL PROTECTED]]
> Sent: 18 September 2002 14:10
> To: [EMAIL PROTECTED]
> Subject: Re: Pls. suggest
Just in case you've got the wrong end of the stick, I'm not suggesting that
you shouldn't compile stuff yourself rather than use pre-packaged software.
I'm simply saying that there may be more broken by forcibly removing
packages that have dependencies than is at first realised. Personally I'd
nev
ght
> > ahead.
> >
> > Otherwise, following the directions in the openssl FAQ:
> > http://www.openssl.org/support/faq.cgi#BUILD8
> >
> > -
> > John Airey, BSc (Jt Hons), CNA, RHCE
> > Internet systems support officer, ITCSD, Royal National
> Insti
://www.openssl.org/support/faq.cgi#BUILD8
-
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED]
Reality TV - the ultimate oxymoron
that
> > software version, the fix for the bug would invalidate the
> > certification.
> >
> > Which all boils down to a question of choice, do you prefer a
> > certificate that says your software is safe even if it isn't
> > to uncertified software wh
ource packages).
-
John Airey
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED]
-
NOTICE: The information contained in this email and any attachments is
confide
he certificates
straight onto IIS5.
Contact me off the list for more details. I have a task for myself to test
keys of greater than 1024 bits before the end of next week. I'll be running
through the whole IIS procedure to do this.
-
John Airey
Internet systems support officer, ITCSD, Royal Natio
Can't you read the headers of your email? There should be a line something
like
Received: from mmx.engelschall.com (mmx.engelschall.com [195.27.130.252])
by maggotts.rnib.org.uk (8.11.6/8.11.6) with ESMTP id g56Bp6r03903
for <[EMAIL PROTECTED]>; Thu, 6 Jun 2002 12:51:11 +0100
My
/cryptolaw/
Finally, their support for servers mentions Apache-SSL with no mention at
all of openssl.
Without a little more information about which browsers are causing trouble,
there's not a lot more we can do.
-
John Airey
Internet systems support officer, ITCSD, Royal National Institute of
let me know the address of the site in question, I can have a
look and see what I can ascertain from that also.
-
John Airey
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL P
ed openssl has
files in /lib, these have different filenames from the libraries that are
created with the source compilation (for reasons beyond the scope of your
problem).
On that basis, which openssl are you executing?
-
John Airey
Internet systems support officer, ITCSD, Royal National Institu
the server (ie telnet localhost
22) does that give a response? If it does, I would imagine that your
firewall configuration on the server disallows connections to port 22 from
remote machines.
-
John Airey
Internet systems support officer, ITCSD, Royal National Institute for the
Blind,
Bak
gt;Alaska Internetworks
Not entirely correct. If you select normal or high and then customise, you
can "trust" certain interfaces, eg eth0. Whilst this has the effect of
disabling firewalling for that interface, it still allows you to add
firewalling later.
-
John Airey
Internet syste
uation is. My guess (and that's all it is) is
that the manufacturer may not have released any code or information about
how it works.
-
John Airey
Internet systems support officer, ITCSD, Royal National Institute for the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 3752
The openssl-engine versions also support "openssl speed".
-
John Airey
Internet systems support officer, ITCSD, Royal National Institute for the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED]
Agnostic (Greek) = Ignora
machine and
the client machine without worrying about the firewall.
-
John Airey
Internet systems support officer, ITCSD, Royal National Institute for the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED]
Agnostic (Greek) = Ignoramus
Title: RE: I got 4 or more emails identical
The
exact configuration line in a Pix firewall for "smtp security"
is
fixup
protocol smtp 25
However, I would doubt this is causing this. There is
an old bug with Pix firewall's that might cause this, but the same version
of IOS has more ser
ontact details. The change log there indicates the last
change to Teraterm SSL was over three years ago. Not encouraging.
All these pages are linked from the Teraterm Home Page at
http://hp.vector.co.jp/authors/VA002416/teraterm.html.
Also, as it is only a matter of time before Red Hat drop s
The best advice is to rebuild the rpm packages so that these options are in
the makefile. You can then upgrade your openssl packages to your new version
without (hopefully) breaking other packages.
Mail me off the list and I'll send you instructions.
-
John Airey
Internet systems su
aking a non-US
package available, but the sticking point with that is how to integrate it
with their "up2date" tool. Unless we have US and non-US versions of RedHat I
think we'll be stuck with that one.
Incidentally, the hack of using a symlink doesn't work for all package
d out what is in them, and one RPM install on one
machine is the same on another. (I know that you can create a custom
configuration file and use that to compile and install on every machine, but
frankly all that compiling and copying is a lot more work for multiple
servers. If I build an RPM I do it f
er all the time, the length of time
required for a context switch is also becoming shorter and shorter. If
that's the only reason to do it, it's really not worth it, IMNSHO.
Now if the linux kernel had accessibility built in, eg keyboard control of
voice synthesisers like a dectalk, that
ter option to upgrade to
that. Make sure you have plenty of backups before you start, though.
-
John Airey
Internet systems support officer, ITCSD, Royal National Institute for the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL
Specifically, IE5.01SP2 has 128bit support. This is the oldest version of IE
that MS currently supports. A trip to http://windowsupdate.microsoft.com/
will allow you to upgrade to this.
-
John Airey
Internet systems support officer, ITCSD, Royal National Institute for the
Blind,
Bakewell Road
t; tarball with the RPM has had some things
>stripped. That's
> part of the hobbling.)
>
> 2) Edit the spec file and remove the "-usa" from "Source".
>
> 2) Down in %prep, kill off %{SOURCE1} by commenting it
>out
indeed another version of Linux,
but it is not supported, might destroy all your data, etc. However, I have
taken packages from it (apache-mod_ssl 1.3.20-2.8.4 for example) and they've
worked for me.
Details are at ftp://ftp.redhat.com/pub/redhat/linux/rawhide/README
-
John Airey
Internet s
es
(details at www.redhat.com/errata/) runs the risk of breaking a lot of code.
Also, the version of openssl with RedHat 7.1 is "hobbled" and does not
include all the cipher support. I've asked an employee of RedHat who has
OK'd the making available of a package that contains all the
Your statement "I'm using RH 7.1" is the critical one for me.
RedHat 7.1 (Which I assume you mean) includes openssl by default. If you
build openssl from source and replace that which comes with it, you will
break about 24 packages, including sendmail (I can send you a list if you
want).
Specifi
gnature is 2.6.3ia.
-
John Airey
Internet systems support officer, ITCSD, Royal National Institute for the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED]
>-Original Message-
>From: Victor S. [mailto:[EMAIL PROTE
RC4 violates the RC4 trademark is as daft as stating that
the name Christina Saunders violates the right to the initials NASA. I
believe someone with a name like this was once refused the right to register
a domain name. Closer to home, Does NASDAQ violate the trademark name ASDA?
I don't
gt;
>Any ideas?
>
There isn't a time difference. These are the same time! 9:58:32 GMT (or more
correctly UTC) is 10:58:32 BST, although only between (at present) 1:00AM
UTC on the last Sunday in March and 1:00AM UTC on the last Sunday in
October. This is the same across the whole of the E
Have you checked out http://curl.haxx.se/download.html?
-
John Airey
Internet systems support officer, ITCSD, Royal National Institute for the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED]
>-Original Message-
>From
e now. When you have numerous RedHat boxes to administer,
building RPMS on one to install on the others makes perfect sense. However,
like I said it would help if the packages were made available. If not, does
RedHat have any objections to me making them available?
-
John Airey
Internet systems sup
nd others) who aren't restricted
by RC5 and IDEA patents...
>
># rpm --erase openssl-devel
># rpm -Uvh openssl-devel-0.9.6-3.rpm ### from the CD, or wherever
>
>if you wish to get back under the RPM management. You may need
>a --force
>too.
>
>Hope some of that mak
ors (including
myself). We already get grief from our users because Out of Office messages
don't go the Internet!
Mind you, if a mischievious sysadmin in the UK has done this deliberately as
a result of my "suggestion", I'd like to chase him/her under the Computer
Misuse Ac
our breath if this is a "self-signed" certificate. No doubt
someone else will correct me if I'm wrong, but I've never been able to get
self-signed certificate working on any version of IIS.
(I'm assuming this is a server cert. If it's a client cert then I'm pr
rs.
>
>What we do is send the notice to the envelope sender, which
>typically is set to the list owner. (Sorry list owner.) At least
>that way it doesn't flood the entire list time and time again
>
If you think this is bad, imagine what would happen if the anti-virus
checke
tallation at the moment, so I have
>no clue why
>> this is so.
>>
>
>RC5 is probably omitted for patent reasons.
>
You are spot on. The pre-packaged openssl with RedHat 7.1 has a file called
"hobble-openssl". It removes RC5, IDEA and MDC2.
Of course, it is possible to
Title: Web Site Alert: Not Responding
It
worked just now! I've just pulled 0.9.6b again to test it
(again).
- John
Airey Internet Systems Support Officer,
ITCSD, Royal National Institute for the Blind, Bakewell Road, Peterborough PE2 6XU, Tel.: +44 (0) 1733 375299 Fax: +44 (0)
the last 24
hours of the certificate is reached. As far as I am aware this is not
documented anywhere. (No doubt some clever person will point me to the RFC
where this is).
I believe I'll have some accurate information about self-signed starred
certificates with IIS fairly soon also.
-
Jo
bit security cleared it. (I would
recommend anyone who can to upgrade IE to 128bit).
But like you say, it looks like a firewall or router configuration that is
preventing connections.
-
John Airey
Internet Systems Support Officer, ITCSD, Royal National Institute
first
error, IIS will refuse you access to that directory as you requested a
secure channel. It usually says something about requiring a secure connection
though.
- John
Airey Internet Systems Support Officer,
ITCSD, Royal National Institute for the Blind, Bakewell Road, Peterborough PE
IIS4
can use 1024 RSA keys. We have several machines that are doing this already.
- John
Airey Internet Systems Support Officer,
ITCSD, Royal National Institute for the Blind, Bakewell Road, Peterborough PE2 6XU, Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED
it's money well spent
-
John Airey
Internet Systems Support Officer, ITCSD, Royal National Institute for the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED]
> -Original Message-
> From: Web boy [mailto:[EMAIL PR
You can also use the DOS "SHELL" command to increase environment space.
Details can be gathered from a DOS 6.0-6.22 machine. Windoze doesn't have
any information on it, AFAIK.
-
John Airey
Internet Systems Support Officer, ITCSD, Royal National Institute for the
Blind
The openssl-engine code contains "experimental" support for hardware crypto
devices. If you don't have one, or don't even know what one is, then just
use the vanilla "openssl" code.
I read somewhere that the two code branches will be merged in 0.9.7. Can't
My $0.02 worth. It is perfectly possible for there to be two versions of
this list, a normal list and a "digest" or batched list as the original
poster calls it. Majordomo supports it, but it will involve more work for
someone to set it up.
-
John Airey
Internet Systems Support Offi
Just to muddy the waters a little, the latest kernel (2.2.17) from RedHat
put the "kernel-headers" package in with the "kernel-source" package. A
really stupid idea which has caused a number of people a lot of grief,
including me!
-
John Airey
Internet Systems Support O
is the case. One of them I actually
approve messages before they go out, because most of the people on that list
reply to the list rather than send messages to me, which is a real pain in
the neck!
-
Happy new Millennium - http://www.rog.nmm.ac.uk/mill/index.htm
John Airey
Internet Systems Suppor
It appears that you are not using one IP address for each virtual host. Once
you've configured those correctly the error should go away.
-
Happy new Millennium - http://www.rog.nmm.ac.uk/mill/index.htm
John Airey
Internet Systems Support Officer, ITCSD, Royal National Institute for the
Correction, it does work with IE, we have a wildcard certificate that works
with IE 5.01. It works with IE 4 fine. As for IE 3.02 and before, well, they
have problems with their root certs anyway.
-
Happy new Millennium - http://www.rog.nmm.ac.uk/mill/index.htm
John Airey
Internet Systems
I hope you are kidding about using mod_ssl 2.2.7. The latest version is
2.7.1, which is what you should be running.
-
Happy new Millennium - http://www.rog.nmm.ac.uk/mill/index.htm
John Airey
Internet Systems Support Officer, ITCSD, Royal National Institute for the
Blind,
Bakewell Road
t;
>
There's a list of supported cards in the openssl changelog at
http://www.openssl.org/news/changelog.html
Don't know anything else though.
-
Happy new Millennium - http://www.rog.nmm.ac.uk/mill/index.htm
John Airey
Internet Systems Support Officer, ITCSD, Royal National Instit
y post. The documentation available on the Rainbow site is scant as well)
Thank you. If no-one can help, I'll battle on and post my results later.
-
Happy new Millennium - http://www.rog.nmm.ac.uk/mill/index.htm
John Airey
Internet Systems Support Officer, ITCSD, Royal National Institut
mail-abuse.org site tests didn't check for this one!
-
Happy new Millennium - http://www.rog.nmm.ac.uk/mill/index.htm
John Airey
Internet Systems Support Officer, ITCSD, Royal National Institute for the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 173
d for openssl if you
want. They are at www.modssl.org/contrib/. Use the versions with "fixed" in
the title as there are installation problems with the other versions.
I prefer them myself as it makes it easier to know what you have installed.
-
Happy new Millennium - http://www.rog.nmm
Support for elf binaries comes with the out of the box installation, AFAIK.
-
Happy new Millennium - http://www.rog.nmm.ac.uk/mill/index.htm
John Airey
Internet Systems Support Officer, ITCSD, Royal National Institute for the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1
ften ISO
3166-1 gets changed. It's about every three years, even though country names
often change more regularly than that. It was last updated in 1997.
I would imagine that either OpenSSL already supports it, or the standard is
so dated as to have been superseded by other developments.
-
Jo
lready seen the description on the ISO
site. I don't believe that ISO make the full standards available on the
'net. Although I appreciate that this standard covers data encryption, I
don't think it's that relevant to this list. Anyone care to differ?
-
John Airey
Internet Systems Sup
The International Standards Organisation have a description of this and all
their standards at http://www.iso.ch/
Totally off-topic question though.
-
John Airey
Internet Systems Support Officer, ITCSD, Royal National Institute for the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0
trib page and "fixed" versions of
the existing rpms. I hope that Steve, who recently posted to this list, will
find these useful as they install without errors (again, on my system).
-
John Airey
Internet Systems Support Officer, ITCSD, Royal National Institute for the
Blind,
Bakewell R
view it's easier to show someone how to install and
uninstall RPMs rather than explaining how to compile code from scratch. I'm
not aversed to compiling programs with configure/make/etc , but my
colleagues wouldn't even know where to start. They don't even understand
what inetd
achines
at my disposal to create and test these on.
-
John Airey
Internet Systems Support Officer, ITCSD, Royal National Institute for the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED]
> -Original Message-
> F
those is the server session key that changes automatically every hour.
This makes it more difficult to break ssh via brute force than ssl. However,
I'm not foolish enough to state that it is impossible to break, just very
difficult.
-
John Airey
Internet Systems Support Officer, ITCSD,
ot;stunnel" which uses
openssl to encrypt data over a standard port. Some protocols can't use this
(eg ftp) as they don't use a single port.
I think you'll need some more information though!
-
John Airey
Internet Systems Support Officer, ITCSD, Royal National Institut
ed to Openssl at all.
-
John Airey
Internet Systems Support Officer, ITCSD, Royal National Institute for the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED]
-Original Message-
From: Sze Yee [mailto:[EMAIL PROTECTED]]
Sent: 29 O
95 matches
Mail list logo