Hi,
I have some doubt about the Engine OpenSSL. If i load it, does it have a
timeout to unload the engine?
For example, I want to make a webservice that may use the openssl any time,
so i need to load the engine and let it loaded all the time.
Thanks for your atention,
--
Rick Lopes de Souza
happen to know the reason?
--
Rick Lopes de Souza
Mestrando em Ciências da Computação
LabSEC - UFSC
Gerente projeto ASI-HSM
Automated List Manager majord...@openssl.org
--
Rick Lopes de Souza
Hi,
I have some doubts about the formats that openssl use with ECDSA and RSA.
I know that openssl implemments PKCS#1 and PKCS#8 to RSA, but ECDSA only
uses PKCS#8 ? And PKCS#13 ?
Thanks,
--
Rick Lopes de Souza
it has the same features? I know it doesn't
needs the hash algorithm, but the message needs to be smaller than the size
of the key? ECDSA signs a message with any size?
Example: an ecdsa key with 192 bits signing a hash sha 512. It could be
signed or it is wrong?
Thanks,
--
Rick Lopes de Souza
Authority has?
Thanks,
--
Rick Lopes de Souza
AM, Rick Lopes de Souza dragonde...@gmail.com
wrote:
Maybe it's a simple question, but i want to know if there is any problem
that i have a request using a ECDSA key with SHA-256 and i want to issue a
certificate where the CA uses RSA with SHA 1.
In some tests, a ECDSA with sha1 and a CA
?
--
Rick Lopes de Souza
Questions include:
Why do I need ActivePerl not plain Perl?
I am only using the Cryptolibrary functions from Visual C++.
Thanks,
Fred
I understand that activeperl config script builds the nmake file used to
build the crypto libraries.
On Tue, Jul 12, 2011 at 9:27 AM, Jeremy Farrell jfarr...@pillardata.comwrote:
**
*From:* rick freitag
Questions include:
Why do I need ActivePerl not plain Perl?
No idea, depends what
,
);
proxy.RequestSoapContext.Security.Tokens.Add(usernameToken);
// Add the certificate for mutual SSL.
X509Certificate2 mutualCert = new
X509Certificate2(I:\\MyDocs\\ADP\\CFF_auth.pfx, OpenSSL_Pswd);
proxy.ClientCertificates.Add(mutualCert);
Rick Kushner
Sr Database Engineer
Cystic
me some import problems of the private key
with other software)?
Thanks,
Rick Robinson CISSP, ISSAP |
Senior Security Architect |
Distinguished Member of Technical Staff |
Technology, Strategy, and Development |
Avaya Inc. |
1300 West 120th Ave | B2-D31 | Westminster, CO 80234 |
Voice/Fax 303-538
?
Thanks,
Rick
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
causing the problem?
Thanks,
Rick
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL
Ajeet,
Thanks for your reply, however I'm not sure I understand. I'm not a
programmer, I'm just trying to use my certificates and keys. Can you
give me a more newbie example of how to check the time function?
Thanks,
Rick
Ajeet kumar.S wrote:
Please check time function gtime()or gtime_r
A correction to my previous post. Only the key.pem files are proding the
error in certwatch and being reported as expiring soon. Not the certs.
Thanks,
Rick
__
OpenSSL Project http
.0.9.8] Error 2
gmake[1]: Leaving directory `/tmp/openssl-0.9.8g'
gmake: *** [shared] Error 2
*** Error exit code 1
The first would be to obtain and install the unbundled compiler. The
bundled compiler is simply there to regen kernels and is unsupported
for much of anything else.
rick jones
this and know how to fix/correct?
Just a wild guess, but perhaps if the buffer you are using is larger
than the quantity of data returned, valgrind doesn't know you won't be
trying to use some of the stuff at the end?
rick jones
Hello List!
I have a client that is using openssl version, 0.9.7a
Feb 19 2003. Recently, he ran a security audit on his
machine, and the report came back stated the
following:
Vulnerability -- imaps (993/tcp) - 21643Synopsis
: The remote service supports the use of weak SSL
ciphers
David Lobron wrote:
2007-07-26 20:18:04.375 [3317] GS: Got response from sendDataPending
2007-07-26 20:18:04.376 [3317] GS: Calling poll with timeout 6
2007-07-26 20:18:04.376 [3317] GS: Checking poll results
2007-07-26 20:18:04.376 [3317] GS: calling SSL_write on buffer of
length 1281
to the transport in one
send call.
rick jones
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager
ghouse mohiddin wrote:
Hi Rick,
Thanks for your reply.
I want to reduce the reading the response time, so that the
performance will get improve.
I want to read all the bytes at a time.
SSL_read API is taking much time to read all the bytes of the response
from the server.
First time
and look for drops, errors, retransmissions and the like.
rick jones
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager
help
will probably be a decent start.
Often, Internet mailing lists will follow a convention of owner-listname or
listname-owner for an alias by which the list maintainer can be reached.
rick jones
__
OpenSSL Project
Sergey S. Levin wrote:
Hello Rick,
SW crypto aint cheap. It can consume lots of CPU cycles. If the
system was nearly CPU saturated with a plain transfer, then the
overhead of the crypto can very definitely take the throughput down
considerably.
1. If i use FileZilla and SSL connection
SW crypto aint cheap. It can consume lots of CPU cycles. If the system
was nearly CPU saturated with a plain transfer, then the overhead of
the crypto can very definitely take the throughput down considerably.
rick jones
one of these days I need to make an SSL version of netperf
. Perhaps as many as you have
front-end clients driving the load.
rick jones
There is a crufty old SSLperf benchmark that took the average
request/response size from SPECweb9[69] and the SPECweb96 behaviour of
connect request response close but did it with SSL using IIRC RSA
mumble. It leveraged
1024bit keys/s with 68% CPU load :-)
Unless it saturates the PCI bus and prevents the system from getting
sufficient throughput out its NIC's and HBA's :)
rick jones
__
OpenSSL Project http
with the
MIPS 4Kc architecture which would cause key generation to be an
inefficient process?
Perhaps by using 'C' versions of routines rather than hand-crafted
assembly - or there being no hand-crafted assembly for it ot use?
rick jones
, nor, at least in some modes, SCTP. It depends :) The question
isn't whether something is a socket, but what is the protocol beneath
the socket.
rick jones
as for the rest of the question, if the encryption layer didn't in and
of itself provide message boundaries, one could I assume start
of a router or routers you will not be able to get the remote
system's MAC address - the MAC address is not end-to-end in an
internet or intranet, only in a LAN.
So, if you are relying on finding the remote's MAC address, you are
basically by definition limiting your application to a LAN.
rick jones
version of HP-UX are you running? If sufficiently contemporary, there
may already be /dev/random or /dev/urandom from which one can pull bytes.
rick j ones
__
OpenSSL Project http://www.openssl.org
is essentially a TCP
issue.
Not to say that OpenSSL is or is not partially culpable, but things like
SIGPIPE/EPIPE are not _solely_ the responsibility of TCP. Connection close
handshaking is the joint responsibility of TCP and its user.
rick jones
a small window of a race condition, and of course the slight matter of
the select/poll overhead...
rick jones
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
with the configuration. Any ideas?
Rick
Configuration
=
The following entry was added to Configure for Solaris 5.8.
solaris64-sparcv8-gcc,gcc:-m64 -mv8 -O3 -fomit-frame-pointer -Wall -
DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG
RC4_CHAR RC4_CHUNK DES_UNROLL
BF_PTR:asm
, is a mystery.
I did learn one lesson from this. Be sure to test out a clean openssl
on your platform before you put any openssl updates into your project.
Do this for each platform you plan to use. Configure values that worked
before don't necessarily work with the later upgrades.
Rick
On Thu
are appreciated.
Rick
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
:)
rick jones
Thanks,
Martin Riewski
(719)548-6831
[EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated
or the HP
assembler? I've no idea which it should use, but do recall there being issues
in that area in the past in other places.
Fourth - any particular reason you are tossing-out any of the previous good work
done for fast assembly versions of some things?
rick jones
BTW, that reminds me
Second, _which_ gcc version?
Reading specs from
/opt/gcc/lib/gcc-lib/hppa2.0n-hp-hpux11.00/2.95.2/specs
gcc version 2.95.2 19991024 (release)
Are you still running 11.0?
rick jones
__
OpenSSL Project
Jeff Fulmer wrote:
On Thu, Jan 26, 2006 at 12:58:21PM -0800, Rick Jones wrote:
Second, _which_ gcc version?
Reading specs from
/opt/gcc/lib/gcc-lib/hppa2.0n-hp-hpux11.00/2.95.2/specs
gcc version 2.95.2 19991024 (release)
Are you still running 11.0?
Yeah, B.11.00
Tick tock
: *** [build_crypto] Error 1
Any idea what's wrong?
To my untrained eye it looks like a foul-up with the system include files, or
perhaps a change in what is #defined between the inclusion of ioctl.h and of
termio.h.
rick jones
__
OpenSSL
Erik Leunissen wrote:
Rick Jones wrote:
To my untrained eye it looks like a foul-up with the system include
files, or perhaps a change in what is #defined between the inclusion
of ioctl.h and of termio.h.
OK. Is there any direction for me to take in order to cure this (I don't
know
=engine_section, retcode=-1
---
Any further recommendations? Is there a tool that will verbosely parse
the config file and provide some more detail on the meaning of the
return code (-1)? Or any other tools you recommend?
If it makes any difference, I am using 0.9.7g
Regards,
Rick
routines:DYNAMIC_LOAD:dso not
found:eng_dyn.c:365:
It seems as if the engine 'smartcard' is not recognized.
Any suggestions would be greatly appreciated.
Regards,
Rick
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Erwann ABALEA
Sent: Friday, July
Sorry, make that openssl 9.7f... my bad... Does anyone out there know
anything about communicating via proxies with openssl?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Thursday, May 19, 2005 3:48 PM
To:
to set in BIO or SSL?
Thanks,
Rick
Hi.
Im preparing to transform an app from using WinInet
to OpenSSL does anyone have any recommendations, sources, resources,
caveats, etc., that I can use to accomplish this endeavor?
Your candid constructive replies are welcome.
Rick
I've already done that. Not that helpful.
Thanks.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Michael D'Errico
Sent: Thursday, April 21, 2005 9:21 AM
To: openssl-users@openssl.org
Subject: Re: transformation from WinInet
I'm preparing to
, install it, then
make it again in order to clear up my ldd errors. Whatever.
Rick
PS Thanks for the suggestions!
Chapman, Kyle
error can't find libgcc_s.so. If I set LD_LIBRARY_PATH to
be /usr/local/lib, then OpenSSH will start and function fine. I'm just not
sure that all is as it should be, given the file not found errors output
from the ldd command.
Any insights out there??/
TIA
Rick
DISCLAIMER
Thanks.
Found the paper after some additional searching.
Met Rivest at RSA Conf. Nice guy.
No need for long teeth.
Rick
-Original Message-
From: Charles B Cranston [mailto:[EMAIL PROTECTED]
Sent: Wednesday, June 04, 2003 7:33 AM
To: [EMAIL PROTECTED]
Subject: Re: testing
I checked the RSA web site and could not find the paper you are referencing. Could
you please forward me a link?
Thanks,
Rick
-Original Message-
From: Charles B Cranston [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 03, 2003 10:04 AM
To: [EMAIL PROTECTED]
Subject: Re: testing
. Thank you.
Rick Assmus
Microsoft(R) Windows NT(TM)
(C) Copyright 1985-1996 Microsoft Corp.
C:\E:
E:\cd apache group\apache\openssl\bin
E:\Apache Group\Apache\openssl\binopenssl req -new -nodes -keyout
private.key -out public.csr
Using configuration from /Apache/openssl/ssl/openssl.cnf
Unable
When the private
keys are created, are there checks performed to determine the quality/primality
of the keys? If so, is there documentation on how the keys are
checked?
Thanks,
Rick
Robinson
[EMAIL PROTECTED]
I am trying to set up my connection. I am using WS-FTP Pro and want to FTP
to our IBM mailbox. I have my certficates and IBM told me to go to your
sight and get SSL and that is where my confusion starts. I am not sure
what to download or how to install it.
Rick Gabriel
Programmer/Analyst
Copy and paste error: Amend that diagram:
cert b
Issuer : Issuer B
Subject: This Responder
Extended Key Usage: OCSP-Signing
/cert b
On Thu, 2002-03-28 at 13:16, Rick Ziegler wrote:
One example where multiple certification is needed is an OCSP responder
that responds for multiple CAs
The server name in the certificate needs to be the same as the name you
use when connecting to the server to collect your mail.
You need to specify the name of your mail server when creating the
certificate.
At 11:37 03/03/2002, you wrote:
Hi!
Who can advise on how to create right certificate for
According to the SSLBUILD file from the imapd docs, the pop3 server
expects the certificate to be named ipop3d.pem.
Nalin
Thanks Nalin - looks like it works :-)
__
OpenSSL Project
?
Thanks
- Rick
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
the
installation.
Rick Dennis
Alaska Internetworks
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager
I have implemented a simple SSL server using the latest win32 version of the openssl
library which behaves as I expect, EXCEPT that SSL_read() returns 0 (meaning, I must
POLL it, which is retarded) as long as my browser (the client I am using) is waiting
for me to accept the certificate (bogus
I thought this Active X control was bundled with all but the older versions of
IE... Anyhow, I've used it with IE 5+ without problems. Here's a link that
gives some usage examples, etc:
http://msdn.microsoft.com/library/default.asp?URL=/library/psdk/certsrv/xen_abus_0gtv.htm
Rick
"
the directory DN attr values (specified in the .cnf file)
Rick
"Vimalan.G" wrote:
Subject: Re: CA.pl Problem.
Date: Thu, 24 Aug 2000 22:57:21 +0530
From: "Vimalan.G" [EMAIL PROTECTED]
Organization: H
-cert to NULL, but the ssl_get_server_send_cert does
apparently not even check to see if that is NULL, much less invoke a
callback.
Has anyone crossed a similar bridge?
Thanks,
Rick
__
OpenSSL Project
65 matches
Mail list logo