- Original Message -
From: Kyle Hamilton aerow...@gmail.com
To: openssl-...@openssl.org; openssl-users openssl-users@openssl.org
Sent: Thursday, October 11, 2012 3:08 AM
Subject: Re: top 10 mistakes when using libopenssl?
Suggestions from my experience:
-Failing to verify the
On 2012.07.29. 8:52, Sanford Staab wrote:
Good questions and similar to what is on my mind. Please let me know
if you get any good answers to these questions.
*
There is SPKAC, which generates rsa key pairs in browser (firefox,
chrome, opera)(ie not supported) and sends certificate request
On 2012.07.29. 17:49, Ted Byers wrote:
Thanks
Are you talking about an object available in the browser object and
accessible via JavaScript, or a JavaScript file I'd include in my web page?
Can you provide an URL to a resource where I can learn more about it?
It is a html form element. It
C:\OpenSSL-Win32\binopenssl genrsa -out privkey.pem 2048
This generates a RSA key, it has nothing to do with DSA.
C:\OpenSSL-Win32\binopenssl dsaparam -out dsaparam.pem 2048
This generated DSA parameters.
C:\OpenSSL-Win32\binopenssl gendsa -out privkey.pem dsaparam.pem
This generates DSA key
You did not specify a CA to verify against. (using -CAfile or -CApath
and -verify)
That server is not sending its intermediate certificate.
Verifying against chain of root and intemediate succeeded for me
(openssl 1.0.0d on windows xp sp3)
- Original Message -
From: Florian Pritz
What exactly are you trying to do?None of ciphersuites specified in second list, meets the requiremencts specified in first list.(Only second ciphersuite uses ECDSA Au, it also is the only one, not using any variant of DES or RC4)There exists ECDHE-ECDSA ciphersuites usring RC4, but these are not
Generally ANY CA signature works with ANY ciphersuite. They are not related at all.You mean:Make a CA, which can sign a certificate, which can be used with these all ciphersuites?In that case any signature method can be used. (ECDSA and RSA ciphersuites will not work with one certificate, but CA
I need to use to make ECDSA key. or how to make Ans I would like to know which command that I need to use dh. I'm so sorry but would you show me the process about following? EDH-RSA-DES-CBC3-SHA ECDHE-ECDSA-AES256-SHA RC4-MD5 EXP-DES-CBS-SHAThanks 2011/8/30 yyy y...@inbox.lvG
p12 files can contain multiple certificates (full chain). It seems to install full chain,however i had root cert already installed, for this chain.I do not know, how to add a der (or pem) file to existing p12 file.Probably it wold be easier to make a new p12 filefrom all necessary der (or pem)
In that openssl.cnf file add section section [server] (actually that name probably does not matter)and in it add a linensCertType=serverand when signing a request, add to command line -extensions server(at least that appears, what easyrsa script was doing)Easyrsa script also added a comment and
Everything seems to be fine, only for new installations it is recomended to use at least 2048 bit keyand, at least some time ago, openssl used to default to MD5 for certificate signatures,check, if it is not the case. Citējot Tomas Macek ma...@fortech.cz>: We have some web servers and I want to
I also tried the same, and although wireshark labeled these data as
"encrypted application data", the text next to hex data in bottom window
contained unencrypted data. There were something added in the end, though.
(negotiated ciphersuite were NULL-SHA).
2) Getting back to the client
Somewhere I have read that RSA key size limit is 32k or so. Largest key
I have attempted to generate was 24k, largest key successfully
generated and used was 16k. Are the these RSA keys or DH parameters?
In any case 2048bit (2k) sized keys are supported almost by anything.
Hello,
I am working
is the same as secp256k1?
s_server documentation (output of s_server -?) says that nistp256 is
the default, but such exact name is not present in output of
ecparam -list_curves.
2011/7/1 yyy y...@inbox.lv:
Hello!
s_server (and probably other TLS servers), requires ECDH parameters, if
using ECDH
Hello!
s_server (and probably other TLS servers), requires ECDH parameters, if
using ECDH ciphersuites. (probably similarily as for DH parameters with DH
ciphersuites).
It seems, that these are supposed to be generated using:
ecparam -name 'name_of_named_curve',
but this always generates the
15 matches
Mail list logo
