Search Results

Search found 890 results on 36 pages for 'openssl'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 3/36 | < Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >

  • How to update OpenSSL using Putty and yum command

    - by JM4
    I am so new to updating server technologies it is unbelievable but we are trying to become PCI Compliant and have to update some of our server technologies. One in particular is OpenSSL. We are currently running arch i686 0.9.8e but we have to upgrade to ATLEAST 0.9.8g. When I run a yum update command, there are no updates available. If I run "yum info openssl" it says available packages are: arch i386 0.9.8e but the only difference is smaller file size. I am running the following repositories: Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * addons: mirrors.netdna.com * atomic: www6.atomicorp.com * base: mirrors.igsobe.com * extras: mirror.vcu.edu * updates: mirror.vcu.edu any help out there?

    Read the article

  • Speedup of fixing an openssl bug with 8192 bit key [on hold]

    - by rubo77
    This is related to this Bug-Report https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=747453 OpenSSL contains a set of arbitrary limitations on the size of accepted key parameters that make unrelated software fail to establish secure connections. The problem was found while debugging a XMPP s2s connection issue where two servers with long certificate keys (8192 Bit RSA) failed to establish a secure connection because OpenSSL rejected the handshake. This seems to be a small problem to be fixed but although there is an easy patch available to fix the issue in that bug report, no reactions are noticed so far.. The last patch that broke the 2048 barrier took 2 years to be implemented and only resulted in an increase to 4096bit, which seems to be a bad joke. Where would we have to report this to speed up the implementation for such an issue?

    Read the article

  • MySQL SSL: bad other signature confirmation

    - by samJL
    I am trying to enable SSL connections for MySQL-- SSL will show as enabled in MySQL, but I can't make any connections due to this error: ERROR 2026 (HY000): SSL connection error: ASN: bad other signature confirmation I am running the following: Ubuntu Version: 14.04.1 LTS (GNU/Linux 3.13.0-34-generic x86_64) MySQL Version: 5.5.38-0ubuntu0.14.04.1 OpenSSL Version: OpenSSL 1.0.1f 6 Jan 2014 I used these commands to generate my certificates (all generated in /etc/mysql): openssl genrsa -out ca-key.pem 2048 openssl req -new -x509 -nodes -days 3650 -key ca-key.pem -out ca-cert.pem -subj "/C=US/ST=NY/O=MyCompany/CN=ca" openssl req -newkey rsa:2048 -nodes -days 3650 -keyout server-key.pem -out server-req.pem -subj "/C=US/ST=NY/O=MyCompany/CN=server" openssl rsa -in server-key.pem -out server-key.pem openssl x509 -req -in server-req.pem -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out server-cert.pem openssl req -newkey rsa:2048 -nodes -days 3650 -keyout client-key.pem -out client-req.pem -subj "/C=US/ST=NY/O=MyCompany/CN=client" openssl rsa -in client-key.pem -out client-key.pem openssl x509 -req -in client-req.pem -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out client-cert.pem I put the following in my.cnf: [mysqld] ssl-ca=/etc/mysql/ca-cert.pem ssl-cert=/etc/mysql/server-cert.pem ssl-key=/etc/mysql/server-key.pem When I attempt to connect specifying the client certificates-- I get the following error: mysql -uroot -ppassword --ssl-ca=/etc/mysql/ca-cert.pem --ssl-cert=/etc/mysql/client-cert.pem --ssl-key=/etc/mysql/client-key.pem ERROR 2026 (HY000): SSL connection error: ASN: bad other signature confirmation If I connect without SSL, I can see that MySQL has correctly loaded the certificates: mysql -uroot -ppassword --ssl=false mysql> SHOW VARIABLES LIKE '%ssl%'; +---------------+----------------------------+ | Variable_name | Value | +---------------+----------------------------+ | have_openssl | YES | | have_ssl | YES | | ssl_ca | /etc/mysql/ca-cert.pem | | ssl_capath | | | ssl_cert | /etc/mysql/server-cert.pem | | ssl_cipher | | | ssl_key | /etc/mysql/server-key.pem | +---------------+----------------------------+ 7 rows in set (0.00 sec) My generated certificates pass OpenSSL verification and modulus: openssl verify -CAfile ca-cert.pem server-cert.pem client-cert.pem server-cert.pem: OK client-cert.pem: OK What am I missing? I used this same process before on a different server and it worked- however the Ubuntu version was 12.04 LTS and the OpenSSL version was older (don't remember specifically). Has something changed with the latest OpenSSL? Any help would be appreciated!

    Read the article

  • OpenSSL: certificate signature failure error

    - by e-t172
    I'm trying to wget La Banque Postale's website. $ wget https://www.labanquepostale.fr/ --2009-10-08 17:25:03-- https://www.labanquepostale.fr/ Resolving www.labanquepostale.fr... 81.252.54.6 Connecting to www.labanquepostale.fr|81.252.54.6|:443... connected. ERROR: cannot verify www.labanquepostale.fr's certificate, issued by `/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)06/CN=VeriSign Class 3 Extended Validation SSL SGC CA': certificate signature failure To connect to www.labanquepostale.fr insecurely, use `--no-check-certificate'. Unable to establish SSL connection. I'm using Debian Sid. On another machine which is running Debian Sid with same software versions the command works perfectly. ca-certificates is installed on both machines (I tried removing it and reinstalling it in case a certificate got corrupted somehow, no luck). Opening https://www.labanquepostale.fr/ in Iceweasel on the same machine works perfectly. Additional information: $ openssl s_client -CApath /etc/ssl/certs -connect www.labanquepostale.fr:443 CONNECTED(00000003) depth=3 /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority verify error:num=7:certificate signature failure verify return:0 --- Certificate chain 0 s:/1.3.6.1.4.1.311.60.2.1.3=FR/2.5.4.15=V1.0, Clause 5.(b)/serialNumber=421100645/C=FR/postalCode=75006/ST=PARIS/L=PARIS/streetAddress=115 RUE DE SEVRES/O=LA BANQUE POSTALE/OU=DISF2/CN=www.labanquepostale.fr i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)06/CN=VeriSign Class 3 Extended Validation SSL SGC CA 1 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)06/CN=VeriSign Class 3 Extended Validation SSL SGC CA i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5 2 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5 i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority 3 s:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority --- Server certificate -----BEGIN CERTIFICATE----- <base64-encoded certificate removed for lisibility> -----END CERTIFICATE----- subject=/1.3.6.1.4.1.311.60.2.1.3=FR/2.5.4.15=V1.0, Clause 5.(b)/serialNumber=421100645 /C=FR/postalCode=75006/ST=PARIS/L=PARIS/streetAddress=115 RUE DE SEVRES/O=LA BANQUE POSTALE/OU=DISF2/CN=www.labanquepostale.fr issuer=/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)06/CN=VeriSign Class 3 Extended Validation SSL SGC CA --- No client certificate CA names sent --- SSL handshake has read 5101 bytes and written 300 bytes --- New, TLSv1/SSLv3, Cipher is RC4-MD5 Server public key is 1024 bit Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : RC4-MD5 Session-ID: 0009008CB3ADA9A37CE45B464E989C82AD0793D7585858584ACE056700035363 Session-ID-ctx: Master-Key: 1FB7DAD98B6738BEA7A3B8791B9645334F9C760837D95E3403C108058A3A477683AE74D603152F6E4BFEB6ACA48BC2C3 Key-Arg : None Start Time: 1255015783 Timeout : 300 (sec) Verify return code: 7 (certificate signature failure) --- Any idea why I get certificate signature failure? As if this wasn't strange enough, copy-pasting the "server certificate" mentionned in the output and running openssl verify on it returns OK...

    Read the article

  • Server unresponsive after successful OpenSSL connection

    - by Dan B
    I'm testing server connections using OpenSSL, with varying results Server A: connection is successful, as are user login and the other commands I expected to work Server B: connection is successful, but the server is unresponsive when I try to submit a command. I don't get an error, or even a disconnection – just a blank line from where I hit Enter or ^M My hunch is that Server B's configuration requires a different character encoding or something and it's simply not recognizing my Enter keystroke, but I've looked to no avail... any suggestions would be appreciated!

    Read the article

  • OpenSSL decode not working

    - by JL
    I am trying to use the following command: openssl enc -base64 -in myfile -out myfile.b64 For more info this link, has full instructions. Nothing happens and via a DOS window, it just doesn't work. Any suggestions why?

    Read the article

  • Compile OpenSSL from source using Xilinx EDK

    - by Asanka
    I want to use openSSL functions in my xilinx C++ project. So i downloaded the source and tried to compile using the makefile. But unfortunately the linux box I was provided did not contained the required software (perl5, make, etc) to compile the source using makefile. So as the second option i tried to compile the source as a shared library. So i made a new project using existing openSSL source. But all the attempts were failed since it gave lots of errors including missing headers, unknown defines etc. If someone knows how to compile openssl as a shared library using Xilinx toolchains please help me. It would be really helpful if someone can provide the complete project which can be opened using Xilinx EDK. If better alternative exists to use openssl with xilinx toolchains please explain that also. Thanks in advance....

    Read the article

  • M2Crypto doesn't install in venv, or swig doesn't define __x86_64__ which breaks compiling against OpenSSL

    - by Lorin Hochstein
    I'm trying to install the Python M2Crypto package into a virtualenv on an x86_64 RHEL 6.1 machine. This process invokes swig, which fails with the following error: $ virtualenv -q --no-site-packages venv $ pip install -E venv M2Crypto==0.20.2 Downloading/unpacking M2Crypto==0.20.2 Downloading M2Crypto-0.20.2.tar.gz (412Kb): 412Kb downloaded Running setup.py egg_info for package M2Crypto Installing collected packages: M2Crypto Running setup.py install for M2Crypto building 'M2Crypto.__m2crypto' extension swigging SWIG/_m2crypto.i to SWIG/_m2crypto_wrap.c swig -python -I/usr/include/python2.6 -I/usr/include -includeall -o SWIG/_m2crypto_wrap.c SWIG/_m2crypto.i /usr/include/openssl/opensslconf.h:31: Error: CPP #error ""This openssl-devel package does not work your architecture?"". Use the -cpperraswarn option to continue swig processing. error: command 'swig' failed with exit status 1 Complete output from command /home/lorin/venv/bin/python -c "import setuptools;__file__='/home/lorin/venv/build/M2Crypto/setup.py';exec(compile(open(__file__).read().replace('\r\n', '\n'), __file__, 'exec'))" install --single-version-externally-managed --record /tmp/pip-BFiNtU-record/install-record.txt --install-headers /home/lorin/venv/include/site/python2.6: I've got OpenSSL 1.0.0 installed via RPM packages from RedHat. The part of /usr/include/openssl/opensslconf.h that causes the error looks like this: #if defined(__i386__) #include "opensslconf-i386.h" #elif defined(__ia64__) #include "opensslconf-ia64.h" #elif defined(__powerpc64__) #include "opensslconf-ppc64.h" #elif defined(__powerpc__) #include "opensslconf-ppc.h" #elif defined(__s390x__) #include "opensslconf-s390x.h" #elif defined(__s390__) #include "opensslconf-s390.h" #elif defined(__sparc__) && defined(__arch64__) #include "opensslconf-sparc64.h" #elif defined(__sparc__) #include "opensslconf-sparc.h" #elif defined(__x86_64__) #include "opensslconf-x86_64.h" #else #error "This openssl-devel package does not work your architecture?" #endif gcc has the right variable defined: $ echo | gcc -E -dM - | grep x86_64 #define __x86_64 1 #define __x86_64__ 1 But apparenty swig doesn't, since this is the line that's failing: swig -python -I/usr/include/python2.6 -I/usr/include -includeall -o \ SWIG/_m2crypto_wrap.c SWIG/_m2crypto.i Is there a way to fix this by changing something in my system configuration? M2Crypto gets installed in a virtualenv as part of a larger script I don't control, so avoiding mucking around with the M2Crypto files would be a good thing.

    Read the article

  • How to resolve deprecation warnings for OpenSSL::Cipher::Cipher#encrypt

    - by Olly
    I've just upgraded my Mac to Snow Leopard and got my Rails environment up and running. The only difference -- OSX aside -- with my previous install is that I'm now running ruby 1.8.7 (2008-08-11 patchlevel 72) [universal-darwin10.0] (Snow Leopard default) rather than 1.8.6. I'm now seeing deprecation warnings relating to OpenSSL when I run my code: warning: argumtents for OpenSSL::Cipher::Cipher#encrypt and OpenSSL::Cipher::Cipher#decrypt were deprecated; use OpenSSL::Cipher::Cipher#pkcs5_keyivgen to derive key and IV Example of my code which is causing these warnings (it decodes an encrypted string) on line 4: 1. def decrypt(data) 2. encryptor = OpenSSL::Cipher::Cipher.new('DES-EDE3-CBC') 3. key = "my key" 4. encryptor.decrypt(key) 5. text = encryptor.update(data) 6. text << encryptor.final 7. end I'm struggling to understand how I can resolve this, and Google isn't really helping. Should I try and downgrade to Ruby 1.8.6 (and if so, what's the best way of doing this?), should I try and just hide the warnings (bury my head in the sand?!) or is there an easy fix I can apply in the code?

    Read the article

  • openssl hmac using aes-256-cbc

    - by Ryan
    Hello, I am trying to take an AES HMAC of a file using the openssl command line program on Linux. I have been looking at the man pages but can't quite figure out how successfully make a HMAC. I can encrypt a file using the enc command with openssl however I can't seem to create a HMAC. The encryption looks like the following: openssl enc -aes-256-cbc -in plaintext -out ciphertext Any advice or tutorials would be wonderful

    Read the article

  • Extracting public key from private key in OpenSSL

    - by ereOn
    Hello, I need to extract the RSA public key from a RSA private key using OpenSSL. I'm currently using RSAPublicKey_dup() passing the RSA* private key to get the public key. However, while the call seems to work, I cannot load (or use) this public key using the openssl command-line tool. If I generate the public key using the command-line tool ("$ openssl rsa -in private.pem -pubout > public.pem"), I can use it and it works like a charm. Do you guys know how I can get this work ? Maybe another function ? The OpenSSL documentation is quite hard to browse... Thank you.

    Read the article

  • OpenSSL in C++ email client - server closes connection with TLSv1 Alert message

    - by mice
    My app connects to a IMAP email server. One client configured his server to reject SSLv2 certificates, and now my app fails to connect to the server. All other email clients connect to this server successfully. My app uses openssl. I debugged by creating minimal openssl client and attempt to connect to the server. Below is the code with connects to the mail server (using Windows sockets, but same problem is with unix sockets). Server sends its initial IMAP greeting message, but after client sends 1st command, server closes connection. In Wireshark, I see that after sending command to server, it returns TLSv1 error message 21 (Encrypted Alert) and connection is gone. I'm looking for proper setup of OpenSSL for this connection to succeed. Thanks #include <stdio.h> #include <memory.h> #include <errno.h> #include <sys/types.h> #include <winsock2.h> #include <openssl/crypto.h> #include <openssl/x509.h> #include <openssl/pem.h> #include <openssl/ssl.h> #include <openssl/err.h> #define CHK_NULL(x) if((x)==NULL) exit(1) #define CHK_ERR(err,s) if((err)==-1) { perror(s); exit(1); } #define CHK_SSL(err) if((err)==-1) { ERR_print_errors_fp(stderr); exit(2); } SSL *ssl; char buf[4096]; void write(const char *s){ int err = SSL_write(ssl, s, strlen(s)); printf("> %s\n", s); CHK_SSL(err); } void read(){ int n = SSL_read(ssl, buf, sizeof(buf) - 1); CHK_SSL(n); if(n==0){ printf("Finished\n"); exit(1); } buf[n] = 0; printf("%s\n", buf); } void main(){ int err=0; SSLeay_add_ssl_algorithms(); SSL_METHOD *meth = SSLv23_client_method(); SSL_load_error_strings(); SSL_CTX *ctx = SSL_CTX_new(meth); CHK_NULL(ctx); WSADATA data; WSAStartup(0x202, &data); int sd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); CHK_ERR(sd, "socket"); struct sockaddr_in sa; memset(&sa, 0, sizeof(sa)); sa.sin_family = AF_INET; sa.sin_addr.s_addr = inet_addr("195.137.27.14"); sa.sin_port = htons(993); err = connect(sd,(struct sockaddr*) &sa, sizeof(sa)); CHK_ERR(err, "connect"); /* ----------------------------------------------- */ /* Now we have TCP connection. Start SSL negotiation. */ ssl = SSL_new(ctx); CHK_NULL(ssl); SSL_set_fd(ssl, sd); err = SSL_connect(ssl); CHK_SSL(err); // Following two steps are optional and not required for data exchange to be successful. /* printf("SSL connection using %s\n", SSL_get_cipher(ssl)); X509 *server_cert = SSL_get_peer_certificate(ssl); CHK_NULL(server_cert); printf("Server certificate:\n"); char *str = X509_NAME_oneline(X509_get_subject_name(server_cert),0,0); CHK_NULL(str); printf(" subject: %s\n", str); OPENSSL_free(str); str = X509_NAME_oneline(X509_get_issuer_name (server_cert),0,0); CHK_NULL(str); printf(" issuer: %s\n", str); OPENSSL_free(str); // We could do all sorts of certificate verification stuff here before deallocating the certificate. X509_free(server_cert); */ printf("\n\n"); read(); // get initial IMAP greeting write("1 CAPABILITY\r\n"); // send 1st command read(); // get reply to cmd; server closes connection here write("2 LOGIN a b\r\n"); read(); SSL_shutdown(ssl); closesocket(sd); SSL_free(ssl); SSL_CTX_free(ctx); }

    Read the article

  • Setting Up SNI with Apache 2.2.12 and openssl

    - by CCG121
    I am running Apache 2.2.12 and openssl 0.9.8g all of my Apache are in /etc/apache2/sites-available/default and i have 2 domains with certificates www.site.com & d7.site.com my <VirtualHost *:443> DocumentRoot /var/www/domain.com ServerAdmin [email protected] ServerName www.name.tld SSLStrictSNIVHostCheck off SSLVerifyClient None SSLEngine on SSLCertificateFile /var/www/sslcerts/name.tld/www_name_tld.crt SSLCertificateKeyFile /var/www/sslcerts/name.tld/private.key </VirtualHost> <VirtualHost *:443> DocumentRoot /var/www/d7 ServerAdmin [email protected] ServerName d7.domain.tld SSLStrictSNIVHostCheck off SSLVerifyClient None SSLEngine on SSLCertificateFile /var/www/sslcerts/d7.domain.tld/server.crt SSLCertificateKeyFile /var/www/sslcerts/d7.domain.tld/private.key </VirtualHost>

    Read the article

  • Using openssl command line tool to encrypt/decrypt data, DES ECB

    - by smsrecv
    Hello How can I create a random 64 bit key for DEC ECB encryption/decryption, and then use the same key for encryption/decryption many times? All this must be done using openssl command line tool. In all the examples I have seen, they do not use a "key", they use "password". But I need a key - array of bytes - because I need to send it to the other party (I don't know which API they use for cryptography.) Then I need to use this key - array of bytes - to encrypt/decrypt data. Thnak you

    Read the article

  • OpenSSL error while running punjab

    - by Hunt
    i ran punjab - BOSH connection manager - using twistd -y punjab.tac command in my centos but i am getting following error Unhandled Error Traceback (most recent call last): File "/usr/local/lib/python2.7/site-packages/twisted/application/app.py", line 652, in run runApp(config) File "/usr/local/lib/python2.7/site-packages/twisted/scripts/twistd.py", line 23, in runApp _SomeApplicationRunner(config).run() File "/usr/local/lib/python2.7/site-packages/twisted/application/app.py", line 386, in run self.application = self.createOrGetApplication() File "/usr/local/lib/python2.7/site-packages/twisted/application/app.py", line 451, in createOrGetApplication application = getApplication(self.config, passphrase) --- <exception caught here> --- File "/usr/local/lib/python2.7/site-packages/twisted/application/app.py", line 462, in getApplication application = service.loadApplication(filename, style, passphrase) File "/usr/local/lib/python2.7/site-packages/twisted/application/service.py", line 405, in loadApplication application = sob.loadValueFromFile(filename, 'application', passphrase) File "/usr/local/lib/python2.7/site-packages/twisted/persisted/sob.py", line 210, in loadValueFromFile exec fileObj in d, d File "punjab.tac", line 39, in <module> '/etc/pki/tls/cert.pem', File "/usr/local/lib/python2.7/site-packages/twisted/internet/ssl.py", line 68, in __init__ self.cacheContext() File "/usr/local/lib/python2.7/site-packages/twisted/internet/ssl.py", line 78, in cacheContext ctx.use_privatekey_file(self.privateKeyFileName) OpenSSL.SSL.Error: [('x509 certificate routines', 'X509_check_private_key', 'key values mismatch')] Failed to load application: [('x509 certificate routines', 'X509_check_private_key', 'key values mismatch')] my configuration file of punjab is sslContext = ssl.DefaultOpenSSLContextFactory( '/etc/pki/tls/private/ca.key', '/etc/pki/tls/cert.pem', ) How can i resolve above error

    Read the article

  • undefined BIO_new_socket function in OpenSSL library

    - by Chuck
    Hi, I get the following problem with some openssl (yeah, I know it's poorly documented, but I wish to use it any way) code in a project of mine (written in c, on osx and tested in ubuntu): Undefined symbols: "_BIO_new_socket", referenced from: _main in ccG3cvyw.o ld: symbol(s) not found collect2: ld returned 1 exit status I did have SSL library problems aswel, because I forgot to link my program to the openssl libraries. The above undefined still stands though. My compile line is: gcc -o test_app test_app.c -lssl Versions I use: (GCC) 4.2.1 OpenSSL 0.9.8l 5 Nov 2009 I'm fairly certain it's a (linked) library issue, as the SSL function SSL_set_bio() works (as in does not produce a build error). Any clue is very much appreciated :) Chuck

    Read the article

  • Compiling OpenSSL for boost asio for Microsoft Visual Studio 2010

    - by user560106
    I compiled boost with bjam, and then I compiled OpenSSL. Both of them work separately. I set up the links in Visual Studio 10 to point to my OpenSSL library directory. But when I attempt to compile example boost ssl asio programs I get 44 unresolved external linker errors like this one: 1testing.obj : error LNK2019: unresolved external symbol _SSLv23_server_method referenced in function "public: void __thiscall boost::asio::ssl::detail::openssl_context_service::create(struct ssl_ctx_st * &,enum boost::asio::ssl::context_base::method)" (?create@openssl_context_service@detail@ssl@asio@boost@@QAEXAAPAUssl_ctx_st@@W4method@context_base@345@@Z) Can you please give me step-by-step instructions on properly linking OpenSSL to boost? Thank you so much

    Read the article

  • OpenSSL: SessionTicket TLS extension problem

    - by rursw1
    Hello, I'm using an application which uses OpenSSL for client TLS side. We upgrade the OpenSSL version from 0.9.8e to 0.9.8k. And then TLS doesn't work... Wireshark shows that the new version (with OpenSSL 0.9.8k) sends the client hello packet with a SessionTicket extension - and the server side responds with a fatal internal error. The previous version sends an almost identical hello packet, but without the SessionTicket ext. When I replaced TLSv1_client_method with SSLv23_client_method, everything worked fine - the sent client hello packet was a SSLv2 one (In the sniffer) without any extension (as it wasn't TLS but SSL?) Is there a better way to disable this extension or to solve the problem in another way? Thanks in advance, rursw1

    Read the article

  • OpenSSL compatible API for Scala?

    - by pfleidi
    Hello, I'm working on a project with a friend. He's implementing his software in Ruby and I'm doing my stuff in Scala (with Lift). We're using some asynchronous encryption and he is using the ruby OpenSSL bindings for that: key = OpenSSL::PKey::RSA.generate(4096) self.public_key = key.public_key self.private_key = key What I'm looking for is a simple API which is compatible to OpenSSL and runs on the JVM. I need it to create key-pairs and to encrypt and sign our payload. Do you have any suggestions?

    Read the article

  • How to install cURL with openssl on ubuntu server ?

    - by Hrishikesh Choudhari
    Hey, I am having a problem with cURL here. My localhost has curl with openssl enabled, and thus my php code works fine. On running phpinfo() I get the following -- curl cURL support enabled cURL Information libcurl/7.19.5 OpenSSL/0.9.8g zlib/1.2.3.3 libidn/1.15 However, on my other office server, curl does not have openssl support enabled. On running phpinfo() I get the following -- curl cURL support enabled cURL Information libcurl/7.20.1 zlib/1.2.3.3 How do I get openssl support for curl ? Both - openssl and curl - are installed on the office server as of now. I require immediate help. Thank you.

    Read the article

  • OpenSSL missing during ./configure. How to fix?

    - by P K
    I was trying to install node.js and found OpenSSL support missing during ./configure. How can I fix it? Is it a mandatory step? # ./configure Checking for gcc : ok Checking for library dl : not found Checking for openssl : not found Checking for function SSL_library_init : not found Checking for header openssl/crypto.h : not found /home/ec2-user/node-v0.6.6/wscript:374: error: Could not autodetect OpenSSL support. Make sure OpenSSL development packages are installed. Use configure --without-ssl to disable this message.

    Read the article

  • Installing Plone on Centos fails: Unable to find libssl or openssl/ssl.h.

    - by paskster
    My dedicated Server has CentOS 5.5. I tried to install Plone, so I basically did: wget launchpad.net/plone/4.0/4.0.2/+download/Plone-4.0.2-UnifiedInstaller.tgz tar xzf Plone-4.0.2-UnifiedInstaller.tgz cd Plone-4.0.2-UnifiedInstaller ./install.sh zeo I ran into the following error: Unable to find libssl or openssl/ssl.h. If you wish to build without SSL support, run install.sh again with --without-ssl flag. Otherwise, install your platform's openssl-dev libraries and headers and try again. After this error I successfully installed openssl: yum install openssl And i tried to install Plone again. But I keep getting the error: "Unable to find libssl or openssl/ssl.h". Anybody an idea what I'missing?

    Read the article

  • OpenSSL response 404 issue on centOS 6

    - by dsp_099
    I followed this tutorial (though it's for 5.2, I figured I'd be alright). The changes I had to make that seemed to have worked: Rename ca.csr to ca.cslr (that's the one the command generated) List it in the ssl.conf as ca.cslr instead of ca.csr I have the following in the httpd.conf <VirtualHost *:80> DocumentRoot /etc/test ServerName site.com </VirtualHost> <VirtualHost *:433> SSLEngine on SSLCertificateFile /etc/pki/tls/certs/ca.crt SSLCertificateKeyFile /etc/pki/tls/private/ca.key <Directory /etc/test> AllowOverride All </Directory> DocumentRoot /etc/test ServerName cryptokings.com </VirtualHost> /test contains a folder inside of it, accessible via http://site.com/test/foo, however attempting to access it via https://site.com/test/foo results in warning that the certificate is untrusted (self-signed, no biggie) a 404 error. Chrome's complains about the certificate are the following: The identity of this website has not been verified. • Server's certificate does not match the URL. • Server's certificate is not trusted. I think those warnings are a side-effect of a self-signed certificate - or is the first one something that needs to be addressed? I seem to be able fetch the root page via https just fine though, it shows a standard CentOS setup page. (That said, I haven't added a VirtualHost entry for it so I suppose that makes sense) I think I've made a mistake somewhere during the setup as I'm not too familiar with the process. During setup, I was prompted for a type of password that would be required when apache restarts but running service httpd restart does not seem to prompt me for one. Any help would be appreciated.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >