search for: s_server

>>>> I did some local testing and it seems that you are using a curve >>>> that is not acceptable for openssl as a server key. >>>> I tested with openssl s_server -cert ec-cert.pem -key ec-key.pem >>>> -port 5555 >>>> using cert generated with brainpool. Everything works if I use >>>> prime256v1 or secp521r1. This is a limitation in OpenSSL and not >>>> something we can really do anything about. >>>&gt...

...nclude -DTHREADS -D_REENTRANT -DRSAref -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC -DMD5_ASM openssl.o verify.o asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o errstr.o ca.o pkcs7.o crl2p7.o crl.o rsa.o dsa.o dsaparam.o x509.o genrsa.o gendsa.o s_server.o s_client.o speed.o s_time.o apps.o s_cb.o s_socket.o app_rand.o version.o sess_id.o ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o smime.o -L. -L.. -L../.. -L../../.. -L.. -lssl -L.. -lcrypto -L/space/local/lib s_server.o: In function `sv_body': s_server.o(.text+0x10a4): undefined reference to `...

Main question: is it safe, to open a port for an openssl server? e.g.: server side - generate a self-signed cert. time openssl req -x509 -nodes -days 365 -newkey rsa:8192 -keyout mycert.pem -out mycert.pem openssl s_server -accept 52310 -cert mycert.pem Is it secure? - it could be DOSed' [DenialofService] or could it be attacked in any way? Are there any iptables rule for restricting connections to dyndns names? e.g.: only allow connection from "asdfasdf.dyndns.com" and "asdfasdf2.dyndns.com&...

...ose interested - IETF RFC 7027 specifies for TLS use: >> >> [ brainpoolP256r1 | brainpoolP384r1 | brainpoolP512r1 ] >> >> And thus t1 would not work anyway. However, having tested r1 the result >> was just the same. >> >> A tcpdump during the openssl test [ s_server | s_client ] then revealed >> (TLSv1.2 Record Layer: Handshake Protocol: Client Hello) : >> >> Extension: supported_groups (len=10) >> ??? Type: supported_groups (10) >> ??? Length: 10 >> ??? Supported Groups List Length: 8 >> ??? Supported Groups (4 groups...

....h openssl/opensslconf.h openssl/evp.h xopenssl app_rand.o apps.o asn1pars.o ca.o ciphers.o crl.o crl2p7.o dgst.o dh.o dhparam.o dsa.o dsaparam.o enc.o engine.o errstr.o gendh.o gendsa.o genrsa.o nseq.o ocsp.o openssl.o passwd.o pkcs12.o pkcs7.o pkcs8.o rand.o req.o rsa.o rsautl.o s_cb.o s_client.o s_server.o s_socket.o s_time.o sess_id.o smime.o speed.o spkac.o verify.o version.o x509.o CA.pl.1.gz asn1parse.1.gz ca.1.gz ciphers.1.gz crl.1.gz crl2pkcs7.1.gz dgst.1.gz dhparam.1.gz dsa.1.gz dsaparam.1.gz enc.1.gz gendsa.1.gz genrsa.1.gz nseq.1.gz ocsp.1.gz openssl.1.gz passwd.1.gz pkcs12.1.gz pkcs7.1.gz...

....h openssl/opensslconf.h openssl/evp.h xopenssl app_rand.o apps.o asn1pars.o ca.o ciphers.o crl.o crl2p7.o dgst.o dh.o dhparam.o dsa.o dsaparam.o enc.o engine.o errstr.o gendh.o gendsa.o genrsa.o nseq.o ocsp.o openssl.o passwd.o pkcs12.o pkcs7.o pkcs8.o rand.o req.o rsa.o rsautl.o s_cb.o s_client.o s_server.o s_socket.o s_time.o sess_id.o smime.o speed.o spkac.o verify.o version.o x509.o CA.pl.1.gz asn1parse.1.gz ca.1.gz ciphers.1.gz crl.1.gz crl2pkcs7.1.gz dgst.1.gz dhparam.1.gz dsa.1.gz dsaparam.1.gz enc.1.gz gendsa.1.gz genrsa.1.gz nseq.1.gz ocsp.1.gz openssl.1.gz passwd.1.gz pkcs12.1.gz pkcs7.1.gz...

...ockquote type="cite"> <div> I did some local testing and it seems that you are using a curve that is not acceptable for openssl as a server key. </div> </blockquote> <blockquote type="cite"> <div> I tested with openssl s_server -cert ec-cert.pem -key ec-key.pem -port 5555 </div> </blockquote> <blockquote type="cite"> <div> using cert generated with brainpool. Everything works if I use prime256v1 or secp521r1. This is a limitation in OpenSSL and not something we can real...

...testing against openssl-0.9.8e-27.el5_10.1 > (from March 2014, nevertheless), which works. > > I would hazard a guess that this is the change causing your problem. > > * Fri Jun 26 2015 Tomas Mraz <tmraz at redhat.com> 0.9.8e-36 > - also change the default DH parameters in s_server to 1024 bits > > Here's some more info, > > https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/ > > RH must have backported this fix to 0.9.8e. > > There seem to be many reports out there that the openssl update broke mysql, > but unfortuna...

In article <55D2ED32.6040000 at hogranch.com>, John R Pierce <pierce at hogranch.com> wrote: > On 8/18/2015 1:27 AM, Tony Mountifield wrote: > >> You should now be using mysql55 on CentOS-5, not mysql-5.0 > > That may well be the case, but isn't relevant to the point I'm making, > > which is that something changed in openssl-0.9.8e-36 that has broken

...2KC/BOywJAGNHd > SF0PuAzqghQ7JKXqufjxKEyMMEu4H9HlH/h4lwX9hUO5EVDlCNqkcHHu9TCXBCmR > xT/8nuAtTycVigK88A== > -----END CERTIFICATE----- > > > I did some local testing and it seems that you are using a curve that is not acceptable for openssl as a server key. I tested with openssl s_server -cert ec-cert.pem -key ec-key.pem -port 5555 using cert generated with brainpool. Everything works if I use prime256v1 or secp521r1. This is a limitation in OpenSSL and not something we can really do anything about. Aki Tuomi Open-Xchange Oy

>> >>> I did some local testing and it seems that you are using a curve >>> that is not acceptable for openssl as a server key. >>> I tested with openssl s_server -cert ec-cert.pem -key ec-key.pem >>> -port 5555 >>> using cert generated with brainpool. Everything works if I use >>> prime256v1 or secp521r1. This is a limitation in OpenSSL and not >>> something we can really do anything about. >>> Aki Tuomi >>...

> Perhaps for whose interested - IETF RFC 7027 specifies for TLS use: > > [ brainpoolP256r1 | brainpoolP384r1 | brainpoolP512r1 ] > > And thus t1 would not work anyway. However, having tested r1 the result > was just the same. > > A tcpdump during the openssl test [ s_server | s_client ] then revealed > (TLSv1.2 Record Layer: Handshake Protocol: Client Hello) : > > Extension: supported_groups (len=10) > ??? Type: supported_groups (10) > ??? Length: 10 > ??? Supported Groups List Length: 8 > ??? Supported Groups (4 groups) > ??????? Supported Gro...

...27 specifies for TLS use: >>> >>> [ brainpoolP256r1 | brainpoolP384r1 | brainpoolP512r1 ] >>> >>> And thus t1 would not work anyway. However, having tested r1 the result >>> was just the same. >>> >>> A tcpdump during the openssl test [ s_server | s_client ] then revealed >>> (TLSv1.2 Record Layer: Handshake Protocol: Client Hello) : >>> >>> Extension: supported_groups (len=10) >>> ??? Type: supported_groups (10) >>> ??? Length: 10 >>> ??? Supported Groups List Length: 8 >>> ??...

...t;>>> >>>> [ brainpoolP256r1 | brainpoolP384r1 | brainpoolP512r1 ] >>>> >>>> And thus t1 would not work anyway. However, having tested r1 the result >>>> was just the same. >>>> >>>> A tcpdump during the openssl test [ s_server | s_client ] then revealed >>>> (TLSv1.2 Record Layer: Handshake Protocol: Client Hello) : >>>> >>>> Extension: supported_groups (len=10) >>>> ??? Type: supported_groups (10) >>>> ??? Length: 10 >>>> ??? Supported Groups List L...

Goos morning all, I compiled Samba 3.0.14a with OpenLDAP 2.1.22-0 directory. I then enabled TLS between Samba and OpenLDAP. The following tests succeeded: s_server to s_client --> OK slapd to s_client --> OK slapd to OPenLDAP client commands (ldapsearch..) --> OK The problem is the following: when I start Samba (service smb start), slapd output returns: TLS trace: SSL_accept:SSLv3 flush data tls_read: want=5, got=5 0000: 15 03 01...

....9.7a-43.8 file /usr/share/man/man1/nseq.1ssl.gz from install of openssl-0.9.7a-43.8 conflicts with file from package openssl-0.9.7a-43.8 file /usr/share/man/man1/s_client.1ssl.gz from install of openssl-0.9.7a-43.8 conflicts with file from package openssl-0.9.7a-43.8 file /usr/share/man/man1/s_server.1ssl.gz from install of openssl-0.9.7a-43.8 conflicts with file from package openssl-0.9.7a-43.8 file /usr/share/man/man1/sslpasswd.1ssl.gz from install of openssl-0.9.7a-43.8 conflicts with file from package openssl-0.9.7a-43.8 Suggestions? thanks, -- ---------------------------------------...

...nssl-0.9.7a-43.8 file /usr/share/man/man1/nseq.1ssl.gz from install of openssl-0.9.7a-43.8 conflicts with file from package openssl-0.9.7a-43.8 file /usr/share/man/man1/s_client.1ssl.gz from install of openssl-0.9.7a-43.8 conflicts with file from package openssl-0.9.7a-43.8 file /usr/share/man/man1/s_server.1ssl.gz from install of openssl-0.9.7a-43.8 conflicts with file from package openssl-0.9.7a-43.8 file /usr/share/man/man1/sslpasswd.1ssl.gz from install of openssl-0.9.7a-43.8 conflicts with file from package openssl-0.9.7a-43.8 Looks like the x86_64 and i386 openssl packages install their man pag...

...le you are connected to their network." - From that description I would first check if this error means the basic TCP connection. No SSL stuff or something. > Seriously, Outlook (tried 2007 and 2013) use the MS Crypto API for > establishing the SSL connection. This works with openssl s_server but does > not with dovecot. Actually, as Jerry already wrote, some other program may interfere, e.g. an antivirus program that stalls the connection as soon as the connection changes from text to binary after the STARTTLS command. That's what we had problems with. Did you checked the c...

I did not see any commits to the OpenSSL code, recently; is anybody going to commit the fix? See http://www.securityfocus.com/archive/1/480855/30/0 for details ... Regards, STefan

...ating keys+cert for ecc (i.e. curves prime192v1, secp521r1) # openssl ecparam -name prime192v1 -genkey -out prime192v1.key # openssl req -new -key prime192v1.key -out prime192v1.csr # openssl req -x509 -in prime192v1.csr -key prime192v1.key -out prime192v1.crt testing these in 2 windows # openssl s_server -cert prime192v1.crt -key prime192v1.key -www # openssl s_client note: when using the default openssl version 0.9.8o-4squeeze3 you need to append -cipher ECCdraft output (cut) ... New, TLSv1/SSLv3, Cipher is ECDHE-ECDSA-AES256-SHA Server public key is 192 bit Secure Renegotiation IS supported...