To use an example response from google when sent "EHLO": 250-mx.google.com at your service, [66.501.941.15] 250-SIZE 35651584 250-8BITMIME 250-AUTH LOGIN PLAIN 250-ENHANCEDSTATUSCODES 250 PIPELINING Hex: 32 35 30 2D 6D 78 2E 67 6F 6F 67 6C 65 2E 63 6F 6D 20 61 74 20 79 6F 75 72 20 73 65 72 76 69 63 65 2C 20 5B 39 32 2E 34 32 31 2E 35...
Is thread local storage used anywhere else other than making global and static variables local to a thread?Is it useful in any new code that we write? ...
I have an in-house HTTP server written in Java; full source code at my disposal. The HTTP server can configure any number of web sites, each of which will have a separate listen socket created with: skt=SSLServerSocketFactory.getDefault().createServerSocket(prt,bcklog,adr); Using a standard key store created with the Java keytool, I c...
I have managed to modify my ssl3ext.c file inside Mozilla Network Security Services. I have run the SSLSample programs smoothly. But could not confirm that the sample program really utilize ssl3ext.c. My questions are: How can I use SSL extension for my client program? How can I call my SSL extension functions inside my client program?...
Hi, I'd like to have a decent SMTP client-side library in C++ with permissive license (LGPL, BSD, MIT-X, ...). It must have at least rfc821 and rfc2487 conformity and preferably rfc3207 conformity. I have found some that have not met all the requirements: Poco SMTP DataReel SMTP vmime If you have any, please kindly share. Thank you...
A mail server uses a TLS cert without root cert, and my mail client cannot add it into the trust list. I ask the webmaster but he does not want to fix this. So, can I add a fake root cert to this cert so that I can add it to the trust zone? openssl s_client -connect x.x.x.x:995 -showcerts CONNECTED(00000003) depth=0 /C=US/ST=N/A/O=Zim...
SSLContext context = SSLContext.getInstance("SSL"); The above line results in the exception: java.security.NoSuchAlgorithmException: SSLContext SSL implementation not found I'm using Android 2.0 SDK and when specifying TLS, it is accepted. How come I get the exception? Doesn't Android support SSL? ...
I'm having a heck of a time trying to figure this one out. I've got a simple YouTube API client put together, written in Flex, that uses a plain ol' URLRequest object to handle Google's "ClientLogin" authentication scheme. Everything works perfectly, except for one case: when Google responds with a 403 and a response body indicating ...
I'm working on what aims to be a secure method of user registration and authentication using php and javascript but not ssl/tls. I realise this may well be considered an impossible task that's been tried 1000 times before but I'm going to give it a go anyway. Every example I see online that claims to do it seems to have some huge fatal ...
So you've performed the login using https to prevent man in the middle attacks and make sure your password isn't sent in the clear. Good call. But many sites then switch back to http for the rest of the session. Once you're exchanging everything in the clear can't a man in the middle begin hijacking your session again? Okay, so they don...
Users connect to our webserver via https, and stay on a secured connection throughout their use of our service. A typical user session will establish a small handful of connections to the server (one or two). There are a very small number of exceptions we are trying to track down. Particular users will intermittently have handfuls of ...
As described here http://www.ddj.com/cpp/184401688 I do not have time to write this from scratch. Asked and not answered http://stackoverflow.com/questions/434961/implementing-ssl THE QUESTION IS: I am looking for some compilable working source code that implements MS SSPI (as alluded to in the thread above), procedural not OOP prefe...
In order to comply with HIPAA regulations, we need to send email from an external site (outside the firewall) to an internal Exchange server (inside the firewall). Our Exchange admins tell us we need to use TLS encryption to send mail from the web server to the email server. I've never used TLS before and I'm not very familiar with it. ...
Say I was trying to access https://www.secretplace.com/really/really/secret.php, what's actually sent in plain text before the SSL session is established? Does the browser intervene, see that I want https, initiate a SSL session with secretplace.com (i.e. without passing the path in plain text) and only after the SSL session is set up ...
Hi all, I'm trying to connect to a web service using C# and digest authentication, but every time I got the 401 - Not Authorized error. But when I try to reach the service over Firefox, everything's OK. When I use IE8, my password is not accepted and I got a 401. Do you have any ideas? Thanks for the help. Here's the test code I'm us...
I am writing an application that uses NSStream's SSL functions on the iphone. I know that SSL is working because I can directly connect servers using SSL. I have encountered a problem where protocols that use starttls require me to communicate on the socket with unsecured, send the starttls command and then reuse the same socket for SSL....
I'm running a server that requires a blacklist of weak cipher suites. So which of the following are weak? http://java.sun.com/javase/6/docs/technotes/guides/security/SunProviders.html#SunJSSEProvider ...
Can anyone point me to a plugin/directions for enabling emails through a smtp server requiring encryption? I've done some searching and found http://agilewebdevelopment.com/plugins/actionmailer_tls , but the download is down, a pattern repeated with several other plugins also. ...
Hi all! I am using openssl to build secure smtp connections to gmail.com:25. So I can successfully connect to the server and sends a command STARTTLS (I receive 220 2.0.0 Ready to start TLS). Then execute the following code without disconnecting: SSL_METHOD* method = NULL; SSL_library_init(); SSL_load_error_strings(); method = SSLv23_...
To try to use a reason SSL/TLS session key timeout on the server-side, I'd like to know how long popular browsers cache session keys on the client. Microsoft describes this information for Windows/IE here: http://technet.microsoft.com/en-us/library/cc776467(WS.10).aspx But, I haven't been able to find similar information for other po...