Hello, I'm using an application which uses OpenSSL for client TLS side. We upgrade the OpenSSL version from 0.9.8e to 0.9.8k. And then TLS doesn't work... Wireshark shows that the new version (with OpenSSL 0.9.8k) sends the client hello packet with a SessionTicket extension - and the server side responds with a fatal internal error. T...
I'm getting: Warning: ldap_start_tls() [function.ldap-start-tls]: Unable to start TLS: Connect error in /var/www/X.php on line Y /etc/ldap/ldap.conf: TLS_CACERT /etc/ssl/certs/ca.crt ca.crt is the CA which signed the LDAP server certificate. The certificate on the LDAP server is expired and I can't change it. ...
Hello, Can anyone tell me what is the difference between SSL_CTX_set_cert_verify_callback and SSL_CTX_set_verify? From OpenSSL docs: SSL_CTX_set_cert_verify_callback() sets the verification callback function for ctx. SSL objects that are created from ctx inherit the setting valid at the time when SSL_new(3) is called. and: SS...
I'd like to use SChannel or some other Microsoft API to support TLS for my TCP/IP application. Ideally what I'd like to do is use SChannel to create a kind of TLS tunnel within my app so I can pass off a SOCKET handle to another library. Is this something SChannel can do for me or do I have to implement the tunnel myself? ...
Hi, Is there any way to remove the elliptic curves extension - elliptic_curves and ec_point_formats? (Via function like SSL_CTX_set_options with SSL_OP_NO_TICKET for the SessionTicket extension, or by conditional compilation, or something else that works...) Thank you in advance! ...
I capture packets sent/received by Win Xp machine when connecting to SQL Server 2005 Express using TLS encryption. Server and Client exchange Hello messages Server and Client send ChangeCipherSpec message Then Server and Client server send strange message that is not described in TLS protocol What is the message? Server side captu...
There is an ongoing discussion on the security and trust working group for NHIN Direct regarding the IP-to-domain mapping problem that is created with traditional SSL. If an HISP (as defined by NHIN Direct) wants to host thousands of NHIN Direct "Health Domains" for providers, then it will an "artificially inflated cost" to have to purch...
I'm looking to start using javascript on the server, most likely with node.js, as well as use websockets to communicate with clients. However, there doesn't seem to be a lot of information about encrypted websocket communication using TLS and the wss:// handler. In fact the only server that I've seen explicitly support wss:// is Kaazing....
Toying with an idea for a F2F networked application I've just been reading up on secure communication. I quickly settled with the idea of using TLS / SSL as the basis for any communication since it employs Public Key encryption at the protocol level and thus is perfect for my needs. However I was surprised to read (on wikipedia) that the...
Hello all, I'm trying to implement a feature that uses LDAP over SSL (SSL, not TLS), it needs to connect to a SSL-enabled LDAP server (i.e OpenLDAP), bind and then do any additional queries. It also needs to support client-authentication, and this is where things get tricky: The client is a web application written in Ruby, and we are us...
I have created a standalone executable JAR program that needs to send private information over a SSL connection. I was not able to establish the SSL connection using certificates. Was getting this: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path `building failed: sun.security.provider.certpath.S...
I know there is a TLS package for Tcl 8.x. I cannot find any packages to do TLS/SSL on Tcl 7.x. I would be happy to get any pointers to such an implementation. ...
How can I specify a cipher suite to use in an SSL Connections? I know that Mentalis Seclib got this feature however they don't maintain the project (and there are issues in that library with x64 OSes) as they say .NET Framework 2.0 introduced those features. However I couldn't find a way to do this in .NET Framework 3.5. To be more s...
My application has to talk to different hosts over https, and the default setting of ServicePointManager.SecurityProtocol = TLS served me well up to this day. Now I have some hosts which (as System.Net trace log shows) don't answer the initial TLS handshake message but keep the underlying connection open until it times out, throwing a ti...
Hi, I learn about ssl and i didn't anderstand why server create a random number and send it to the client? why client can't create it? ...
I am working on a mobile platform over Nucleus RTOS. It uses Nucleus Threading system but it doesn't have support for explicit thread local storage i.e, TlsAlloc, TlsSetValue, TlsGetValue, TlsFree APIs. The platform doesn't have user space pthreads as well. I found that __thread storage modifier is present in most of the C++ compilers. ...
Is there any way to discover from within a browser (any browser, with a plugin if required) which SSL/TLS version was used for an SSL session, and which ciphers were negotiated? Alternatively, does any one know of any convenient tools that will enumerate the supported ciphers and SSL/TLS version for a remote SSL server? ...
I'm requesting a web page using LWP in perl, and I'd like to be able to access the SSL certificate that the web server presents (I'm looking for an expiration date in the cert, among other things). The information I want isn't in the three headers that Crypt::SSLeay adds to the request. Is there a way that I'm overlooking with which I ...
Hi all, We would like to protect the Cassandra against man-in-the-middle attacks. Is there any way to configure Cassandra in a way that the client-server and server-server (replication) communications are SSL encrypted? thank you ...
Does anybody know any solution/walkaround to provide TLS/SSL support for TCP sockets in Silverlight x.x? ...