Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [openssl]

OpenSSL: The Open Source Toolkit for SSL and TLS

OpenSSL is an open source project which develops software for Secure Sockets Layer (SSL v2/v3), Transport Layer Security (TLS v1), as well being a full-strength general purpose cryptography library.

OpenSSL provides both a library (for use within your own program), and a series of command line tools for common tasks.

1601 questions
0
votes
1 answer

Connect to IPython via HTTPS, got SSL error

This question is migrated from here. I have a server running Ubuntu 12.04. I have installed IPython on it. Now, I would like to access IPython via HTTPS. I have done the following steps: Creating an SSL certificate with openssl: openssl req -x509…
JNevens
  • 119
  • 1
  • 5
0
votes
0 answers

What is the format for public keys to create Azure VMs?

I have an openssl public key file. I converted it to PEM format for azure. However, when i try to create an azure vm with it, it gives me this msg: The certificate is in an invalid format. X.509 standard format in a .cer or .pem file is…
pdeva
  • 2,447
  • 5
  • 18
  • 15
0
votes
2 answers

Does Ubuntu 12.04LTS have the OpenSSL heartbleed fix?

Only OpenSSL 1.0.1f or later has the fix for the heartbleed exploit. So does Ubuntu 12.04LTS have the fix? We need to use 12.04LTS for reasons I won't go into, and we can't upgrade. According to this page, it uses OpenSSL "1.0.1" (with no letter at…
Nick Bolton
  • 5,126
  • 12
  • 54
  • 62
0
votes
0 answers

Openfire how to fix? Error creating secured outgoing session to remote server

I have a OpenBSD server 5.6, in this server install Openfire 3.9.3. But I am getting the following error: error.log 2015.02.16 08:59:44 org.jivesoftware.openfire.session.LocalOutgoingServerSession - Error creating secured outgoing session to remote…
laur
  • 127
  • 1
  • 4
0
votes
2 answers

How to Make a Self-Signed SSL Certificate which uses TLS?

After upgrading Apache and PHP to the latest version on Ubuntu 12.01 LTS the SSL sites on it became inaccessible, stating error, "ssl_error_no_cypher_overlap". I have tried generating a new Self-Signed SSL certificate using openssl req -x509 -nodes…
Peter White
  • 586
  • 1
  • 7
  • 17
0
votes
1 answer

OpenSSL PositiveSSL certificate untrusted connection

I bought a SSL certificate and I cannot get it to function. I get a This Connection is Untrusted error in Firefox. I do believe it's due to my .crt file being incomplete/wrong all together. My .crt was generated using: openssl x509 -req -days 365…
Xweque
  • 103
  • 4
0
votes
1 answer

How to update libssl for TLS_FALLBACK_SCSV vulnerability on nginx configuration?

I can't get the TLS_FALLBACK_SCSV to work when testing on SSLabs, keeping me from an A+ rating. Seems it an issue of libssl, not nginx configuration. I have updated to OpenSSL 1.0.1k 8 Jan 2015, but still it fails. (Have also disabled…
knutole
  • 243
  • 2
  • 11
0
votes
1 answer

Sun T2/Niagara Hardware Crypto Acceleration with Debian Linux?

I wanted to use an older T2 machine as a webserver for SSL heavy websites. With Solaris, there is the crypto acceleration available which would make sense for SSL. Now I am wondering if this crypto acceleration has ever been ported to Linux? # cat…
CyberOptic
  • 307
  • 3
  • 13
0
votes
1 answer

Trouble installing SSL on AWS elb

I'm trying to set up a Gandi SSL certificate but can't get it right from firefox point of view. I installed it on my load balancer (ELB) by converting my certificated to the pem format using the command: openssl x509 -inform PEM -in…
koleror
  • 143
  • 1
  • 6
0
votes
0 answers

OpenSSL 1.0.1e-2+deb7u14 Debian Wheezy and CVE-2014-0224

According to Debian security tracker CVE-2014-0224 vulnerability is fixed in OpenSSL 1.0.1e-2+deb7u10. https://security-tracker.debian.org/tracker/CVE-2014-0224 I have: #apt-cache policy openssl openssl: Installed: 1.0.1e-2+deb7u13 Candidate:…
user2606078
  • 11
  • 1
  • 3
0
votes
0 answers

how to check which forward secrecy cipher is enabled in tomcat 6.0.28 while I use TLSv1.0 protocol?

I am using tomcat 6.0.28 and using TLSv1.0 ssl protocol only. I have configured ciphers as…
PURE
  • 1
0
votes
1 answer

Use openssl s_client with 3des keying option 2 (112 bit key)

(How) Is it possible to tell openssl's s_client tool to use keying option 2 for 3DES (meaning use two different keys only, resulting in a key size of 112 bits; see Wikipedia)? Currently the closest I got is openssl s_client -connect example.com:443…
scherand
  • 183
  • 9
0
votes
1 answer

Ubuntu SSL connection with TLS connection error

I am using Ubuntu 12.04, installed at VirtualBox (Mac) using vagrant. I am not using any proxy server. In my company network, when I try curl -1vsS https://github.com/FGRibreau/doxx/archive/master.zip I get the following results: * About to…
forestclown
  • 945
  • 4
  • 15
  • 25
0
votes
1 answer

Getting the right Ciphers for UCSPI SSL

I am currently trying to secure my qmail installation and the SMTP connections. When compiling the standard UCSPI SSL, all supported ciphers are enabled by default. This leads to problems with POODLE, heartblead and other SSL problems. I set an…
David
  • 159
  • 8
0
votes
1 answer

What version of OpenSSL does SendMail use and how is this maintained?

My understanding is that SendMail leverages OpenSSL for STARTTLS functionality (among other things). Does this link dynamically against whatever version of OpenSSL I have installed? Or does sendmail use/maintain its own "copy" of openssl? I ask…
Mike B
  • 11,871
  • 42
  • 107
  • 168
1 2 3
99 100