|
| |
| | OpenSSL - Wikipedia, the free encyclopedia |
 | | Wrappers allowing the use of the OpenSSL library in a variety of computer languages are available. | | | The Open Source Software Institute is attempting to secure a FIPS 140-2 validation for OpenSSL [1], for which the current status is also available. | | | This is however a mistake as OpenSSL is developed completely outside of the scope of OpenBSD by The OpenSSL Project, under a different license than is commonly used by OpenBSD. |
|
http://en.wikipedia.org/wiki/OpenSSL
(263 words)
|
|
| |
| | Open Source Software Institute |
| | The exception is the x86 for which OpenSSL uses several x86 specific assembly language optimizations within the FIPS 140 cryptographic module. | | | This cryptographic module is a minimal subset of the full OpenSSL distribution which is essentially just the *.c and *.h files for the relevant crypto algorithms (all such source is in the. | | | The FIPS-140-2 validation is for the cryptographic algorithm libraries in OpenSSL. |
|
http://oss-institute.org/fips-faq.html
(3527 words)
|
|
| |
| | CERT Advisory CA-2003-26 Multiple Vulnerabilities in SSL/TLS Implementations |
| | The OpenSSL code included in domestic versions of JUNOS Internet Software that runs on all M-series and T-series routers is susceptible to these vulnerabilities. | | | A vulnerability in the way OpenSSL deallocates memory used to store ASN.1 structures could allow a remote attacker to execute arbitrary code with the privileges of the process using the OpenSSL library. | | | OpenSSL is available for AIX via the AIX Toolbox for Linux. |
|
http://www.cert.org/advisories/CA-2003-26.html
(2549 words)
|
|
| |
| | ONLamp.com: Deploying a VPN with PKI |
| | This version of OpenSSL was the latest stable version of the package at the time of writing. | | | The OpenSSL distribution includes a heavily commented example configuration file, but it's more complex than the simplified version we will work with in this tutorial. | | | Specifically, our configuration file removes many of the certificate extension definitions that appear in the prepackaged OpenSSL configuration. |
|
http://www.onlamp.com/pub/a/security/2004/10/21/vpns_and_pki.html
(1829 words)
|
|
| |
| | OpenSSL Distribution for AmigaOS |
| | The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the | | | A port of OpenSSL to the VMS environment | | | HOWTO documents to introduce concepts or explain them in a way that is not possible in the manuals. |
|
http://amiga.sourceforge.net/OpenSSL
(445 words)
|
|
| |
| | OpenSSL Command-Line HOWTO |
| | Otherwise, the output will be a binary file. | | | When OpenSSL was built for your system, it was configured with a “Directory for OpenSSL files. | | | openssl binary was given the ability to use STARTTLS when talking to SMTP servers. |
|
http://www.madboa.com/geek/openssl
(4182 words)
|
|
| |
| | [No title] |
| | The libraries will be built in the top-level directory, and the binary will be in the "apps" directory. | | | There may be reasons for the failure that aren't problems in OpenSSL itself (like missing standard headers). | | | The only reason to have them would be to conserve memory on systems where several program are using OpenSSL. |
|
http://www.sunfreeware.com/INSTALL.openssl
(1214 words)
|
|
| |
| | openssl-too-open |
| | The first thing that comes to mind is to overwrite the next malloc chunk and then make the OpenSSL code call free() on the SSL_SESSION structure. | | | The other bytes must be set to specific values to make the exploit work. | | | The "A" bytes don't affect the OpenSSL control flow. |
|
http://www.phreedom.org/solar/exploits/apache-openssl
(1598 words)
|
|
| |
| | OpenSSL stuff |
| | This is a description of how I use OpenSSL on my various systems on (and off) the net. | | | This is usually /usr/share/ssl/certs on systems that bundle OpenSSL (Linux), otherwise it's typically /usr/local/ssl/certs or /usr/local/share/ssl/certs. | | | The certificate generated above (/opt/CA/certs/-ca.crt) is in PEM format, which is good for applications (servers), OpenSSL clients, Netscape and Mozilla browsers, and newer versions of Internet Explorer. |
|
http://www.wahlsten.com/openssl
(1187 words)
|
|
| |
| | PHP: OpenSSL Functions - Manual |
| | PHP between versions 4.0.5 and 4.3.1 will work with OpenSSL >= 0.9.5. | | | In order to enable this module on a Windows environment, you must copy | | | This extension has no configuration directives defined in |
|
http://us3.php.net/manual/en/ref.openssl.php
(1370 words)
|
|
| |
| | WGET 1.10 for Windows (win32) |
| | Most available binaries are dynamically linked against OpenSSL, and require you to have a couple of dll's in your path. | | | If you modify this file, you may extend this exception to your version of the file, but you are not obligated to do so. | | | wget-1.8.2.exe (279552 bytes): win32 binary with OpenSSL support and Windows-friendly filename generation. |
|
http://users.ugent.be/~bpuype/wget
(785 words)
|
|
| |
| | RPM resource openssl-devel |
| | The openssl-devel package contains static libraries and include files needed to develop applications which support various cryptographic algorithms and protocols. | | | OpenSSL - Secure Sockets Layer and cryptography static libraries and headers | | | Secure Sockets Layer and cryptography static libraries and headers |
|
http://rpmfind.net/linux/rpm2html/search.php?query=openssl-devel
(417 words)
|
|
| |
| | Pine+OpenSSL HOWTO |
| | openssl s_client session and peeking at the output. | | | It’s a plain text file, and the Red Hat package maintainer says that it was lifted from the Apache mod_ssl source tree; the mod_ssl maintainer in turn says that he lifted it from a Netscape Communicator certificate database. | | | It’s the main command-line entry into all the features of the OpenSSL libraries. |
|
http://www.madboa.com/geek/pine-ssl
(2196 words)
|
|
| |
| | Certificate Installation with OpenSSL - Other People's Certificates |
| | In some cases, you can use an OCSP (Online Certificate Status Protocol) client (such as the one with OpenSSL) to query the CA each time. | | | General built from source, OpenSSL 0.9.x /ssl/ (either the system default, or overriden at configure time with "--prefix foo") | | | The symbolic link must be for the hashed value above plus ".0" - if you forget the.0 then OpenSSL won't detect it, and you'll get lots of errors. |
|
http://www.gagravarr.org/writing/openssl-certs/others.shtml
(1639 words)
|
|
| |
| | Cisco Security Advisory: SSL Implementation Vulnerabilities |
| | All IOS software crypto (k8, k9, and k91) image releases in the 12.2SX and 12.2SY release trains for the Cisco Catalyst 6500 Series and Cisco 7600 Series Routers are affected by the first OpenSSL vulnerabilities. | | | Cisco IOS - All 12.1(11)E and later IOS software crypto (56i and k2) image releases in the 12.1E release train for the Cisco 7100 and 7200 Series Routers are affected by the first OpenSSL vulnerability. | | | Cisco Application and Content Networking Software (ACNS) is not affected by the second OpenSSL vulnerability. |
|
http://www.cisco.com/warp/public/707/cisco-sa-20030930-ssl.shtml
(2275 words)
|
|
| |
| | OpenSSL PKCS#12 FAQ |
| | OpenSSL can parse such files and extract all the keys and certificates but not create them (yet). | | | For some reason the encoding used by NS is not very efficient. | | | There are now two "high level" functions in OpenSSL that do all the hard work, PK12_parse() and PKCS12_create(). |
|
http://www.drh-consultancy.demon.co.uk/pkcs12faq.html
(4243 words)
|
|
| |
| | OpenSSL HP freeware for MPE/iX |
| | This software comes with MPE installation scripts, MPE installation instructions, binaries, additional files needed to run the software, and MPE-specific documentation. | | | This software has not been tested on versions earlier than 6.0. | | | This distribution contains pre-compiled binaries that are ready to run, so compiling is not required. |
|
http://jazz.external.hp.com/src/hp_freeware/openssl
(597 words)
|
|
| |
| | OpenSSL Examples |
| | This is a set of example programs demonstrating how to perform basic tasks with OpenSSL. | | | The programs found here were excerpted from the book. |
|
http://www.rtfm.com/openssl-examples
(270 words)
|
|
| |
| | HOWTO on EAP/TLS authentication between FreeRADIUS and XSupplicant |
| | Also, if you are using Linux system at present time it will missdectedct your gethostbyadd_r() and gethostbyname_r(). | | | On similar token the EAP/TLS module for FreeRADIUS will require that you use snapshot version of openssl (along with stable version of openssl!). | | | (you need to do that only if you put the devel version of openssl in some directory where xsupplicant can find it. |
|
http://www.missl.cs.umd.edu/wireless/eaptls
(1617 words)
|
|
| |
| | The OpenSSL License and The GPL |
| | If you modify * file(s) with this exception, you may extend this exception to your * version of the file(s), but you are not obligated to do so. | | | A much safer option is to use either the GNU TLS or Mozilla NSS library. | | | If you delete this exception statement from all source * files in the program, then also delete it here. |
|
http://www.gnome.org/~markmc/openssl-and-the-gpl.html
(698 words)
|
|
| |
| | Shining Light Productions - Win32 OpenSSL |
| | Bug Reports: To report a bug in the Win32 OpenSSL Installation Project, send an e-mail to Shining Light Productions describing your system setup, pertinent configuration information, what your intended goal is, and provide all related information (no matter how irrelevant it seems) to the bug. | | | As such, if you find it useful, a time-saver, or helps to solve a frustrating problem, seriously consider giving a donation to continue developing this software. | | | LEGAL NOTICE: This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. |
|
http://www.slproweb.com/products/Win32OpenSSL.html
(757 words)
|
|
| |
| | RedHat: Moderate: openssl security update - The Community's Center for Security |
| | Colin Percival reported a cache timing attack that could allow a malicious local user to gain portions of cryptographic keys. | | | Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. | | | To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. |
|
http://www.linuxsecurity.com/content/view/119233
(497 words)
|
|
| |
| | Stunnel.org |
| | This means that stunnel can support whatever (and only) that which your SSL library can, without making any changes in the Stunnel code. | | | There is no new Stunnel code to circumvent the vulnerability, you need only upgrade OpenSSL and recompile Stunnel. | | | The Stunnel source code is available under the GNU General Public License, meaning it is free to use in both commercial and non commercial applications as you see fit, as long as you provide source code (and any modifications) with the software. |
|
http://www.stunnel.org
(472 words)
|
|
| |
| | OpenSSL: CVS Web Interface |
| | In addition to the current stable release, you can also access daily snapshots of the OpenSSL development version at | | | + * Copyright (c) 1998-2004 The OpenSSL Project. | | | For more details please read the CHANGES file. |
|
http://cvs.openssl.org/chngview?cn=12033
(369 words)
|
|
| |
| | Using OpenSSL's S/MIME facilities |
| | The easiest and cheapest way to do this is with Thawte's FreeMail program. | | | To move a keypair and cert from OpenSSL to Netscape, you need to export it: | | | NOTE I believe there is a bug that affects at least version 0.95a of OpenSSL (they may call it a feature. |
|
http://www.kfu.com/~nsayer/encryption/openssl.html
(1175 words)
|
|
| |
| | OpenSSL TutorGig.co.uk Encyclopedia |
| | On a computer with the OpenSSL command line utilities, you can generate and examine an RSA key. | | | and Debian contains Apache, MySQL, PHP & PEAR, Perl, ProFTPD, phpMyAdmin, OpenSSL, GD, Freetype... | | | The OpenSSL exception is a clause added to the GNU General Public License GPL by free software developers who want to use OpenSSL with their software. |
|
http://www.tutorgig.co.uk/encyclopedia/sencyclo.jsp?keywords=OpenSSL
(270 words)
|
|
| |
| | ftps - RFC4217 - state of play |
| | Warning about IBM skit libraries and openssl version 0.9.6d onwards | | | Get the latest CVS snapshot of 2.8.0 from the wu-ftp development site (note - 2.8.0 is still work in progress and the 2.6.x patches are no longer kept up to date) | | | If your server is using old IBM skit SSL libraries (pre skit *D) |
|
http://www.ford-hutchinson.com/~fh-1-pfh/ftps-ext.html
(2710 words)
|
|
| |
| | Creating a Certificate Authority and Certificates with OpenSSL |
| | This patent expires in September of 2000, so after that you'll be free to use tools with the RSA algorithm (like OpenSSL). | | | RSA Data Security usually allows non-commercial use of the RSA algorithm for academic purposes. | | | This was written using OpenSSL 0.9.5 as a reference. |
|
http://www.octaldream.com/~scottm/talks/ssl/opensslca.html
(480 words)
|
|
| |
| | Debian -- openssl |
| | This package contains the openssl binary and related tools. | | | Secure Socket Layer (SSL) binary and related cryptographic tools | | | It is part of the OpenSSL implementation of SSL. |
|
http://packages.debian.org/stable/utils/openssl.html
(149 words)
|
|
| |
| | Wired News: Linux Worm Hits the Network |
| | Any users with installations of OpenSSL up to and including 0.9.6d or 0.9.7beta1 should immediately upgrade to the latest version of OpenSSL (currently 0.9.6g). | | | The flaw exploited by Slapper was discovered in August in OpenSSL libraries, and was patched. |
|
http://www.wired.com/news/linux/0,1411,55172,00.html
(620 words)
|
|
| |
| | OpenSSL self-signed test certificates |
| | These notes cover OpenSSL 0.9.6e as shipped with Mac OS X 10.2 (plus Developers Tools with OpenSSL headers), but should be applicable to similar OpenSSL versions on any unix-like system. | | | Many systems ship with OpenSSL as part of the base system, or make it available via a package or port. | | | OpenSSL is assumed to have been installed on the system in question. |
|
http://sial.org/howto/openssl/self-signed
(634 words)
|
|
| |
| | Apache-SSL |
| | This is a feature of OpenSSL since version 0.9.5a. | | | What you get is a set of patches for Apache (available for versions 1.2.0+ and 1.3.0+), some extra source files, a few READMEs and example configuration files. | | | The patches must be applied to the Apache source, and the result compiled and linked with SSLeay (version 0.5.1b+) or OpenSSL. |
|
http://www.apache-ssl.org
(1364 words)
|
|
| |
| | LWN: Fedora alert FEDORA-2005-389 (openssl) |
| | OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. | | | Description : The OpenSSL toolkit provides support for secure communications between machines. | | | --------------------------------------------------------------------- Fedora Update Notification FEDORA-2005-389 2005-05-23 --------------------------------------------------------------------- Product : Fedora Core 3 Name : openssl Version : 0.9.7a Release : 42.1 Summary : The OpenSSL toolkit. |
|
http://lwn.net/Articles/137138
(117 words)
|
|
| |
| | [No title] |
| | Problem: "Updated OpenSSL packages are available that fix a potential timing-based attack and a modified Bleichenbacher attack. | | | We suggest that you use the apt-get program to keep your system up-to-date. | | | OpenSSL is a commercial-grade, full-featured, and open source toolkit that implements Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. |
|
http://www.yellowdoglinux.com/resources/errata/YDU-20030423-4.txt
(346 words)
|
|
| |
| | Check Point Software: OpenSSL Vulnerability |
| | Applications or systems that use the OpenSSL SSL/TLS library (libssl) may be affected. | | | OpenSSL Hotfixes will be included in future Hotfix Accumulator (HFA) releases for Next Generation FP3 and NG with Application Intelligence R54. | | | VPN-1/FireWall-1 NG with Application Intelligence R54 OpenSSL Hotfix |
|
http://www.checkpoint.com/techsupport/alerts/openssl.html
(164 words)
|
|
| |
| | Apache+SSL Win32 HOWTO |
| | Copy the executable files (*.exe, *.dll, *.so) from the downloaded apache-mod_ssl distribution over your original Apache installation directory (remember to stop Apache first and DO NOT overwrite your edited config files etc.!). | | | openssl x509 -in my-server.cert -out my-server.der.crt -outform DER | | | If even this doesn't work, you can use OpenSSL to debug the problem. |
|
http://tud.at/programm/apache-ssl-win32-howto.php3
(1428 words)
|
|
| |
| | OpenSSL ASN.1 Parsing Vulnerabilities |
| | Applications that are statically linked to OpenSSL libraries should be recompiled after upgrading OpenSSL. | | | All software that does not explictly require elevated privileges should be run as an unprivileged user with minimal access rights. | | | Stunnel has released a statement indicating that their software may use vulnerable versions of OpenSSL, though is not directly affected by the issues. |
|
http://securityresponse.symantec.com/avcenter/security/Content/8732.html
(1290 words)
|
|
| |
| | OpenSSL |
| | One feature that many users overlook is the | | | OpenSSL is to provide certificates for use with software applications. | | | openssl req -new -nodes -out req.pem -keyout cert.pem |
|
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/openssl.html
(718 words)
|
|
| |
| | CVE-2002-0656 (under review) |
| | Christey> The CVE content decision "CD:SF-LOC" recommends that multiple bugs of the same type, in the same version of software, should be combined. | | | Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allow remote attackers to execute arbitrary code via (1) a large client master key in SSL2 or (2) a large session ID in SSL3. | | | Therefore, this candidate may be modified or even rejected in the future. |
|
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0656
(221 words)
|
|
| |
| | SecurityFocus |
| | Updated versions of OpenSSL are now available which correct two | | | OpenSSL library in such a way as to cause OpenSSL to crash. | | | All versions of OpenSSL from 0.9.6c to 0.9.6k inclusive and from |
|
http://www.securityfocus.com/archive/1/357672
(343 words)
|
|
| |
| | SourceForge.net: Python OpenSSL Wrappers |
| | Python OpenSSL Wrappers(POW), a Python wrapper for OpenSSL. | | | X590v3 and CRL encoding is now also support is now via a pure Python module, which will include support for PKCS in the near future. | | | Provide feedback on this page Recently changed page Site Status |
|
http://sourceforge.net/projects/pow
(121 words)
|
|
| |
| | OpenSSL Certificate Cookbook |
| | OpenSSL is a free non-commercial implementation of SSL by Eric Young and other [OpenSSL]. | | | The OpenSSL-0.9.4 distribution is obtained as a tar file (OpenSSL-9.6.4.tar.gz) Extracting from the tar file will create a new directory, /opt/openssl in which OpenSSL is built. | | | This documentation has been written for OpenSSL-0.9.4, but as you read this a later version may be available. |
|
http://www.pseudonym.org/ssl/ssl_cook.html
(848 words)
|
|
| |
| | openssl -- OpenSSL command line tool |
| | This can be used to send the data via a pipe for example. | | | program is a command line tool for using the various cryptography functions of OpenSSL's | | | OpenSSL is a cryptography toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) network protocols and related cryptography standards required by them. |
|
http://www.mkssoftware.com/docs/man1/openssl.1.asp
(481 words)
|
|
| |
| | XML Security Library |
| | XML Security Library is released under the MIT Licence see the Copyright file in the distribution for details. | | | (openssl) fixed parsing quoted values in the certificate subject; | | | The new XML Security Library 1.2.9 release includes few bug fixes and adds support for the recently released OpenSSL 0.9.8 including several new algorithms for xmlsec-openssl: |
|
http://www.aleksey.com/xmlsec
(171 words)
|
|
| |
| | oreilly.com -- Online Catalog: Network Security with OpenSSL, First Edition |
| | OpenSSL is a popular and effective open source version of SSL/TLS, the most widely used protocol for secure network communications. | | | Focused on the practical, this book provides only the information that is necessary to use OpenSSL safely and effectively. | | | The only guide available on the subject, Network Security with OpenSSLdetails the challenges in securing network communications, and shows you how to use OpenSSL tools to best meet those challenges. |
|
http://www.oreilly.com/catalog/openssl
(161 words)
|
|
| |
| | openssl |
| | openssl req -extensions server_ext -nodes -keyout myserver.key \ -out myserver.req 1024 chmod 400 myserver.key | | | openssl req -new -days 365 -key mykey.pem -out myreq.pem \ -extensions user_ext | | | openssl x509 -in cert.pem -out cert.der -outform DER # MS Internet Explorer |
|
http://www-zeuthen.desy.de/computing/projects/security/SSL/ssl_commands.html
(239 words)
|
|
|
