Disabling Weak Encryption

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Disabling Weak Encryption

Lester, Bob
Disabling Weak Encryption

Hi,

    I'm looking to disable weak encryption in OpenSSL 0.9.8.a.  Do I need to rebuild without that support, or can I just use the OpenSSL cipher command?  In either case, can anyone tell me which cipher suite(s) to disable to achieve this?

TIA,
<*BobL*>

Bob Lester
Sr. SysProg - CICS/TCPIP/VTAM/USS
OppenheimerFunds
Centennial, Colorado, USA
[hidden email]

------------------------------------------------------------------------------
This e-mail transmission may contain information that is proprietary, privileged and/or confidential and is intended exclusively for the person(s) to whom it is addressed. Any use, copying, retention or disclosure by any person other than the intended recipient or the intended recipient's designees is strictly prohibited. If you are not the intended recipient or their designee, please notify the sender immediately by return e-mail and delete all copies. OppenheimerFunds may, at its sole discretion, monitor, review, retain and/or disclose the content of all email communications.
==============================================================================

Reply | Threaded
Open this post in threaded view
|

Disabling Weak Encryption

Lester, Bob
Disabling Weak Encryption

Hi,

    I'm looking to disable weak encryption in OpenSSL 0.9.8.a.  Do I need to rebuild without that support, or can I just use the OpenSSL cipher command?  In either case, can anyone tell me which cipher suite(s) to disable to achieve this?

TIA,
<*BobL*>

Bob Lester
Sr. SysProg - CICS/TCPIP/VTAM/USS
OppenheimerFunds
Centennial, Colorado, USA
[hidden email]

------------------------------------------------------------------------------
This e-mail transmission may contain information that is proprietary, privileged and/or confidential and is intended exclusively for the person(s) to whom it is addressed. Any use, copying, retention or disclosure by any person other than the intended recipient or the intended recipient's designees is strictly prohibited. If you are not the intended recipient or their designee, please notify the sender immediately by return e-mail and delete all copies. OppenheimerFunds may, at its sole discretion, monitor, review, retain and/or disclose the content of all email communications.
==============================================================================

Reply | Threaded
Open this post in threaded view
|

Re: Disabling Weak Encryption

Bernhard Fröhlich-2
In reply to this post by Lester, Bob
Lester, Bob wrote:

> /Hi,/
>
> /    I'm looking to disable weak encryption in OpenSSL 0.9.8.a.  Do I
> need to rebuild without that support, or can I just use the OpenSSL
> cipher command?  In either case, can anyone tell me which cipher
> suite(s) to disable to achieve this?/
>
> /TIA,/
> /<*BobL*>/
>
/The OpenSSL-Book advises the following Cipherlist:

#define DEFAULT_CIPHERLIST "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"
/
which looks pretty sensible if you compare it with the infos in
http://www.openssl.org/docs/apps/ciphers.html

Hope it helps,
Ted
;)

smime.p7s (4K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Disabling Weak Encryption

Alex Kupriyenko
In reply to this post by Lester, Bob
Hi, Bob,
Can you  help me  with  that problem:

A RSA encrypt()/decrypt() interface works fine in one application/process,

but with client-server communication – TCP/IP socket (cl public_encrypt – serv private_decript)

I've got Decryption error: RSA_padding_check_PKCS1_type_2:block type is not 02

A Cipher string is the same on client and server site(and length too).

What it may be?

Thanks for any help, Alex



On 11/17/05, Lester, Bob <[hidden email]> wrote:

Hi,

    I'm looking to disable weak encryption in OpenSSL 0.9.8.a.  Do I need to rebuild without that support, or can I just use the OpenSSL cipher command?  In either case, can anyone tell me which cipher suite(s) to disable to achieve this?

TIA,
<*BobL*>

Bob Lester
Sr. SysProg - CICS/TCPIP/VTAM/USS
OppenheimerFunds
Centennial, Colorado, USA
[hidden email]

------------------------------------------------------------------------------
This e-mail transmission may contain information that is proprietary, privileged and/or confidential and is intended exclusively for the person(s) to whom it is addressed. Any use, copying, retention or disclosure by any person other than the intended recipient or the intended recipient's designees is strictly prohibited. If you are not the intended recipient or their designee, please notify the sender immediately by return e-mail and delete all copies. OppenheimerFunds may, at its sole discretion, monitor, review, retain and/or disclose the content of all email communications.
==============================================================================


Reply | Threaded
Open this post in threaded view
|

RE: Disabling Weak Encryption

Lester, Bob
In reply to this post by Lester, Bob
Hi Ted,

    Thanks for the info!

<*BobL*>

|   -----Original Message-----
|   From: [hidden email]
|   [mailto:[hidden email]]On Behalf Of
|   Bernhard Froehlich
|   Sent: Thursday, November 17, 2005 12:51 PM
|   To: [hidden email]
|   Subject: Re: Disabling Weak Encryption
|  
|  
|   >
|   /The OpenSSL-Book advises the following Cipherlist:
|  
|   #define DEFAULT_CIPHERLIST "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"
|   /
|   which looks pretty sensible if you compare it with the infos in
|   http://www.openssl.org/docs/apps/ciphers.html
|  
|   Hope it helps,
|   Ted
|   ;)
|  

------------------------------------------------------------------------------
This e-mail transmission may contain information that is proprietary, privileged and/or confidential and is intended exclusively for the person(s) to whom it is addressed. Any use, copying, retention or disclosure by any person other than the intended recipient or the intended recipient's designees is strictly prohibited. If you are not the intended recipient or their designee, please notify the sender immediately by return e-mail and delete all copies. OppenheimerFunds may, at its sole discretion, monitor, review, retain and/or disclose the content of all email communications.
==============================================================================

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]