Questions tagged [openssl]
OpenSSL: The Open Source Toolkit for SSL and TLS
1,629
questions
1
vote
0
answers
212
views
How to have "empty" for x509's nameConstraints extension subtree?
I am signing x509 certificates that should only be used for CN under a specific domain, not for any IP/email/UPN.
the rfc5280 says that passing empty to a permitted value will allow all of those class,...
0
votes
1
answer
838
views
how to work with x509 certificate bundles with openssl
Is it possible to work with x509 certificates in a pkcs7 bundle file?
I need to sign all certificates in a bundle with extra x509 extensions. e.g. (if they were a single x509 crt file)
openssl x509 -...
1
vote
0
answers
301
views
Not receiving any response from SMTP server after successfully connected via openssl or telnet
I am trying to set up my postfix using Gmail smtp relay server. I have set it up in other servers without issues, but I am having difficulty getting it to work in my work network.
I tested if there is ...
-1
votes
1
answer
666
views
Yum to packages.microsoft.com failed on Centos 7
You can say i'm beginner in using Centos. Our regional want to use packages.microsoft.com as repository. We have open the firewall to the packages.microsoft.com. Tracepath is no issue, but when we are ...
0
votes
1
answer
238
views
OpenSSL Error: lib(128):capi_rsa_priv_enc:function not supported in client Auth
My scripts to sign file via API was working properly fine when my previous server setup was Ubuntu 20.04 and openssl version is 1.1.1b.
But after upgrade, I am getting this issue. Client environment ...
-1
votes
1
answer
767
views
How to verify signed file? [closed]
How to check a validity of a file using openssl and cms?
I've got a file (foo.bin) and a signature (foo.bin.cms) which is include x509 der format certificate.
is there any way to check validity of ...
0
votes
1
answer
456
views
Cannot enable OCSP stapling
Windows Server 2022
Apache x64 2.4.57
OpenSSL 3.0.8
My Apache SSL conf has this:
SSLUseStapling On
SSLStaplingCache "shmcb:${SRVROOT}/logs/ssl_stapling(65536)"
...
0
votes
1
answer
2k
views
Remove old Cipher Suites
I manage some websites and one of them got a poor security rating (from sec scorecard). I have a managed server, so I asked the IT guys to help, but also would like to understand this issue a little ...
8
votes
2
answers
1k
views
SAN certificate with URI fragment
I need to generate a TLS certificate with a SAN URI where the URI has a fragment (has a hash '#'). But when I try to generate a certificate using openssl, the fragment gets stripped.
# generate key ...
0
votes
1
answer
1k
views
Enable TLSv1.1 on httpd 2.4.56 running on Docker
I am trying to modernize the infrastructure of a HTTP web service. I want to update the web server to something more recent and secure, but I have to maintain compatibility with some legacy devices in ...
3
votes
1
answer
28k
views
SSL error "unexpected eof while reading" on same server as the originating request
First, I'm aware of the SSL Library Error: error:0A000126:SSL routines::unexpected eof while reading error stemming from OpenSSL 3 reintroducing a feature to prevent truncation attacks.
The question I ...
0
votes
1
answer
1k
views
openssl functions randomly returns warning: command substitution: ignored null byte in input
I try to encrypt some loads, here is a minimum working example (is RSA private key)
to_be_signed="2f93992bb1db9cab0b3b8fc2de0a2863"
#to_be_signed="7d6d2a584a227574e1c113aab56ea490&...
10
votes
4
answers
23k
views
Error in libcrypto connecting RHEL 9 server to Centos 6 via SFTP/SSH
I am trying to connect from a new RHEL9 server to an older Centos 6 server to SFTP files from the older server to the new one for an upgrade, but when connecting from 9 to 6 I get the following error:
...
1
vote
0
answers
447
views
Decrypting Kubernetes secret using the encryption key
I have a toy Kubernetes cluster with Encryption at rest enabled using the abs-256-cbc provider; I have not used any vault here for kms simulating the problem. This means the encryption key is in a ...
2
votes
1
answer
4k
views
How to support TLS 1 and TLS 1.1 with haproxy 2.4 and OpenSSL 3?
I am trying to support TLSv1.0 and TLSv1.1 with haproxy 2.4.18 (and OpenSSL 3.0.2) on Ubuntu 22.04.
I have followed Mozilla SSL Configuration Generator, "Old" configuration, slightly ...