Date: Thu, 10 Apr 2014 12:02:39 +0300 From: Georgi Guninski <guninski@...inski.com> To: oss-security@...ts.openwall.com Subject: Re: Should openssl accept weak DSA/DH keys with g = +/- 1 ? Someone suggested not using self signed certs. Created RSA CA and DSA cert with g=1 $ openssl x509 -text -in certg=1.pem G: 1 (0x1) #server $openssl s_server -accept 8888 -cert ./certg=1.pem -key certg=1.key -CAfile ./cacert.pem -www #client $ openssl s_client -connect localhost:8888 -showcerts -CAfile cacert.pem Verify return code: 0 (ok) Works in konqueror but not on firefox/nss for me. View attachment "cacert.pem" of type "text/plain" (3073 bytes) View attachment "certg=1.pem" of type "text/plain" (3147 bytes) Download attachment "certg=1.key" of type "application/pgp-keys" (323 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ