Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 10 Apr 2014 12:02:39 +0300
From: Georgi Guninski <guninski@...inski.com>
To: oss-security@...ts.openwall.com
Subject: Re: Should openssl accept weak DSA/DH keys with g = +/- 1 ?

Someone suggested not using self signed certs.
Created RSA CA and DSA cert with g=1

$ openssl x509 -text -in certg=1.pem
G:    1 (0x1)

#server
$openssl s_server -accept 8888 -cert ./certg=1.pem -key certg=1.key -CAfile ./cacert.pem -www

#client
$ openssl s_client -connect localhost:8888 -showcerts -CAfile cacert.pem
Verify return code: 0 (ok)

Works in konqueror but not on firefox/nss for me.


View attachment "cacert.pem" of type "text/plain" (3073 bytes)

View attachment "certg=1.pem" of type "text/plain" (3147 bytes)

Download attachment "certg=1.key" of type "application/pgp-keys" (323 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ