oss-sec mailing list archives
Re: Should openssl accept weak DSA/DH keys with g = +/- 1 ?
From: Georgi Guninski <guninski () guninski com>
Date: Thu, 10 Apr 2014 12:02:39 +0300
Someone suggested not using self signed certs. Created RSA CA and DSA cert with g=1 $ openssl x509 -text -in certg=1.pem G: 1 (0x1) #server $openssl s_server -accept 8888 -cert ./certg=1.pem -key certg=1.key -CAfile ./cacert.pem -www #client $ openssl s_client -connect localhost:8888 -showcerts -CAfile cacert.pem Verify return code: 0 (ok) Works in konqueror but not on firefox/nss for me.
Attachment:
cacert.pem
Description:
Attachment:
certg=1.pem
Description:
Attachment:
certg=1.key
Description:
Current thread:
- Should openssl accept weak DSA/DH keys with g = +/- 1 ? Georgi Guninski (Apr 08)
- Re: Should openssl accept weak DSA/DH keys with g = +/- 1 ? Georgi Guninski (Apr 08)
- Re: Should openssl accept weak DSA/DH keys with g = +/- 1 ? Georgi Guninski (Apr 10)
- Re: Should openssl accept weak DSA/DH keys with g = +/- 1 ? Georgi Guninski (Apr 08)