Re: SSL compression

Steve Parkinson wrote: >> I understand there is a compression-negotiation feature in the SSL >> protocol. Yes, and there are some RFCs about it. http://www.rfc-editor.org/rfc/rfc3749.txt http://www.rfc-editor.org/rfc/rfc3943.txt >> But, it seems implementation of compression schemes for this is

Re: RSA signature and verification under NSS and OpenSSL

Peter Djalaliev wrote: > Hello, > > Has anybody tried to verify under NSS the signature of data signed under > OpenSSL and vice versa? Assuming the same RSA public key (modulus and > public exponent) and the same signature algorithm (RSA signature with > PKCS#1 padding and SHA-1 message digest),

Re: pkcs11 provider password issues

Hi Robert, robert dugal wrote: SSL_AuthCertificate() is called to verify a certificate chain during an SSL/TLS handshake. It ends up calling pk11_RetrieveCrls() which then calls PK11_GetAllTokens() which loads ever P11 token, including those that need a login. I am not certain how I can get a

Re: pkcs11 default provider

robert dugal wrote: > I want to configure Firefox 1.5 to use my own PKCS11 provider as the > default for all algorithms supported by my provider. I cannot appear to > do this from the "Device Manager" dialog as that dialog has no way to > set specify which algorithms should default to my library.

SSL compression

I understand there is a compression-negotiation feature in the SSL protocol. But, it seems implementation of compression schemes for this is pretty rare. Is there a technical reason why? Steve Parkinson Red Hat ___ dev-tech-crypto mailing list dev-

pkcs11 provider password issues

With my own PKCS11 provider installed I am seeing unnecessary password prompts to login to my provider. When I try to connect to a site with https, and sometimes just to an http site, I am always getting prompts for my password, even if the site does not use client authentication and even if my

pkcs11 default provider

I want to configure Firefox 1.5 to use my own PKCS11 provider as the default for all algorithms supported by my provider. I cannot appear to do this from the "Device Manager" dialog as that dialog has no way to set specify which algorithms should default to my library. The NSS utility modutil h

Fwd: Invalid key type @ SSL

Thanks again for the help. I'll try converting the cert stores as you suggested. But what keeps bugging me is this - can I still use the Axis SOAP for SSL server-client communication? All the mentioned examples use jss SSLSocket (handshake listener,...), but I need XML based communication because