Ian,
Ian G wrote:
On 26/1/09 19:43, Jean-Marc Desperrier wrote:
About Apache, it seems the potential problem is more with OpenSSL, it
will not enable SHA-2 by default if you only enable the default
algorithms for SSL.
But I think most people choose instead to initialize all the algorithms
Open
On 01/26/2009 08:43 PM, Jean-Marc Desperrier:
It should work with Windows Server 2003 (not with 2K) and Windows XP
clients **with SP3**.
The problem we were seeing is, that IIS (or better the certificate
viewer - MMC certificate snap-in) complains about invalid signature or
certificate corrup
On 26/1/09 19:43, Jean-Marc Desperrier wrote:
About Apache, it seems the potential problem is more with OpenSSL, it
will not enable SHA-2 by default if you only enable the default
algorithms for SSL.
But I think most people choose instead to initialize all the algorithms
OpenSSL knows about, and
Eddy Nigg wrote:
On 01/26/2009 04:12 PM, Ian G:
No, I can't tell you exactly, I just read s**t on the net :)
Because the only show-stopper I found was with Windows 2003 (most likely
2K as well) and Windows XP clients. At least with W2K3 it's a real
problem. So far I couldn't see any problem w
On 01/26/2009 04:12 PM, Ian G:
No, I can't tell you exactly, I just read s**t on the net :)
Because the only show-stopper I found was with Windows 2003 (most likely
2K as well) and Windows XP clients. At least with W2K3 it's a real
problem. So far I couldn't see any problem with Apache + Fir
On 26/1/09 14:03, Eddy Nigg wrote:
On 01/26/2009 01:57 PM, Ian G:
More on that "SHA1 disaster brewing" thing. My today understanding
(wait until tomorrow before challenging ...) is it could be as bad as
this:
* servers need to support TLS1.2 before the old hash family is gone.
* clients need to
On 01/26/2009 01:57 PM, Ian G:
More on that "SHA1 disaster brewing" thing. My today understanding
(wait until tomorrow before challenging ...) is it could be as bad as this:
* servers need to support TLS1.2 before the old hash family is gone.
* clients need to support old hashes until the serve
More on that "SHA1 disaster brewing" thing. My today understanding
(wait until tomorrow before challenging ...) is it could be as bad as this:
* servers need to support TLS1.2 before the old hash family is gone.
* clients need to support old hashes until the servers stop TLS1.1
* we have
8 matches
Mail list logo
