Search Results

Search found 689 results on 28 pages for 'tls psk'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 5/28 | < Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >

  • "Could not establish secure channel for SSL/TLS" in .NET CF application on smart phone

    - by Stefan Mohr
    I have a stubborn communications issue with an application running on the .NET Compact Framework 3.5 on Windows Mobile smartphones. I am constructing a web request using this code: UTF8Encoding encoding = new System.Text.UTF8Encoding(); byte[] Data = encoding.GetBytes(HttpUtility.ConstructQueryString(parameters)); httpRequest = WebRequest.Create((domain)) as HttpWebRequest; httpRequest.Timeout = 10000000; httpRequest.ReadWriteTimeout = 10000000; httpRequest.Credentials = CredentialCache.DefaultCredentials; httpRequest.Method = "POST"; httpRequest.ContentType = "application/x-www-form-urlencoded"; httpRequest.ContentLength = Data.Length; Stream SendReq = httpRequest.GetRequestStream(); SendReq.Write(Data, 0, Data.Length); SendReq.Close(); HttpWebResponse httpResponse = (HttpWebResponse)httpRequest.GetResponse(); return httpResponse.GetResponseStream(); The web service functions by receiving a JSON-encoded document as part of the URL (eg. https://site.com/ws/sync??document={"version":"1.0.0","items":[{"item_1":"item1"}]}&user=usr&password=pw), and as a response receives another JSON document as response data. This code runs fine on all emulators and PDAs running WM 5 and 6. We have seen an issue with a couple of customers running Treo smartphones (and only on the Sprint network). We have tested the code on an identical device on the AT&T network (via DeviceAnywhere) and once again the code worked as we expected. This has to be some sort of security policy on the phone, but we've been unable to determine a workaround or diagnose it thoroughly as we cannot reproduce it in house and have had to resort to getting users to assist with running test drivers for us. When this code executes, the user's device throws the following exception: System.Net.WebException Could not establish secure channel for SSL/TLS Stack trace: at System.Net.HttpWebRequest.finishGetRequestStream() at System.Net.HttpWebRequest.GetRequestStream() at OurApp.GetResponseStream(String domain, Hashtable parameters) inner exception: System.IO.IOException Authentication failed because the remote party has closed the transport stream. Stack trace: at System.Net.SslConnectionState.ClientSideHandshake() at System.Net.SslConnectionState.PerformClientHandShake() at System.Net.Connection.connect(Object ignored) at System.Threading.ThreadPool.WorkItem.doWork(Object o) at System.Threading.Timer.ring() Examining the server Apache logs shows no hits from the user's IP - I don't think the device is even attempting to send a packet before failing. If relevant, the server is running Apache on Linux and is written using the TurboGears Python framework. The server certificate is issued by a CA and is still valid. The test driver where this error was copied from was not code signed, however the same error (without the error messages) is signed with a GeoTrust certificate so we don't believe this is a code signing issue. The application installs and launches without issue on all phones - it's just establishing this SSL connection that is breaking for these users. One significant issue in troubleshooting is that there is a substantial inconvenience each time we try out a solution (need to find a "volunteer" customer), so we're really looking for a silver bullet or a better understanding of the handshaking process so we can be reasonably confident we only need to ask the user to test it one or two more times. One final mention: we have tried the sync both over ActiveSync and also over GPRS with identical results. Any thoughts would be greatly appreciated!

    Read the article

  • Can't send mail from Windows Phone (Postfix server)

    - by Dominic Williams
    Some background: I have a Dovecot/Postfix setup to handle email for a few domains. We have imap and smtp setup on various devices (Macs, iPhones, PCs, etc) and it works no problem. I've recently bought a Windows Phone and I'm trying to setup the mail account on there. I've got the imap part working great but for some reason it won't send mail. mail.log with debug_peer_list I've put this on pastebin because its quite long: http://pastebin.com/KdvMDxTL dovecot.log with verbose_ssl Apr 14 22:43:50 imap-login: Warning: SSL: where=0x10, ret=1: before/accept initialization [109.151.23.129] Apr 14 22:43:50 imap-login: Warning: SSL: where=0x2001, ret=1: before/accept initialization [109.151.23.129] Apr 14 22:43:50 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 read client hello A [109.151.23.129] Apr 14 22:43:50 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write server hello A [109.151.23.129] Apr 14 22:43:50 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write certificate A [109.151.23.129] Apr 14 22:43:50 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write server done A [109.151.23.129] Apr 14 22:43:50 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 flush data [109.151.23.129] Apr 14 22:43:50 imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A [109.151.23.129] Apr 14 22:43:50 imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A [109.151.23.129] Apr 14 22:43:50 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 read client key exchange A [109.151.23.129] Apr 14 22:43:50 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 read finished A [109.151.23.129] Apr 14 22:43:50 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write change cipher spec A [109.151.23.129] Apr 14 22:43:50 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write finished A [109.151.23.129] Apr 14 22:43:50 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 flush data [109.151.23.129] Apr 14 22:43:50 imap-login: Warning: SSL: where=0x20, ret=1: SSL negotiation finished successfully [109.151.23.129] Apr 14 22:43:50 imap-login: Warning: SSL: where=0x2002, ret=1: SSL negotiation finished successfully [109.151.23.129] Apr 14 22:43:51 imap-login: Info: Login: user=<pixelfolio>, method=PLAIN, rip=109.151.23.129, lip=94.23.254.175, mpid=24390, TLS Apr 14 22:43:53 imap(pixelfolio): Info: Disconnected: Logged out bytes=9/331 Apr 14 22:43:53 imap-login: Warning: SSL alert: where=0x4008, ret=256: warning close notify [109.151.23.129] postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases append_dot_mydomain = no biff = no broken_sasl_auth_clients = yes config_directory = /etc/postfix debug_peer_list = 109.151.23.129 inet_interfaces = all mailbox_command = procmail -a "$EXTENSION" mailbox_size_limit = 0 message_size_limit = 50240000 milter_default_action = accept milter_protocol = 2 mydestination = ks383809.kimsufi.com, localhost.kimsufi.com, localhost myhostname = ks383809.kimsufi.com mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 myorigin = /etc/mailname non_smtpd_milters = inet:127.0.0.1:8891,inet:localhost:8892 readme_directory = no recipient_delimiter = + smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) smtpd_milters = inet:127.0.0.1:8891,inet:localhost:8892 smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/auth smtpd_sasl_type = dovecot smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_use_tls = yes virtual_alias_domains = domz.co.uk ruck.in vjgary.co.uk scriptees.co.uk pixelfolio.co.uk filmtees.co.uk nbsbar.co.uk virtual_alias_maps = hash:/etc/postfix/alias_maps doveconf -n # 2.0.13: /etc/dovecot/dovecot.conf # OS: Linux 2.6.38.2-grsec-xxxx-grs-ipv6-64 x86_64 Ubuntu 11.10 auth_mechanisms = plain login log_path = /var/log/dovecot.log mail_location = mbox:~/mail/:INBOX=/var/mail/%u passdb { driver = pam } protocols = imap service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } } ssl_cert = </etc/ssl/certs/dovecot.pem ssl_key = </etc/ssl/private/dovecot.pem userdb { driver = passwd } verbose_ssl = yes Any suggestions or help greatly appreciated. I've been pulling my hair out with this for hours! EDIT This seems to be my exact problem, but I already have broken_sasl set to yes and the 'login' auth mechanism added? http://forums.gentoo.org/viewtopic-t-898610-start-0.html

    Read the article

  • SSL over TDS, SQL Server 2005 Express

    - by reuvenab
    I capture packets sent/received by Win Xp machine when connecting to SQL Server 2005 Express using TLS encryption. Server and Client exchange Hello messages Server and Client send ChangeCipherSpec message Then Server and Client server send strange message that is not described in TLS protocol What is the message and if SSL over TDS is standard compliant at all? Server side capture: 16 **SSL Handshake** 03 01 00 4a 02 ServerHello 00 00 46 03 01 4b dd 68 59 GMT 33 13 37 98 10 5d 57 9d ff 71 70 dc d6 6f 9e 2c Random[00..13] cb 96 c0 2e b3 2f 9b 74 67 05 cc 96 Random[14..27] 20 72 26 00 00 0f db 7f d9 b0 51 c2 4f cd 81 4c Session ID 3f e3 d2 d1 da 55 c0 fe 9b 56 b7 6f 70 86 fe bb Session ID 54 Session ID 00 04 Cipher Suite 00 Compression 14 03 01 00 01 01 **ChangeCipherSpec** 16 03 01 ???? Finished ??? 00 20 d0 da cc c4 36 11 43 ff 22 25 8a e1 38 2b ???? ??? 71 ce f3 59 9e 35 b0 be b2 4b 1d c5 21 21 ce 41 ???? ??? 8e 24

    Read the article

  • IMAP + TLS/SSL with synapse ?

    - by azera
    i'm currently trying to add to a software the capability to list unread emails in the user's inbox using imap. After having no success at all using indy10, I discovered synapse which seemed better for what I needed, but I can't find a way to get it working. My problem is with the login (thus I think with the ssl configuration), I can't find a working combination of "FullSSL", "Sock.SSL.SSLType" and "AutoTLS", whetever I do the "Login()" function fails. For the sake of testing, is any of you able to connect to gmail's imap server using synapse, and if yes how ?

    Read the article

  • SSL connection errors from Apache

    - by Yang
    I'm running a (self-signed) SSL cert site on Apache/2.2.14 on Ubuntu 10.04, but various browsers are giving errors on half the connection attempts. Just now saw this transient error from Chrome: "Error 126 (net::ERR_SSL_BAD_RECORD_MAC_ALERT): Unknown error." Hit refresh and the problem goes away for a while. wget too: $ wget --no-check-certificate https://dev.foo.com/deps/ --2010-09-08 19:30:26-- https://dev.foo.com/deps/ Resolving dev.foo.com... 184.72.53.220 Connecting to dev.foo.com|184.72.53.220|:443... connected. OpenSSL: error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01 OpenSSL: error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed OpenSSL: error:1408D07B:SSL routines:SSL3_GET_KEY_EXCHANGE:bad signature Unable to establish SSL connection. Run it right away again and it works: $ wget --no-check-certificate https://dev.foo.com/deps/ --2010-09-08 19:30:29-- https://dev.foo.com/deps/ Resolving dev.foo.com... 184.72.53.220 Connecting to dev.foo.com|184.72.53.220|:443... connected. WARNING: cannot verify dev.foo.com's certificate, issued by `/CN=dev.foo.com': Self-signed certificate encountered. HTTP request sent, awaiting response... 200 OK Length: 3157 (3.1K) [text/html] Saving to: `index.html' 100%[======================================>] 3,157 --.-K/s in 0s 2010-09-08 19:30:29 (48.6 MB/s) - `index.html' saved [3157/3157] In my sites-enabled/default-ssl: SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key The cert: -----BEGIN CERTIFICATE----- MIIBszCCARwCCQCa0TzNwqLgsTANBgkqhkiG9w0BAQUFADAeMRwwGgYDVQQDExNk ZXYucGFydHlvbmRhdGEuY29tMB4XDTEwMDgyNzA2MzA1N1oXDTIwMDgyNDA2MzA1 N1owHjEcMBoGA1UEAxMTZGV2LnBhcnR5b25kYXRhLmNvbTCBnzANBgkqhkiG9w0B AQEFAAOBjQAwgYkCgYEAzXDEULpCUqIc9hV/ESFapkckR2uoYINA81DvG2aQZ9Ot Q30OwX2ae2CC4bSzJEIVlahU8vjVrWpmpa28NEhQbqh4ywwbl1XDrEVYI6Gkfimf snJhOKyaVrEhlwutYtBjmsz3ZIqwymMPm/6smVcSS5dJIynlSmtltxX6ivPcO8UC AwEAATANBgkqhkiG9w0BAQUFAAOBgQBGxHVkpSSOnZjzuySRepjhAlV/yhe9Fx23 fh12WrjQMEi98B7JEuNSLXDWckUN7O6XRc3RzKmazcGHJqzhn0Ov6gAmAE2XjZ/x VW21xmaLwk+KgYKFJbJJaP3jMSpU7I3aa11wqAkR2Zd4Nkm9N0YXYIzcBdfztTVI Et8mEHBFdg== -----END CERTIFICATE----- The cert is in turn generated via: $ make-ssl-cert generate-default-snakeoil --force-overwrite Apache version. $ apache2 -V Server version: Apache/2.2.14 (Ubuntu) Server built: Apr 13 2010 20:22:19 Server's Module Magic Number: 20051115:23 Server loaded: APR 1.3.8, APR-Util 1.3.9 Compiled using: APR 1.3.8, APR-Util 1.3.9 Architecture: 64-bit Server MPM: Worker threaded: yes (fixed thread count) forked: yes (variable process count) Server compiled with.... -D APACHE_MPM_DIR="server/mpm/worker" -D APR_HAS_SENDFILE -D APR_HAS_MMAP -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) -D APR_USE_SYSVSEM_SERIALIZE -D APR_USE_PTHREAD_SERIALIZE -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT -D APR_HAS_OTHER_CHILD -D AP_HAVE_RELIABLE_PIPED_LOGS -D DYNAMIC_MODULE_LIMIT=128 -D HTTPD_ROOT="" -D SUEXEC_BIN="/usr/lib/apache2/suexec" -D DEFAULT_PIDLOG="/var/run/apache2.pid" -D DEFAULT_SCOREBOARD="logs/apache_runtime_status" -D DEFAULT_ERRORLOG="logs/error_log" -D AP_TYPES_CONFIG_FILE="/etc/apache2/mime.types" -D SERVER_CONFIG_FILE="/etc/apache2/apache2.conf" I don't administer the network, hardware, etc. - this is all running on Amazon EC2. I'm not running a load-balancer or anything else in front of the server. I'm making direct TCP connections to that host (AFAIK). Any ideas? Thanks in advance for any help.

    Read the article

  • SSL connection errors from Apache

    - by Yang
    I'm running a (self-signed) SSL cert site on Apache/2.2.14 on Ubuntu 10.04, but various browsers are giving errors on half the connection attempts. Just now saw this transient error from Chrome: "Error 126 (net::ERR_SSL_BAD_RECORD_MAC_ALERT): Unknown error." Hit refresh and the problem goes away for a while. wget too: $ wget --no-check-certificate https://dev.partyondata.com/deps/ --2010-09-08 19:30:26-- https://dev.partyondata.com/deps/ Resolving dev.partyondata.com... 184.72.53.220 Connecting to dev.partyondata.com|184.72.53.220|:443... connected. OpenSSL: error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01 OpenSSL: error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed OpenSSL: error:1408D07B:SSL routines:SSL3_GET_KEY_EXCHANGE:bad signature Unable to establish SSL connection. Run it right away again and it works: $ wget --no-check-certificate https://dev.partyondata.com/deps/ --2010-09-08 19:30:29-- https://dev.partyondata.com/deps/ Resolving dev.partyondata.com... 184.72.53.220 Connecting to dev.partyondata.com|184.72.53.220|:443... connected. WARNING: cannot verify dev.partyondata.com's certificate, issued by `/CN=dev.partyondata.com': Self-signed certificate encountered. HTTP request sent, awaiting response... 200 OK Length: 3157 (3.1K) [text/html] Saving to: `index.html' 100%[======================================>] 3,157 --.-K/s in 0s 2010-09-08 19:30:29 (48.6 MB/s) - `index.html' saved [3157/3157] In my sites-enabled/default-ssl: SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key The cert: -----BEGIN CERTIFICATE----- MIIBszCCARwCCQCa0TzNwqLgsTANBgkqhkiG9w0BAQUFADAeMRwwGgYDVQQDExNk ZXYucGFydHlvbmRhdGEuY29tMB4XDTEwMDgyNzA2MzA1N1oXDTIwMDgyNDA2MzA1 N1owHjEcMBoGA1UEAxMTZGV2LnBhcnR5b25kYXRhLmNvbTCBnzANBgkqhkiG9w0B AQEFAAOBjQAwgYkCgYEAzXDEULpCUqIc9hV/ESFapkckR2uoYINA81DvG2aQZ9Ot Q30OwX2ae2CC4bSzJEIVlahU8vjVrWpmpa28NEhQbqh4ywwbl1XDrEVYI6Gkfimf snJhOKyaVrEhlwutYtBjmsz3ZIqwymMPm/6smVcSS5dJIynlSmtltxX6ivPcO8UC AwEAATANBgkqhkiG9w0BAQUFAAOBgQBGxHVkpSSOnZjzuySRepjhAlV/yhe9Fx23 fh12WrjQMEi98B7JEuNSLXDWckUN7O6XRc3RzKmazcGHJqzhn0Ov6gAmAE2XjZ/x VW21xmaLwk+KgYKFJbJJaP3jMSpU7I3aa11wqAkR2Zd4Nkm9N0YXYIzcBdfztTVI Et8mEHBFdg== -----END CERTIFICATE----- The cert is in turn generated via: $ make-ssl-cert generate-default-snakeoil --force-overwrite Apache version. $ apache2 -V Server version: Apache/2.2.14 (Ubuntu) Server built: Apr 13 2010 20:22:19 Server's Module Magic Number: 20051115:23 Server loaded: APR 1.3.8, APR-Util 1.3.9 Compiled using: APR 1.3.8, APR-Util 1.3.9 Architecture: 64-bit Server MPM: Worker threaded: yes (fixed thread count) forked: yes (variable process count) Server compiled with.... -D APACHE_MPM_DIR="server/mpm/worker" -D APR_HAS_SENDFILE -D APR_HAS_MMAP -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) -D APR_USE_SYSVSEM_SERIALIZE -D APR_USE_PTHREAD_SERIALIZE -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT -D APR_HAS_OTHER_CHILD -D AP_HAVE_RELIABLE_PIPED_LOGS -D DYNAMIC_MODULE_LIMIT=128 -D HTTPD_ROOT="" -D SUEXEC_BIN="/usr/lib/apache2/suexec" -D DEFAULT_PIDLOG="/var/run/apache2.pid" -D DEFAULT_SCOREBOARD="logs/apache_runtime_status" -D DEFAULT_ERRORLOG="logs/error_log" -D AP_TYPES_CONFIG_FILE="/etc/apache2/mime.types" -D SERVER_CONFIG_FILE="/etc/apache2/apache2.conf" Any ideas? Thanks in advance for any help.

    Read the article

  • squid ssl bump sslv3 enforce to allow old sites

    - by Shrey
    Important: I have this question on stackoverflow but somebody told me this is more relevant place for this question. Thanks I have configured squid(3.4.2) as ssl bumped proxy. I am setting proxy in firefox(29) to use squid for https/http. Now it works for most sites, but some sites which support old SSL proto(sslv3) break, and I see squid not employing any workarounds for those like browsers do. Sites which should work: https://usc-excel.officeapps.live.com/ , https://www.mahaconnect.in As a workaround I have set sslproxy_version=3 , which enforces SSLv3 and above sites work. My question: is there a better way to do this which does not involve enforcing SSLv3 for servers supporting TLS1 or better. Now I know openssl doesn't automatically handle that. But I imagined squid would. My squid conf snipper: http_port 3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/usr/local/squid/certs/SquidCA.pem always_direct allow all ssl_bump server-first all sslcrtd_program /usr/local/squid/libexec/ssl_crtd -s /usr/local/squid/var/lib/ssl_db -M 4MB client_persistent_connections on server_persistent_connections on sslproxy_version 3 sslproxy_options ALL cache_dir aufs /usr/local/squid/var/cache/squid 100 16 256 coredump_dir /usr/local/squid/var/cache/squid strip_query_terms off httpd_suppress_version_string on via off forwarded_for transparent vary_ignore_expire on refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 UPDATE: I have tried compiling squid 3.4.5 with openssl 1.0.1h . No improvements

    Read the article

  • How to overcome Local Group Policy Editor's 1023 character limit?

    - by Louis
    I want to reorder the SSL Cipher Suite Order applied as part of KB2919355, prioritizing the forward secrecy suites above all else. Trying to do this with gpedit at Computer Configuration Administrative Templates Network SSL Configuration Settings SSL Cipher Suite Order is a problem because the new list goes over the tool's character limit. Is there anyway to overcome this limit so I don't have to keep the current priority or omit something from the list?

    Read the article

  • SSLCipherSuite - disable weak encryption, cbc cipher and md5 based algorithm

    - by John
    A developer recently ran a PCI Scan with TripWire against our LAMP server. They identified several issues and instructed the following to correct the issues: Problem: SSL Server Supports Weak Encryption for SSLv3, TLSv1, Solution: Add the following rule to httpd.conf SSLCipherSuite ALL:!aNULL:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM Problem: SSL Server Supports CBC Ciphers for SSLv3, TLSv1 Solution: Disable any cipher suites using CBC ciphers Problem: SSL Server Supports Weak MAC Algorithm for SSLv3, TLSv1 Solution: Disable any cipher suites using MD5 based MAC algorithms I tried searching google for a comprehensive tutorial on how to construct an SSLCipherSuite directive to meet my requirements, but I didn't find anything I could understand. I see examples of SSLCipherSuite directives, but I need an explanation on what each component of the directive does. So even in the directive SSLCipherSuite ALL:!aNULL:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM, I dont understand for example what the !LOW means. Can someone either a) tell me the SSLCipherSuite directive that will meet my needs or b) show me a resource that clearly explains each segment of a SSLCipherSuite is and how to construct one?

    Read the article

  • Disable all but RC4 in apache

    - by Daniel
    Our PCI compliance vendor requires that we disable all but RC4 encryption on our web server. Currently our apache config file looks like this: SSLHonorCipherOrder On SSLCipherSuite RC4-SHA:HIGH:!ADH:!AES256-SHA:!ECDHE-RSA-AES256-SHA384:!AES128-SHA:!DES-CBC:!aNull:!eNull:!LOW:!SSLv2 However, https://www.ssllabs.com reports the following ciphers are allowed: TLS_RSA_WITH_RC4_128_SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA How can I configure apache to only allow RC4?

    Read the article

  • OpenLDAP with StartTLS broken on Debian Lenny

    - by mr.zog
    I'm trying to get OpenLDAP on Lenny to work with StartTLS. I have a Fedora 13 machine which I'm using as a client for testing. So far the Fedora client is ignoring the 'host' directive in /etc/ldap.conf when I try to connect using ldapsearch. The client wants to connect to 127.0.0.1:389 even if I specify -H ldaps://server.name on when using ldapsearch. /etc/ldap.conf on the client machine is in mode 444. But even when I try connecting locally from an ssh session, I see errors like this: ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1) Someone hit me with a cluebat, plz. Update: you must use ~/.ldaprc for settings such as 'host'. Also, I just used nmap against the ldap server and it showed 636 and 389 in an open state. Here's what prints to screen when I try to connect with, ldapsearch -ZZ –x '(objectclass=*)'+ -d -1 ldap_create ldap_extended_operation_s ldap_extended_operation ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP 192.168.10.41:636 ldap_new_socket: 3 ldap_prepare_socket: 3 ldap_connect_to_host: Trying 192.168.10.41:636 ldap_pvt_connect: fd: 3 tm: -1 async: 0 ldap_open_defconn: successful ldap_send_server_request ber_scanf fmt ({it) ber: ber_dump: buf=0x9bdbdb8 ptr=0x9bdbdb8 end=0x9bdbdd7 len=31 0000: 30 1d 02 01 01 77 18 80 16 31 2e 33 2e 36 2e 31 0....w...1.3.6.1 0010: 2e 34 2e 31 2e 31 34 36 36 2e 32 30 30 33 37 .4.1.1466.20037 ber_scanf fmt ({) ber: ber_dump: buf=0x9bdbdb8 ptr=0x9bdbdbd end=0x9bdbdd7 len=26 0000: 77 18 80 16 31 2e 33 2e 36 2e 31 2e 34 2e 31 2e w...1.3.6.1.4.1. 0010: 31 34 36 36 2e 32 30 30 33 37 1466.20037 ber_flush2: 31 bytes to sd 3 0000: 30 1d 02 01 01 77 18 80 16 31 2e 33 2e 36 2e 31 0....w...1.3.6.1 0010: 2e 34 2e 31 2e 31 34 36 36 2e 32 30 30 33 37 .4.1.1466.20037 ldap_write: want=31, written=31 0000: 30 1d 02 01 01 77 18 80 16 31 2e 33 2e 36 2e 31 0....w...1.3.6.1 0010: 2e 34 2e 31 2e 31 34 36 36 2e 32 30 30 33 37 .4.1.1466.20037 ldap_result ld 0x9bd3050 msgid 1 wait4msg ld 0x9bd3050 msgid 1 (infinite timeout) wait4msg continue ld 0x9bd3050 msgid 1 all 1 ** ld 0x9bd3050 Connections: * host: 192.168.10.41 port: 636 (default) refcnt: 2 status: Connected last used: Sun Jun 6 12:54:05 2010 ** ld 0x9bd3050 Outstanding Requests: * msgid 1, origid 1, status InProgress outstanding referrals 0, parent count 0 ld 0x9bd3050 request count 1 (abandoned 0) ** ld 0x9bd3050 Response Queue: Empty ld 0x9bd3050 response count 0 ldap_chkResponseList ld 0x9bd3050 msgid 1 all 1 ldap_chkResponseList returns ld 0x9bd3050 NULL ldap_int_select read1msg: ld 0x9bd3050 msgid 1 all 1 ber_get_next ldap_read: want=8, got=0 ber_get_next failed. ldap_err2string ldap_start_tls: Can't contact LDAP server (-1)

    Read the article

  • Change authentication wifi WPA to WEP on Windows 8

    - by Kites
    I use netsh wlan set hostednetwork mode=allow ssid=Kites key=phambaoViet netsh wlan start hostednetwork To share WiFi from LAN network on laptop (Windows 8) to my other device. When I show information netsh wlan show hostednetwork the supported authentication is WPA. My device support authentication WEP only. How can I change the authentication to WEP? Infomation: Interface name: Wi-Fi Driver : Qualcomm Atheros AR9002WB-1NG Wireless Network A dapter Vendor : Qualcomm Atheros Communications Inc. Provider : Microsoft Date : 03/07/2012 Version : 3.0.0.130 INF file : C:\Windows\INF\netathrx.inf Files : 2 total C:\Windows\system32\DRIVERS\athrx.sys C:\Windows\system32\drivers\vwifibus.sys Type : Native Wi-Fi Driver Radio types supported : 802.11b 802.11g 802.11n FIPS 140-2 mode supported : Yes 802.11w Management Frame Protection supported : Yes Hosted network supported : Yes Authentication and cipher supported in infrastructure mode: Open None Open WEP-40bit Open WEP-104bit Open WEP WPA-Enterprise TKIP WPA-Personal TKIP WPA2-Enterprise TKIP WPA2-Personal TKIP Vendor defined TKIP WPA2-Enterprise Vendor defined Vendor defined Vendor defined WPA-Enterprise CCMP WPA-Personal CCMP WPA2-Enterprise CCMP Vendor defined CCMP WPA2-Enterprise Vendor defined Vendor defined Vendor defined WPA2-Personal CCMP Vendor defined Vendor defined Authentication and cipher supported in ad-hoc mode: Open None Open WEP-40bit Open WEP-104bit Open WEP WPA2-Personal CCMP Vendor defined Vendor defined

    Read the article

  • Can Subject Alternative Name accommodate multiple virtual mail domains?

    - by Lawrence
    I am currently running a postfix server with self signed certificates serving one mail domain, mycompany.com, the mail server is mail.mycompany.com and so is the CN of the certificate. Now, I need to add a new domain to it. The new domain name is mycompany.net to the same server. Since the users already have the root of the old certificate, I'd like to reuse that. However, I'd like to issue a new certificate so users using the SMTP from Outlook/Thunderbird of mail.mycompany.net do not get warnings. If I understand correctly, if I issue a new certificate with CN=mail.mycompany.com and a subjectAltName=DNS:mail.mydomain.net and have postfix serve this, the client will not complain either way about the cn not matching the target host name. Am I correct in this assumption or am I misunderstanding the concept of Subject Alternative Name? Just to avoid conversation, I do not want to have users on mycompany.net addresses use the mycompany.com server because I might (not a technical issue) have to split up into two different locations, and I want to produce an easily migrateable setup.

    Read the article

  • Windows XP Home Edition SP3 WiFi WPA2 not working

    - by karthik
    My netbook OS is Windows XP Home Edition SP3. My wireless network option shows WPA/WPA2 option when I select it, it connects to the router but no internet access. Then I changed my router settings to WEP and configured my netbook and it works fine. I want to use WPA2 security. Please could anyone help to fix this issue?

    Read the article

  • Do any well-known CAs issue Elliptic Curve certificates?

    - by erickson
    Background I've seen that Comodo has an elliptic curve root ("COMODO ECC Certification Authority"), but I don't see mention of EC certificates on their web site. Does Certicom have intellectual property rights that prevent other issuers from offering EC certificates? Does a widely-used browser fail to support ECC? Is ECC a bad fit for traditional PKI use like web server authentication? Or is there just no demand for it? I'm interested in switching to elliptic curve because of the NSA Suite B recommendation. But it doesn't seem practical for many applications. Bounty Criteria To claim the bounty, an answer must provide a link to a page or pages at a well-known CA's website that describes the ECC certificate options they offer, prices, and how to purchase one. In this context, "well-known" means that the proper root certificate must be included by default in Firefox 3.5 and IE 8. If multiple qualifying answers are provided (one can hope!), the one with the cheapest certificate from a ubiquitous CA will win the bounty. If that doesn't eliminate any ties (still hoping!), I'll have to choose an answer at my discretion. Remember, someone always claims at least half of the bounty, so please give it a shot even if you don't have all the answers.

    Read the article

  • OpenLDAP with StartTLS broken on Debian Lennny

    - by mr.zog
    I'm trying to get OpenLDAP on Lenny to work with StartTLS. I have a Fedora 13 machine which I'm using as a client for testing. So far the Fedora client is ignoring the 'host' directive in /etc/ldap.conf when I try to connect using ldapsearch. The client wants to connect to 127.0.0.1:389 even if I specify -H ldaps://server.name on when using ldapsearch. /etc/ldap.conf on the client machine is in mode 444. But even when I try connecting locally from an ssh session, I see errors like this: ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1) Someone hit me with a cluebat, plz. Update: you must use ~/.ldaprc for settings such as 'host'.

    Read the article

  • IPTables Rule for Google Apps SMTP

    - by XpresServers
    I am trying to add iptables rule to allow traffic on ports 465 & 587 to google apps smtp servers. But I got not luck. My WHMCS installation works fine with google apps when I turn off iptables but iptables turn on itself again and email stop working. Please add rules to allow traffic from port 465 and 587. Following are my IPTables rules grabbed from /etc/sysconfig/iptables # Generated by iptables-save v1.3.5 on Fri Oct 5 01:33:52 2012 *filter :INPUT ACCEPT [2191:434537] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [2390:987151] :acctboth - [0:0] -A INPUT -j acctboth -A OUTPUT -p tcp -m multiport --dports 25,465,587 -m owner --gid-owner mailman -j ACCEPT -A OUTPUT -p tcp -m multiport --dports 25,465,587 -m owner --gid-owner mail -j ACCEPT -A OUTPUT -d 127.0.0.1 -p tcp -m multiport --dports 25,465,587 -m owner --uid-owner cpanel -j ACCEPT -A OUTPUT -p tcp -m multiport --dports 25,465,587 -m owner --uid-owner root -j ACCEPT -A OUTPUT -j acctboth -A OUTPUT -o eth0 -p tcp -m tcp --sport 587 -m state --state ESTABLISHED -j ACCEPT -A OUTPUT -o eth0 -p tcp -m tcp --sport 465 -m state --state ESTABLISHED -j ACCEPT <<IN THIS SPACE RULES ARE RELATED TO SPECIFIC IPS ONLY>> -A acctboth -i ! lo COMMIT # Completed on Fri Oct 5 01:33:52 2012 # Generated by iptables-save v1.3.5 on Fri Oct 5 01:33:52 2012 *nat :PREROUTING ACCEPT [196:12398] :POSTROUTING ACCEPT [191:15070] :OUTPUT ACCEPT [190:15010] -A OUTPUT -p tcp -m multiport --dports 25,465,587 -m owner --gid-owner mailman -j RETURN -A OUTPUT -p tcp -m multiport --dports 25,465,587 -m owner --gid-owner mail -j RETURN -A OUTPUT -d 127.0.0.1 -p tcp -m multiport --dports 25,465,587 -m owner --uid-owner cpanel -j RETURN -A OUTPUT -p tcp -m multiport --dports 25,465,587 -m owner --uid-owner root -j RETURN -A OUTPUT -p tcp -m multiport --dports 25,465,587 -j REDIRECT COMMIT # Completed on Fri Oct 5 01:33:52 2012 Thanks Hassan

    Read the article

  • No WPA2 option in Windows XP SP3

    - by user34300
    I have a fresh Windows XP SP3 installation on several PCs but none of them has WPA/WPA2 option in Wireless Networks section of the connection properties regardless of wireless adapters they have (that supports WPA2). Can someone provide an advice on how to fix that?

    Read the article

  • Java fatal error, don't know what it means

    - by Thomas King
    It happens at the same place in my code (albeit not the first time the method is executed) but I can't make head or tail of what is wrong. (Doubly so as it's code for a robot). Be most appreciative if someone can give me an idea of what kind of problem it is. I assume it's to do with threading (multi-threaded app) but I don't really know what?!? Worried as deadline for uni project is looming!!! The message: # A fatal error has been detected by the Java Runtime Environment: # SIGSEGV (0xb) at pc=0xb70f0ca7, pid=5065, tid=2145643376 # JRE version: 6.0_15-b03 Java VM: Java HotSpot(TM) Server VM (14.1-b02 mixed mode linux-x86 ) Problematic frame: V [libjvm.so+0x4c9ca7] # An error report file with more information is saved as: /home/thomas/workspace/sir13/hs_err_pid5065.log # If you would like to submit a bug report, please visit: http://java.sun.com/webapps/bugreport/crash.jsp # The log: # A fatal error has been detected by the Java Runtime Environment: # SIGSEGV (0xb) at pc=0xb70f0ca7, pid=5065, tid=2145643376 # JRE version: 6.0_15-b03 Java VM: Java HotSpot(TM) Server VM (14.1-b02 mixed mode linux-x86 ) Problematic frame: V [libjvm.so+0x4c9ca7] # If you would like to submit a bug report, please visit: http://java.sun.com/webapps/bugreport/crash.jsp # --------------- T H R E A D --------------- Current thread (0x0904ec00): JavaThread "CompilerThread1" daemon [_thread_in_native, id=5078, stack(0x7fdbe000,0x7fe3f000)] siginfo:si_signo=SIGSEGV: si_errno=0, si_code=1 (SEGV_MAPERR), si_addr=0x00000004 Registers: EAX=0x00000000, EBX=0xb733d720, ECX=0x000003b4, EDX=0x00000000 ESP=0x7fe3bf30, EBP=0x7fe3bf78, ESI=0x7fe3c250, EDI=0x7e9a7790 EIP=0xb70f0ca7, CR2=0x00000004, EFLAGS=0x00010283 Top of Stack: (sp=0x7fe3bf30) 0x7fe3bf30: 00020008 7ec8de5c 7fe3c250 00000000 0x7fe3bf40: 7f610451 00001803 7e9a7790 000003f5 0x7fe3bf50: 7e920030 7f239910 7f23b349 7f23b348 0x7fe3bf60: 7f550e35 7fe3c250 0000021b b733d720 0x7fe3bf70: 000003bc 7f23db10 7fe3bfc8 b70f0997 0x7fe3bf80: 7fe3c240 7f23db10 00000000 00000002 0x7fe3bf90: 00000000 7fe3c1b0 00000000 00000000 0x7fe3bfa0: 00004000 00000020 7ec88870 00000002 Instructions: (pc=0xb70f0ca7) 0xb70f0c97: 7d 08 8b 87 c8 02 00 00 89 c7 8b 45 c4 8b 14 87 0xb70f0ca7: 8b 42 04 8b 00 85 c0 75 22 8b 4e 04 8b 52 1c 39 Stack: [0x7fdbe000,0x7fe3f000], sp=0x7fe3bf30, free space=503k Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code) V [libjvm.so+0x4c9ca7] V [libjvm.so+0x4c9997] V [libjvm.so+0x4c6e23] V [libjvm.so+0x25b75f] V [libjvm.so+0x2585df] V [libjvm.so+0x1f2c2f] V [libjvm.so+0x260ceb] V [libjvm.so+0x260609] V [libjvm.so+0x617286] V [libjvm.so+0x6108fe] V [libjvm.so+0x531c4e] C [libpthread.so.0+0x580e] Current CompileTask: C2:133 ! BehaviourLeftUnexplored.action()V (326 bytes) --------------- P R O C E S S --------------- Java Threads: ( = current thread ) 0x08fb5400 JavaThread "DestroyJavaVM" [_thread_blocked, id=5066, stack(0xb6bb0000,0xb6c01000)] 0x09213c00 JavaThread "Thread-4" [_thread_blocked, id=5085, stack(0x7eeaf000,0x7ef00000)] 0x09212c00 JavaThread "Thread-3" [_thread_in_Java, id=5084, stack(0x7f863000,0x7f8b4000)] 0x09206800 JavaThread "AWT-XAWT" daemon [_thread_in_native, id=5083, stack(0x7f8b4000,0x7f905000)] 0x091b7400 JavaThread "Java2D Disposer" daemon [_thread_blocked, id=5082, stack(0x7f93e000,0x7f98f000)] 0x09163c00 JavaThread "Thread-0" [_thread_in_native, id=5081, stack(0x7fc87000,0x7fcd8000)] 0x09050c00 JavaThread "Low Memory Detector" daemon [_thread_blocked, id=5079, stack(0x7fd6d000,0x7fdbe000)] =0x0904ec00 JavaThread "CompilerThread1" daemon [_thread_in_native, id=5078, stack(0x7fdbe000,0x7fe3f000)] 0x0904c000 JavaThread "CompilerThread0" daemon [_thread_blocked, id=5077, stack(0x7fe3f000,0x7fec0000)] 0x0904a800 JavaThread "Signal Dispatcher" daemon [_thread_blocked, id=5076, stack(0x7fec0000,0x7ff11000)] 0x09036c00 JavaThread "Finalizer" daemon [_thread_blocked, id=5075, stack(0x7ff57000,0x7ffa8000)] 0x09035400 JavaThread "Reference Handler" daemon [_thread_blocked, id=5074, stack(0x7ffa8000,0x7fff9000)] Other Threads: 0x09031400 VMThread [stack: 0x7fff9000,0x8007a000] [id=5073] 0x09052800 WatcherThread [stack: 0x7fcec000,0x7fd6d000] [id=5080] VM state:not at safepoint (normal execution) VM Mutex/Monitor currently owned by a thread: None Heap PSYoungGen total 46784K, used 32032K [0xae650000, 0xb3440000, 0xb3a50000) eden space 46720K, 68% used [0xae650000,0xb0588f48,0xb13f0000) from space 64K, 95% used [0xb3390000,0xb339f428,0xb33a0000) to space 384K, 0% used [0xb33e0000,0xb33e0000,0xb3440000) PSOldGen total 43008K, used 20872K [0x84650000, 0x87050000, 0xae650000) object space 43008K, 48% used [0x84650000,0x85ab2308,0x87050000) PSPermGen total 16384K, used 5115K [0x80650000, 0x81650000, 0x84650000) object space 16384K, 31% used [0x80650000,0x80b4ec30,0x81650000) Dynamic libraries: 08048000-08052000 r-xp 00000000 08:05 34708 /usr/lib/jvm/java-6-sun-1.6.0.15/jre/bin/java 08052000-08053000 rwxp 00009000 08:05 34708 /usr/lib/jvm/java-6-sun-1.6.0.15/jre/bin/java 08faf000-09220000 rwxp 00000000 00:00 0 [heap] 7e900000-7e9f9000 rwxp 00000000 00:00 0 7e9f9000-7ea00000 ---p 00000000 00:00 0 7ea00000-7ea41000 rwxp 00000000 00:00 0 7ea41000-7eb00000 ---p 00000000 00:00 0 7eb00000-7ebfc000 rwxp 00000000 00:00 0 7ebfc000-7ec00000 ---p 00000000 00:00 0 7ec00000-7ecf7000 rwxp 00000000 00:00 0 7ecf7000-7ed00000 ---p 00000000 00:00 0 7ed00000-7ede7000 rwxp 00000000 00:00 0 7ede7000-7ee00000 ---p 00000000 00:00 0 7eeaf000-7eeb2000 ---p 00000000 00:00 0 7eeb2000-7ef00000 rwxp 00000000 00:00 0 7ef00000-7eff9000 rwxp 00000000 00:00 0 7eff9000-7f000000 ---p 00000000 00:00 0 7f100000-7f1f6000 rwxp 00000000 00:00 0 7f1f6000-7f200000 ---p 00000000 00:00 0 7f200000-7f2fc000 rwxp 00000000 00:00 0 7f2fc000-7f300000 ---p 00000000 00:00 0 7f300000-7f4fe000 rwxp 00000000 00:00 0 7f4fe000-7f500000 ---p 00000000 00:00 0 7f500000-7f5fb000 rwxp 00000000 00:00 0 7f5fb000-7f600000 ---p 00000000 00:00 0 7f600000-7f6f9000 rwxp 00000000 00:00 0 7f6f9000-7f700000 ---p 00000000 00:00 0 7f700000-7f800000 rwxp 00000000 00:00 0 7f830000-7f836000 r-xs 00000000 08:05 241611 /var/cache/fontconfig/945677eb7aeaf62f1d50efc3fb3ec7d8-x86.cache-2 7f836000-7f838000 r-xs 00000000 08:05 241612 /var/cache/fontconfig/99e8ed0e538f840c565b6ed5dad60d56-x86.cache-2 7f838000-7f83b000 r-xs 00000000 08:05 241620 /var/cache/fontconfig/e383d7ea5fbe662a33d9b44caf393297-x86.cache-2 7f83b000-7f846000 r-xs 00000000 08:05 241600 /var/cache/fontconfig/0f34bcd4b6ee430af32735b75db7f02b-x86.cache-2 7f863000-7f866000 ---p 00000000 00:00 0 7f866000-7f8b4000 rwxp 00000000 00:00 0 7f8b4000-7f8b7000 ---p 00000000 00:00 0 7f8b7000-7f905000 rwxp 00000000 00:00 0 7f905000-7f909000 r-xp 00000000 08:05 5012 /usr/lib/libXfixes.so.3.1.0 7f909000-7f90a000 r-xp 00003000 08:05 5012 /usr/lib/libXfixes.so.3.1.0 7f90a000-7f90b000 rwxp 00004000 08:05 5012 /usr/lib/libXfixes.so.3.1.0 7f90b000-7f913000 r-xp 00000000 08:05 5032 /usr/lib/libXrender.so.1.3.0 7f913000-7f914000 r-xp 00007000 08:05 5032 /usr/lib/libXrender.so.1.3.0 7f914000-7f915000 rwxp 00008000 08:05 5032 /usr/lib/libXrender.so.1.3.0 7f915000-7f91e000 r-xp 00000000 08:05 5004 /usr/lib/libXcursor.so.1.0.2 7f91e000-7f91f000 r-xp 00008000 08:05 5004 /usr/lib/libXcursor.so.1.0.2 7f91f000-7f920000 rwxp 00009000 08:05 5004 /usr/lib/libXcursor.so.1.0.2 7f92f000-7f931000 r-xs 00000000 08:05 241622 /var/cache/fontconfig/f24b2111ab8703b4e963115a8cf14259-x86.cache-2 7f931000-7f932000 r-xs 00000000 08:05 241606 /var/cache/fontconfig/4c73fe0c47614734b17d736dbde7580a-x86.cache-2 7f932000-7f936000 r-xs 00000000 08:05 241599 /var/cache/fontconfig/062808c12e6e608270f93bb230aed730-x86.cache-2 7f936000-7f93e000 r-xs 00000000 08:05 241617 /var/cache/fontconfig/d52a8644073d54c13679302ca1180695-x86.cache-2 7f93e000-7f941000 ---p 00000000 00:00 0 7f941000-7f98f000 rwxp 00000000 00:00 0 7f98f000-7fa0e000 r-xp 00000000 08:05 34755 /usr/lib/jvm/java-6-sun-1.6.0.15/jre/lib/i386/libfontmanager.so 7fa0e000-7fa19000 rwxp 0007e000 08:05 34755 /usr/lib/jvm/java-6-sun-1.6.0.15/jre/lib/i386/libfontmanager.so 7fa19000-7fa1d000 rwxp 00000000 00:00 0 7fa1d000-7fa21000 r-xp 00000000 08:05 5008 /usr/lib/libXdmcp.so.6.0.0 7fa21000-7fa22000 rwxp 00003000 08:05 5008 /usr/lib/libXdmcp.so.6.0.0 7fa22000-7fa3e000 r-xp 00000000 08:05 6029 /usr/lib/libxcb.so.1.1.0 7fa3e000-7fa3f000 r-xp 0001c000 08:05 6029 /usr/lib/libxcb.so.1.1.0 7fa3f000-7fa40000 rwxp 0001d000 08:05 6029 /usr/lib/libxcb.so.1.1.0 7fa40000-7fa42000 r-xp 00000000 08:05 4997 /usr/lib/libXau.so.6.0.0 7fa42000-7fa43000 r-xp 00001000 08:05 4997 /usr/lib/libXau.so.6.0.0 7fa43000-7fa44000 rwxp 00002000 08:05 4997 /usr/lib/libXau.so.6.0.0 7fa44000-7fb6e000 r-xp 00000000 08:05 4991 /usr/lib/libX11.so.6.2.0 7fb6e000-7fb6f000 ---p 0012a000 08:05 4991 /usr/lib/libX11.so.6.2.0 7fb6f000-7fb70000 r-xp 0012a000 08:05 4991 /usr/lib/libX11.so.6.2.0 7fb70000-7fb72000 rwxp 0012b000 08:05 4991 /usr/lib/libX11.so.6.2.0 7fb72000-7fb73000 rwxp 00000000 00:00 0 7fb73000-7fb81000 r-xp 00000000 08:05 5010 /usr/lib/libXext.so.6.4.0 7fb81000-7fb82000 r-xp 0000d000 08:05 5010 /usr/lib/libXext.so.6.4.0 7fb82000-7fb83000 rwxp 0000e000 08:05 5010 /usr/lib/libXext.so.6.4.0 7fb83000-7fb84000 r-xs 00000000 08:05 241614 /var/cache/fontconfig/c05880de57d1f5e948fdfacc138775d9-x86.cache-2 7fb84000-7fb87000 r-xs 00000000 08:05 241613 /var/cache/fontconfig/a755afe4a08bf5b97852ceb7400b47bc-x86.cache-2 7fb87000-7fb8a000 r-xs 00000000 08:05 241608 /var/cache/fontconfig/6d41288fd70b0be22e8c3a91e032eec0-x86.cache-2 7fb8a000-7fb92000 r-xs 00000000 08:05 219560 /var/cache/fontconfig/e13b20fdb08344e0e664864cc2ede53d-x86.cache-2 7fb92000-7fbd5000 r-xp 00000000 08:05 34752 /usr/lib/jvm/java-6-sun-1.6.0.15/jre/lib/i386/xawt/libmawt.so 7fbd5000-7fbd7000 rwxp 00043000 08:05 34752 /usr/lib/jvm/java-6-sun-1.6.0.15/jre/lib/i386/xawt/libmawt.so 7fbd7000-7fbd8000 rwxp 00000000 00:00 0 7fbd8000-7fc5c000 r-xp 00000000 08:05 34750 /usr/lib/jvm/java-6-sun-1.6.0.15/jre/lib/i386/libawt.so 7fc5c000-7fc63000 rwxp 00084000 08:05 34750 /usr/lib/jvm/java-6-sun-1.6.0.15/jre/lib/i386/libawt.so 7fc63000-7fc87000 rwxp 00000000 00:00 0 7fc87000-7fc8a000 ---p 00000000 00:00 0 7fc8a000-7fcd8000 rwxp 00000000 00:00 0 7fcd8000-7fceb000 r-xp 00000000 08:05 34739 /usr/lib/jvm/java-6-sun-1.6.0.15/jre/lib/i386/libnet.so 7fceb000-7fcec000 rwxp 00013000 08:05 34739 /usr/lib/jvm/java-6-sun-1.6.0.15/jre/lib/i386/libnet.so 7fcec000-7fced000 ---p 00000000 00:00 0 7fced000-7fd6d000 rwxp 00000000 00:00 0 7fd6d000-7fd70000 ---p 00000000 00:00 0 7fd70000-7fdbe000 rwxp 00000000 00:00 0 7fdbe000-7fdc1000 ---p 00000000 00:00 0 7fdc1000-7fe3f000 rwxp 00000000 00:00 0 7fe3f000-7fe42000 ---p 00000000 00:00 0 7fe42000-7fec0000 rwxp 00000000 00:00 0 7fec0000-7fec3000 ---p 00000000 00:00 0 7fec3000-7ff11000 rwxp 00000000 00:00 0 7ff11000-7ff18000 r-xs 00000000 08:05 134616 /usr/lib/gconv/gconv-modules.cache 7ff18000-7ff57000 r-xp 00000000 08:05 136279 /usr/lib/locale/en_GB.utf8/LC_CTYPE 7ff57000-7ff5a000 ---p 00000000 00:00 0 7ff5a000-7ffa8000 rwxp 00000000 00:00 0 7ffa8000-7ffab000 ---p 00000000 00:00 0 7ffab000-7fff9000 rwxp 00000000 00:00 0 7fff9000-7fffa000 ---p 00000000 00:00 0 7fffa000-800ad000 rwxp 00000000 00:00 0 800ad000-80243000 r-xs 02fb3000 08:05 34883 /usr/lib/jvm/java-6-sun-1.6.0.15/jre/lib/rt.jar 80243000-80244000 ---p 00000000 00:00 0 80244000-802c4000 rwxp 00000000 00:00 0 802c4000-802c5000 ---p 00000000 00:00 0 802c5000-8034d000 rwxp 00000000 00:00 0 8034d000-80365000 rwxp 00000000 00:00 0 80365000-8037a000 rwxp 00000000 00:00 0 8037a000-804b5000 rwxp 00000000 00:00 0 804b5000-804bd000 rwxp 00000000 00:00 0 804bd000-804d5000 rwxp 00000000 00:00 0 804d5000-804ea000 rwxp 00000000 00:00 0 804ea000-80625000 rwxp 00000000 00:00 0 80625000-8064c000 rwxp 00000000 00:00 0 8064c000-8064f000 rwxp 00000000 00:00 0 8064f000-81650000 rwxp 00000000 00:00 0 81650000-84650000 rwxp 00000000 00:00 0 84650000-87050000 rwxp 00000000 00:00 0 87050000-ae650000 rwxp 00000000 00:00 0 ae650000-b3440000 rwxp 00000000 00:00 0 b3440000-b3a50000 rwxp 00000000 00:00 0 b3a50000-b3a52000 r-xs 00000000 08:05 241602 /var/cache/fontconfig/2c5ba8142dffc8bf0377700342b8ca1a-x86.cache-2 b3a52000-b3a5b000 r-xp 00000000 08:05 5018 /usr/lib/libXi.so.6.0.0 b3a5b000-b3a5c000 r-xp 00008000 08:05 5018 /usr/lib/libXi.so.6.0.0 b3a5c000-b3a5d000 rwxp 00009000 08:05 5018 /usr/lib/libXi.so.6.0.0 b3a5d000-b3a66000 rwxp 00000000 00:00 0 b3a66000-b3b1d000 rwxp 00000000 00:00 0 b3b1d000-b3d5d000 rwxp 00000000 00:00 0 b3d5d000-b6b1d000 rwxp 00000000 00:00 0 b6b1d000-b6b2c000 r-xp 00000000 08:05 34735 /usr/lib/jvm/java-6-sun-1.6.0.15/jre/lib/i386/libzip.so b6b2c000-b6b2e000 rwxp 0000e000 08:05 34735 /usr/lib/jvm/java-6-sun-1.6.0.15/jre/lib/i386/libzip.so b6b2e000-b6b38000 r-xp 00000000 08:05 1042 /lib/tls/i686/cmov/libnss_files-2.10.1.so b6b38000-b6b39000 r-xp 00009000 08:05 1042 /lib/tls/i686/cmov/libnss_files-2.10.1.so b6b39000-b6b3a000 rwxp 0000a000 08:05 1042 /lib/tls/i686/cmov/libnss_files-2.10.1.so b6b3a000-b6b43000 r-xp 00000000 08:05 1055 /lib/tls/i686/cmov/libnss_nis-2.10.1.so b6b43000-b6b44000 r-xp 00008000 08:05 1055 /lib/tls/i686/cmov/libnss_nis-2.10.1.so b6b44000-b6b45000 rwxp 00009000 08:05 1055 /lib/tls/i686/cmov/libnss_nis-2.10.1.so b6b45000-b6b4b000 r-xp 00000000 08:05 1028 /lib/tls/i686/cmov/libnss_compat-2.10.1.so b6b4b000-b6b4c000 r-xp 00005000 08:05 1028 /lib/tls/i686/cmov/libnss_compat-2.10.1.so b6b4c000-b6b4d000 rwxp 00006000 08:05 1028 /lib/tls/i686/cmov/libnss_compat-2.10.1.so b6b4d000-b6b54000 r-xs 00035000 08:05 304369 /home/thomas/workspace/sir13/javaclient/jars/javaclient.jar b6b54000-b6b5c000 rwxs 00000000 08:05 393570 /tmp/hsperfdata_thomas/5065 b6b5c000-b6b6f000 r-xp 00000000 08:05 1020 /lib/tls/i686/cmov/libnsl-2.10.1.so b6b6f000-b6b70000 r-xp 00012000 08:05 1020 /lib/tls/i686/cmov/libnsl-2.10.1.so b6b70000-b6b71000 rwxp 00013000 08:05 1020 /lib/tls/i686/cmov/libnsl-2.10.1.so b6b71000-b6b73000 rwxp 00000000 00:00 0 b6b73000-b6b77000 r-xp 00000000 08:05 5038 /usr/lib/libXtst.so.6.1.0 b6b77000-b6b78000 r-xp 00004000 08:05 5038 /usr/lib/libXtst.so.6.1.0 b6b78000-b6b79000 rwxp 00005000 08:05 5038 /usr/lib/libXtst.so.6.1.0 b6b79000-b6b7f000 r-xp 00000000 08:05 34723 /usr/lib/jvm/java-6-sun-1.6.0.15/jre/lib/i386/native_threads/libhpi.so b6b7f000-b6b80000 rwxp 00006000 08:05 34723 /usr/lib/jvm/java-6-sun-1.6.0.15/jre/lib/i386/native_threads/libhpi.so b6b80000-b6b81000 rwxp 00000000 00:00 0 b6b81000-b6b82000 r-xp 00000000 00:00 0 b6b82000-b6ba5000 r-xp 00000000 08:05 34733 /usr/lib/jvm/java-6-sun-1.6.0.15/jre/lib/i386/libjava.so b6ba5000-b6ba7000 rwxp 00023000 08:05 34733 /usr/lib/jvm/java-6-sun-1.6.0.15/jre/lib/i386/libjava.so b6ba7000-b6bae000 r-xp 00000000 08:05 1733 /lib/tls/i686/cmov/librt-2.10.1.so b6bae000-b6baf000 r-xp 00006000 08:05 1733 /lib/tls/i686/cmov/librt-2.10.1.so b6baf000-b6bb0000 rwxp 00007000 08:05 1733 /lib/tls/i686/cmov/librt-2.10.1.so b6bb0000-b6bb3000 ---p 00000000 00:00 0 b6bb3000-b6c01000 rwxp 00000000 00:00 0 b6c01000-b6c25000 r-xp 00000000 08:05 1016 /lib/tls/i686/cmov/libm-2.10.1.so b6c25000-b6c26000 r-xp 00023000 08:05 1016 /lib/tls/i686/cmov/libm-2.10.1.so b6c26000-b6c27000 rwxp 00024000 08:05 1016 /lib/tls/i686/cmov/libm-2.10.1.so b6c27000-b72f4000 r-xp 00000000 08:05 34724 /usr/lib/jvm/java-6-sun-1.6.0.15/jre/lib/i386/server/libjvm.so b72f4000-b7341000 rwxp 006cc000 08:05 34724 /usr/lib/jvm/java-6-sun-1.6.0.15/jre/lib/i386/server/libjvm.so b7341000-b7765000 rwxp 00000000 00:00 0 b7765000-b78a3000 r-xp 00000000 08:05 967 /lib/tls/i686/cmov/libc-2.10.1.so b78a3000-b78a4000 ---p 0013e000 08:05 967 /lib/tls/i686/cmov/libc-2.10.1.so b78a4000-b78a6000 r-xp 0013e000 08:05 967 /lib/tls/i686/cmov/libc-2.10.1.so b78a6000-b78a7000 rwxp 00140000 08:05 967 /lib/tls/i686/cmov/libc-2.10.1.so b78a7000-b78aa000 rwxp 00000000 00:00 0 b78aa000-b78ac000 r-xp 00000000 08:05 1014 /lib/tls/i686/cmov/libdl-2.10.1.so b78ac000-b78ad000 r-xp 00001000 08:05 1014 /lib/tls/i686/cmov/libdl-2.10.1.so b78ad000-b78ae000 rwxp 00002000 08:05 1014 /lib/tls/i686/cmov/libdl-2.10.1.so b78ae000-b78b5000 r-xp 00000000 08:05 34734 /usr/lib/jvm/java-6-sun-1.6.0.15/jre/lib/i386/jli/libjli.so b78b5000-b78b7000 rwxp 00006000 08:05 34734 /usr/lib/jvm/java-6-sun-1.6.0.15/jre/lib/i386/jli/libjli.so b78b7000-b78b8000 rwxp 00000000 00:00 0 b78b8000-b78cd000 r-xp 00000000 08:05 1081 /lib/tls/i686/cmov/libpthread-2.10.1.so b78cd000-b78ce000 r-xp 00014000 08:05 1081 /lib/tls/i686/cmov/libpthread-2.10.1.so b78ce000-b78cf000 rwxp 00015000 08:05 1081 /lib/tls/i686/cmov/libpthread-2.10.1.so b78cf000-b78d1000 rwxp 00000000 00:00 0 b78d1000-b78d2000 r-xs 00000000 08:05 161622 /var/cache/fontconfig/4794a0821666d79190d59a36cb4f44b5-x86.cache-2 b78d2000-b78d4000 r-xs 00000000 08:05 241610 /var/cache/fontconfig/7ef2298fde41cc6eeb7af42e48b7d293-x86.cache-2 b78d4000-b78df000 r-xp 00000000 08:05 34732 /usr/lib/jvm/java-6-sun-1.6.0.15/jre/lib/i386/libverify.so b78df000-b78e0000 rwxp 0000b000 08:05 34732 /usr/lib/jvm/java-6-sun-1.6.0.15/jre/lib/i386/libverify.so b78e0000-b78e2000 rwxp 00000000 00:00 0 b78e2000-b78e3000 r-xp 00000000 00:00 0 [vdso] b78e3000-b78fe000 r-xp 00000000 08:05 64 /lib/ld-2.10.1.so b78fe000-b78ff000 r-xp 0001a000 08:05 64 /lib/ld-2.10.1.so b78ff000-b7900000 rwxp 0001b000 08:05 64 /lib/ld-2.10.1.so bfc33000-bfc48000 rwxp 00000000 00:00 0 [stack] VM Arguments: jvm_args: -Dfile.encoding=UTF-8 java_command: Main Launcher Type: SUN_STANDARD Environment Variables: PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games USERNAME=thomas LD_LIBRARY_PATH=/usr/lib/jvm/java-6-sun-1.6.0.15/jre/lib/i386/server:/usr/lib/jvm/java-6-sun-1.6.0.15/jre/lib/i386:/usr/lib/jvm/java-6-sun-1.6.0.15/jre/../lib/i386:/usr/lib/jvm/java-6-sun-1.6.0.15/jre/lib/i386/client:/usr/lib/jvm/java-6-sun-1.6.0.15/jre/lib/i386:/usr/lib/xulrunner-addons:/usr/lib/xulrunner-addons SHELL=/bin/bash DISPLAY=:0.0 Signal Handlers: SIGSEGV: [libjvm.so+0x650690], sa_mask[0]=0x7ffbfeff, sa_flags=0x10000004 SIGBUS: [libjvm.so+0x650690], sa_mask[0]=0x7ffbfeff, sa_flags=0x10000004 SIGFPE: [libjvm.so+0x52f580], sa_mask[0]=0x7ffbfeff, sa_flags=0x10000004 SIGPIPE: [libjvm.so+0x52f580], sa_mask[0]=0x7ffbfeff, sa_flags=0x10000004 SIGXFSZ: [libjvm.so+0x52f580], sa_mask[0]=0x7ffbfeff, sa_flags=0x10000004 SIGILL: [libjvm.so+0x52f580], sa_mask[0]=0x7ffbfeff, sa_flags=0x10000004 SIGUSR1: SIG_DFL, sa_mask[0]=0x00000000, sa_flags=0x00000000 SIGUSR2: [libjvm.so+0x532170], sa_mask[0]=0x00000004, sa_flags=0x10000004 SIGHUP: [libjvm.so+0x531ea0], sa_mask[0]=0x7ffbfeff, sa_flags=0x10000004 SIGINT: [libjvm.so+0x531ea0], sa_mask[0]=0x7ffbfeff, sa_flags=0x10000004 SIGTERM: [libjvm.so+0x531ea0], sa_mask[0]=0x7ffbfeff, sa_flags=0x10000004 SIGQUIT: [libjvm.so+0x531ea0], sa_mask[0]=0x7ffbfeff, sa_flags=0x10000004 --------------- S Y S T E M --------------- OS:squeeze/sid uname:Linux 2.6.31-20-generic #57-Ubuntu SMP Mon Feb 8 09:05:19 UTC 2010 i686 libc:glibc 2.10.1 NPTL 2.10.1 rlimit: STACK 8192k, CORE 0k, NPROC infinity, NOFILE 1024, AS infinity load average:1.07 0.55 0.23 CPU:total 2 (2 cores per cpu, 1 threads per core) family 6 model 15 stepping 13, cmov, cx8, fxsr, mmx, sse, sse2, sse3, ssse3 Memory: 4k page, physical 3095836k(1519972k free), swap 1261060k(1261060k free) vm_info: Java HotSpot(TM) Server VM (14.1-b02) for linux-x86 JRE (1.6.0_15-b03), built on Jul 2 2009 15:49:13 by "java_re" with gcc 3.2.1-7a (J2SE release) time: Mon Mar 22 12:08:40 2010 elapsed time: 21 seconds

    Read the article

  • Client authentication with RubyLDAP ldap

    - by Marcelo de Moraes Serpa
    Hello all, I'm trying to implement a feature that uses LDAP over SSL (SSL, not TLS), it needs to connect to a SSL-enabled LDAP server (i.e OpenLDAP), bind and then do any additional queries. It also needs to support client-authentication, and this is where things get tricky: The client is a web application written in Ruby, and we are using RubyLDAP (so far we have used it for non-SSL ldap stuff with great success). My question is: Is there a way to load a client certificate and send its data over the wire to the LDAP server when doing a LDAP::SSLConn? I haven't found anything obvious on the API docs (http://ruby-ldap.sourceforge.net/rdoc/) nor while googling around. I know I that I can prevent the server from asking for a certificate by putting the following on slapd.conf (OpenLDAP): TLSVerifyClient never However, this is not an option here. Thanks, Marcelo.

    Read the article

  • Node.js and wss://

    - by CNelson
    I'm looking to start using javascript on the server, most likely with node.js, as well as use websockets to communicate with clients. However, there doesn't seem to be a lot of information about encrypted websocket communication using TLS and the wss:// handler. In fact the only server that I've seen explicitly support wss:// is Kaazing. This TODO is the only reference I've been able to find in the various node implementations. Am I missing something or are the websocket js servers not ready for encrypted communication yet? Another option could be using something like lighttpd or apache to proxy to a node listener, has anyone had success there?

    Read the article

  • SMTP on C: STARTTLS via OpenSSL

    - by Jackell
    Hi all! I am using openssl to build secure smtp connections to gmail.com:25. So I can successfully connect to the server and sends a command STARTTLS (I receive 220 2.0.0 Ready to start TLS). Then execute the following code without disconnecting: SSL_METHOD* method = NULL; SSL_library_init(); SSL_load_error_strings(); method = SSLv23_client_method(); ctx = SSL_CTX_new(method); if (ctx == NULL) { ERR_print_errors_fp(stderr); } SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2); ssl = SSL_new(ctx); if (!SSL_set_fd(ssl, socket)) { ERR_print_errors_fp(stderr); return; } if (ssl) { if (SSL_connect((SSL*)ssl) < 1) { ERR_print_errors_fp(stderr); } // then i think i need to send EHLO } But after calling SSL_connect I get an error: 24953:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:601: If I use SSLv3_client_method I get an error: 18143:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:284. And If TLSv1_client_method: 21293:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:284: Why? What I do wrong?

    Read the article

  • Mutt not working due to "gnutls_handshake: A TLS packet with unexpected length was received." error

    - by Vinit Kumar
    I am expecting lots of problem trying to make mutt work in Ubuntu 12.04. Here is my .muttrc : http://paste.ubuntu.com/1273585/ Here is the bug I am getting when i tried to connect. gnutls_handshake: A TLS packet with unexpected length was received. Do anyone knows a workaround to fix this error.If so please suggest it asap. Many Thanks in Advance! For debug here is the output of my mutt -v: http://paste.ubuntu.com/1273590/

    Read the article

  • error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure(35)

    - by ArunS
    Hello there, We have online shopping site. When I am going to checkout page i am getting a error like this "error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure(35)" From the apache error log i can see some attempts to connect to api.paypal.com. Here is the part of my apache error log About to connect() to api.paypal.com port 443 (#0) Trying 66.211.168.123... * connected Connected to api.paypal.com (66.211.168.123) port 443 (#0) successfully set certificate verify locations: CAfile: none CApath: /etc/ssl/certs error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure Closing connection #0 When i tried to connect to api.paypal.com using curl i am getting a error like this curl -iv https://api.paypal.com/ * About to connect() to api.paypal.com port 443 (#0) * Trying 66.211.168.91... connected * Connected to api.paypal.com (66.211.168.91) port 443 (#0) * successfully set certificate verify locations: * CAfile: none CApath: /etc/ssl/certs * SSLv3, TLS handshake, Client hello (1): * SSLv3, TLS handshake, Server hello (2): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS handshake, Request CERT (13): * SSLv3, TLS handshake, Server finished (14): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS handshake, Client key exchange (16): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSLv3, TLS alert, Server hello (2): * error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure * Closing connection #0 curl: (35) error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure Can anyone help me to figure out this. Thanks in Advance. Arun S

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >