Search Results

Search found 514 results on 21 pages for 'cipher suites'.

Page 8/21 | < Previous Page | 4 5 6 7 8 9 10 11 12 13 14 15 | Next Page >

ERROR: Linux route add command failed: external program exited with error status: 4

- by JohnMerlino

A remote machine running fedora uses openvpn, and multiple developers were successfully able to connect to it via their client openvpn. However, I am running Ubuntu 12.04 and I am having trouble connecting to the server via vpn. I copied ca.crt, home.key, and home.crt from the server to my local machine to /etc/openvpn folder. My client.conf file looks like this: ############################################## # Sample client-side OpenVPN 2.0 config file # # for connecting to multi-client server. # # # # This configuration can be used by multiple # # clients, however each client should have # # its own cert and key files. # # # # On Windows, you might want to rename this # # file so it has a .ovpn extension # ############################################## # Specify that we are a client and that we # will be pulling certain config file directives # from the server. client # Use the same setting as you are using on # the server. # On most systems, the VPN will not function # unless you partially or fully disable # the firewall for the TUN/TAP interface. ;dev tap dev tun # Windows needs the TAP-Win32 adapter name # from the Network Connections panel # if you have more than one. On XP SP2, # you may need to disable the firewall # for the TAP adapter. ;dev-node MyTap # Are we connecting to a TCP or # UDP server? Use the same setting as # on the server. ;proto tcp proto udp # The hostname/IP and port of the server. # You can have multiple remote entries # to load balance between the servers. remote xx.xxx.xx.130 1194 ;remote my-server-2 1194 # Choose a random host from the remote # list for load-balancing. Otherwise # try hosts in the order specified. ;remote-random # Keep trying indefinitely to resolve the # host name of the OpenVPN server. Very useful # on machines which are not permanently connected # to the internet such as laptops. resolv-retry infinite # Most clients don't need to bind to # a specific local port number. nobind # Downgrade privileges after initialization (non-Windows only) ;user nobody ;group nogroup # Try to preserve some state across restarts. persist-key persist-tun # If you are connecting through an # HTTP proxy to reach the actual OpenVPN # server, put the proxy server/IP and # port number here. See the man page # if your proxy server requires # authentication. ;http-proxy-retry # retry on connection failures ;http-proxy [proxy server] [proxy port #] # Wireless networks often produce a lot # of duplicate packets. Set this flag # to silence duplicate packet warnings. ;mute-replay-warnings # SSL/TLS parms. # See the server config file for more # description. It's best to use # a separate .crt/.key file pair # for each client. A single ca # file can be used for all clients. ca ca.crt cert home.crt key home.key # Verify server certificate by checking # that the certicate has the nsCertType # field set to "server". This is an # important precaution to protect against # a potential attack discussed here: # http://openvpn.net/howto.html#mitm # # To use this feature, you will need to generate # your server certificates with the nsCertType # field set to "server". The build-key-server # script in the easy-rsa folder will do this. ns-cert-type server # If a tls-auth key is used on the server # then every client must also have the key. ;tls-auth ta.key 1 # Select a cryptographic cipher. # If the cipher option is used on the server # then you must also specify it here. ;cipher x # Enable compression on the VPN link. # Don't enable this unless it is also # enabled in the server config file. comp-lzo # Set log file verbosity. verb 3 # Silence repeating messages ;mute 20 But when I start server and look in /var/log/syslog, I notice the following error: May 27 22:13:51 myuser ovpn-client[5626]: /sbin/route add -net 10.27.12.1 netmask 255.255.255.252 gw 10.27.12.37 May 27 22:13:51 myuser ovpn-client[5626]: ERROR: Linux route add command failed: external program exited with error status: 4 May 27 22:13:51 myuser ovpn-client[5626]: /sbin/route add -net 172.27.12.0 netmask 255.255.255.0 gw 10.27.12.37 May 27 22:13:51 myuser ovpn-client[5626]: /sbin/route add -net 10.27.12.1 netmask 255.255.255.255 gw 10.27.12.37 And I am unable to connect to the server via openvpn: $ ssh [email protected] ssh: connect to host xxx.xx.xx.130 port 22: No route to host What may I be doing wrong?

Read the article
encfs error while decoding the data

- by migrator

I have installed encfs and started using it to secure all my personal & office data and it was working absolutely fine until 2 hours back. The setup is like this. I have a folder in Copy folder called OfficeData which gets synchronized with my Copy folder When I login into the system I use the command encfs ~/Copy/OfficeData ~/Documents/OfficeData Once my work is over I dismount with the command fusermount -u ~/Documents/OfficeData All this data get synchronized with my desktop and with my mobile phone (as a backup) Today when I mounted, the folder got mounted by no directories and files present in that folder. I was worried and read man encfs which gave me to run the command encfs -v -f ~/Copy/OfficeData ~/Documents/OfficeData 2> encfs-OfficeData-report.txt. The below is the output of the file encfs-OfficeData-report.txt. The directory "/home/sri/Documents/OfficeData" does not exist. Should it be created? (y,n) 13:16:26 (main.cpp:523) Root directory: /home/sri/Copy/OfficeData/ 13:16:26 (main.cpp:524) Fuse arguments: (fg) (threaded) (keyCheck) encfs /home/sri/Documents/OfficeData -f -s -o use_ino -o default_permissions 13:16:26 (FileUtils.cpp:177) version = 20 13:16:26 (FileUtils.cpp:181) found new serialization format 13:16:26 (FileUtils.cpp:199) subVersion = 20100713 13:16:26 (Interface.cpp:165) checking if ssl/aes(3:0:2) implements ssl/aes(3:0:0) 13:16:26 (SSL_Cipher.cpp:370) allocated cipher ssl/aes, keySize 32, ivlength 16 13:16:26 (Interface.cpp:165) checking if ssl/aes(3:0:2) implements ssl/aes(3:0:0) 13:16:26 (SSL_Cipher.cpp:370) allocated cipher ssl/aes, keySize 32, ivlength 16 13:16:26 (FileUtils.cpp:1620) useStdin: 0 13:16:46 (Interface.cpp:165) checking if ssl/aes(3:0:2) implements ssl/aes(3:0:0) 13:16:46 (SSL_Cipher.cpp:370) allocated cipher ssl/aes, keySize 32, ivlength 16 13:16:49 (FileUtils.cpp:1628) cipher key size = 52 13:16:49 (Interface.cpp:165) checking if nameio/block(3:0:1) implements nameio/block(3:0:0) 13:16:49 (MACFileIO.cpp:75) fs block size = 1024, macBytes = 8, randBytes = 0 13:16:49 (FileNode.cpp:127) calling setIV on (null) 13:16:49 (DirNode.cpp:770) created FileNode for /home/sri/Copy/OfficeData/ 13:16:49 (encfs.cpp:134) getattr /home/sri/Copy/OfficeData/ 13:16:49 (MACFileIO.cpp:75) fs block size = 1024, macBytes = 8, randBytes = 0 13:16:49 (FileNode.cpp:127) calling setIV on (null) 13:16:49 (DirNode.cpp:770) created FileNode for /home/sri/Copy/OfficeData/ 13:16:49 (encfs.cpp:134) getattr /home/sri/Copy/OfficeData/ 13:16:49 (MACFileIO.cpp:75) fs block size = 1024, macBytes = 8, randBytes = 0 13:16:49 (FileNode.cpp:127) calling setIV on (null) 13:16:49 (DirNode.cpp:770) created FileNode for /home/sri/Copy/OfficeData/ 13:16:49 (encfs.cpp:134) getattr /home/sri/Copy/OfficeData/ 13:16:49 (MACFileIO.cpp:75) fs block size = 1024, macBytes = 8, randBytes = 0 13:16:49 (FileNode.cpp:127) calling setIV on (null) 13:16:49 (DirNode.cpp:770) created FileNode for /home/sri/Copy/OfficeData/ 13:16:49 (encfs.cpp:134) getattr /home/sri/Copy/OfficeData/ 13:16:49 (MACFileIO.cpp:75) fs block size = 1024, macBytes = 8, randBytes = 0 13:16:49 (FileNode.cpp:127) calling setIV on (null) 13:16:49 (RawFileIO.cpp:191) getAttr error on /home/sri/Copy/OfficeData/UWbT-M-UKk1JpvNfN5uvOhGn: No such file or directory 13:16:49 (CipherFileIO.cpp:105) in setIV, current IV = 0, new IV = 4188221457101129840, fileIV = 0 13:16:49 (DirNode.cpp:770) created FileNode for /home/sri/Copy/OfficeData/UWbT-M-UKk1JpvNfN5uvOhGn 13:16:49 (encfs.cpp:134) getattr /home/sri/Copy/OfficeData/UWbT-M-UKk1JpvNfN5uvOhGn 13:16:49 (RawFileIO.cpp:191) getAttr error on /home/sri/Copy/OfficeData/UWbT-M-UKk1JpvNfN5uvOhGn: No such file or directory 13:16:49 (encfs.cpp:138) getattr error: No such file or directory 13:16:49 (MACFileIO.cpp:75) fs block size = 1024, macBytes = 8, randBytes = 0 13:16:49 (FileNode.cpp:127) calling setIV on (null) 13:16:49 (RawFileIO.cpp:191) getAttr error on /home/sri/Copy/OfficeData/o94olxB3orqarqyFviHKZ,ZF: No such file or directory 13:16:49 (CipherFileIO.cpp:105) in setIV, current IV = 0, new IV = 16725694203599486310, fileIV = 0 13:16:49 (DirNode.cpp:770) created FileNode for /home/sri/Copy/OfficeData/o94olxB3orqarqyFviHKZ,ZF 13:16:49 (encfs.cpp:134) getattr /home/sri/Copy/OfficeData/o94olxB3orqarqyFviHKZ,ZF 13:16:49 (RawFileIO.cpp:191) getAttr error on /home/sri/Copy/OfficeData/o94olxB3orqarqyFviHKZ,ZF: No such file or directory 13:16:49 (encfs.cpp:138) getattr error: No such file or directory 13:16:49 (MACFileIO.cpp:75) fs block size = 1024, macBytes = 8, randBytes = 0 13:16:49 (FileNode.cpp:127) calling setIV on (null) 13:16:49 (RawFileIO.cpp:191) getAttr error on /home/sri/Copy/OfficeData/tVglci2rgp9o8qE-m9AvX6JNj1lQs-ER0OvnxfOb30Z,3,: No such file or directory 13:16:49 (CipherFileIO.cpp:105) in setIV, current IV = 0, new IV = 1354483141023495884, fileIV = 0 13:16:49 (DirNode.cpp:770) created FileNode for /home/sri/Copy/OfficeData/tVglci2rgp9o8qE-m9AvX6JNj1lQs-ER0OvnxfOb30Z,3, 13:16:49 (encfs.cpp:134) getattr /home/sri/Copy/OfficeData/tVglci2rgp9o8qE-m9AvX6JNj1lQs-ER0OvnxfOb30Z,3, 13:16:49 (RawFileIO.cpp:191) getAttr error on /home/sri/Copy/OfficeData/tVglci2rgp9o8qE-m9AvX6JNj1lQs-ER0OvnxfOb30Z,3,: No such file or directory 13:16:49 (encfs.cpp:138) getattr error: No such file or directory 13:16:49 (MACFileIO.cpp:75) fs block size = 1024, macBytes = 8, randBytes = 0 13:16:49 (FileNode.cpp:127) calling setIV on (null) 13:16:49 (RawFileIO.cpp:191) getAttr error on /home/sri/Copy/OfficeData/r1KIEqVkz-,7-6CobavHCSNn: No such file or directory 13:16:49 (CipherFileIO.cpp:105) in setIV, current IV = 0, new IV = 16720606331386655431, fileIV = 0 13:16:49 (DirNode.cpp:770) created FileNode for /home/sri/Copy/OfficeData/r1KIEqVkz-,7-6CobavHCSNn 13:16:49 (encfs.cpp:134) getattr /home/sri/Copy/OfficeData/r1KIEqVkz-,7-6CobavHCSNn 13:16:49 (RawFileIO.cpp:191) getAttr error on /home/sri/Copy/OfficeData/r1KIEqVkz-,7-6CobavHCSNn: No such file or directory 13:16:49 (encfs.cpp:138) getattr error: No such file or directory 13:16:49 (encfs.cpp:213) getdir on /home/sri/Copy/OfficeData/ 13:16:49 (BlockNameIO.cpp:185) padding, _bx, finalSize = 208, 16, -192 13:16:49 (DirNode.cpp:132) error decoding filename: eWJrLh2dRFAY-7Brbsc,mTqf 13:16:49 (DirNode.cpp:132) error decoding filename: .encfs6.xml 13:16:49 (BlockNameIO.cpp:185) padding, _bx, finalSize = 218, 16, -202 13:16:49 (DirNode.cpp:132) error decoding filename: pvph9DkZ0BMPg2vN4UcfwuNU 13:16:49 (MACFileIO.cpp:75) fs block size = 1024, macBytes = 8, randBytes = 0 13:16:49 (FileNode.cpp:127) calling setIV on (null) 13:16:49 (DirNode.cpp:770) created FileNode for /home/sri/Copy/OfficeData/ 13:16:49 (encfs.cpp:134) getattr /home/sri/Copy/OfficeData/ 13:16:49 (encfs.cpp:213) getdir on /home/sri/Copy/OfficeData/ 13:16:49 (BlockNameIO.cpp:185) padding, _bx, finalSize = 208, 16, -192 13:16:49 (DirNode.cpp:132) error decoding filename: eWJrLh2dRFAY-7Brbsc,mTqf 13:16:49 (DirNode.cpp:132) error decoding filename: .encfs6.xml 13:16:49 (BlockNameIO.cpp:185) padding, _bx, finalSize = 218, 16, -202 13:16:49 (DirNode.cpp:132) error decoding filename: pvph9DkZ0BMPg2vN4UcfwuNU 13:16:49 (MACFileIO.cpp:75) fs block size = 1024, macBytes = 8, randBytes = 0 13:16:49 (FileNode.cpp:127) calling setIV on (null) 13:16:49 (DirNode.cpp:770) created FileNode for /home/sri/Copy/OfficeData/ 13:16:49 (encfs.cpp:134) getattr /home/sri/Copy/OfficeData/ 13:16:49 (encfs.cpp:213) getdir on /home/sri/Copy/OfficeData/ 13:16:49 (BlockNameIO.cpp:185) padding, _bx, finalSize = 208, 16, -192 13:16:49 (DirNode.cpp:132) error decoding filename: eWJrLh2dRFAY-7Brbsc,mTqf 13:16:49 (DirNode.cpp:132) error decoding filename: .encfs6.xml 13:16:49 (BlockNameIO.cpp:185) padding, _bx, finalSize = 218, 16, -202 13:16:49 (DirNode.cpp:132) error decoding filename: pvph9DkZ0BMPg2vN4UcfwuNU 13:16:49 (MACFileIO.cpp:75) fs block size = 1024, macBytes = 8, randBytes = 0 13:16:49 (FileNode.cpp:127) calling setIV on (null) 13:16:49 (DirNode.cpp:770) created FileNode for /home/sri/Copy/OfficeData/ 13:16:49 (encfs.cpp:134) getattr /home/sri/Copy/OfficeData/ 13:16:49 (encfs.cpp:213) getdir on /home/sri/Copy/OfficeData/ 13:16:49 (BlockNameIO.cpp:185) padding, _bx, finalSize = 208, 16, -192 13:16:49 (DirNode.cpp:132) error decoding filename: eWJrLh2dRFAY-7Brbsc,mTqf 13:16:49 (DirNode.cpp:132) error decoding filename: .encfs6.xml 13:16:49 (BlockNameIO.cpp:185) padding, _bx, finalSize = 218, 16, -202 13:16:49 (DirNode.cpp:132) error decoding filename: pvph9DkZ0BMPg2vN4UcfwuNU 13:16:49 (MACFileIO.cpp:75) fs block size = 1024, macBytes = 8, randBytes = 0 13:16:49 (FileNode.cpp:127) calling setIV on (null) 13:16:49 (DirNode.cpp:770) created FileNode for /home/sri/Copy/OfficeData/ 13:16:49 (encfs.cpp:134) getattr /home/sri/Copy/OfficeData/ 13:16:49 (encfs.cpp:213) getdir on /home/sri/Copy/OfficeData/ 13:16:49 (BlockNameIO.cpp:185) padding, _bx, finalSize = 208, 16, -192 13:16:49 (DirNode.cpp:132) error decoding filename: eWJrLh2dRFAY-7Brbsc,mTqf 13:16:49 (DirNode.cpp:132) error decoding filename: .encfs6.xml 13:16:49 (BlockNameIO.cpp:185) padding, _bx, finalSize = 218, 16, -202 13:16:49 (DirNode.cpp:132) error decoding filename: pvph9DkZ0BMPg2vN4UcfwuNU 13:16:49 (MACFileIO.cpp:75) fs block size = 1024, macBytes = 8, randBytes = 0 13:16:49 (FileNode.cpp:127) calling setIV on (null) 13:16:49 (DirNode.cpp:770) created FileNode for /home/sri/Copy/OfficeData/ 13:16:49 (encfs.cpp:134) getattr /home/sri/Copy/OfficeData/ 13:16:49 (encfs.cpp:213) getdir on /home/sri/Copy/OfficeData/ 13:16:49 (BlockNameIO.cpp:185) padding, _bx, finalSize = 208, 16, -192 13:16:49 (DirNode.cpp:132) error decoding filename: eWJrLh2dRFAY-7Brbsc,mTqf 13:16:49 (DirNode.cpp:132) error decoding filename: .encfs6.xml 13:16:49 (BlockNameIO.cpp:185) padding, _bx, finalSize = 218, 16, -202 13:16:49 (DirNode.cpp:132) error decoding filename: pvph9DkZ0BMPg2vN4UcfwuNU 13:16:49 (MACFileIO.cpp:75) fs block size = 1024, macBytes = 8, randBytes = 0 13:16:49 (FileNode.cpp:127) calling setIV on (null) 13:16:49 (DirNode.cpp:770) created FileNode for /home/sri/Copy/OfficeData/ 13:16:49 (encfs.cpp:134) getattr /home/sri/Copy/OfficeData/ 13:16:49 (encfs.cpp:213) getdir on /home/sri/Copy/OfficeData/ 13:16:49 (BlockNameIO.cpp:185) padding, _bx, finalSize = 208, 16, -192 13:16:49 (DirNode.cpp:132) error decoding filename: eWJrLh2dRFAY-7Brbsc,mTqf 13:16:49 (DirNode.cpp:132) error decoding filename: .encfs6.xml 13:16:49 (BlockNameIO.cpp:185) padding, _bx, finalSize = 218, 16, -202 13:16:49 (DirNode.cpp:132) error decoding filename: pvph9DkZ0BMPg2vN4UcfwuNU 13:16:49 (MACFileIO.cpp:75) fs block size = 1024, macBytes = 8, randBytes = 0 13:16:49 (FileNode.cpp:127) calling setIV on (null) 13:16:49 (DirNode.cpp:770) created FileNode for /home/sri/Copy/OfficeData/ 13:16:49 (encfs.cpp:134) getattr /home/sri/Copy/OfficeData/ 13:16:49 (encfs.cpp:213) getdir on /home/sri/Copy/OfficeData/ 13:16:49 (BlockNameIO.cpp:185) padding, _bx, finalSize = 208, 16, -192 13:16:49 (DirNode.cpp:132) error decoding filename: eWJrLh2dRFAY-7Brbsc,mTqf 13:16:49 (DirNode.cpp:132) error decoding filename: .encfs6.xml 13:16:49 (BlockNameIO.cpp:185) padding, _bx, finalSize = 218, 16, -202 13:16:49 (DirNode.cpp:132) error decoding filename: pvph9DkZ0BMPg2vN4UcfwuNU 13:16:49 (MACFileIO.cpp:75) fs block size = 1024, macBytes = 8, randBytes = 0 13:16:49 (FileNode.cpp:127) calling setIV on (null) 13:16:49 (DirNode.cpp:770) created FileNode for /home/sri/Copy/OfficeData/ 13:16:49 (encfs.cpp:134) getattr /home/sri/Copy/OfficeData/ 13:16:49 (encfs.cpp:213) getdir on /home/sri/Copy/OfficeData/ 13:16:49 (BlockNameIO.cpp:185) padding, _bx, finalSize = 208, 16, -192 13:16:49 (DirNode.cpp:132) error decoding filename: eWJrLh2dRFAY-7Brbsc,mTqf 13:16:49 (DirNode.cpp:132) error decoding filename: .encfs6.xml 13:16:49 (BlockNameIO.cpp:185) padding, _bx, finalSize = 218, 16, -202 13:16:49 (DirNode.cpp:132) error decoding filename: pvph9DkZ0BMPg2vN4UcfwuNU 13:16:49 (MACFileIO.cpp:75) fs block size = 1024, macBytes = 8, randBytes = 0 13:16:49 (FileNode.cpp:127) calling setIV on (null) 13:16:49 (DirNode.cpp:770) created FileNode for /home/sri/Copy/OfficeData/ 13:16:49 (encfs.cpp:134) getattr /home/sri/Copy/OfficeData/ 13:16:49 (encfs.cpp:213) getdir on /home/sri/Copy/OfficeData/ 13:16:49 (BlockNameIO.cpp:185) padding, _bx, finalSize = 208, 16, -192 13:16:49 (DirNode.cpp:132) error decoding filename: eWJrLh2dRFAY-7Brbsc,mTqf 13:16:49 (DirNode.cpp:132) error decoding filename: .encfs6.xml 13:16:49 (BlockNameIO.cpp:185) padding, _bx, finalSize = 218, 16, -202 13:16:49 (DirNode.cpp:132) error decoding filename: pvph9DkZ0BMPg2vN4UcfwuNU 13:16:49 (MACFileIO.cpp:75) fs block size = 1024, macBytes = 8, randBytes = 0 13:16:49 (FileNode.cpp:127) calling setIV on (null) 13:16:49 (DirNode.cpp:770) created FileNode for /home/sri/Copy/OfficeData/ 13:16:49 (encfs.cpp:134) getattr /home/sri/Copy/OfficeData/ 13:16:49 (encfs.cpp:213) getdir on /home/sri/Copy/OfficeData/ 13:16:49 (BlockNameIO.cpp:185) padding, _bx, finalSize = 208, 16, -192 13:16:49 (DirNode.cpp:132) error decoding filename: eWJrLh2dRFAY-7Brbsc,mTqf 13:16:49 (DirNode.cpp:132) error decoding filename: .encfs6.xml 13:16:49 (BlockNameIO.cpp:185) padding, _bx, finalSize = 218, 16, -202 13:16:49 (DirNode.cpp:132) error decoding filename: pvph9DkZ0BMPg2vN4UcfwuNU 13:16:49 (MACFileIO.cpp:75) fs block size = 1024, macBytes = 8, randBytes = 0 13:16:49 (FileNode.cpp:127) calling setIV on (null) 13:16:49 (DirNode.cpp:770) created FileNode for /home/sri/Copy/OfficeData/ 13:16:49 (encfs.cpp:134) getattr /home/sri/Copy/OfficeData/ 13:16:49 (encfs.cpp:213) getdir on /home/sri/Copy/OfficeData/ 13:16:49 (BlockNameIO.cpp:185) padding, _bx, finalSize = 208, 16, -192 13:16:49 (DirNode.cpp:132) error decoding filename: eWJrLh2dRFAY-7Brbsc,mTqf 13:16:49 (DirNode.cpp:132) error decoding filename: .encfs6.xml 13:16:49 (BlockNameIO.cpp:185) padding, _bx, finalSize = 218, 16, -202 13:16:49 (DirNode.cpp:132) error decoding filename: pvph9DkZ0BMPg2vN4UcfwuNU 13:16:49 (MACFileIO.cpp:75) fs block size = 1024, macBytes = 8, randBytes = 0 13:16:49 (FileNode.cpp:127) calling setIV on (null) 13:16:49 (DirNode.cpp:770) created FileNode for /home/sri/Copy/OfficeData/ 13:16:49 (encfs.cpp:134) getattr /home/sri/Copy/OfficeData/ 13:16:49 (encfs.cpp:213) getdir on /home/sri/Copy/OfficeData/ 13:16:49 (BlockNameIO.cpp:185) padding, _bx, finalSize = 208, 16, -192 13:16:49 (DirNode.cpp:132) error decoding filename: eWJrLh2dRFAY-7Brbsc,mTqf 13:16:49 (DirNode.cpp:132) error decoding filename: .encfs6.xml 13:16:49 (BlockNameIO.cpp:185) padding, _bx, finalSize = 218, 16, -202 13:16:49 (DirNode.cpp:132) error decoding filename: pvph9DkZ0BMPg2vN4UcfwuNU 13:16:49 (MACFileIO.cpp:75) fs block size = 1024, macBytes = 8, randBytes = 0 13:16:49 (FileNode.cpp:127) calling setIV on (null) 13:16:49 (DirNode.cpp:770) created FileNode for /home/sri/Copy/OfficeData/ 13:16:49 (encfs.cpp:134) getattr /home/sri/Copy/OfficeData/ 13:16:49 (encfs.cpp:213) getdir on /home/sri/Copy/OfficeData/ 13:16:49 (BlockNameIO.cpp:185) padding, _bx, finalSize = 208, 16, -192 13:16:49 (DirNode.cpp:132) error decoding filename: eWJrLh2dRFAY-7Brbsc,mTqf 13:16:49 (DirNode.cpp:132) error decoding filename: .encfs6.xml 13:16:49 (BlockNameIO.cpp:185) padding, _bx, finalSize = 218, 16, -202 13:16:49 (DirNode.cpp:132) error decoding filename: pvph9DkZ0BMPg2vN4UcfwuNU 13:16:49 (MACFileIO.cpp:75) fs block size = 1024, macBytes = 8, randBytes = 0 13:16:49 (FileNode.cpp:127) calling setIV on (null) 13:16:49 (DirNode.cpp:770) created FileNode for /home/sri/Copy/OfficeData/ 13:16:49 (encfs.cpp:134) getattr /home/sri/Copy/OfficeData/ 13:16:49 (encfs.cpp:213) getdir on /home/sri/Copy/OfficeData/ 13:16:49 (BlockNameIO.cpp:185) padding, _bx, finalSize = 208, 16, -192 13:16:49 (DirNode.cpp:132) error decoding filename: eWJrLh2dRFAY-7Brbsc,mTqf 13:16:49 (DirNode.cpp:132) error decoding filename: .encfs6.xml 13:16:49 (BlockNameIO.cpp:185) padding, _bx, finalSize = 218, 16, -202 13:16:49 (DirNode.cpp:132) error decoding filename: pvph9DkZ0BMPg2vN4UcfwuNU 13:16:49 (MACFileIO.cpp:75) fs block size = 1024, macBytes = 8, randBytes = 0 13:16:49 (FileNode.cpp:127) calling setIV on (null) 13:16:49 (DirNode.cpp:770) created FileNode for /home/sri/Copy/OfficeData/ 13:16:49 (encfs.cpp:134) getattr /home/sri/Copy/OfficeData/ 13:16:49 (encfs.cpp:213) getdir on /home/sri/Copy/OfficeData/ 13:16:49 (BlockNameIO.cpp:185) padding, _bx, finalSize = 208, 16, -192 13:16:49 (DirNode.cpp:132) error decoding filename: eWJrLh2dRFAY-7Brbsc,mTqf 13:16:49 (DirNode.cpp:132) error decoding filename: .encfs6.xml 13:16:49 (BlockNameIO.cpp:185) padding, _bx, finalSize = 218, 16, -202 13:16:49 (DirNode.cpp:132) error decoding filename: pvph9DkZ0BMPg2vN4UcfwuNU 13:16:49 (MACFileIO.cpp:75) fs block size = 1024, macBytes = 8, randBytes = 0 13:16:49 (FileNode.cpp:127) calling setIV on (null) 13:16:49 (DirNode.cpp:770) created FileNode for /home/sri/Copy/OfficeData/ 13:16:49 (encfs.cpp:134) getattr /home/sri/Copy/OfficeData/ 13:16:49 (encfs.cpp:213) getdir on /home/sri/Copy/OfficeData/ 13:16:49 (BlockNameIO.cpp:185) padding, _bx, finalSize = 208, 16, -192 13:16:49 (DirNode.cpp:132) error decoding filename: eWJrLh2dRFAY-7Brbsc,mTqf 13:16:49 (DirNode.cpp:132) error decoding filename: .encfs6.xml 13:16:49 (BlockNameIO.cpp:185) padding, _bx, finalSize = 218, 16, -202 13:16:49 (DirNode.cpp:132) error decoding filename: pvph9DkZ0BMPg2vN4UcfwuNU 13:16:49 (MACFileIO.cpp:75) fs block size = 1024, macBytes = 8, randBytes = 0 13:16:49 (FileNode.cpp:127) calling setIV on (null) 13:16:49 (DirNode.cpp:770) created FileNode for /home/sri/Copy/OfficeData/ 13:16:49 (encfs.cpp:134) getattr /home/sri/Copy/OfficeData/ 13:16:49 (encfs.cpp:213) getdir on /home/sri/Copy/OfficeData/ 13:16:49 (BlockNameIO.cpp:185) padding, _bx, finalSize = 208, 16, -192 13:16:49 (DirNode.cpp:132) error decoding filename: eWJrLh2dRFAY-7Brbsc,mTqf 13:16:49 (DirNode.cpp:132) error decoding filename: .encfs6.xml 13:16:49 (BlockNameIO.cpp:185) padding, _bx, finalSize = 218, 16, -202 13:16:49 (DirNode.cpp:132) error decoding filename: pvph9DkZ0BMPg2vN4UcfwuNU 13:16:49 (MACFileIO.cpp:75) fs block size = 1024, macBytes = 8, randBytes = 0 13:16:49 (FileNode.cpp:127) calling setIV on (null) 13:16:49 (DirNode.cpp:770) created FileNode for /home/sri/Copy/OfficeData/ 13:16:49 (encfs.cpp:134) getattr /home/sri/Copy/OfficeData/ 13:16:49 (encfs.cpp:213) getdir on /home/sri/Copy/OfficeData/ 13:16:49 (BlockNameIO.cpp:185) padding, _bx, finalSize = 208, 16, -192 13:16:49 (DirNode.cpp:132) error decoding filename: eWJrLh2dRFAY-7Brbsc,mTqf 13:16:49 (DirNode.cpp:132) error decoding filename: .encfs6.xml 13:16:49 (BlockNameIO.cpp:185) padding, _bx, finalSize = 218, 16, -202 13:16:49 (DirNode.cpp:132) error decoding filename: pvph9DkZ0BMPg2vN4UcfwuNU 13:16:49 (MACFileIO.cpp:75) fs block size = 1024, macBytes = 8, randBytes = 0 13:16:49 (FileNode.cpp:127) calling setIV on (null) 13:16:49 (DirNode.cpp:770) created FileNode for /home/sri/Copy/OfficeData/ 13:16:49 (encfs.cpp:134) getattr /home/sri/Copy/OfficeData/ 13:16:49 (encfs.cpp:213) getdir on /home/sri/Copy/OfficeData/ 13:16:49 (BlockNameIO.cpp:185) padding, _bx, finalSize = 208, 16, -192 13:16:49 (DirNode.cpp:132) error decoding filename: eWJrLh2dRFAY-7Brbsc,mTqf 13:16:49 (DirNode.cpp:132) error decoding filename: .encfs6.xml 13:16:49 (BlockNameIO.cpp:185) padding, _bx, finalSize = 218, 16, -202 13:16:49 (DirNode.cpp:132) error decoding filename: pvph9DkZ0BMPg2vN4UcfwuNU 13:16:49 (MACFileIO.cpp:75) fs block size = 1024, macBytes = 8, randBytes = 0 13:16:49 (FileNode.cpp:127) calling setIV on (null) 13:16:49 (DirNode.cpp:770) created FileNode for /home/sri/Copy/OfficeData/ 13:16:49 (encfs.cpp:134) getattr /home/sri/Copy/OfficeData/ 13:16:49 (MACFileIO.cpp:75) fs block size = 1024, macBytes = 8, randBytes = 0 13:16:49 (FileNode.cpp:127) calling setIV on (null) 13:16:49 (DirNode.cpp:770) created FileNode for /home/sri/Copy/OfficeData/ 13:16:49 (encfs.cpp:134) getattr /home/sri/Copy/OfficeData/ 13:16:49 (encfs.cpp:213) getdir on /home/sri/Copy/OfficeData/ 13:16:49 (BlockNameIO.cpp:185) padding, _bx, finalSize = 208, 16, -192 13:16:49 (DirNode.cpp:132) error decoding filename: eWJrLh2dRFAY-7Brbsc,mTqf 13:16:49 (DirNode.cpp:132) error decoding filename: .encfs6.xml 13:16:49 (BlockNameIO.cpp:185) padding, _bx, finalSize = 218, 16, -202 13:16:49 (DirNode.cpp:132) error decoding filename: pvph9DkZ0BMPg2vN4UcfwuNU 13:16:49 (MACFileIO.cpp:75) fs block size = 1024, macBytes = 8, randBytes = 0 13:16:49 (FileNode.cpp:127) calling setIV on (null) 13:16:49 (DirNode.cpp:770) created FileNode for /home/sri/Copy/OfficeData/ 13:16:49 (encfs.cpp:134) getattr /home/sri/Copy/OfficeData/ 13:16:49 (MACFileIO.cpp:75) fs block size = 1024, macBytes = 8, randBytes = 0 13:16:49 (FileNode.cpp:127) calling setIV on (null) 13:16:49 (RawFileIO.cpp:191) getAttr error on /home/sri/Copy/OfficeData/r1KIEqVkz-,7-6CobavHCSNn: No such file or directory 13:16:49 (CipherFileIO.cpp:105) in setIV, current IV = 0, new IV = 16720606331386655431, fileIV = 0 13:16:49 (DirNode.cpp:770) created FileNode for /home/sri/Copy/OfficeData/r1KIEqVkz-,7-6CobavHCSNn 13:16:49 (encfs.cpp:134) getattr /home/sri/Copy/OfficeData/r1KIEqVkz-,7-6CobavHCSNn 13:16:49 (RawFileIO.cpp:191) getAttr error on /home/sri/Copy/OfficeData/r1KIEqVkz-,7-6CobavHCSNn: No such file or directory 13:16:49 (encfs.cpp:138) getattr error: No such file or directory 13:19:31 (MACFileIO.cpp:75) fs block size = 1024, macBytes = 8, randBytes = 0 13:19:31 (FileNode.cpp:127) calling setIV on (null) 13:19:31 (DirNode.cpp:770) created FileNode for /home/sri/Copy/OfficeData/ 13:19:31 (encfs.cpp:134) getattr /home/sri/Copy/OfficeData/ 13:19:31 (encfs.cpp:685) doing statfs of /home/sri/Copy/OfficeData 13:19:32 (MACFileIO.cpp:75) fs block size = 1024, macBytes = 8, randBytes = 0 13:19:32 (FileNode.cpp:127) calling setIV on (null) 13:19:32 (RawFileIO.cpp:191) getAttr error on /home/sri/Copy/OfficeData/LuT8R,DlpRnNH9b,fjWiKHKc: No such file or directory 13:19:32 (CipherFileIO.cpp:105) in setIV, current IV = 0, new IV = 13735228085838055696, fileIV = 0 13:19:32 (DirNode.cpp:770) created FileNode for /home/sri/Copy/OfficeData/LuT8R,DlpRnNH9b,fjWiKHKc 13:19:32 (encfs.cpp:134) getattr /home/sri/Copy/OfficeData/LuT8R,DlpRnNH9b,fjWiKHKc 13:19:32 (RawFileIO.cpp:191) getAttr error on /home/sri/Copy/OfficeData/LuT8R,DlpRnNH9b,fjWiKHKc: No such file or directory 13:19:32 (encfs.cpp:138) getattr error: No such file or directory 13:19:32 (encfs.cpp:685) doing statfs of /home/sri/Copy/OfficeData 13:19:32 (MACFileIO.cpp:75) fs block size = 1024, macBytes = 8, randBytes = 0 13:19:32 (FileNode.cpp:127) calling setIV on (null) 13:19:32 (RawFileIO.cpp:191) getAttr error on /home/sri/Copy/OfficeData/UWbT-M-UKk1JpvNfN5uvOhGn: No such file or directory 13:19:32 (CipherFileIO.cpp:105) in setIV, current IV = 0, new IV = 4188221457101129840, fileIV = 0 13:19:32 (DirNode.cpp:770) created FileNode for /home/sri/Copy/OfficeData/UWbT-M-UKk1JpvNfN5uvOhGn 13:19:32 (encfs.cpp:134) getattr /home/sri/Copy/OfficeData/UWbT-M-UKk1JpvNfN5uvOhGn 13:19:32 (RawFileIO.cpp:191) getAttr error on /home/sri/Copy/OfficeData/UWbT-M-UKk1JpvNfN5uvOhGn: No such file or directory 13:19:32 (encfs.cpp:138) getattr error: No such file or directory 13:19:32 (MACFileIO.cpp:75) fs block size = 1024, macBytes = 8, randBytes = 0 13:19:32 (FileNode.cpp:127) calling setIV on (null) 13:19:32 (RawFileIO.cpp:191) getAttr error on /home/sri/Copy/OfficeData/o94olxB3orqarqyFviHKZ,ZF: No such file or directory 13:19:32 (CipherFileIO.cpp:105) in setIV, current IV = 0, new IV = 16725694203599486310, fileIV = 0 13:19:32 (DirNode.cpp:770) created FileNode for /home/sri/Copy/OfficeData/o94olxB3orqarqyFviHKZ,ZF 13:19:32 (encfs.cpp:134) getattr /home/sri/Copy/OfficeData/o94olxB3orqarqyFviHKZ,ZF 13:19:32 (RawFileIO.cpp:191) getAttr error on /home/sri/Copy/OfficeData/o94olxB3orqarqyFviHKZ,ZF: No such file or directory 13:19:32 (encfs.cpp:138) getattr error: No such file or directory 13:19:32 (encfs.cpp:213) getdir on /home/sri/Copy/OfficeData/ 13:19:32 (BlockNameIO.cpp:185) padding, _bx, finalSize = 208, 16, -192 13:19:32 (DirNode.cpp:132) error decoding filename: eWJrLh2dRFAY-7Brbsc,mTqf 13:19:32 (DirNode.cpp:132) error decoding filename: .encfs6.xml 13:19:32 (BlockNameIO.cpp:185) padding, _bx, finalSize = 218, 16, -202 13:19:32 (DirNode.cpp:132) error decoding filename: pvph9DkZ0BMPg2vN4UcfwuNU 13:24:10 (openssl.cpp:48) Allocating 41 locks for OpenSSL Please help me Thanks in advance.

Read the article
Bluehost internal server error

- by Aditya

Hello everyone, When i am creating the setup of my rails application on bluehost,it throw following error:- Internal Server Error The server encountered an internal error or misconfiguration and was unable to complete your request. Please contact the server administrator, [email protected] and inform them of the time the error occurred, and anything you might have done that may have caused the error. More information about this error may be available in the server error log. Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request. Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8l DAV/2 mod_auth_passthrough/2.1 FrontPage/5.0.2.2635 Server at team.cipher-tech.com Port 80 Please help me.It's urgent. Thanks in advance..

Read the article
Creating a provider. I receive this exception java.lang.SecurityException

- by user308806

Hello, I'm trying to create a provider. when I run the code i receive this exception Exception in thread "main" java.lang.SecurityException: JCE cannot authenticate the provider MyProvider at javax.crypto.Cipher.getInstance(DashoA13*..) at javax.crypto.Cipher.getInstance(DashoA13*..) at hellman.Main.main(Main.java:68) Caused by: java.util.jar.JarException: Cannot parse file:/C:/Documents%20and%20Settings/brahim%20%20chami/Bureau/Project%233/hellman/build/classes/ at javax.crypto.SunJCE_c.a(DashoA13*..) at javax.crypto.SunJCE_b.b(DashoA13*..) at javax.crypto.SunJCE_b.a(DashoA13*..) ... 3 more Java Result: 1

Read the article
SSL Authentication with Certificates: Should the Certificates have a hostname?

- by sixtyfootersdude

Summary JBoss allows clients and servers to authenticate using certificates and ssl. One thing that seems strange is that you are not required to give your hostname on the certificate. I think that this means if Server B is in your truststore, Sever B can pretend to be any server that they want. (And likewise: if Client B is in your truststore...) Am I missing something here? Authentication Steps (Summary of Wikipeida Page) Client Server ================================================================================================= 1) Client sends Client Hello ENCRIPTION: None - highest TLS protocol supported - random number - list of cipher suites - compression methods 2) Sever Hello ENCRIPTION: None - highest TLS protocol supported - random number - choosen cipher suite - choosen compression method 3) Certificate Message ENCRIPTION: None - 4) ServerHelloDone ENCRIPTION: None 5) Certificate Message ENCRIPTION: None 6) ClientKeyExchange Message ENCRIPTION: server's public key => only server can read => if sever can read this he must own the certificate - may contain a PreMasterSecerate, public key or nothing (depends on cipher) 7) CertificateVerify Message ENCRIPTION: clients private key - purpose is to prove to the server that client owns the cert 8) BOTH CLIENT AND SERVER: - use random numbers and PreMasterSecret to compute a common secerate 9) Finished message - contains a has and MAC over previous handshakes (to ensure that those unincripted messages did not get broken) 10) Finished message - samething Sever Knows The client has the public key for the sent certificate (step 7) The client's certificate is valid because either: it has been signed by a CA (verisign) it has been self-signed BUT it is in the server's truststore It is not a replay attack because presumably the random number (step 1 or 2) is sent with each message Client Knows The server has the public key for the sent certificate (step 6 with step 8) The server's certificate is valid because either: it has been signed by a CA (verisign) it has been self-signed BUT it is in the client's truststore It is not a replay attack because presumably the random number (step 1 or 2) is sent with each message Potential Problem Suppose the client's truststore has certs in it: Server A Server B (malicous) Server A has hostname www.A.com Server B has hostname www.B.com Suppose: The client tries to connect to Server A but Server B launches a man in the middle attack. Since server B: has a public key for the certificate that will be sent to the client has a "valid certificate" (a cert in the truststore) And since: certificates do not have a hostname feild in them It seems like Server B can pretend to be Server A easily. Is there something that I am missing?

Read the article
Opinions sought on the best way to organise classes in PHP

- by jax

I am pretty much set on using the Java package naming convention of com.website.app.whatever but am unsure about the best way of doing this in PHP. Option 1: Create a directory structure com/ mysite/ myapp/ encryption/ PublicKeyGenerator.class.php Cipher.class.php Xml/ XmlHelper.class.php XmlResponse.class.php Now this is how Java does it, it uses the folders to organize the heirarchy. This is however a little clumsy in PHP because there is no native support for it and when you move things around you break all includes. Option 2 Name classes using a periods for the package, therefore sames are just like in Java but can all be in the same directory making __autoload a breeze. classes/ com.mysite.myapp.encription.PublicKeyGenerator.class.php com.mysite.myapp.encription.Cipher.class.php com.mysite.myapp.xml.XmlHelper.class.php com.mysite.myapp.xml.XmlResponse.class.php The only real disadvantage here is that all the classes are in a single folder which might be confusing for large projects. Opinions sought, which is the best or are there other even better options?

Read the article
TLS (STARTTLS) Failure After 10.6 Upgrade to Open Directory Master

- by Thomas Kishel

Hello, Environment: Mac OS X 10.6.3 install/import of a MacOS X 10.5.8 Open Directory Master server. After that upgrade, LDAP+TLS fails on our MacOS X 10.5, 10.6, CentOS, Debian, and FreeBSD clients (Apache2 and PAM). Testing using ldapsearch: ldapsearch -ZZ -H ldap://gnome.darkhorse.com -v -x -b "dc=darkhorse,dc=com" '(uid=donaldr)' uid ... fails with: ldap_start_tls: Protocol error (2) Testing adding "-d 9" fails with: res_errno: 2, res_error: <unsupported extended operation>, res_matched: <> Testing without requiring STARTTLS or with LDAPS: ldapsearch -H ldap://gnome.darkhorse.com -v -x -b "dc=darkhorse,dc=com" '(uid=donaldr)' uid ldapsearch -H ldaps://gnome.darkhorse.com -v -x -b "dc=darkhorse,dc=com" '(uid=donaldr)' uid ... succeeds with: # donaldr, users, darkhorse.com dn: uid=donaldr,cn=users,dc=darkhorse,dc=com uid: donaldr # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 result: 0 Success (We are specifying "TLS_REQCERT never" in /etc/openldap/ldap.conf) Testing with openssl: openssl s_client -connect gnome.darkhorse.com:636 -showcerts -state ... succeeds: CONNECTED(00000003) SSL_connect:before/connect initialization SSL_connect:SSLv2/v3 write client hello A SSL_connect:SSLv3 read server hello A depth=1 /C=US/ST=Oregon/L=Milwaukie/O=Dark Horse Comics, Inc./OU=Dark Horse Network/CN=DHC MIS Department verify error:num=19:self signed certificate in certificate chain verify return:0 SSL_connect:SSLv3 read server certificate A SSL_connect:SSLv3 read server done A SSL_connect:SSLv3 write client key exchange A SSL_connect:SSLv3 write change cipher spec A SSL_connect:SSLv3 write finished A SSL_connect:SSLv3 flush data SSL_connect:SSLv3 read finished A --- Certificate chain 0 s:/C=US/ST=Oregon/L=Milwaukie/O=Dark Horse Comics, Inc./OU=MIS/CN=gnome.darkhorse.com i:/C=US/ST=Oregon/L=Milwaukie/O=Dark Horse Comics, Inc./OU=Dark Horse Network/CN=DHC MIS Department 1 s:/C=US/ST=Oregon/L=Milwaukie/O=Dark Horse Comics, Inc./OU=Dark Horse Network/CN=DHC MIS Department i:/C=US/ST=Oregon/L=Milwaukie/O=Dark Horse Comics, Inc./OU=Dark Horse Network/CN=DHC MIS Department --- Server certificate -----BEGIN CERTIFICATE----- <deleted for brevity> -----END CERTIFICATE----- subject=/C=US/ST=Oregon/L=Milwaukie/O=Dark Horse Comics, Inc./OU=MIS/CN=gnome.darkhorse.com issuer=/C=US/ST=Oregon/L=Milwaukie/O=Dark Horse Comics, Inc./OU=Dark Horse Network/CN=DHC MIS Department --- No client certificate CA names sent --- SSL handshake has read 2640 bytes and written 325 bytes --- New, TLSv1/SSLv3, Cipher is AES256-SHA Server public key is 1024 bit Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : AES256-SHA Session-ID: D3F9536D3C64BAAB9424193F81F09D5C53B7D8E7CB5A9000C58E43285D983851 Session-ID-ctx: Master-Key: E224CC065924DDA6FABB89DBCC3E6BF89BEF6C0BD6E5D0B3C79E7DE927D6E97BF12219053BA2BB5B96EA2F6A44E934D3 Key-Arg : None Start Time: 1271202435 Timeout : 300 (sec) Verify return code: 0 (ok) So we believe that the slapd daemon is reading our certificate and writing it to LDAP clients. Apple Server Admin adds ProgramArguments ("-h ldaps:///") to /System/Library/LaunchDaemons/org.openldap.slapd.plist and TLSCertificateFile, TLSCertificateKeyFile, TLSCACertificateFile, and TLSCertificatePassphraseTool to /etc/openldap/slapd_macosxserver.conf when enabling SSL in the LDAP section of the Open Directory service. While that appears enough for LDAPS, it appears that this is not enough for TLS. Comparing our 10.6 and 10.5 slapd.conf and slapd_macosxserver.conf configuration files yields no clues. Replacing our certificate (generated with a self-signed ca) with an Apple Server Admin generated self signed certificate results in no change in ldapsearch results. Setting -d to 256 in /System/Library/LaunchDaemons/org.openldap.slapd.plist logs: 4/13/10 5:23:35 PM org.openldap.slapd[82162] conn=384 op=0 EXT oid=1.3.6.1.4.1.1466.20037 4/13/10 5:23:35 PM org.openldap.slapd[82162] conn=384 op=0 do_extended: unsupported operation "1.3.6.1.4.1.1466.20037" 4/13/10 5:23:35 PM org.openldap.slapd[82162] conn=384 op=0 RESULT tag=120 err=2 text=unsupported extended operation Any debugging advice much appreciated. -- Tom Kishel

Read the article
Postfix - Gmail - Mountain Lion // can't send mail

- by miako

I have read most of the tutorials found on google but still can't make it work. I run the command : date | mail -s "Test" [email protected] . The log is this : Oct 22 11:38:00 XXX.local postfix/master[288]: daemon started -- version 2.9.2, configuration /etc/postfix Oct 22 11:38:00 XXX.local postfix/pickup[289]: 9D85418A031: uid=501 from=<me> Oct 22 11:38:00 XXX.local postfix/cleanup[291]: 9D85418A031: message-id=<[email protected]> Oct 22 11:38:00 XXX.local postfix/qmgr[290]: 9D85418A031: from=<[email protected]>, size=327, nrcpt=1 (queue active) Oct 22 11:38:00 XXX.local postfix/smtp[293]: initializing the client-side TLS engine Oct 22 11:38:02 XXX.local postfix/smtp[293]: setting up TLS connection to smtp.gmail.com[173.194.70.109]:587 Oct 22 11:38:02 XXX.local postfix/smtp[293]: smtp.gmail.com[173.194.70.109]:587: TLS cipher list "ALL:!EXPORT:!LOW:+RC4:@STRENGTH:!eNULL" Oct 22 11:38:02 XXX.local postfix/smtp[293]: SSL_connect:before/connect initialization Oct 22 11:38:02 XXX.local postfix/smtp[293]: SSL_connect:SSLv2/v3 write client hello A Oct 22 11:38:03 XXX.local postfix/smtp[293]: SSL_connect:SSLv3 read server hello A Oct 22 11:38:03 XXX.local postfix/smtp[293]: smtp.gmail.com[173.194.70.109]:587: certificate verification depth=2 verify=0 subject=/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA Oct 22 11:38:03 --- last message repeated 1 time --- Oct 22 11:38:03 XXX.local postfix/smtp[293]: smtp.gmail.com[173.194.70.109]:587: certificate verification depth=1 verify=1 subject=/C=US/O=Google Inc/CN=Google Internet Authority G2 Oct 22 11:38:03 XXX.local postfix/smtp[293]: smtp.gmail.com[173.194.70.109]:587: certificate verification depth=0 verify=1 subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com Oct 22 11:38:03 XXX.local postfix/smtp[293]: SSL_connect:SSLv3 read server certificate A Oct 22 11:38:03 XXX.local postfix/smtp[293]: SSL_connect:SSLv3 read server done A Oct 22 11:38:03 XXX.local postfix/smtp[293]: SSL_connect:SSLv3 write client key exchange A Oct 22 11:38:03 XXX.local postfix/smtp[293]: SSL_connect:SSLv3 write change cipher spec A Oct 22 11:38:03 XXX.local postfix/smtp[293]: SSL_connect:SSLv3 write finished A Oct 22 11:38:03 XXX.local postfix/smtp[293]: SSL_connect:SSLv3 flush data Oct 22 11:38:03 XXX.local postfix/smtp[293]: SSL_connect:SSLv3 read server session ticket A Oct 22 11:38:03 XXX.local postfix/smtp[293]: SSL_connect:SSLv3 read finished A Oct 22 11:38:03 XXX.local postfix/smtp[293]: smtp.gmail.com[173.194.70.109]:587: subject_CN=smtp.gmail.com, issuer_CN=Google Internet Authority G2, fingerprint E4:CA:10:85:C3:53:00:E6:A1:D2:AC:C4:35:E4:A2:10, pkey_fingerprint=D6:06:2E:15:AF:DF:E9:50:A5:B4:E2:E4:C5:2E:F9:BA Oct 22 11:38:03 XXX.local postfix/smtp[293]: Untrusted TLS connection established to smtp.gmail.com[173.194.70.109]:587: TLSv1 with cipher RC4-SHA (128/128 bits) Oct 22 11:38:03 XXX.local postfix/smtp[293]: 9D85418A031: to=<[email protected]>, relay=smtp.gmail.com[173.194.70.109]:587, delay=3.4, delays=0.26/0.13/2.8/0.26, dsn=5.5.1, status=bounced (host smtp.gmail.com[173.194.70.109] said: 530-5.5.1 Authentication Required. Learn more at 530 5.5.1 http://support.google.com/mail/bin/answer.py?answer=14257 s3sm54097220eeo.3 - gsmtp (in reply to MAIL FROM command)) Oct 22 11:38:04 XXX.local postfix/cleanup[291]: D4D2F18A03C: message-id=<[email protected]> Oct 22 11:38:04 XXX.local postfix/qmgr[290]: D4D2F18A03C: from=<>, size=2382, nrcpt=1 (queue active) Oct 22 11:38:04 XXX.local postfix/bounce[297]: 9D85418A031: sender non-delivery notification: D4D2F18A03C Oct 22 11:38:04 XXX.local postfix/qmgr[290]: 9D85418A031: removed Oct 22 11:38:04 XXX.local postfix/local[298]: D4D2F18A03C: to=<[email protected]>, relay=local, delay=0.11, delays=0/0.08/0/0.02, dsn=2.0.0, status=sent (delivered to mailbox) Oct 22 11:38:04 XXX.local postfix/qmgr[290]: D4D2F18A03C: removed Oct 22 11:39:00 XXX.local postfix/master[288]: master exit time has arrived I am really confused as i have never setup MTA again an i need it for local web development. I don't use XAMPP. I use the built in Servers. Can anyone guide me?

Read the article
Openvpn issue with linux

- by catsy

So I've tried to setup openvpn, I followed some guide but it's stuck att "initialization sequence completed" with no connection and I can't find any working solution... here's the log: $Sun Sep 23 19:14:32 2012 OpenVPN 2.1.0 i486-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [MH] [PF_INET6] [eurephia] built on Jul 20 2010 Enter Auth Username:pumpedup Enter Auth Password: Sun Sep 23 19:14:37 2012 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Sun Sep 23 19:14:37 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables Sun Sep 23 19:14:37 2012 LZO compression initialized Sun Sep 23 19:14:37 2012 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ] Sun Sep 23 19:14:38 2012 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ] Sun Sep 23 19:14:38 2012 Local Options hash (VER=V4): '41690919' Sun Sep 23 19:14:38 2012 Expected Remote Options hash (VER=V4): '530fdded' Sun Sep 23 19:14:38 2012 Socket Buffers: R=[163840-131072] S=[163840-131072] Sun Sep 23 19:14:38 2012 UDPv4 link local: [undef] Sun Sep 23 19:14:38 2012 UDPv4 link remote: [AF_INET]192.162.102.162:1194 Sun Sep 23 19:14:38 2012 TLS: Initial packet from [AF_INET]192.162.102.162:1194, sid=87a95723 a6d7b7f9 Sun Sep 23 19:14:38 2012 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Sun Sep 23 19:14:38 2012 VERIFY OK: depth=1, /C=NV/ST=NV/L=nVPN/O=nVpn/CN=nVpn_CA/[email protected] Sun Sep 23 19:14:38 2012 VERIFY OK: depth=0, /C=NV/ST=NV/L=nVPN/O=nVpn/CN=server/[email protected] Sun Sep 23 19:14:39 2012 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1542', remote='link-mtu 6042' Sun Sep 23 19:14:39 2012 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1500', remote='tun-mtu 6000' Sun Sep 23 19:14:39 2012 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Sun Sep 23 19:14:39 2012 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Sun Sep 23 19:14:39 2012 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Sun Sep 23 19:14:39 2012 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Sun Sep 23 19:14:39 2012 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA Sun Sep 23 19:14:39 2012 [server] Peer Connection Initiated with [AF_INET]192.162.102.162:1194 Sun Sep 23 19:14:41 2012 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) Sun Sep 23 19:14:41 2012 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.8.8,route 10.102.162.1,topology net30,ping 10,ping-restart 120,ifconfig 10.102.162.6 10.102.162.5' Sun Sep 23 19:14:41 2012 OPTIONS IMPORT: timers and/or timeouts modified Sun Sep 23 19:14:41 2012 OPTIONS IMPORT: --ifconfig/up options modified Sun Sep 23 19:14:41 2012 OPTIONS IMPORT: route options modified Sun Sep 23 19:14:41 2012 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified Sun Sep 23 19:14:41 2012 ROUTE default_gateway=10.0.2.2 Sun Sep 23 19:14:41 2012 TUN/TAP device tun0 opened Sun Sep 23 19:14:41 2012 TUN/TAP TX queue length set to 100 Sun Sep 23 19:14:41 2012 /sbin/ifconfig tun0 10.102.162.6 pointopoint 10.102.162.5 mtu 1500 Sun Sep 23 19:14:41 2012 /sbin/route add -net 192.162.102.162 netmask 255.255.255.255 gw 10.0.2.2 Sun Sep 23 19:14:41 2012 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.102.162.5 Sun Sep 23 19:14:41 2012 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.102.162.5 Sun Sep 23 19:14:41 2012 /sbin/route add -net 10.102.162.1 netmask 255.255.255.255 gw 10.102.162.5 Sun Sep 23 19:14:41 2012 Initialization Sequence Completed

Read the article
Configuring Oracle iPlanet WebServer / Oracle Traffic Director to use crypto accelerators on T4-1 servers

- by mv

Configuring Oracle iPlanet Web Server / Oracle Traffic Director to use crypto accelerators on T4-1 servers Jyri had written a technical article on Configuring Solaris Cryptographic Framework and Sun Java System Web Server 7 on Systems With UltraSPARC T1 Processors. I tried to find out what has changed since then in T4. I have used a T4-1 SPARC system with Solaris 10. Results slightly vary for Solaris 11. For Solaris 11, the T4 optimization was implemented in libsoftcrypto.so while it was in pkcs11_softtoken_extra.so for Solaris 10. Overview of T4 processors is here in this blog. Many thanx to Chi-Chang Lin and Julien for their help. 1. Install Oracle iPlanet Web Server / Oracle Traffic Director. Go to instance/config directory. # cd /opt/oracle/webserver7/https-hostname.fqdn/config 2. List default PKCS#11 Modules # ../../bin/modutil -dbdir . -listListing of PKCS #11 Modules-----------------------------------------------------------1. NSS Internal PKCS #11 Moduleslots: 2 slots attachedstatus: loadedslot: NSS Internal Cryptographic Servicestoken: NSS Generic Crypto Servicesslot: NSS User Private Key and Certificate Servicestoken: NSS Certificate DB2. Root Certslibrary name: libnssckbi.soslots: 1 slot attachedstatus: loadedslot: NSS Builtin Objectstoken: Builtin Object Token----------------------------------------------------------- 3. Initialize the soft token data store in the $HOME/.sunw/pkcs11_softtoken/ directory # pktool setpin keystore=pkcs11Enter token passphrase: olderpasswordCreate new passphrase: passwordRe-enter new passphrase: passwordPassphrase changed. 4. Offload crypto operations to Solaris Crypto Framework on T4 $ ../../bin/modutil -dbdir . -nocertdb -add SCF -libfile /usr/lib/libpkcs11.so -mechanisms RSA:AES:SHA1:MD5 Module "SCF" added to database. Note that -nocertdb means modutil won't try to open the NSS softoken key database. It doesn't even have to be present. PKCS#11 library used is /usr/lib/libpkcs11.so. If the server is running in 64 bit mode, we have to use /usr/lib/64/libpkcs11.so Unlike T1 and T2, in T4 we do not have to disable mechanisms in softtoken provider using cryptoadm. 5. List again to check that a new module SCF is added # ../../bin/modutil -dbdir . -list Listing of PKCS #11 Modules-----------------------------------------------------------1. NSS Internal PKCS #11 Moduleslots: 2 slots attachedstatus: loadedslot: NSS Internal Cryptographic Servicestoken: NSS Generic Crypto Servicesslot: NSS User Private Key and Certificate Servicestoken: NSS Certificate DB2. SCFlibrary name: /usr/lib/libpkcs11.soslots: 2 slots attachedstatus: loadedslot: Sun Metaslottoken: Sun Metaslotslot: n2rng/0 SUNW_N2_Random_Number_Generator token: n2rng/0 SUNW_N2_RNG 3. Root Certs library name: libnssckbi.so slots: 1 slot attached status: loaded slot: NSS Builtin Objects token: Builtin Object Token----------------------------------------------------------- 6. Create certificate in “Sun Metaslot” : I have used certutil, but you must use Admin Server CLI / GUI # ../../bin/certutil -S -x -n "Server-Cert" -t "CT,CT,CT" -s "CN=*.fqdn" -d . -h "Sun Metaslot"Enter Password or Pin for "Sun Metaslot": password 7. Verify that the certificate is created properly in “Sun Metslaot” # ../../bin/certutil -L -d . -h "Sun Metaslot"Certificate Nickname Trust AttributesSSL,S/MIME,JAR/XPIEnter Password or Pin for "Sun Metaslot": passwordSun Metaslot:Server-Cert CTu,Cu,Cu# 8. Associate this newly created certificate to http listener using Admin CLI/GUI. After that server.xml should have <http-listener> ... <ssl> <server-cert-nickname>Sun Metaslot:Server-Cert</server-cert-nicknamer> </ssl> Note the prefix "Sun Metaslot" 9. Disable PKCS#11 bypass To use the accelerated AES algorithm, turn off PKCS#11 bypass, and configure modutil to have the AES mechanism go to the Metaslot. After you disable PKCS#11 bypasss using Admin GUI/CLI, check that server.xml should have <server> .... <pkcs11> <enabled>1</enabled> <allow-bypass>0</allow-bypass> </pkcs11> With PKCS#11 bypass enabled, Oracle iPlanet Web Server will only use the RSA capability of the T4, provided certificate and key are stored in the T4 slot (Metaslot). Actually, the RSA op is never bypassed in NSS, it's always done with PKCS#11 calls. So the bypass settings won't affect the behavior of the probes for RSA at all. The only thing that matters if where the RSA key and certificate live, ie. which PKCS#11 token, and thus which PKCS#11 module gets called to do the work. If your certificate/key are in the NSS certificate/key db, you will see libsoftokn3/libfreebl libraries doing the RSA work. If they are in the Sun Metaslot, it should be the Solaris code. 10. Start the server instance # ../bin/startserv Oracle iPlanet Web Server 7.0.16 B09/14/2012 03:33Please enter the PIN for the "Sun Metaslot" token: password...info: HTTP3072: http-listener-1: https://hostname.fqdn:80 ready to accept requestsinfo: CORE3274: successful server startup 11. Figure out which process to run this DTrace script on # ps -eaf | grep webservd | grep -v dogwebservd 18224 18223 0 13:17:25 ? 0:07 webservd -d /opt/oracle/webserver7/https-hostname.fqdn/config -r /opt/root 18225 18224 0 13:17:25 ? 0:00 webservd -d /opt/oracle/webserver7/https-hostname.fqdn/config -r /opt/ (For Oracle Traffic Director look for process named "trafficd") We see that the child process id is “18225” 12. Clients for testing : You can use any browser. I used NSS tool tstclnt for testing $cat > req.txtGET /index.html HTTP/1.0 For checking both RSA and AES, I used cipher “:0035” which is TLS_RSA_WITH_AES_256_CBC_SHA $./tstclnt -h hostname -p 80 -d . -T -f -o -v -c “:0035” < req.txt 13. How do I make sure that crypto accelerator is being used 13.1 Create DTrace script The following D script should be able to uncover whether T4-specific crypto routine are being called or not. It also displays stats per second. # cat > t4crypto.d#!/usr/sbin/dtrace -spid$target::*rsa*:entry,pid$target::*yf*:entry{ @ops[probemod, probefunc] = count();}tick-1sec{ printa(@ops); trunc(@ops);} Invoke with './t4crypto.d -p <pid> ' 13.2 EXPECTED PROBES FOR Solaris 10 : If offloading to T4 HW are correctly set up, the expected DTrace output would have these probes and libraries library Operations PROBES pkcs11_softtoken_extra.so RSA soft_decrypt_rsa_pkcs_decode, soft_encrypt_rsa_pkcs_encode soft_rsa_crypt_init_common soft_rsa_decrypt, soft_rsa_encrypt soft_rsa_decrypt_common, soft_rsa_encrypt_common AES yf_aes_instructions_present yf_aes_expand256, yf_aes256_cbc_decrypt, yf_aes256_cbc_encrypt, yf_aes256_load_keys_for_decrypt, yf_aes256_load_keys_for_encrypt, Note that these are for 256, same for 128, 192... these are for cbc, same for ecb, ctr, cfb128... DES yf_des_expand, yf_des_instructions_present yf_des_encrypt libmd_psr.so MD5 yf_md5_multiblock, yf_md5_instruction_present SHA1 yf_sha1_instruction_present, yf_sha1_multibloc 13.3 SAMPLE OUTPUT FOR CIPHER TLS_RSA_WITH_AES_256_CBC_SHA (0x0035) ON T4 SPARC SOLARIS 10 WITHOUT PKCS#11 BYPASS # ./t4crypto.d -p 18225 pkcs11_softtoken_extra.so.1 soft_decrypt_rsa_pkcs_decode 1 pkcs11_softtoken_extra.so.1 soft_rsa_crypt_init_common 1 pkcs11_softtoken_extra.so.1 soft_rsa_decrypt 1 pkcs11_softtoken_extra.so.1 big_mp_mul_yf 2 pkcs11_softtoken_extra.so.1 mpm_yf_mpmul 2 pkcs11_softtoken_extra.so.1 mpmul_arr_yf 2 pkcs11_softtoken_extra.so.1 rijndael_key_setup_enc_yf 2 pkcs11_softtoken_extra.so.1 soft_rsa_decrypt_common 2 pkcs11_softtoken_extra.so.1 yf_aes_expand256 2 pkcs11_softtoken_extra.so.1 yf_aes256_cbc_decrypt 3 pkcs11_softtoken_extra.so.1 yf_aes256_load_keys_for_decrypt 3 pkcs11_softtoken_extra.so.1 big_mont_mul_yf 6 pkcs11_softtoken_extra.so.1 mm_yf_montmul 6 pkcs11_softtoken_extra.so.1 yf_des_instructions_present 6 pkcs11_softtoken_extra.so.1 yf_aes256_cbc_encrypt 8 pkcs11_softtoken_extra.so.1 yf_aes256_load_keys_for_encrypt 8 pkcs11_softtoken_extra.so.1 yf_mpmul_present 8 pkcs11_softtoken_extra.so.1 yf_aes_instructions_present 13 pkcs11_softtoken_extra.so.1 yf_des_encrypt 18 libmd_psr.so.1 yf_md5_multiblock 41 libmd_psr.so.1 yf_md5_instruction_present 72 libmd_psr.so.1 yf_sha1_instruction_present 82 libmd_psr.so.1 yf_sha1_multiblock 82 This indicates that both RSA and AES ops are done in Solaris Crypto Framework. 13.4 SAMPLE OUTPUT FOR CIPHER TLS_RSA_WITH_AES_256_CBC_SHA (0x0035) ON T4 SPARC SOLARIS 10 WITH PKCS#11 BYPASS # ./t4crypto.d -p 18225 pkcs11_softtoken_extra.so.1 soft_decrypt_rsa_pkcs_decode 1 pkcs11_softtoken_extra.so.1 soft_rsa_crypt_init_common 1 pkcs11_softtoken_extra.so.1 soft_rsa_decrypt 1 pkcs11_softtoken_extra.so.1 soft_rsa_decrypt_common 1 pkcs11_softtoken_extra.so.1 big_mp_mul_yf 2 pkcs11_softtoken_extra.so.1 mpm_yf_mpmul 2 pkcs11_softtoken_extra.so.1 mpmul_arr_yf 2 pkcs11_softtoken_extra.so.1 big_mont_mul_yf 6 pkcs11_softtoken_extra.so.1 mm_yf_montmul 6 pkcs11_softtoken_extra.so.1 yf_mpmul_present 8 For this cipher, when I enable PKCS#11 bypass, Only RSA probes are being hit AES probes are not being hit. 13.5 ustack() for RSA operations / probefunc == "soft_rsa_decrypt" / Shows that libnss3.so is calling C_* functions of libpkcs11.so which is calling functions of pkcs11_softtoken_extra.so for both cases with and without bypass. When PKCS#11 bypass is disabled (allow-bypass is 0) pkcs11_softtoken_extra.so.1`soft_rsa_decrypt pkcs11_softtoken_extra.so.1`soft_rsa_decrypt_common+0x94 pkcs11_softtoken_extra.so.1`soft_unwrapkey+0x258 pkcs11_softtoken_extra.so.1`C_UnwrapKey+0x1ec libpkcs11.so.1`meta_unwrap_key+0x17c libpkcs11.so.1`meta_UnwrapKey+0xc4 libpkcs11.so.1`C_UnwrapKey+0xfc libnss3.so`pk11_AnyUnwrapKey+0x6b8 libnss3.so`PK11_PubUnwrapSymKey+0x8c libssl3.so`ssl3_HandleRSAClientKeyExchange+0x1a0 libssl3.so`ssl3_HandleClientKeyExchange+0x154 libssl3.so`ssl3_HandleHandshakeMessage+0x440 libssl3.so`ssl3_HandleHandshake+0x11c libssl3.so`ssl3_HandleRecord+0x5e8 libssl3.so`ssl3_GatherCompleteHandshake+0x5c libssl3.so`ssl_GatherRecord1stHandshake+0x30 libssl3.so`ssl_Do1stHandshake+0xec libssl3.so`ssl_SecureRecv+0x1c8 libssl3.so`ssl_Recv+0x9c libns-httpd40.so`__1cNDaemonSessionDrun6M_v_+0x2dc When PKCS#11 bypass is enabled (allow-bypass is 1) pkcs11_softtoken_extra.so.1`soft_rsa_decrypt pkcs11_softtoken_extra.so.1`soft_rsa_decrypt_common+0x94 pkcs11_softtoken_extra.so.1`C_Decrypt+0x164 libpkcs11.so.1`meta_do_operation+0x27c libpkcs11.so.1`meta_Decrypt+0x4c libpkcs11.so.1`C_Decrypt+0xcc libnss3.so`PK11_PrivDecryptPKCS1+0x1ac libssl3.so`ssl3_HandleRSAClientKeyExchange+0xe4 libssl3.so`ssl3_HandleClientKeyExchange+0x154 libssl3.so`ssl3_HandleHandshakeMessage+0x440 libssl3.so`ssl3_HandleHandshake+0x11c libssl3.so`ssl3_HandleRecord+0x5e8 libssl3.so`ssl3_GatherCompleteHandshake+0x5c libssl3.so`ssl_GatherRecord1stHandshake+0x30 libssl3.so`ssl_Do1stHandshake+0xec libssl3.so`ssl_SecureRecv+0x1c8 libssl3.so`ssl_Recv+0x9c libns-httpd40.so`__1cNDaemonSessionDrun6M_v_+0x2dc libnsprwrap.so`ThreadMain+0x1c libnspr4.so`_pt_root+0xe8 13.6 ustack() FOR AES operations / probefunc == "yf_aes256_cbc_encrypt" / When PKCS#11 bypass is disabled (allow-bypass is 0) pkcs11_softtoken_extra.so.1`yf_aes256_cbc_encrypt pkcs11_softtoken_extra.so.1`aes_block_process_contiguous_whole_blocks+0xb4 pkcs11_softtoken_extra.so.1`aes_crypt_contiguous_blocks+0x1cc pkcs11_softtoken_extra.so.1`soft_aes_encrypt_common+0x22c pkcs11_softtoken_extra.so.1`C_EncryptUpdate+0x10c libpkcs11.so.1`meta_do_operation+0x1fc libpkcs11.so.1`meta_EncryptUpdate+0x4c libpkcs11.so.1`C_EncryptUpdate+0xcc libnss3.so`PK11_CipherOp+0x1a0 libssl3.so`ssl3_CompressMACEncryptRecord+0x264 libssl3.so`ssl3_SendRecord+0x300 libssl3.so`ssl3_FlushHandshake+0x54 libssl3.so`ssl3_SendFinished+0x1fc libssl3.so`ssl3_HandleFinished+0x314 libssl3.so`ssl3_HandleHandshakeMessage+0x4ac libssl3.so`ssl3_HandleHandshake+0x11c libssl3.so`ssl3_HandleRecord+0x5e8 libssl3.so`ssl3_GatherCompleteHandshake+0x5c libssl3.so`ssl_GatherRecord1stHandshake+0x30 libssl3.so`ssl_Do1stHandshake+0xec Shows that libnss3.so is calling C_* functions of libpkcs11.so which is calling functions of pkcs11_softtoken_extra.so However when PKCS#11 bypass is disabled (allow-bypass is 1) this stack isn't getting called. 14. LIST OF ALL THE PROBES MATCHED BY D SCRIPT FOR REFERENCE # ./t4crypto.d -p 18225 -l ID PROVIDER MODULE FUNCTION NAME ... 55720 pid18225 libmd_psr.so.1 yf_md5_instruction_present entry 55721 pid18225 libmd_psr.so.1 yf_sha256_instruction_present entry 55722 pid18225 libmd_psr.so.1 yf_sha512_instruction_present entry 55723 pid18225 libmd_psr.so.1 yf_sha1_instruction_present entry 55724 pid18225 libmd_psr.so.1 yf_sha256 entry 55725 pid18225 libmd_psr.so.1 yf_sha256_multiblock entry 55726 pid18225 libmd_psr.so.1 yf_sha512 entry 55727 pid18225 libmd_psr.so.1 yf_sha512_multiblock entry 55728 pid18225 libmd_psr.so.1 yf_sha1 entry 55729 pid18225 libmd_psr.so.1 yf_sha1_multiblock entry 55730 pid18225 libmd_psr.so.1 yf_md5 entry 55731 pid18225 libmd_psr.so.1 yf_md5_multiblock entry 55732 pid18225 pkcs11_softtoken_extra.so.1 yf_aes_instructions_present entry 55733 pid18225 pkcs11_softtoken_extra.so.1 rijndael_key_setup_enc_yf entry 55734 pid18225 pkcs11_softtoken_extra.so.1 yf_aes_expand128 entry 55735 pid18225 pkcs11_softtoken_extra.so.1 yf_aes_encrypt128 entry 55736 pid18225 pkcs11_softtoken_extra.so.1 yf_aes_decrypt128 entry 55737 pid18225 pkcs11_softtoken_extra.so.1 yf_aes_expand192 entry 55738 pid18225 pkcs11_softtoken_extra.so.1 yf_aes_encrypt192 entry 55739 pid18225 pkcs11_softtoken_extra.so.1 yf_aes_decrypt192 entry 55740 pid18225 pkcs11_softtoken_extra.so.1 yf_aes_expand256 entry 55741 pid18225 pkcs11_softtoken_extra.so.1 yf_aes_encrypt256 entry 55742 pid18225 pkcs11_softtoken_extra.so.1 yf_aes_decrypt256 entry 55743 pid18225 pkcs11_softtoken_extra.so.1 yf_aes128_load_keys_for_encrypt entry 55744 pid18225 pkcs11_softtoken_extra.so.1 yf_aes192_load_keys_for_encrypt entry 55745 pid18225 pkcs11_softtoken_extra.so.1 yf_aes256_load_keys_for_encrypt entry 55746 pid18225 pkcs11_softtoken_extra.so.1 yf_aes128_ecb_encrypt entry 55747 pid18225 pkcs11_softtoken_extra.so.1 yf_aes192_ecb_encrypt entry 55748 pid18225 pkcs11_softtoken_extra.so.1 yf_aes256_ecb_encrypt entry 55749 pid18225 pkcs11_softtoken_extra.so.1 yf_aes128_cbc_encrypt entry 55750 pid18225 pkcs11_softtoken_extra.so.1 yf_aes192_cbc_encrypt entry 55751 pid18225 pkcs11_softtoken_extra.so.1 yf_aes256_cbc_encrypt entry 55752 pid18225 pkcs11_softtoken_extra.so.1 yf_aes128_ctr_crypt entry 55753 pid18225 pkcs11_softtoken_extra.so.1 yf_aes192_ctr_crypt entry 55754 pid18225 pkcs11_softtoken_extra.so.1 yf_aes256_ctr_crypt entry 55755 pid18225 pkcs11_softtoken_extra.so.1 yf_aes128_cfb128_encrypt entry 55756 pid18225 pkcs11_softtoken_extra.so.1 yf_aes192_cfb128_encrypt entry 55757 pid18225 pkcs11_softtoken_extra.so.1 yf_aes256_cfb128_encrypt entry 55758 pid18225 pkcs11_softtoken_extra.so.1 yf_aes128_load_keys_for_decrypt entry 55759 pid18225 pkcs11_softtoken_extra.so.1 yf_aes192_load_keys_for_decrypt entry 55760 pid18225 pkcs11_softtoken_extra.so.1 yf_aes256_load_keys_for_decrypt entry 55761 pid18225 pkcs11_softtoken_extra.so.1 yf_aes128_ecb_decrypt entry 55762 pid18225 pkcs11_softtoken_extra.so.1 yf_aes192_ecb_decrypt entry 55763 pid18225 pkcs11_softtoken_extra.so.1 yf_aes256_ecb_decrypt entry 55764 pid18225 pkcs11_softtoken_extra.so.1 yf_aes128_cbc_decrypt entry 55765 pid18225 pkcs11_softtoken_extra.so.1 yf_aes192_cbc_decrypt entry 55766 pid18225 pkcs11_softtoken_extra.so.1 yf_aes256_cbc_decrypt entry 55767 pid18225 pkcs11_softtoken_extra.so.1 yf_aes128_cfb128_decrypt entry 55768 pid18225 pkcs11_softtoken_extra.so.1 yf_aes192_cfb128_decrypt entry 55769 pid18225 pkcs11_softtoken_extra.so.1 yf_aes256_cfb128_decrypt entry 55771 pid18225 pkcs11_softtoken_extra.so.1 yf_des_instructions_present entry 55772 pid18225 pkcs11_softtoken_extra.so.1 yf_des_expand entry 55773 pid18225 pkcs11_softtoken_extra.so.1 yf_des_encrypt entry 55774 pid18225 pkcs11_softtoken_extra.so.1 yf_mpmul_present entry 55775 pid18225 pkcs11_softtoken_extra.so.1 yf_montmul_present entry 55776 pid18225 pkcs11_softtoken_extra.so.1 mm_yf_montmul entry 55777 pid18225 pkcs11_softtoken_extra.so.1 mm_yf_montsqr entry 55778 pid18225 pkcs11_softtoken_extra.so.1 mm_yf_restore_func entry 55779 pid18225 pkcs11_softtoken_extra.so.1 mm_yf_ret_from_mont_func entry 55780 pid18225 pkcs11_softtoken_extra.so.1 mm_yf_execute_slp entry 55781 pid18225 pkcs11_softtoken_extra.so.1 big_modexp_ncp_yf entry 55782 pid18225 pkcs11_softtoken_extra.so.1 big_mont_mul_yf entry 55783 pid18225 pkcs11_softtoken_extra.so.1 mpmul_arr_yf entry 55784 pid18225 pkcs11_softtoken_extra.so.1 big_mp_mul_yf entry 55785 pid18225 pkcs11_softtoken_extra.so.1 mpm_yf_mpmul entry 55786 pid18225 libns-httpd40.so nsapi_rsa_set_priv_fn entry ... 55795 pid18225 libnss3.so prepare_rsa_priv_key_export_for_asn1 entry 55796 pid18225 libresolv.so.2 sunw_dst_rsaref_init entry 55797 pid18225 libnssutil3.so NSS_Get_SEC_UniversalStringTemplate entry ... 55813 pid18225 libsoftokn3.so prepare_low_rsa_priv_key_for_asn1 entry 55814 pid18225 libsoftokn3.so rsa_FormatOneBlock entry 55815 pid18225 libsoftokn3.so rsa_FormatBlock entry 55816 pid18225 libnssdbm3.so lg_prepare_low_rsa_priv_key_for_asn1 entry 55817 pid18225 libfreebl_32fpu_3.so rsa_build_from_primes entry 55818 pid18225 libfreebl_32fpu_3.so rsa_is_prime entry 55819 pid18225 libfreebl_32fpu_3.so rsa_get_primes_from_exponents entry 55820 pid18225 libfreebl_32fpu_3.so rsa_PrivateKeyOpNoCRT entry 55821 pid18225 libfreebl_32fpu_3.so rsa_PrivateKeyOpCRTNoCheck entry 55822 pid18225 libfreebl_32fpu_3.so rsa_PrivateKeyOpCRTCheckedPubKey entry 55823 pid18225 pkcs11_kernel.so.1 key_gen_rsa_by_value entry 55824 pid18225 pkcs11_kernel.so.1 get_rsa_private_key entry 55825 pid18225 pkcs11_kernel.so.1 get_rsa_public_key entry 55826 pid18225 pkcs11_softtoken_extra.so.1 soft_rsa_encrypt entry 55827 pid18225 pkcs11_softtoken_extra.so.1 soft_rsa_decrypt entry 55828 pid18225 pkcs11_softtoken_extra.so.1 soft_rsa_crypt_init_common entry 55829 pid18225 pkcs11_softtoken_extra.so.1 soft_rsa_encrypt_common entry 55830 pid18225 pkcs11_softtoken_extra.so.1 soft_rsa_decrypt_common entry 55831 pid18225 pkcs11_softtoken_extra.so.1 soft_rsa_sign_verify_init_common entry 55832 pid18225 pkcs11_softtoken_extra.so.1 soft_rsa_sign_common entry 55833 pid18225 pkcs11_softtoken_extra.so.1 soft_rsa_verify_common entry 55834 pid18225 pkcs11_softtoken_extra.so.1 generate_rsa_key entry 55835 pid18225 pkcs11_softtoken_extra.so.1 soft_rsa_genkey_pair entry 55836 pid18225 pkcs11_softtoken_extra.so.1 get_rsa_sha1_prefix entry 55837 pid18225 pkcs11_softtoken_extra.so.1 soft_rsa_digest_sign_common entry 55838 pid18225 pkcs11_softtoken_extra.so.1 soft_rsa_digest_verify_common entry 55839 pid18225 pkcs11_softtoken_extra.so.1 soft_rsa_verify_recover entry 55840 pid18225 pkcs11_softtoken_extra.so.1 rsa_pri_to_asn1 entry 55841 pid18225 pkcs11_softtoken_extra.so.1 asn1_to_rsa_pri entry 55842 pid18225 pkcs11_softtoken_extra.so.1 soft_encrypt_rsa_pkcs_encode entry 55843 pid18225 pkcs11_softtoken_extra.so.1 soft_decrypt_rsa_pkcs_decode entry 55844 pid18225 pkcs11_softtoken_extra.so.1 soft_sign_rsa_pkcs_encode entry 55845 pid18225 pkcs11_softtoken_extra.so.1 soft_verify_rsa_pkcs_decode entry 55770 profile tick-1sec

Read the article
What is the best Apache logs Analyzer?

- by Evgeny

What real-time log analyzer can you suggest for Apache access and error logs? There is a list of web analytics software on wikipedia, but it would be great to hear opinions from people with experience without having to try all of them. Please don't suggest Google Analytics or any other hosted/javascript analytics suites, already using them, GA is not real-time and it is missing some data that the logs show. For example 404 errors, script errors, the full query-string of the referral, IP addresses, visitor path through the website, etc ...

Read the article
Control Sysinternals Suite & NirSoft Utilities with a Single Interface

- by Asian Angel

Sysinternals and NirSoft both provide helpful utilities for your Windows system but may not be very convenient to access. Using the Windows System Control Center you can easily access everything through a single UI front end. Setup The first thing to do is set up three new folders in Program Files (or Program Files (x86) if you are using a 64bit system) with the following names (the first two need to exactly match what is shown here): Sysinternals Suite NirSoft Utilities (create this folder only if you have any of these apps downloaded) Windows System Control Center (or WSCC depending on your preferences) Unzip the contents of the Sysinternals Suite into its’ folder. Then unzip any individual NirSoft Utilities programs that you have downloaded into the NirSoft folder. All that is left to do is to unzip the WSCC software into its’ folder and create a shortcut. WSCC in Action When you start WSCC up for the first time you will see the following message with a brief explanation about the software. Next the options window will appear providing you an opportunity to look around and make any desired changes. WSCC can access utilities for both suites using a live connection if needed (utilities accessed live are not downloaded). Note: This occurs on the first run only. This is the main WSCC window…you can choose the utility that you want to use by sorting through an all items list or based on category. Note: WSCC may occasionally experience a problem downloading a particular utility if using the live service. We conducted a quick test by accessing two Sysinternals apps. First PsInfo… Followed by DiskView. Both opened quickly and were ready to go. There were no NirSoft Utilities installed on our test system in order to provide a live access example. Within moments WSCC accessed the CurrProcess utility and had it running on our system. Our recommendation is to download your favorite utilities from both suites (in order to always have easy access to them). Conclusion WSCC provides an easy way to access all of the apps in the Sysinternals Suite and NirSoft Utilities in one place. Note: A PortableApps version is also available. Links Download Windows System Control Center (WSCC) Download Windows Sysinternals Suite Download individual NirSoft Utilities programs Similar Articles Productive Geek Tips How To Get Detailed Information About Your PCAccess and Launch Windows Utilities the Easy WayWhat is svchost.exe And Why Is It Running?How to Clean Up Your Messy Windows Context MenuRemove NVIDIA Control Panel from Desktop Right-Click Menu TouchFreeze Alternative in AutoHotkey The Icy Undertow Desktop Windows Home Server – Backup to LAN The Clear & Clean Desktop Use This Bookmarklet to Easily Get Albums Use AutoHotkey to Assign a Hotkey to a Specific Window Latest Software Reviews Tinyhacker Random Tips CloudBerry Online Backup 1.5 for Windows Home Server Snagit 10 VMware Workstation 7 Acronis Online Backup Ultimate Boot CD can help when disaster strikes Windows Firewall with Advanced Security – How To Guides Sculptris 1.0, 3D Drawing app AceStock, a Tiny Desktop Quote Monitor Gmail Button Addon (Firefox) Hyperwords addon (Firefox)

Read the article
Test Http endpoints with WebDev.WebServer, NUnit and Salient.Web.HttpLib

Retain your sanity! Quickly and easily write test suites for your Ajax/REST/Form/Upload/other http endpoints.

Read the article
Test Http endpoints with WebDev.WebServer, NUnit and Salient.Web.HttpLib

Retain your sanity! Quickly and easily write test suites for your Ajax/REST/Form/Upload/other http endpoints....Did you know that DotNetSlackers also publishes .net articles written by top known .net Authors? We already have over 80 articles in several categories including Silverlight. Take a look: here.

Read the article
Wireless networks are not detected at start up in Ubuntu 12.04

- by Kanhaiya Mishra

I have recently (three four days ago) installed Ubuntu 12.04 via windows installer i.e. wubi.exe. After the installation completed wireless and Ethernet were both working well. But after restart wireless networks didn't show up while in the network manager both networking and wireless were enabled. Though sometimes after boot it did show the networks available but very rarely. So I went through various posts regarding wireless issues in Ubuntu 12.04 and tried so many things but ended up in nothing satisfactory. I have Broadcom 4313 LAN network controller and brcmsmac driver. Then relying on some suggestions I tried to install bcm-wl driver but couldn't install due to some error in jockeyl.log file. Then i tried fresh installation of the same driver but still could resolve the startup issues with wireless. Then again I reinstalled Ubuntu inside windows using wubi installer. This time again same problem occurred after boot. But this time I successfully installed wl driver before disturbing file-system files of Ubuntu. But again the same issue. This time I noticed some new things: If I inserted Ethernet/LAN cable before startup then wireless networks are available and of course LAN(wired) networks also work. but if i don't plug in cable before startup and then plug it after startup then it didn't detect Ethernet network neither wireless. So I haven't noticed it before that LAN along with wifi also doesn't work after startup. But if i suspend the session and make it sleep and again login then it worked. I tried it every time that WLAN worked perfectly. But still i m unable to resolve that startup problem. Each time i boot first I have to suspend it once then only networks are available. It irritates me each time i reboot/boot my lappy. So please help out of this problem. Any ideas/help regarding this issue would be highly appreciated. Some of the commands that i run gave following results: # lspci 00:00.0 Host bridge: Intel Corporation Core Processor DRAM Controller (rev 12) 00:02.0 VGA compatible controller: Intel Corporation Core Processor Integrated Graphics Controller (rev 12) 00:16.0 Communication controller: Intel Corporation 5 Series/3400 Series Chipset HECI Controller (rev 06) 00:1a.0 USB controller: Intel Corporation 5 Series/3400 Series Chipset USB2 Enhanced Host Controller (rev 06) 00:1b.0 Audio device: Intel Corporation 5 Series/3400 Series Chipset High Definition Audio (rev 06) 00:1c.0 PCI bridge: Intel Corporation 5 Series/3400 Series Chipset PCI Express Root Port 1 (rev 06) 00:1c.1 PCI bridge: Intel Corporation 5 Series/3400 Series Chipset PCI Express Root Port 2 (rev 06) 00:1c.5 PCI bridge: Intel Corporation 5 Series/3400 Series Chipset PCI Express Root Port 6 (rev 06) 00:1d.0 USB controller: Intel Corporation 5 Series/3400 Series Chipset USB2 Enhanced Host Controller (rev 06) 00:1e.0 PCI bridge: Intel Corporation 82801 Mobile PCI Bridge (rev a6) 00:1f.0 ISA bridge: Intel Corporation Mobile 5 Series Chipset LPC Interface Controller (rev 06) 00:1f.2 SATA controller: Intel Corporation 5 Series/3400 Series Chipset 6 port SATA AHCI Controller (rev 06) 00:1f.3 SMBus: Intel Corporation 5 Series/3400 Series Chipset SMBus Controller (rev 06) 00:1f.6 Signal processing controller: Intel Corporation 5 Series/3400 Series Chipset Thermal Subsystem (rev 06) 03:00.0 Network controller: Broadcom Corporation BCM4313 802.11b/g/n Wireless LAN Controller (rev 01) 04:00.0 Ethernet controller: Atheros Communications Inc. AR8152 v1.1 Fast Ethernet (rev c1) ff:00.0 Host bridge: Intel Corporation Core Processor QuickPath Architecture Generic Non-core Registers (rev 02) ff:00.1 Host bridge: Intel Corporation Core Processor QuickPath Architecture System Address Decoder (rev 02) ff:02.0 Host bridge: Intel Corporation Core Processor QPI Link 0 (rev 02) ff:02.1 Host bridge: Intel Corporation Core Processor QPI Physical 0 (rev 02) ff:02.2 Host bridge: Intel Corporation Core Processor Reserved (rev 02) ff:02.3 Host bridge: Intel Corporation Core Processor Reserved (rev 02) # sudo lshw -C network *-network description: Wireless interface product: BCM4313 802.11b/g/n Wireless LAN Controller vendor: Broadcom Corporation physical id: 0 bus info: pci@0000:03:00.0 logical name: eth1 version: 01 serial: 70:f1:a1:49:b6:ab width: 64 bits clock: 33MHz capabilities: pm msi pciexpress bus_master cap_list ethernet physical wireless configuration: broadcast=yes driver=wl0 driverversion=5.100.82.38 ip=192.168.1.7 latency=0 multicast=yes wireless=IEEE 802.11 resources: irq:17 memory:f0500000-f0503fff *-network description: Ethernet interface product: AR8152 v1.1 Fast Ethernet vendor: Atheros Communications Inc. physical id: 0 bus info: pci@0000:04:00.0 logical name: eth0 version: c1 serial: b8:ac:6f:6b:f7:4a capacity: 100Mbit/s width: 64 bits clock: 33MHz capabilities: pm msi pciexpress vpd bus_master cap_list ethernet physical tp 10bt 10bt-fd 100bt 100bt-fd autonegotiation configuration: autonegotiation=on broadcast=yes driver=atl1c driverversion=1.0.1.0-NAPI firmware=N/A latency=0 link=no multicast=yes port=twisted pair resources: irq:44 memory:f0400000-f043ffff ioport:2000(size=128) # lsmod | grep wl wl 2568210 0 lib80211 14381 2 lib80211_crypt_tkip,wl # sudo iwlist eth1 scanning eth1 Scan completed : Cell 01 - Address: 30:46:9A:85:DA:9A ESSID:"BH DASHIR 2" Mode:Managed Frequency:2.462 GHz (Channel 11) Quality:4/5 Signal level:-60 dBm Noise level:-98 dBm IE: IEEE 802.11i/WPA2 Version 1 Group Cipher : CCMP Pairwise Ciphers (1) : CCMP Authentication Suites (1) : PSK IE: Unknown: DD7F0050F204104A00011010440001021041000100103B000103104700109AFE7D908F8E2D381860668BA2E8D8771021000D4E4554474541522C20496E632E10230009574752363134763130102400095747523631347631301042000538333235381054000800060050F204000110110009574752363134763130100800020084 Encryption key:on Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s; 18 Mb/s 24 Mb/s; 36 Mb/s; 54 Mb/s; 6 Mb/s; 9 Mb/s 12 Mb/s; 48 Mb/s Cell 02 - Address: C0:3F:0E:EB:45:14 ESSID:"BH DASHIR 3" Mode:Managed Frequency:2.462 GHz (Channel 11) Quality:2/5 Signal level:-71 dBm Noise level:-98 dBm IE: IEEE 802.11i/WPA2 Version 1 Group Cipher : CCMP Pairwise Ciphers (1) : CCMP Authentication Suites (1) : PSK IE: Unknown: DD7F0050F204104A00011010440001021041000100103B00010310470010F3C9BBE499D140540F530E7EBEDE2F671021000D4E4554474541522C20496E632E10230009574752363134763130102400095747523631347631301042000538333235381054000800060050F204000110110009574752363134763130100800020084 Encryption key:on Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s; 18 Mb/s 24 Mb/s; 36 Mb/s; 54 Mb/s; 6 Mb/s; 9 Mb/s 12 Mb/s; 48 Mb/s Cell 03 - Address: A0:21:B7:A8:2F:C0 ESSID:"BH DASHIR 4" Mode:Managed Frequency:2.422 GHz (Channel 3) Quality:1/5 Signal level:-86 dBm Noise level:-98 dBm IE: IEEE 802.11i/WPA2 Version 1 Group Cipher : CCMP Pairwise Ciphers (1) : CCMP Authentication Suites (1) : PSK IE: Unknown: DD8B0050F204104A0001101044000102103B0001031047001000000000000010000000A021B7A82FC01021000D4E6574676561722C20496E632E10230009574E523130303076321024000456324831104200046E6F6E651054000800060050F20400011011001B574E5231303030763228576972656C6573732041502D322E344729100800020086103C000103 Encryption key:on Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s; 6 Mb/s 9 Mb/s; 12 Mb/s; 18 Mb/s; 24 Mb/s; 36 Mb/s 48 Mb/s; 54 Mb/s

Read the article
Realize the Benefits of Oracle Fusion Architecture Today; Get on the Path to Oracle Fusion Applicati

Vijay Tella, Vice President and Chief Strategy Officer, Oracle Fusion Middleware, discusses with Cliff the relationship between Oracle Fusion Architecture and Service Oriented Architecture (SOA). They also discuss how Oracle is enabling Fusion Architecture with integration between Oracle Fusion Middleware and the Oracle E-Business Suite, PeopleSoft Enterprise, and JD Edwards Enterprise One suites of applications.

Read the article
Des chercheurs proposent une alternative aux CAPTCHA et présentent GOTCHA, un test de Rorschach pour renforcer la sécurité sur Internet

Des chercheurs proposent une alternative aux CAPTCHA et présentent GOTCHA, un test de Rorschach pour renforcer la sécurité sur Internet Introduit à l'an 2000 par Luis von Ahn et ses collègues de l'Université Carnegie Mellon à Pittsburgh, les CAPTCHA, ces suites de lettres et de chiffres déformés que l'internaute doit ré-écrire dans pour prouver qu'il n'est pas un robot, ont connu un immense succès. Bien sûr, il était inévitable que ce système de sécurité allait être la cible des hackers qui...

Read the article
Download Singularity Source Code

- by Editor

The Singularity Research Development Kit (RDK) is based on the Microsoft Research Singularity project. It includes source code, build tools, test suites, design notes, and other background materials. The Singularity RDK is for academic non-commercial use and is governed by this license. Singularity is a research project focused on the construction of dependable [...]

Read the article
L'utilisation d'OpenOffice et LibreOffice en entreprise chute, Microsoft Office domine largement, selon un rapport de Forrester

L'utilisation d'OpenOffice et LibreOffice en entreprise chute Microsoft Office domine largement, selon un rapport de ForresterLes suites bureautiques et de productivité Open Source Open Office et Libre Office font pâle figure devant Microsoft Office, selon un récent rapport publié par le cabinet d'analyse Forrester.L'étude de Forrester montre qu'Office 2010, la version d'Office qui a connu le plus fort taux d'adoption, domine largement dans les entreprises avec une part de marché de 85 %. Office...

Read the article
Hackers Strike Popular Los Angeles Hotel

The Westin Bonaventure Hotel & Suites gets targeted by criminals who may have gained access to travelers' credit cards.

Read the article
Which server to choose? [closed]

- by Devbag

I have telecom applications that I want to run on a server(I have chosen HP server), there are so many types of hp servers i.e DL380 (g3,g4 ....), blade , entry level server. I've surfed the web and nothing is helping me choose one that suites me, what I have is telecom application made in PHP and C. I've found many used DL380 G3,G4 and G5 on craiglist with really good prices, some of them have misssing HD, RAMs and some of them have nothing missing. Can you please help me choose wisely. Thanks,

Read the article
curl FTPS with client certificate to a vsftpd

- by weeheavy

I'd like to authenticate FTP clients either via username+password or a client certificate. Only FTPS is allowed. User/password works, but while testing with curl (I don't have another option) and a client certificate, I need to pass a user. Isn't it technically possible to authenticate only by providing a certificate? vsftpd.conf passwd_chroot_enable=YES chroot_local_user=YES ssl_enable=YES rsa_cert_file=usrlocal/ssl/certs/vsftpd.pem force_local_data_ssl=YES force_local_logins_ssl=YES Tested with curl -v -k -E client-crt.pem --ftp-ssl-reqd ftp://server:21/testfile the output is: * SSLv3, TLS handshake, Client hello (1): * SSLv3, TLS handshake, Server hello (2): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS handshake, Request CERT (13): * SSLv3, TLS handshake, Server finished (14): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS handshake, Client key exchange (16): * SSLv3, TLS handshake, CERT verify (15): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSL connection using DES-CBC3-SHA * Server certificate: * SSL certificate verify result: self signed certificate (18), continuing anyway. > USER anonymous < 530 Anonymous sessions may not use encryption. * Access denied: 530 * Closing connection #0 * SSLv3, TLS alert, Client hello (1): curl: (67) Access denied: 530 This is theoretically ok, as i forbid anonymous access. If I specify a user with -u username:pass it works, but it would without a certificate too. The client certificate seems to be ok, it looks like this: client-crt.pem -----BEGIN RSA PRIVATE KEY----- content -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- content -----END CERTIFICATE----- What am I missing? Thanks in advance. (The OS is Solaris 10 SPARC).

Read the article
Very slow write performance on Debian 6.0 (AMD64) with DMCRYPT/LVM/RAID1

- by jdelic

I'm seeing very strange performance characteristics on one of my servers. This server is running a simple two-disk software-RAID1 setup with LVM spanning /dev/md0. One of the logical volumes /dev/vg0/secure is encrypted using dmcrypt with LUKS and mounted with the sync and noatimes flag. Writing to that volume is incredibly slow at 1.8 MB/s and the CPU usage stays near 0%. There are 8 crpyto/1-8 processes running (it's a Intel Quadcore CPU). I hope that someone on serverfault has seen this before :-(. uname -a 2.6.32-5-xen-amd64 #1 SMP Tue Mar 8 00:01:30 UTC 2011 x86_64 GNU/Linux Interestingly, when I read from the device I get good performance numbers: reading without encryption: $ dd if=/dev/vg0/secure of=/dev/null bs=64k count=100000 100000+0 records in 100000+0 records out 6553600000 bytes (6.6 GB) copied, 68.8951 s, 95.1 MB/s reading with encryption: $ dd if=/dev/mapper/secure of=/dev/null bs=64k count=100000 100000+0 records in 100000+0 records out 6553600000 bytes (6.6 GB) copied, 69.7116 s, 94.0 MB/s However, when I try to write to the device: $ dd if=/dev/zero of=./test bs=64k 8809+0 records in 8809+0 records out 577306624 bytes (577 MB) copied, 321.861 s, 1.8 MB/s Also, when I read I see CPU usage, when I write, the CPU stays at almost 0% usage. Here is output of cryptsetup luksDump: LUKS header information for /dev/vg0/secure Version: 1 Cipher name: aes Cipher mode: cbc-essiv:sha256 Hash spec: sha1 Payload offset: 2056 MK bits: 256 MK digest: dd 62 b9 a5 bf 6c ec 23 36 22 92 4c 39 f8 d6 5d c1 3a b7 37 MK salt: cc 2e b3 d9 fb e3 86 a1 bb ab eb 9d 65 df b3 dd d9 6b f4 49 de 8f 85 7d 3b 1c 90 83 5d b2 87 e2 MK iterations: 44500 UUID: a7c9af61-d9f0-4d3f-b422-dddf16250c33 Key Slot 0: ENABLED Iterations: 178282 Salt: 60 24 cb be 5c 51 9f b4 85 64 3d f8 07 22 54 d4 1a 5f 4c bc 4b 82 76 48 d8 a2 d2 6a ee 13 d7 5d Key material offset: 8 AF stripes: 4000 Key Slot 1: DISABLED Key Slot 2: DISABLED Key Slot 3: DISABLED Key Slot 4: DISABLED Key Slot 5: DISABLED Key Slot 6: DISABLED Key Slot 7: DISABLED

Read the article
OpenVPN Client timing out

- by Austin

I recently installed OpenVPN on my Ubuntu VPS. Whenenver I try to connect to it, I can establish a connection just fine. However, everything I try to connect to times out. If I try to ping something, it will resolve the IP, but will time out after resolving the IP. (So DNS Server seems to be working correctly) My server.conf has this relevant information (At least I think it's relevant. I'm not sure if you need more or not) # Which local IP address should OpenVPN # listen on? (optional) ;local a.b.c.d # Which TCP/UDP port should OpenVPN listen on? # If you want to run multiple OpenVPN instances # on the same machine, use a different port # number for each one. You will need to # open up this port on your firewall. port 1194 # TCP or UDP server? ;proto tcp proto udp # "dev tun" will create a routed IP tunnel, # "dev tap" will create an ethernet tunnel. # Use "dev tap0" if you are ethernet bridging # and have precreated a tap0 virtual interface # and bridged it with your ethernet interface. # If you want to control access policies # over the VPN, you must create firewall # rules for the the TUN/TAP interface. # On non-Windows systems, you can give # an explicit unit number, such as tun0. # On Windows, use "dev-node" for this. # On most systems, the VPN will not function # unless you partially or fully disable # the firewall for the TUN/TAP interface. ;dev tap dev tun # Windows needs the TAP-Win32 adapter name # from the Network Connections panel if you # have more than one. On XP SP2 or higher, # you may need to selectively disable the # Windows firewall for the TAP adapter. # Non-Windows systems usually don't need this. ;dev-node MyTap # SSL/TLS root certificate (ca), certificate # (cert), and private key (key). Each client # and the server must have their own cert and # key file. The server and all clients will # use the same ca file. # # See the "easy-rsa" directory for a series # of scripts for generating RSA certificates # and private keys. Remember to use # a unique Common Name for the server # and each of the client certificates. # # Any X509 key management system can be used. # OpenVPN can also use a PKCS #12 formatted key file # (see "pkcs12" directive in man page). ca ca.crt cert server.crt key server.key # This file should be kept secret # Diffie hellman parameters. # Generate your own with: # openssl dhparam -out dh1024.pem 1024 # Substitute 2048 for 1024 if you are using # 2048 bit keys. dh dh1024.pem # Configure server mode and supply a VPN subnet # for OpenVPN to draw client addresses from. # The server will take 10.8.0.1 for itself, # the rest will be made available to clients. # Each client will be able to reach the server # on 10.8.0.1. Comment this line out if you are # ethernet bridging. See the man page for more info. server 10.8.0.0 255.255.255.0 # Maintain a record of client <-> virtual IP address # associations in this file. If OpenVPN goes down or # is restarted, reconnecting clients can be assigned # the same virtual IP address from the pool that was # previously assigned. ifconfig-pool-persist ipp.txt # Configure server mode for ethernet bridging. # You must first use your OS's bridging capability # to bridge the TAP interface with the ethernet # NIC interface. Then you must manually set the # IP/netmask on the bridge interface, here we # assume 10.8.0.4/255.255.255.0. Finally we # must set aside an IP range in this subnet # (start=10.8.0.50 end=10.8.0.100) to allocate # to connecting clients. Leave this line commented # out unless you are ethernet bridging. ;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100 # Configure server mode for ethernet bridging # using a DHCP-proxy, where clients talk # to the OpenVPN server-side DHCP server # to receive their IP address allocation # and DNS server addresses. You must first use # your OS's bridging capability to bridge the TAP # interface with the ethernet NIC interface. # Note: this mode only works on clients (such as # Windows), where the client-side TAP adapter is # bound to a DHCP client. ;server-bridge # Push routes to the client to allow it # to reach other private subnets behind # the server. Remember that these # private subnets will also need # to know to route the OpenVPN client # address pool (10.8.0.0/255.255.255.0) # back to the OpenVPN server. ;push "route 192.168.10.0 255.255.255.0" ;push "route 192.168.20.0 255.255.255.0" # To assign specific IP addresses to specific # clients or if a connecting client has a private # subnet behind it that should also have VPN access, # use the subdirectory "ccd" for client-specific # configuration files (see man page for more info). # EXAMPLE: Suppose the client # having the certificate common name "Thelonious" # also has a small subnet behind his connecting # machine, such as 192.168.40.128/255.255.255.248. # First, uncomment out these lines: ;client-config-dir ccd ;route 192.168.40.128 255.255.255.248 # Then create a file ccd/Thelonious with this line: # iroute 192.168.40.128 255.255.255.248 # This will allow Thelonious' private subnet to # access the VPN. This example will only work # if you are routing, not bridging, i.e. you are # using "dev tun" and "server" directives. # EXAMPLE: Suppose you want to give # Thelonious a fixed VPN IP address of 10.9.0.1. # First uncomment out these lines: ;client-config-dir ccd ;route 10.9.0.0 255.255.255.252 # Then add this line to ccd/Thelonious: # ifconfig-push 10.9.0.1 10.9.0.2 # Suppose that you want to enable different # firewall access policies for different groups # of clients. There are two methods: # (1) Run multiple OpenVPN daemons, one for each # group, and firewall the TUN/TAP interface # for each group/daemon appropriately. # (2) (Advanced) Create a script to dynamically # modify the firewall in response to access # from different clients. See man # page for more info on learn-address script. ;learn-address ./script # If enabled, this directive will configure # all clients to redirect their default # network gateway through the VPN, causing # all IP traffic such as web browsing and # and DNS lookups to go through the VPN # (The OpenVPN server machine may need to NAT # or bridge the TUN/TAP interface to the internet # in order for this to work properly). push "redirect-gateway def1 bypass-dhcp" push "dhcp-option DNS 8.8.8.8" # Certain Windows-specific network settings # can be pushed to clients, such as DNS # or WINS server addresses. CAVEAT: # http://openvpn.net/faq.html#dhcpcaveats # The addresses below refer to the public # DNS servers provided by opendns.com. ;push "dhcp-option DNS 8.8.8.8" push "dhcp-option DNS 8.8.4.4" # Uncomment this directive to allow different # clients to be able to "see" each other. # By default, clients will only see the server. # To force clients to only see the server, you # will also need to appropriately firewall the # server's TUN/TAP interface. ;client-to-client # Uncomment this directive if multiple clients # might connect with the same certificate/key # files or common names. This is recommended # only for testing purposes. For production use, # each client should have its own certificate/key # pair. # # IF YOU HAVE NOT GENERATED INDIVIDUAL # CERTIFICATE/KEY PAIRS FOR EACH CLIENT, # EACH HAVING ITS OWN UNIQUE "COMMON NAME", # UNCOMMENT THIS LINE OUT. ;duplicate-cn # The keepalive directive causes ping-like # messages to be sent back and forth over # the link so that each side knows when # the other side has gone down. # Ping every 10 seconds, assume that remote # peer is down if no ping received during # a 120 second time period. keepalive 10 120 # For extra security beyond that provided # by SSL/TLS, create an "HMAC firewall" # to help block DoS attacks and UDP port flooding. # # Generate with: # openvpn --genkey --secret ta.key # # The server and each client must have # a copy of this key. # The second parameter should be '0' # on the server and '1' on the clients. ;tls-auth ta.key 0 # This file is secret # Select a cryptographic cipher. # This config item must be copied to # the client config file as well. ;cipher BF-CBC # Blowfish (default) ;cipher AES-128-CBC # AES ;cipher DES-EDE3-CBC # Triple-DES # Enable compression on the VPN link. # If you enable it here, you must also # enable it in the client config file. comp-lzo # The maximum number of concurrently connected # clients we want to allow. ;max-clients 100 # It's a good idea to reduce the OpenVPN # daemon's privileges after initialization. # # You can uncomment this out on # non-Windows systems. ;user nobody ;group nogroup # The persist options will try to avoid # accessing certain resources on restart # that may no longer be accessible because # of the privilege downgrade. persist-key persist-tun # Output a short status file showing # current connections, truncated # and rewritten every minute. status openvpn-status.log # By default, log messages will go to the syslog (or # on Windows, if running as a service, they will go to # the "\Program Files\OpenVPN\log" directory). # Use log or log-append to override this default. # "log" will truncate the log file on OpenVPN startup, # while "log-append" will append to it. Use one # or the other (but not both). ;log openvpn.log ;log-append openvpn.log # Set the appropriate level of log # file verbosity. # # 0 is silent, except for fatal errors # 4 is reasonable for general usage # 5 and 6 can help to debug connection problems # 9 is extremely verbose verb 3 # Silence repeating messages. At most 20 # sequential messages of the same message # category will be output to the log. ;mute 20 I've tried on multiple computers by the way. The same result on all of them. What could be wrong? Thanks in advance, and if you need other information I'll gladly post it. Information for new comments root@vps:~# iptables -L -n -v Chain INPUT (policy ACCEPT 862K packets, 51M bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 3 packets, 382 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 4641 298K ACCEPT all -- * * 10.8.0.0/24 0.0.0.0/0 0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable Chain OUTPUT (policy ACCEPT 1671K packets, 2378M bytes) pkts bytes target prot opt in out source destination And root@vps:~# iptables -t nat -L -n -v Chain PREROUTING (policy ACCEPT 17937 packets, 2013K bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 8975 packets, 562K bytes) pkts bytes target prot opt in out source destination 1579 103K SNAT all -- * * 10.8.0.0/24 0.0.0.0/0 to:SERVERIP Chain OUTPUT (policy ACCEPT 8972 packets, 562K bytes) pkts bytes target prot opt in out source destination

Read the article
cURL hangs trying to upload file from stdin

- by SidneySM

I'm trying to PUT a file with cURL. This hangs: curl -vvv --digest -u user -T - https://example.com/file.txt < file This does not: curl -vvv --digest -u user -T file https://example.com/file.txt What's going on? * About to connect() to example.com port 443 (#0) * Trying 0.0.0.0... connected * Connected to example.com (0.0.0.0) port 443 (#0) * SSLv3, TLS handshake, Client hello (1): * SSLv3, TLS handshake, Server hello (2): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS handshake, Server key exchange (12): * SSLv3, TLS handshake, Server finished (14): * SSLv3, TLS handshake, Client key exchange (16): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSL connection using DHE-RSA-AES256-SHA * Server certificate: * subject: serialNumber=jJakwdOewDicmqzIorLkKSiwuqfnzxF/, C=US, O=*.example.com, OU=GT01234567, OU=See www.example.com/resources/cps (c)10, OU=Domain Control Validated - ExampleSSL(R), CN=*.example.com * start date: 2010-01-26 07:06:33 GMT * expire date: 2011-01-28 11:22:07 GMT * common name: *.example.com (matched) * issuer: C=US, O=Equifax, OU=Equifax Secure Certificate Authority * SSL certificate verify ok. * Server auth using Digest with user 'user' > PUT /file.txt HTTP/1.1 > User-Agent: curl/7.19.4 (universal-apple-darwin10.0) libcurl/7.19.4 OpenSSL/0.9.8l zlib/1.2.3 > Host: example.com > Accept: */* > Transfer-Encoding: chunked > Expect: 100-continue > < HTTP/1.1 100 Continue

Read the article

Search Results

Search found 514 results on 21 pages for 'cipher suites'.

Page 8/21 | < Previous Page | 4 5 6 7 8 9 10 11 12 13 14 15 | Next Page >

- by JohnMerlino

- by migrator

- by Aditya

- by user308806

- by sixtyfootersdude

- by jax

- by Thomas Kishel

- by miako

- by catsy

- by mv

- by Evgeny

- by Asian Angel

- by Kanhaiya Mishra

- by Editor

- by Devbag

- by weeheavy

- by jdelic

- by Austin

- by SidneySM

< Previous Page | 4 5 6 7 8 9 10 11 12 13 14 15 | Next Page >