[openssl-users] regarding SSL security
Suman.Patro-TRN at lntebg.com
Thu Feb 11 18:31:18 UTC 2016
I am a Masters student and currently working on a project related to
security. I have certain queries regarding ssl security. It would be of
great use to me if some of my queries get clarified. The following is listed
1. How do I prove that ECC 256 bit key is equivalently strong to RSA 2048
2. What all types of threats could be used for testing the above question?
3.The paper has listed Openssl library can be used for enabling ssl
security , certificate generation and management. I have created an ECC
certificate that works fine but such a certificate shows "Invalid digital
signature "message on the certificate. The elliptic curve used for
certificate generation is one amongst the named curves supported by Openssl
and recommended by NIST-suite B. How can that be resolved?
4.The Openssl library has certificate verification method that checks the
certificate validity w.r.t validity period, certificate chain depth, etc,
then why is a Certificate Revocation List or an OCSP needed, in a sense if
the verification is already done, then why should invalid certificates be
revoked and verification be done on the basis of CRL?
5. Is there any other approach for client authentication in SSL other than
6. Is ssl security suitable enough for securing connections to server in
control and monitoring systems? How can client authentication be done for
such systems using SSL protocol?
7.If CRLs are to be used, then how will the CA know about the private key
being compromised so that it can revoke the certificate considering it being
Thanks and regards,
View this message in context: http://openssl.6102.n7.nabble.com/regarding-SSL-security-tp63504.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
More information about the openssl-users