Upgrade the OpenSSL version to version 1.0.2l for exampleHere's how:1. Download the latest version of the OpenSSL source packagewget ftp://ftp.openssl.org/source/openssl-1.0.2l.tar.gzhttps://www.openssl.org/source/2. Installing OpenSSL1) TAR–XZVF openssl-1.0.2l.tar.gz2) CD openssl
DEFAULT-CA (the first time you must set up).1. View the OpenSSL configuration file:OpenSSL version-Aopenssl1.0.1e-fips -Nov .built On:fri Nov - -: -: atCst .Platform:linux-X86_64options:bn ( -, -) MD2 (int) RC4 (16x,int) des (Idx,cisc, -,int) Idea (int) Blowfish (idx) COMPILER:GCC-fpic-dopenssl_pic-dzlib-dopenssl_threads-d_reentrant-ddso_dlfcn-dhave_dlfcn_h-dkrb5_mit-m64-dl_endian-dtermio -wall-o2-g-pipe-
Rsautl is a tool for RSA, a subset of the features of RSA and dgst that can be used to generate digital signatures, verify digital signatures, encrypt and decrypt files .Pkeyutl is a generic tool for asymmetric encryption, which is roughly the same as rsautl, so it only explains Rsautl here.OpenSSL rsautl [-in file] [-out file] [-inkey file] [-pubin] [-certin] [-passin arg] [-sign] [-verify] [-encrypt] [-decry PT] [-hexdump] OpenSSL pkeyutl [-in file]
PHP openssl encryption extension usage Summary (recommended), openssl Summary
Introduction
In the history of Internet development, security has always been a topic that developers pay great attention to. To ensure data transmission security, we need to ensure that data sources (non-counterfeit requests), data integrity (not modified), Data Privacy (ciphertext, cannot be directly read), etc. Although the SSL
Copy the Code code as follows:
Yum-y Install OpenSSL
/usr/local/bin/is the installation directory for PHP
Switch to the Etx/openssl directory of the PHP installation directory
Cd/root/soft/php-5.2.8/ext/openssl
Copy the Code code as follows:
/usr/local/bin/phpize
Cannot find CONFIG.M4.
Make sure this you run '/usr/local/bin/phpize ' in the top level source
BackgroundCompany to do security scan, sweep out OpenSSH, OpenSSL loopholes, need to do upgrade. Direct Yum Update has no effect, so we have to manually compile the upgrade.Pre-upgradessh -VOpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013After upgradessh -VOpenSSH_7.6p1, OpenSSL 1.0.2n 7 Dec 2017Preparatory work
[Server security] Upgrade OpenSSH, OpenSSL, disable NTP, and opensshntp
The company's old live video server uses CentOS 6.7, and many software packages were generated several years ago. Recently, many security-related news flood the it circle. First, Intel chips have major security vulnerabilities, followed by MacOS security vulnerabilities. Therefore, security issues cannot be underestimated.
In the next task, we had some related experience in the pr
Add a custom encryption algorithm and OpenSSL encryption algorithm to openssl.
I. Introduction
This document introduces how to add a custom encryption algorithm to OpenSSL by taking the custom algorithm EVP_ssf33 as an example.
Step 2
1. Modify crypto/object/objects.txt and register the algorithm OID as follows:
rsadsi 3 255 : SSF33 : ssf33
2. Go to
Export the MinGW compiled OpenSSL DLL to Def and Lib for msvc useBefore we used MinGW to compile OpenSSL into a dynamic library, we got the following 2 DLL files:Libeay32.dllSsleay32.dllThen use the following script to generate the module definition files (. def,. Lib and. Exp) required by Windows MSVC,Then you can use it in the VC. Prerequisite system to install vs.System Requirements:Windows7+vs Studio (l
command[Email protected]/]# cd/usr/local[Email protected] local]# Ldd/usr/local/openssl/bin/opensslA message similar to the following will appear:9. View the path...] # which OpenSSLView version...] # OpenSSL versionUpgrade:Upgrade the OpenSSL environment to OPENSSL-1.0.1G1. View Source Version[email protected] ~]#
OpenSSL exposed the most serious security vulnerability of the year. This vulnerability was named "heartbleed" in the hacker community.
The "heartbleed" vulnerability will affect at least 0.2 billion Chinese netizens. It is initially evaluated that a batch of mainstream websites with https logon methods are recruited by no less than 30% of websites, these include the most common shopping, online banking, social networking, portals, microblogs, mailbo
OpenSSL Service: Open source implementation of SSL, official site www.openssl.orgCompositionLibcrypto: Universal Encryption LibraryImplementation Library of Libssl:tls/sslSession-based TLS/SSL library for identity authentication, data confidentiality, and session integrityOpenSSL: Multi-purpose Command toolYou can implement a private certification authorityOpenSSL Common subcommands:OpenSSLversion: viewing versions of
Release date:Updated on:
Affected Systems:PHP 5.5.xPHP 5.4.xPHP 5.3.xDescription:--------------------------------------------------------------------------------Bugtraq id: 64225CVE (CAN) ID: CVE-2013-6420
PHP is an embedded HTML language.
When parsing x.509 certificates in PHP versions earlier than 5.3.27, 5.4.22, and 5.5.6, the "asn1_time_to_time_t ()" function (ext/openssl. c) an error occurs. Attackers exploit this vulnerability through a speciall
OpensslOpenSSL 1.1.1Existing version[[emailprotected] ~]# openssl version -vOpenSSL 1.0.2k-fips 26 Jan 2017Upgrade to a new version[[emailprotected] software]# tar xf openssl-1.1.1.tar.gz[[emailprotected] software]# cd openssl-1.1.1/[[emailprotected] openssl-1.1.1]# ./config
/openssl-1.0.1e--add-module=/ opt/app/ngx_cache_purge-2.1
2.2 View the Nginx dependent libraries
For further confirmation, you can view the program's dependent libraries and enter the following directives:
# ldd ' which nginx ' | grep SSL
Show
libssl.so.10 =>/usr/lib/libssl.so.10 (0xb76c6000)
Note: If the output does not contain a libssl.so file (), it is statically compiled Open
The OpenSSL Heart Bleed vulnerability has been confusing for the past two days. Please read this article to analyze and diagnose the OpenSSL Heartbleed Bug. Currently, we can see that the versions that can exploit this vulnerability are:OpenSSL 1.0.1 through 1.0.1f (aggressive) are vulnerableOpenSSL 1.0.1g is NOT vulnerableOpenSSL 1.0.0 branch is NOT vulnerableOpenSSL 0.9.8 branch is NOT vulnerable
Run the
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.