Use this 

    openssl ciphers -v | awk &#39;{print $2}&#39; | sort | uniq




You can not check for version support via command line. Best option would be checking [OpenSSL changelog][1].

Openssl versions till 1.0.0h supports SSLv2, SSLv3 and TLSv1.0. From Openssl 1.0.1 onward support for TLSv1.1 and TLSv1.2 is added.


  [1]: https://www.openssl.org/news/changelog.html

This worked for me:

    openssl s_client -help 2&gt;&amp;1  &gt; /dev/null | egrep &quot;\-(ssl|tls)[^a-z]&quot;

Please let me know if this is wrong.

It&#39;s clumsy, but you can get this from the usage messages for `s_client` or `s_server`, which are `#if`ed at compile time to match the supported protocol versions. Use something like

     openssl s_client -help 2&gt;&amp;1 | awk &#39;/-ssl[0-9]|-tls[0-9]/{print $1}&#39; 
     # in older releases any unknown -option will work; in 1.1.0 must be exactly -help



Try the following command:

    openssl ciphers

This should produce a list of all of the ciphers supported in your version of openssl.

To see just a particular set of ciphers (e.g. just sslv3 ciphers) try:

    openssl ciphers -ssl3

See https://www.openssl.org/docs/apps/ciphers.html for more info.

When you run OPENSSL command using s_client this is the output. See the Cipher, if the cipher NULL it means that version of TLS is not supported.

    TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256
    Server public key is 2048 bit
    Secure Renegotiation IS supported
    Compression: NONE
    Expansion: NONE
    No ALPN negotiated
    SSL-Session:
        Protocol  : TLSv1
        Cipher    : ECDHE-RSA-AES256
        Session-ID: A84600002D4945DE6
        Session-ID-ctx:
        Master-Key:  
        Start Time: 15852343333860
        Timeout   : 2343 (sec)
        Verify return code: 0 (ok)

I have a Hp envy notebook with Intel i7 and 8gb ram and 2gb graphics, still sometimes android studio stucks when I am working with xml or design the app.  Is there any problem with my laptop or android studio?

Why Android Studio is slowing down when editing xml file or changing the design?

API Level &lt; 21 

Thumb is transparent, as expected.

![Screenshot taken on a Nexus 5 running Android 4.4.4][1]


On API Level 21

Thumb is opaque, Wonder why.

![Screenshot taken on a Nexus 5 running Android 5.0][2]


Here is the code

     &lt;SeekBar
                    android:id=&quot;@+id/ui_audioplayer_progressbar&quot;
                    android:layout_width=&quot;match_parent&quot;
                    android:layout_height=&quot;wrap_content&quot;
                    android:progressDrawable=&quot;@drawable/custom_progress_bar_horizontal&quot;
                    android:thumb=&quot;@drawable/stud_slider&quot; /&gt;


Interestingly, this problem can be seen and reproduced in the xml preview in eclipse itself, when you change the API Level perspectives. 

![When API level 21 is selected][4]


![When API level 19 is selected][3]


Note: 

 - I run the same apk on both devices.
 - Both devices are of the same make and model, i.e Nexus 5.
 - The thumb image is a PNG with a transparent background, as apparent from the screenshot for API Level &lt; 21

 

Is this a known bug in Lollipop or am i doing something wrong?


  [1]: http://i.stack.imgur.com/OJGrZ.png
  [2]: http://i.stack.imgur.com/1tu0P.png
  [3]: http://i.stack.imgur.com/dKnQH.png
  [4]: http://i.stack.imgur.com/MWmx4.png

Seek Bar thumb not transparent in Android 5.0 API 21 Lollipop

I have, for example, OpenSSL version `1.0.0o` on my Linux system, and I want to know which `SSL/TLS` versions are supported with this build.

Is there a shell command to accomplish this?

List supported SSL/TLS versions for a specific OpenSSL build

<p>I have, for example, OpenSSL version <code>1.0.0o</code> on my Linux system, and I want to know which <code>SSL/TLS</code> versions are supported with this build.</p>
<p>Is there a shell command to accomplish this?</p>


I have two questions and could use some help understanding them.

 1. What is the difference between `${}` and `$()`? I understand that `()`
    means running command in separate shell and placing `$` means passing
    the value to variable. Can someone help me in understanding
    this? Please correct me if I am wrong.

 2. If we can use `for ((i=0;i&lt;10;i++)); do echo $i; done` and it works fine then why can&#39;t I use it as `while ((i=0;i&lt;10;i++)); do echo $i; done`? What is the difference in execution cycle for both?

Difference between ${} and $() in Bash

I have a docker container with some processes (uwsgi and celery) running inside. I want to create a celery user and a uwsgi user for these processes as well as a worker group that they will both belong to, in order to assign permissions. 

I tried adding `RUN adduser uwsgi` and `RUN adduser celery` to my Dockerfile, but this is causing problems, since these commands prompt for input (I&#39;ve posted the responses from the build below). 

What is the best way to add users to a Docker container so as to set permissions for workers running in the container?

My Docker image is built from the official Ubuntu14.04 base.

Here is the output from the Dockerfile when the adduser commands are run:

    Adding user `uwsgi&#39; ...
    Adding new group `uwsgi&#39; (1000) ... 
    Adding new user `uwsgi&#39; (1000) with group `uwsgi&#39; ... 
    Creating home directory `/home/uwsgi&#39; ...
    Copying files from `/etc/skel&#39; ... 
    [91mEnter new UNIX password: Retype new UNIX password: [0m 
    [91mpasswd: Authentication token manipulation error
    passwd: password unchanged
    [0m 
    [91mUse of uninitialized value $answer in chop at /usr/sbin/adduser line 563.
    [0m 
    [91mUse of uninitialized value $answer in pattern match (m//) at /usr/sbin/adduser line 564.
    [0m 
    Try again? [y/N] 
    Changing the user information for uwsgi
    Enter the new value, or press ENTER for the default
    	Full Name []: 
    Room Number []: 	Work Phone []: 	Home Phone []: 	Other []: 
    [91mUse of uninitialized value $answer in chop at /usr/sbin/adduser line 589.
    [0m 
    [91mUse of uninitialized value $answer in pattern match (m//) at /usr/sbin/adduser line 590.
    [0m 
    Is the information correct? [Y/n] 
    ---&gt; 258f2f2f13df 
    Removing intermediate container 59948863162a 
    Step 5 : RUN adduser celery 
    ---&gt; Running in be06f1e20f64 
    Adding user `celery&#39; ...
    Adding new group `celery&#39; (1001) ... 
    Adding new user `celery&#39; (1001) with group `celery&#39; ... 
    Creating home directory `/home/celery&#39; ...
    Copying files from `/etc/skel&#39; ... 
    [91mEnter new UNIX password: Retype new UNIX password: [0m 
    [91mpasswd: Authentication token manipulation error
    passwd: password unchanged
    [0m 
    [91mUse of uninitialized value $answer in chop at /usr/sbin/adduser line 563.
    [0m 
    [91mUse of uninitialized value $answer in pattern match (m//) at /usr/sbin/adduser line 564.
    [0m 
    Try again? [y/N] 
    Changing the user information for celery
    Enter the new value, or press ENTER for the default
    	Full Name []: 	Room Number []: 	Work Phone []: 
    Home Phone []: 	Other []: 
    [91mUse of uninitialized value $answer in chop at /usr/sbin/adduser line 589.
    [0m 
    [91mUse of uninitialized value $answer in pattern match (m//) at /usr/sbin/adduser line 590.
    [0m 
    Is the information correct? [Y/n] 


How to add users to Docker container?

Hi I am trying to find out how to set environment variable with Ansible.

something that a simple shell command like this:

    EXPORT LC_ALL=C

tried as shell command and got an error
tried using the environment module and nothing happend.

what am I missing

How to set Linux environment variables with Ansible

I have a web application running in a Docker container. This application needs to access some files on our corporate file server (Windows Server with an Active Directory domain controller). The files I&#39;m trying to access are image files created for our clients and the web application displays them as part of the client&#39;s portfolio.

On my development machine I have the appropriate folders mounted via entries in `/etc/fstab` and the host mount points are mounted in the Docker container via the `--volume` argument. This works perfectly.

Now I&#39;m trying to put together a production container which will be run on a different server and which doesn&#39;t rely on the CIFS share being mounted on the host. So I tried to add the appropriate entries to the `/etc/fstab` file in the container &amp; mounting them with `mount -a`. I get `mount error(13): Permission denied`.

A little research online led me to [this article about Docker security](http://opensource.com/business/14/9/security-for-docker). If I&#39;m reading this correctly, it appears that Docker explicitly denies the ability to mount filesystems within a container. I tried mounting the shares read-only, but this (unsurprisingly) also failed.

So, I have two questions:

1. Am I correct in understanding that Docker prevents any use of `mount` inside containers?

1. Can anyone think of another way to accomplish this **without** mounting a CIFS share on the host and then mounting the host folder in the Docker container?


Mount SMB/CIFS share within a Docker container

I am trying to delete a user I created on ubuntu.

However when I use the following command:

    userdel -r cafe_fixer

I get the following message:

    user cafe_fixer is currently used by process 15945

I am not using this user for anything I just created it and now wish to delete it.

Any help appreciated.

How can I delete a user in linux when the system says its currently used in a process

I am using ***springBootVersion 1.2.0.RELEASE***.
I&#39;m trying to have my keystore and truststore configured through `application.properties`.

When I add the following settings, I can get the keystore to work, but not the truststore.

    server.ssl.key-store=classpath:foo.jks
    server.ssl.key-store-password=password
    server.ssl.key-password=password
    server.ssl.trust-store=classpath:foo.jks
    server.ssl.trust-store-password=password

However, if I add the truststore through gradle:

    bootRun {
        jvmArgs = [ &quot;-Djavax.net.ssl.trustStore=c://foo.jks&quot;, &quot;-Djavax.net.ssl.trustStorePassword=password&quot;]
    }

it works just fine.

Has anyone used the `application.properties` for trust stores?

Specifying trust store information in spring boot application.properties

I am getting the following error:

    Exception in thread Thread-3:
    Traceback (most recent call last):
    File &quot;/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/threading.py&quot;, line 810, in        __bootstrap_inner
    self.run()
    File &quot;/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/threading.py&quot;, line 763, in  run
    self.__target(*self.__args, **self.__kwargs)
    File &quot;/Users/Matthew/Desktop/Skypebot 2.0/bot.py&quot;, line 271, in process
    info = urllib2.urlopen(req).read()
    File &quot;/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py&quot;, line 154, in urlopen
    return opener.open(url, data, timeout)
    File &quot;/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py&quot;, line 431, in open
    response = self._open(req, data)
    File &quot;/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py&quot;, line 449, in _open
    &#39;_open&#39;, req)
    File &quot;/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py&quot;, line 409, in _call_chain
    result = func(*args)
    File &quot;/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py&quot;, line 1240, in https_open
    context=self._context)
    File &quot;/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py&quot;, line 1197, in do_open
    raise URLError(err)
    URLError: &lt;urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)&gt;

This is the code that is causing this error:

    if input.startswith(&quot;!web&quot;):
	    input = input.replace(&quot;!web &quot;, &quot;&quot;)		
	    url = &quot;https://domainsearch.p.mashape.com/index.php?name=&quot; + input
	    req = urllib2.Request(url, headers={ &#39;X-Mashape-Key&#39;: &#39;XXXXXXXXXXXXXXXXXXXX&#39; })
	    info = urllib2.urlopen(req).read()
	    Message.Chat.SendMessage (&quot;&quot; + info)

The API I&#39;m using requires me to use HTTPS. How can I make it bypass the verification?

urllib and &quot;SSL: CERTIFICATE_VERIFY_FAILED&quot; Error

Domain:  https://www.amz2btc.com

Analysis from SSL Labs:  https://www.ssllabs.com/ssltest/analyze.html?d=amz2btc.com

All my desktop browsers open this fine.  Mobile Firefox opens this fine.  Only when I tried with mobile Chrome did I get the error:  ``err_cert_authority_invalid``

I know very little about SSL, so I can&#39;t really make sense of the SSL report or why this error is coming up.  If someone could ELI5, that would be ideal.  :)

SSL cert &quot;err_cert_authority_invalid&quot; on mobile chrome only

This should be an easy thing to do. I can find plenty of references to how to do it in Guzzle 3, but they don&#39;t work in Guzzle 5.

What I am doing so far:

    $this-&gt;client = new GuzzleClient([&#39;defaults&#39; =&gt; [
        &#39;verify&#39; =&gt; &#39;false&#39;
    ]]);

When I send a request though I get this error:

    RequestException in RequestException.php line 51:
    SSL CA bundle not found: false

I cannot find any useful reference to this error on google. If I could get access to the curl options then I could try something like the solution suggested here (which is for Guzzle 3, hence why it doesn&#39;t work): http://inchoo.net/dev-talk/symfony2-guzzle-ssl-self-signed-certificate/, the relevant section of which is:

    $req-&gt;getCurlOptions()-&gt;set(CURLOPT_SSL_VERIFYHOST, false);
    $req-&gt;getCurlOptions()-&gt;set(CURLOPT_SSL_VERIFYPEER, false);

How to ignore invalid SSL certificate errors in Guzzle 5

I want to connect to a remote PostgreSQL database through Python to do some basic data analysis. This database requires SSL (verify-ca), along with three files (which I have):

 - Server root certificate file
 - Client certificate file
 - Client key file

I have not been able to find a tutorial which describes how to make this connection with Python. 
Any help is appreciated.



How to connect to a remote PostgreSQL database through SSL with Python

I am generating exporting some pkcs#12 files for testing purposes. These files are not being used in production and only exist temporary during automated testing.

I am using the following command:

    openssl pkcs12 -export -nodes -out bundle.pfx -inkey mykey.key -in certificate.crt -certfile ca-cert.crt

Why is it insisting on an export password when I have included `-nodes`?

My OpenSSL version is `OpenSSL 1.0.1f 6 Jan 2014` on Ubuntu Server 14.10 64-bit.

Export a PKCS#12 file without an export password?

If I have the actual file(.p12) and a Bash shell in Mac, how can I extract certificate and key file and also the certificate expiration date? assuming I have the csr(.p12), key files.

Thanks in advance!

How to determine SSL cert expire date from the cert file itself(.p12)

I am using PHPMailer on PHP 5.6, the increased security around certificated in PHP 5.6 is certainly fun.

I am trying to send a test message to a domain hosted on dreamhost, the error that comes back from PHPMailer is: Could not connect to SMTP host.

That error is not right though, I have logging enabled and here is what is actually going on.

&gt; Connection: opening to mx1.sub4.homie.mail.dreamhost.com:25,
&gt; timeout=30, options=array ( ) Connection: opened S: 220
&gt; homiemail-mx32.g.dreamhost.com ESMTP
&gt; 
&gt; C: EHLO s81a.ikbb.com
&gt; 
&gt; S: 250-homiemail-mx32.g.dreamhost.com 250-PIPELINING 250-SIZE 40960000
&gt; 250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250 8BITMIME
&gt; 
&gt; C: STARTTLS
&gt; 
&gt; S: 220 2.0.0 Ready to start TLS
&gt; 
&gt; C: QUIT
&gt; 
&gt; S:  SMTP ERROR: QUIT command failed:  Connection: closed

I could not understand why PHPMailer just gives up, issuing a QUIT command when it should start sending the message.  I got another clue from another log:

PHP Warning:  stream_socket_enable_crypto(): Peer certificate CN=`*.mail.dreamhost.com&#39; did not match expected CN=`mx1.sub4.homie.mail.dreamhost.com&#39; in /home/ikbb/domains/dev.ikbb.com/public_html/includes/phpmailer/5.2.10/class.smtp.php

If I use some custom options to prevent validation of the cert they are using I can get it to continue.  Here is what I have:

    		$mail-&gt;SMTPOptions = array (
		    &#39;ssl&#39; =&gt; array(
		        &#39;verify_peer&#39;  =&gt; false,
		        &#39;verify_peer_name&#39;  =&gt; false,
		        &#39;allow_self_signed&#39; =&gt; true));

If I put the SMTPOptions in there and skip the peer verification, message goes OK - with no warning in PHP at all.

How can I trap that error, so I know there is an issue but still send the message?



PHPMailer generates PHP Warning: stream_socket_enable_crypto(): Peer certificate did not match expected

I am developing a TCP client to connect OpenSSL server with the certificate authentication. I have using .crt and .key files shared by server team. These certificates are generated by OpenSSL commands.

I am using [`SslStream`](https://msdn.microsoft.com/en-us/library/system.net.security.sslstream%28v=vs.85%29.aspx) object to authenticate the Tcp client by calling [`SslStream.AuthenticateAsClient`](https://msdn.microsoft.com/en-us/library/system.net.security.sslstream.beginauthenticateasclient%28v=vs.85%29.aspx) method by passing server `IP`, [`SslProtocols.Ssl3`](https://msdn.microsoft.com/en-us/library/system.security.authentication.sslprotocols%28v=vs.85%29.aspx) and `X509CertificateCollection`.

I am getting the following error:

&gt; Authentication failed because the remote party has closed the transport stream


Authentication failed because remote party has closed the transport stream

Just installed El Capitan and can&#39;t install gem `eventmachine` `1.0.7`. `openssl` is at `1.0.2a-1`. Tried to use `--with-ssl-dir` but it seems ignored.

Reported it to their [github repo](https://github.com/eventmachine/eventmachine/issues/602) as well.

Any suggestions are really appreciated. Thanks.

    $ ls /usr/local/Cellar/openssl/1.0.2a-1/include/openssl/ssl.h
    /usr/local/Cellar/openssl/1.0.2a-1/include/openssl/ssl.h
    
    $ gem install eventmachine -v &#39;1.0.7&#39; -- --with-ssl-dir=/usr/local/Cellar/openssl/1.0.2a-1/include
    /Users/pain/.rbenv/versions/2.1.2/bin/ruby -r ./siteconf20150612-56154-1hsjz2n.rb extconf.rb --with-ssl-dir=/usr/local/Cellar/openssl/1.0.2a-1/include
    checking for rb_trap_immediate in ruby.h,rubysig.h... no
    checking for rb_thread_blocking_region()... yes
    checking for ruby/thread.h... yes
    checking for rb_thread_call_without_gvl() in ruby/thread.h... yes
    checking for inotify_init() in sys/inotify.h... no
    checking for __NR_inotify_init in sys/syscall.h... no
    checking for writev() in sys/uio.h... yes
    checking for rb_thread_fd_select()... yes
    checking for rb_fdset_t in ruby/intern.h... yes
    checking for rb_wait_for_single_fd()... yes
    checking for rb_enable_interrupt()... no
    checking for rb_time_new()... yes
    checking for sys/event.h... yes
    checking for sys/queue... yes
    checking for clock_gettime()... no
    checking for gethrtime()... no
    creating Makefile
    
    make &quot;DESTDIR=&quot; clean
    
    make &quot;DESTDIR=&quot;
    compiling binder.cpp
    In file included from binder.cpp:20:
    ./project.h:116:10: fatal error: &#39;openssl/ssl.h&#39; file not found
    #include &lt;openssl/ssl.h&gt;
             ^
    1 error generated.
    make: *** [binder.o] Error 1
    
    make failed, exit code 2
    




Content Type	Original Author	Original Content on Stackoverflow
Question	Leviathan	View Question on Stackoverflow
Solution 1 - Linux	Fer	View Answer on Stackoverflow
Solution 2 - Linux	NPC	View Answer on Stackoverflow
Solution 3 - Linux	S Square	View Answer on Stackoverflow
Solution 4 - Linux	dave_thompson_085	View Answer on Stackoverflow
Solution 5 - Linux	mti2935	View Answer on Stackoverflow
Solution 6 - Linux	securitygeek	View Answer on Stackoverflow

List supported SSL/TLS versions for a specific OpenSSL build

Linux Problem Overview

Linux Solutions

Solution 1 - Linux

Solution 2 - Linux

Solution 3 - Linux

Solution 4 - Linux

Solution 5 - Linux

Solution 6 - Linux

Seek Bar thumb not transparent in Android 5.0 API 21 Lollipop

Why Android Studio is slowing down when editing xml file or changing the design?

Attributions