nss

I'm interested in Java-NSS libraries, and I'm reading the Sun's P11 Guide . I am confused on the following: What is the difference between using a PKCS12 keystore and a PKCS11 keystore? A keystore is just a keystore, right? Are there some differences? Can they be used interchangeably in any aspect? PKCS#12 is a file format (often called .p12 or .pfx) where you can store a private key and certificates. It's used for converting/transporting keys and certificates, mainly. If you export a private key + certificate from your browser, it's likely going to be in that format. PKCS#11 is an interface,

Just recently my server has stopped working for curl requests to https:// addresses for my web server. Having dug around a little it appears that it's a problem with the user the webserver is running. If I SSH onto the server as root & call curl -I -v https://google.com ... I get the following response... * About to connect() to google.com port 443 (#0) * Trying 173.194.67.113... connected * Connected to google.com (173.194.67.113) port 443 (#0) * Initializing NSS with certpath: sql:/etc/pki/nssdb * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * SSL connection using SSL_RSA_WITH_RC4

I'm using curl library (with NSS) in PHP to connect to my other server. Everything was fine until last week, when the destination server stoped supporting SSLv3 due to poodle vulnerability (CloudFlare by the way). Now, I'm trying to make connection using TLS, but I'm still getting "SSL connect error". There is sample code, I'm using: $ch = curl_init(); curl_setopt_array( $ch, array( CURLOPT_URL => 'https://www.lumiart.cz', CURLOPT_RETURNTRANSFER => true, CURLOPT_SSLVERSION => 1, CURLOPT_SSL_VERIFYPEER => false, CURLOPT_VERBOSE => true ) ); $output = curl_exec( $ch ); echo $output; print_r(