tls's questions - English 1answer

4.341 tls questions.

After the Snowden revelations, is there any mass change being carried out to HTTPS protocol? As far as I understood, any HTTPS communication is still visible to NSA as they can compromise the RSA ...

I came across an interesting case today, which with my limited knowledge I'm unable to understand the working of. I was trying to access a bit.ly link, but it is blocked by my University. Knowing ...

I'm setting up a TLS connection for the purposes of sending secure SIP. The remote gateway (Twilio) doesn't always send a finish message and as such those requests fail. Everything else appears to ...

Let's say as an end user I generate a CSR (for a server cert) to send over to a CA and I don't include a subject alternative name. How or what would they do in order to include that information on the ...

I have a slight misunderstanding in the way TLS works. I know that I can use Burpsuite Proxy to intercept HTTPS traffic coming from my browser. How is this possible when the server is going to see the ...

I'm trying to use a service that uses a self-signed cert. Download the cert: # printf QUIT | openssl s_client -connect my-server.net:443 -showcerts 2>/dev/null > my-server.net.crt Check that ...

I am using a mobile app that installs a fake trusted CA certificate and therefore can capture the HTTPS traffic of other apps. Most of the time, this MITM attack is successful. However, I noticed ...

Say one has a service provided by Consul, for which active.[name-of-service].service.consul is the link it provides to the active host leader for that service. How would I properly set up TLS to that ....

I'm a newbie to android pen testing and started off with an application. The app uses HTTPS and works fine without configuring any proxy. When a proxy like a burp suite is configured, the app ...

From what I know, with https the packet is totally encrypted except its destination. Does that mean that my corporate firewall and the guys working there will not be able to read my https packet in ...

Why don't VPN services use TLS?

3 answers, 2.434 views tls vpn
In corporate environment, security examiners use filters & firewalls to block VPN connections for security purpose. VPN traffic is distinguishable and that's also the reason why openVPN doesn't ...

Observing the TLS message type sequences via Wireshark by navigating different websites, it's found that the sequences are different. Taking following cases as an example, when comparing Case1 with ...

Assume that I have created a CSR and I am going to buy an SSL certificate with it. Would I be able to use the SSL certificate on another machine than where the CSR was created? Someone I know ...

How does one evaluate the risk of storing a private key (secret) on services like the AWS elastic load balancer, or for the purpose of my question: any service non-self managed service that could ...

I am looking for a deep down technical explanation of how it works. My understanding is its an SSL VPN and works as follows: - Anyconnect creates a TLS session to the configured remote servers, ...

I was reading about the offerings of the Cloudflare and then I read about the working of Cloudflare. Based on my understanding, the domain name of my website(alice.com) is resolved to the IP address ...

I am trying to understand the practical mechanisms of cross-signing (intermediate) certificates. As an example, I am looking at the Let's Encrypt Chain of Trust. That page mentions: IdenTrust has ...

In case of client certificate authentication, who should issue the client certificate? The service provider which exposes the API or the client consumer which consumes the API? In my experience, I ...

We have a tire III data center to let users to access resources through private network MPLS. we applied security solution in each layer. But I am not quite sure to use internal SSL for applications ...

For my private VPS, I am building a configuration for different web applications (Owncloud,...) which depends on a combination of different Docker containers. At the front, I would like to use an ...

We have a web portal and I need to add HSTS header in the response. Ours is an on-premise solution, so we use a self-signed certificate. I have added the hsts header in the response & I need to ...

As I understand it, CAs have the job to make sure that the encryption via a passphrase used when visiting a website (https://) stems from the website itself and nobody else. Or that if I exchange ...

I am trying to do something similar to what has been pointed out in this nice answer by Jonathon Reinhart. I have a CA certificate with Name Constrains (RFC): Permitted [1]Subtrees (0..0): ...

Is there a case to be made for authorizing with both a client side certificate and JWT for an IoT device? Are JWTs good enough (assuming following of the specs)? And if client side certs are truly ...

There is a WiFi network that I regularly use, and it seems to be blocking all VPN traffic other than IKEv2. I tested this by downloading many of the free/freemium VPN apps from the Google Play Store ...

If you aren't familiar with the NSA Quantum hacks, check this link: https://resources.infosecinstitute.com/turbine-quantum-implants-arsenal-nsa/ NSA claims to use the Quantum Insert method on ...

DNS over TLS is now supported in Android Pie, which allows a user to define a private DNS server, and by DNS providers such as CloudFlare's 1.1.1.1. This opens up the world of DNS security to more ...

I have the Easybox 904 xDSL router from Vodafone (Germany) running the latest firmware 03.17.01.17. I wanted to upgrade the firmware but found out that the latest version is from 2015 - no updates ...

Is there any way for my website to tell a browser, such as Chrome, to disallow a substitute MITM certificate like those used by corporate proxy servers? e.g. see Question 61056: Is there any way for ...

DSS based ciphers need certificate? Which DH based ciphers do not need certificates among opensll 1.0.2j, TLS1.2 supported ciphers list?

Websites has various methods implemented to tell browser to always use HTTPS - HSTS header, server redirec to HTTPS, CSP policy. However, the first time a user visits the site it can be over palin ...

It seems that hotmail.com mail server sitting at hotmail-com.olc.protection.outlook.com is using a TLS certificate issued to mail.protection.outlook.com. Both the mail server hostname and TLS ...

We have an Application which is developed using ASP.NET MVC3. Penetration-test done by an IBM AppScan tool. Issue has been reported and it was ASPXAUTH is not secure. When I checked on the browser's ...

I'm wondering if to prevent the possibility of a compromised SSL certificate leading to the potential for sensitive information disclosure if it might be prudent to further encrypt data being passed ...

Let's say in my database I store passwords hashed with salt with a fairly expensive hash (scrypt, 1000 rounds of SHA2, whatever). Upon login, what should I transfer over the network and why? Password ...

A couple of days ago we noticed that when we go to our online banking login page (using Opera browser as usual) there is no green lock icon there anymore. Instead, there is a grey globe icon which ...

I have many client devices that I need to reverse SSH tunnel into. I am finding that managing all these certificate files are becoming cumbersome. I am looking into a centralized authentication system....

I've been playing around with DNS rebinding. I made a little setup and I have it working fine with regular HTTP requests. I then tried to get it working over HTTPS and had a little "duh" moment: ...

Consider we run the following request: import requests url="https://secretsub.example.com/secretpath/post.php" payload = {'secretmessage1' : 'foo','secretmessage2' : 'bar'} r = requests.post(url,...

How do I avoid nginx processing a request with an undefined server name using the https protocol. The following configuration makes this work for normal http requests. It resets the connection for ...

WebRTC makes use of TURN-Servers if the direct peer to peer connection fails. There are two protocols available: TURN and TURNS (TURN over TLS). According to the MDN: All data transferred using ...

Suppose I need to connect to the internet but I cannot (or I don't want to) trust anything outside of my laptop. Therefore I will need to make sure all connections are secure, so I guess this means ...

I have generated my own SSL certificate for a web server on the internet, however this was for three reasons: Fun Not wanting to buy an SSL certificate Trying to get an A rating (excluding trust ...

For up to 4 weeks, the US Department of State's Office of Allowances web site has been using a security certificate whose chain of trust only goes to the State Dept's own CA, with no root CA. Browsers ...

There is a desktop client A connecting to website W in a https connection A --> W Somehow between A and W, there is a proxy G. A --> G --> W In this case, will G be able to get the ...

What is the difference between SSH and SSL? Which one is more secure, if you can compare them together? Which has more potential vulnerabilities?

In this Wireshark screenshot, there is a message type "Encrypted Data". Does anyone know what this is and in which situations this message type will be sent?

If an SSL interceptor is installed for security reasons in an Organization, and a certificate from intermediate CA is installed on all domain machines, what kind of risks this setup presents?

In many computer magazines I found the recommendation to use a public Wifi only with VPN (of course, you should trust the VPN provider). Assuming all websites with sensitive data (complete website, ...

The fetch() spec doesn't deal with SSL/TLS since these are socket-level protocols. So I assume that it implements it's calls to lower level connection services to ensure that certificates are verified ...

Related tags

Hot questions

Language

Popular Tags