tls's questions - English 1answer

4.266 tls questions.

I know that TLS ciphers such as TLS_RSA_WITH_AES_128_CBC_SHA transmit data as shown https://tools.ietf.org/html/rfc5246#section-6.2.3.2. From my understanding the ciphertext MUST be a multiple of the ...

We're attempting to understand why ssldump -nAdeHqd port 10144 of a port used by Redislab's dmcproxy application seems to be complaining about a client certificate when our client presents it to the ...

I'm using mail.com over HTTPS. I sent a mail and I was connected over my access to the company VPN. Is it possible that the administrator of my company can read my mails? I used Firefox / Webbrowser ...

This method which I am talking about can improve caching of images, videos, and CSS by the ISP rather than just depending on the browser cache. And it also proves the validity of the sender. Is there ...

Say one has a service provided by Consul, for which active.[name-of-service].service.consul is the link it provides to the active host leader for that service. How would I properly set up TLS to that ....

I'm a newbie to android pen testing and started off with an application. The app uses HTTPS and works fine without configuring any proxy. When a proxy like a burp suite is configured, the app ...

Could you please help me to understand whether a client's certificate will be accepted by a server as valid during mutual TLS challenge based on diagram below? The client side knows nothing about ...

What is the most secure way to store transfer and store a JWT token, or any authentication token in general? Someone told me it's secure to send the authentication token as a cookie, but I don't ...

Identify SSL version and cipher suite

3 answers, 29.158 views tls
We have a Java application running on a Linux server and we are transmitting some files using a third party Java library which uses HTTPS internally to connect to external servers. These are legacy ...

How does one evaluate the risk of storing a private key (secret) on services like the AWS elastic load balancer, or for the purpose of my question: any service non-self managed service that could ...

I recently wrote an application that calls out to a 3rd party service to perform some work. This 3rd party service requires that I authenticate the client calling by using a client certificate. For ...

I want to increase the security of my Tomcat and to configure diffie-hellman module size 2048. I want to add to my CATALINA_OPTS -Djdk.tls.ephemeralDHKeySize=2048 What happens if I have configured it ...

I have an ASA 5550 firewall that doesn't support TLS 1.2. What impact would we have when the older protocols are disabled? Will this affect the servers at all?

I've got an existing customer base. A customer has appointments. Currently they cannot access or change their appointments without contacting me directly. I want to offer them a way to access and ...

I have a web server. I configured the TLS versions I want to enable using: sudo gedit mysitecom.conf Inside the .conf I listed the desired versions using (as an example): SSLProtocol -TLSv1 -TLSv1.1 ...

The TLS specs define how the handshake between client and server must be performed when the client wants to use a certificate to authenticate itself. There is a lot of documentation onlin that assumes ...

We have given customers the option to allow custom domains which ultimately point to our server by changing the CNAME. Some of our customers would like to have SSL enabled to their domain but I am ...

For my private VPS, I am building a configuration for different web applications (Owncloud,...) which depends on a combination of different Docker containers. At the front, I would like to use an ...

I am developing an Arduino application that communicates with my web server over SSL. I have successfully done certificate pinning as described in this tutorial: https://www.google.com/amp/s/...

I opened a web page using https. When I looked at the page info provided by my browser (Firefox) I saw following: Connection encrypted: High-grade Encryption (...

I am trying to analyse the flow of email by email header. I have added snippet of one my email header I am trying to understand. I have concluded some points using that. Are the below conlcluded ...

We are setting up AWS servers to become SOC 2 compliant, to do that we need to discontinue support for the identified cipher suites and TLS 1.0 As I understand we need to leave only these suites ...

In form based authentication the credentials are sent as such within the message, whereas in digest based authentication a digest of credentials, domain name and a random challenge is sent instead. ...

I am trying to do something similar to what has been pointed out in this nice answer by Jonathon Reinhart. I have a CA certificate with Name Constrains (RFC): Permitted [1]Subtrees (0..0): ...

The explanation in the book is not clear that whether they are equal or not. My thought is below. If they are equal, the server can not prevent replay attack because the nonce is determined by the ...

I ran an SSL test on a test website using testssl (https://testssl.sh) and I found this issues: - Chain of trust is Incomplete - Server Cipher order is not set I understand that when Chain of Trust ...

I'm currently reading the Transport Layer Security (TLS) Protocol Version 1.3. In section 4.2.3 (Signature Algorithms) it says Clients which desire the server to authenticate itself via a ...

Is there a case to be made for authorizing with both a client side certificate and JWT for an IoT device? Are JWTs good enough (assuming following of the specs)? And if client side certs are truly ...

I have the Easybox 904 xDSL router from Vodafone (Germany) running the latest firmware 03.17.01.17. I wanted to upgrade the firmware but found out that the latest version is from 2015 - no updates ...

The MongoDB net options don't seem to be very flexible. I want to be able to configure allowSSL for 127.0.0.1:27017 and requireSSL for some other interface, is this not possible with MongoDB?

I am working on a project and require some advice. For my project, I need to implement a License Volume Manager which will be hosted on Server A Server A will give the license to Client B, for this ...

We have a windows AD domain with servers and clients. The domain also has a Windows Certificate Authority (AD CS). The CA is trusted in the domain by publishing it's public key in the local ...

I allow users of my webapp to provide a URL for their own images. They can also provide CSS which may contain URLs to images. If these URLs are HTTP then the browser does not show the padlock in the ...

Are SSL encrypted requests vulnerable to Replay Attacks? If so, what are good options to prevent this?

I'd like to know how safe the TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA Cipher (Cipher ID: [0xc009]) is. Alternatively, I'd appreciate to be directed to some sort of list that lists all available Cipher ...

I am trying to read the email header and see if the emails is encrypted during transit. By looking at the lines from email header Received: by 2002:a6b:e40f:0:0:0:0:0 with SMTP and Received: by mx....

We have an Application which is developed using ASP.NET MVC3. Penetration-test done by an IBM AppScan tool. Issue has been reported and it was ASPXAUTH is not secure. When I checked on the browser's ...

How to check TLS version intolerance on a terminal for a remote website? Using openssl or without it!

I recently heard that a discussion to encrypt SNI field has been abandoned because of overhead. After a few months later, the government will bring a plan to sniffing SNI field so that they can block ...

An excerpt of one of my courses about SSL/TLS says the following, This excerpt is just after the Handshake finish phase of SSL (with change_cipher_spec and finished messages). Role of the finish ...

If you check a site's TLS encryption in a browser, you'll see somethng like TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256. You can see there AES and SHA length. You can see RSA/EC length if you inspect the ...

I've come across a couple issues now with various vendor products where connections to https://example.foo is handled differently from connections to https://ExAmPlE.FoO with the latter sometimes ...

Let's imagine my main website is https://www.example.com, but a user types in http://www.example.com. Should this redirect straight to https://www.example.com, or should it first redirect to https://...

If I am running a web server on port 80 and I also have port 443 (HTTPS) turned on but it is not enforced. I did not self-sign or sign with a proper CA (i.e., I don't use SSL for my site), does ...

I have many client devices that I need to reverse SSH tunnel into. I am finding that managing all these certificate files are becoming cumbersome. I am looking into a centralized authentication system....

I understand the basic steps in the TLS handshake. My question is, where and how does one-way hashing fit into the steps below? Is it the session key that is hashed? Many texts mention that the ...

In an answer to What is the difference between SSL, TLS, and HTTPS, it's said that HTTPS is HTTP over SSL/TLS. That is, an SSL/TLS connection is established first, and then normal HTTP data is ...

I was looking at the TLS handshake and I noticed that the client will send it's list of supported cipher suites and the server will select a cipher suite. The server never sends it's list of supported ...

WebRTC makes use of TURN-Servers if the direct peer to peer connection fails. There are two protocols available: TURN and TURNS (TURN over TLS). According to the MDN: All data transferred using ...

I use certbot to generate ssl cert for my domain. Then I use the following commands to copy the content to clipboard cat ./letsencrypt/live/mycompany.com/cert.pem |pbcopy cat ./letsencrypt/live/...

Related tags

Hot questions

Language

Popular Tags