22
votes
SSL_ERROR_BAD_CERT_DOMAIN but name is correct
Firefox has a new policy that certs issued after 2016-08-23 have to have a SubjectAltName field.
https://bugzilla.redhat.com/show_bug.cgi?id=1400293
https://bugzilla.mozilla.org/show_bug.cgi?id=...
21
votes
Accepted
How do I use the openssl command to decode a certificate/public key .PEM file?
If you want to view a public key in PKCS#1 format, you can use:
openssl rsa -pubin -in <file> -text
- 4,194
16
votes
Specifying minor TLS version when using curl
Curl's behavior has changed!
For versions prior to 7.54.0, RedGrittyBrick's answer remains correct. For version of curl after 7.54.0 the options --tlsv1.0, --tlsv1.1 and --tlsv1.2 set the minimum ...
- 263
16
votes
Accepted
Does AES 256 GCM have any restricted byte sequences imposed on its cypher text?
Except for some special (and very rare) 'format-preserving' modes, all modern encryption algorithms, including AES-GCM, can handle any byte sequence in plaintext and produce any byte sequence as ...
- 3,778
15
votes
Accepted
Why are Root CAs with SHA1 signatures not a risk
Am I mistaken with understanding that were one to find a collision, they could impersonate the Verisign root CA, and use that to generate an intermediate and then server cert that would be trusted by ...
- 5,902
14
votes
How do I use the openssl command to decode a certificate/public key .PEM file?
how do I use the oppenssl command to decode it into a list of human-readable fields.
openssl x509 -in NAME.pem -text -noout
Replace 'NAME' with whatever filename your .pem file has.
- 757
11
votes
Accepted
Prevent users from ignoring certificate warnings
You can use Chrome's Enterprise Management System to set these policies. On Windows, these are typically rolled out via GPO. On MacOS and Linux, there are other mechanisms, that can be found on the ...
- 1,764
10
votes
In Wireshark where can I find the TLS Server's Certificate
In TLS 1.3, all messages after ServerHello are encrypted – the actual Certificate message is hiding in the "Application Data" packet in line 3.
The ChangeCipherSpec message is meaningless in ...
- 465k
10
votes
Does AES 256 GCM have any restricted byte sequences imposed on its cypher text?
Any block cipher that can encrypt arbitrary binary data must be able to produce all byte sequences in its output, or its output must be larger than its input for at least some inputs. But AES-GCM ...
- 5,980
9
votes
HSTS not working with Chrome
For others who are seeing a similar issue - it may be because your browser has not yet accessed the site over HTTPS. Try accessing it over HTTPS and then again over HTTP. If HSTS is correctly ...
- 241
9
votes
How do I list the SSL/TLS cipher suites a particular website offers?
This answer summarizes best given answers sofar and argues why to choose an alternative (or not!).
To find the best solution, we should first answer 'why do we want to enumerate all supported ciphers?...
- 251
8
votes
Accepted
Is there any reason to verify a download checksum over HTTPS
I wouldn't think HTTPS would catch either of those. AFAIK HTTPS offers no additional protection from corruption over TCP.
I'm no security expert, but I know that TLS (HTTPS) does these 2 things:
...
- 942
8
votes
Accepted
What is the purpose of chain.pem files?
Your Certbot output is slightly unusual. You should've received a "fullchain.pem" file containing everything in the correct order, not as several separate files.
(Not to mention the manual ...
- 465k
7
votes
Accepted
SSL Unsupported protocol error
The problem is that the Linux ncat server will only use TLS1.2 for SSL connections. The Windows ncat is not using TLS1.2. This causes the unsupported protocol error.
I can replicate this issue using ...
- 313
6
votes
Accepted
Why might Amazon login result in the error "SSL_ERROR_RX_RECORD_TOO_LONG"
You are connecting to https://www.amazon.com:80/. Your browser expects a SSL handshake to take place because of the https protocol part. But the website actually serves a plain HTTP response because ...
- 174
6
votes
Thunderbird: error 'Peer using unsupported version of security protocol.'
This was fixed by changing the support version of the TLS protocol.
The default has changed to TLS version 3.
In Linux I go to:
Edit
Preferences
General
Scroll all the way to the bottom
Config Editor ...
- 13.8k
6
votes
How does the Client Hello message choose the Record Layer version?
Or does wireshark sets the version according to what he saw in the server hello?
Yes. That title line is Wireshark's summary of the message. You can see in the detailed content of the message that in ...
5
votes
How to view SSL Certificate details on Chrome when Developer Tools are disabled?
As of Chrome 60 it is possible to return certificate details under "lock" menu. This option has to be enabled manually by accessing chrome://flags/#show-cert-link.
When you enable it and restart the ...
- 51
5
votes
Accepted
OpenVPN: Options error: "Unrecognized option or missing or extra parameter(s) in client.ovpn:130: tls-remote (2.4.6)"
That particular option was deprecated and removed in OpenVPN 2.4
The new syntax is:
verify-x509-name roadwarrior.inf.hs-anhalt.de name
To solve your problem, you can try
Meddling with the client....
- 1,715
5
votes
Accepted
Does a cert's filename matter?
The name of the files does not matter at all, only its content. What matters is that the path in the configuration matches the actual path on disk so that the files can be accessed. Of course, if the ...
- 5,902
5
votes
How should I generate a self signed SSL for an intranet server, following these specific requisites?
Self-signed certificates should never be used, as they have no Chain of Trust and are therefore insecure and pointless; the recommended way is to create a self-signed CA, using that CA to sign the ...
- 8,255
5
votes
Accepted
How does the Client Hello message choose the Record Layer version?
Wireshark sees the ClientHello in context of the following packets. If the handshake results in a common version of TLS 1.2 it will show TLS 1.2 record layer, with TLS 1.3 it will show TLS 1.3 record ...
- 5,902
4
votes
Specifying minor TLS version when using curl
Additionally to --tlsvX.Y/--sslvZ, which put a hard limit to what protocols curl would choose, you may use --tls-max x.y to softly control protocol negotiation.
- 211
4
votes
Why are Root CAs with SHA1 signatures not a risk
Am I mistaken with understanding that were one to find a collision, they could impersonate the Verisign root CA, and use that to generate an intermediate and then server cert that would be trusted by ...
4
votes
How do I enable TLS 1.3 in iOS and MacOS?
According to WWDC2017:
TLS 1.3 is not enabled by default
You can enable this on iOS with this provisioning profile
You can enable this on MacOS with this command in Terminal
sudo defaults write /...
- 2,325
4
votes
Decrypt SSL traffic with the openssl command line tool
I'm not entirely sure but I think the answer is no. The openssl command line client is a heterogeneous collection of tools. The X.509 commands can be useful to manipulate certificates, but the ...
4
votes
Accepted
OpenSsl and self-signed certificates - verifying a chain
The -cert cert.pem argument of openssl s_server is used to give the leaf certificate only. If you provide multiple certificates instead it will (usually?) take the first one. If you have chain ...
- 5,902
4
votes
Will Chrome fully remove TLS 1.0?
UPDATE 12/04/2020: The Chrome TLS 1.0 and 1.1 deprecation feature status now reads:
Comments
The existing enterprise policy SSLVersionMin can be used to override the security indicator downgrade (...
- 19.1k
4
votes
Accepted
why am I getting an error when trying to generate rsa 128
The limit is hard-coded to a minimum "secure" length, currently 512 bits (see RSA_MIN_MODULUS_BITS below). To circumvent it, for use in an embedded application, for example, you have to ...
- 186
Only top scored, non community-wiki answers of a minimum length are eligible