Questions tagged [tls]
SSL (Secure Sockets Layer) and/or TLS (Transport Layer Security)
5,852
questions
4
votes
2
answers
1k
views
How did I obtain a wildcard SSL certificate without port 80 opened for a challenge?
I wanted to secure my apps running in a private subnet with SSL. Albeit not necessary, it is very nice to have.
Because of my constant changes, I opted for a wildcard ssl certificate through my DNS ...
1
vote
1
answer
79
views
How exactly do corporate companies decrypt employee SSL/HTTPS traffic on company owned corporate devices? [duplicate]
I understand that corporate companies can/do decrypt employee SSL/HTTPs traffic because the company owned device has a company owned SSL certifiate.
I thought the first certificate would encrypt the ...
-1
votes
1
answer
70
views
How do we secure our network traffic from packet sniffing tools [beyond TLS/SSL] [duplicate]
From following link: Decrypting TLS with Netsh/WireShark
I found its pretty easy to segregate the keys file from tcp requests and later decrypt with WireShark.
Are there any reliable/bullet-proof ...
2
votes
1
answer
418
views
server negotiating TLS1.3 but sent TLS1.2 ciphersuite
I sent a client hello indicating TLS1.3 support, and it contains a list of all ciphersuites that support TLS1.3, TLS1.2 and TLS1.1
And consider server negotiated TLS1.3 indicating serverHello....
1
vote
1
answer
49
views
In TLS1.3 can the client hello have the extensions which were not sent as part of HelloRetryRequest
I am having a Handshake session of PSK_only mode in TLS1.3 , where I use PSK's established out of band.
consider, client Hello is sent with the extensions of supported_versions, PreSharedKey, ...
4
votes
2
answers
1k
views
Securing HTTP File Transfer over local network
My intention is to transfer files between a computer and a cell phone in the same network. I have created a system consisting of two apps for this purpose (everyone should be able to use the apps): ...
19
votes
4
answers
8k
views
HTTP: how likely are you to be compromised by using it just once?
My question is, if somebody, today, in 2024, sent a password or a credit card number to some random HTTP website just once, how likely is that password or credit card number to be found on a hacker ...
0
votes
0
answers
25
views
Define DH parametes in python-mbedtls
I'm using python-mbedtls library - https://github.com/Synss/python-mbedtls/tree/master
my goal is to create handshake with different cipher suites,
I've managed to do so with the given server and ...
2
votes
1
answer
57
views
Why is the browser being prompted for a client certificate without a Certificate Request in the handshake?
When I visit a particular site, foobar.com, I am being prompted for a client certificate, which is unexpected for this site.
I assumed there would be a Certificate Request message in the HTTPS ...
6
votes
1
answer
141
views
Do browsers like FireFox, Chrome, Opera, and Tor store TLS 1.3 session tickets on the disk?
Do browsers save TLS 1.3 session tickets on the disk to resume a TLS session after the browser process has been killed and restarted?
Are there any glaring security risks of caching TLS 1.3 session ...
0
votes
1
answer
46
views
Anlyzing PSK-TLS handshake (Handshake Finished record) in Wireshark
I am doing testing with some ethernet device, for which I use an own TLS implementation (using OpenSSL for the actual cryptographic functions). There are pre shared keys used. When I am connecting to ...
1
vote
1
answer
53
views
What are the risk of using http when capturing open events on an email
I want to configure a custom domain for open and click tracking in Amazon Simple Email Service (SES). However, I've encountered a limitation where Amazon SES only allows HTTPS domains for tracking ...
0
votes
0
answers
25
views
Why cannot we use TLS in the data link layer instead of EAPTLS? [duplicate]
since EAPTLS also makes use of the TLS protocol features to provide authentication why cannot we just make use of TLS in datalink layer. What is the exact difference between them.
0
votes
1
answer
59
views
mTLS set up - Does it require any offline certificates exchange?
My company is exposing a few APIs to one of our partner systems (external).
We're looking at mTLS authentication here than any credentials based Auth schemes.
My understanding is,
My system (server) ...
0
votes
1
answer
62
views
export burp certificate to wireshark for inspection
I am trying to figure out if i can take the burpsuite certificate and export it to wireshark to be able to inspect the traffic going through it. My main goal here is to test a website i own to see ...