All Questions
Tagged with tls cipher-selection
118
questions
2
votes
1
answer
436
views
server negotiating TLS1.3 but sent TLS1.2 ciphersuite
I sent a client hello indicating TLS1.3 support, and it contains a list of all ciphersuites that support TLS1.3, TLS1.2 and TLS1.1
And consider server negotiated TLS1.3 indicating serverHello....
0
votes
2
answers
1k
views
docker daemon reports 'tls: unconfigured cipher suite' for Nginx reverse proxy of Artifactory Docker registry
I am migrating to Artifactory on RHEL8 as a Docker remote repository, i.e. Artifactory is a proxy for a docker registry hosted through Jfrog.io.
We have a legacy registry with config in /etc/docker/...
0
votes
1
answer
596
views
TLS 1.3 Cipher Suites: authentication algorithm unspecified?
I was looking at Cipher Suites indicated on SSLLabs and I noticed something, here is a result for google.com (for instance):
With TLS 1.2, examples of Cipher Suites are:
...
1
vote
0
answers
1k
views
Disabling weak cipher suites in Tomcat does not work as expected
I have to get rid of so called "weak security" in a Tomcat application.
A penetration test identified services that accept connections with insecure TLS encryption and hashing algorithms: ...
0
votes
1
answer
999
views
Cipher Suites settings wrong order?
I'm trying to setup a custom order of TLS cipher suites according to this Microsoft list, on Windows Server 2022 but the outcome is not the one that I was expecting.
After using the powershell to ...
0
votes
1
answer
2k
views
P-384 vs. SHA384
Forgive my inexperience with encryption, I've been researching this for the better part of the morning and still cannot find a smoking gun answer.
A vendor is requesting that we verify a website we ...
1
vote
4
answers
6k
views
Which cipher is more secure TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA or TLS_RSA_WITH_AES_256_GCM_SHA384?
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA supports forward secrecy but it doesn't use GCM mode and use SHA1 TLS_RSA_WITH_AES_256_GCM_SHA384 uses GCM mode and SHA2 but it doesn't support forward secrecy. ...
2
votes
2
answers
623
views
Java support for TLS_DHE_RSA_WITH_AES_128_CCM
My test tool uses java and I need it to use TLS_DHE_RSA_WITH_AES_128_CCM.
Does standard java (Oracle) support CCM cipher suites?
I am seeing oracle links mentioning CCM but am not able to make it work....
2
votes
2
answers
1k
views
Cipher suite choice on macOS on Apple Silicon
I have a postfix mail server that accepts these cipher suites:
tls_high_cipherlist=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:
ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:
...
0
votes
1
answer
591
views
How does TLS use hashing from the negotiated cipher suite
I am trying to understand why TLS only uses hashing algorithm like SHA-384 instead of using an HMAC instance like HMAC-SHA-384.
If I understand correctly, this cipher suite (...
1
vote
0
answers
327
views
Should I manually select protocol and cipher?
I'm writing Java code for a decentralized network. (Proof of concept code here.) Each node generates its own self-signed certificate, to be used both server-side and client-side in every connection. ...
5
votes
1
answer
9k
views
How are key exchange and signature algorithms negotiated in TLS 1.3
In TLS 1.2, the cipher suite lists the algorithms for everything (key exchange, signature, cipher/MAC). So by choosing a suite, all the algorithms will have been negotiated. And I can see them from ...
1
vote
1
answer
2k
views
Should hashing algorithm used for X.509 certificate's signing match the algorithm used in the communication
I've seen this but the related answers don't answer my question.
For TLS 1.2 is the hashing algorithm specified in an X.509 certificate's cipher suite used for the signature inside the certificate or ...
0
votes
1
answer
341
views
Is it possible to view the cipher suites offered on my behalf by a MITM proxy?
I'm trying to discover what cipher suites are being offered by my corporate proxy. It's set up as a man in the middle so my "secure" connections are to it, and it attempts to create a ...
0
votes
1
answer
339
views
what is the link between server certificate and cipher list advertised by server for nmap command?
Nmap out put for google.com.
ssl-enum-ciphers.
TLSv1.2:
ciphers:
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (ecdh_x25519) - A.
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (ecdh_x25519) - A.
...