Skip to main content
Information Security

All Questions

Ask Question
Tagged with
219 questions
Newest Active Bountied Unanswered
1 vote
1 answer
26 views

what should be the response of keyupdate if the initial KeyUpdateRequest is set to update_not_requested not update_requested

"The KeyUpdate handshake message is used to indicate that the sender is updating its sending cryptographic keys." "If the request_update field is set to "update_requested", ...
hjhjh's user avatar
hjhjh
  • 41
3 votes
1 answer
2k views

How does the SSL/TLS protocol determine if a certificate is expired or not?

I already tried googling but no luck. All search results always tell you how to check cert expiration manually, but that is not my question. Yes I can use OpenSSL for example, but what I am asking is ...
Noob_Guy's user avatar
Noob_Guy
  • 139
0 votes
2 answers
479 views

Why AES256 with SHA384 in TLS [closed]

Is there any concrete/solid rationale for this choice of cipher? Seems to be the default when I connect via TLS1.2 to an Apache2 server (whatever latest version on Debian 11) with configuration lines ...
Cal-linux's user avatar
Cal-linux
  • 113
1 vote
0 answers
568 views

How exactly does OpenVPN's tls-auth option apply HMAC to packet messages?

Update: I've been able to work out everything I was asking about packet structure when I was finally able to get Wireshark to work, but there is one last thing I'm confused on which I detail at the ...
Letal1s's user avatar
Letal1s
  • 109
1 vote
1 answer
482 views

Is providing a static TLS key during an OpenVPN handshake useless for commercial providers?

When using OpenVPN, tls-auth and tls-crypt are widely adopted options, allowing a static key to be used in the initial handshake. This helps prevent against DoS attacks, as without the valid key a ...
Letal1s's user avatar
Letal1s
  • 109
4 votes
1 answer
4k views

Can we add TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 on windows server 2012 using gpedit although not supported by windows OS by default?

We are using IIS on Windows 2012-R2 server to host dotnet apps. From the app, when we try connecting to an external 3rd party api we see TLS handshake failure. On running ssllabs test on that api, I ...
dhanush shetty's user avatar
dhanush shetty
  • 43
1 vote
1 answer
979 views

How are session keys transferred between a client and a server?

Session keys are generated during TLS handshake and are transferred from clients to server through asymmetric encryption FOR ONCE. However, I have heard that session keys are single-use, which mean a ...
Gaai Chia's user avatar
Gaai Chia
  • 71
1 vote
1 answer
94 views

Asymmetric encryption between a monitoring unit and a tablet device

My task is to find asymmetric cryptography that a private key will be associated with a monitoring unit. The monitoring unit will connect to a tablet device which will show a live feed from the ...
Phenom's user avatar
Phenom
  • 13
1 vote
2 answers
1k views

Possible attacks using public key in a certificate

this is purely an exploratory question. If this is not the right place to ask for it, please point me to the right one. TLS version: TLS 1.2 CIPHER SUITE : TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (any ...
Abhilash Gopalakrishna's user avatar
Abhilash Gopalakrishna
  • 113
4 votes
1 answer
882 views

Role of the handshake secret (vs master secret) in TLS v1.3

In TLS v1.3, there are three secrets from which other secrets/keys are derived: early secret handshake secret master secret See this diagram. The early secret does not include the Diffie-Hellman ...
ysdx's user avatar
ysdx
  • 1,785
0 votes
1 answer
374 views

What is the workflow from client to server for SSL enabled sites?

I have a basic question on workflow of SSL enabled sites from client browser to server. My understanding is when the browser has to access some https enabled site, the browser contacts some CAs. I am ...
grit639's user avatar
grit639
  • 103
6 votes
1 answer
884 views

Exactly why is it not possible to "drop-out" of TLS 1.3 proxy inspection?

I have been reading a number of articles that state it is not possible for an inspection proxy to simply drop-out/disengage from a TLS 1.3 connection in the same way that is possible in TLS 1.2. Such ...
rlon134's user avatar
rlon134
  • 75
0 votes
1 answer
702 views

How to generate ffdhe from rfc7919

Everyone recommends to use the pre-defined ffdhe groups from https://www.rfc-editor.org/rfc/rfc7919 There are multiple sources (for example mozilla) where I can download the DH PARAMETERS file but how ...
Hannes's user avatar
Hannes
  • 103
0 votes
1 answer
141 views

Vulnerabilities and potential scale for sensitive data transferred in plaintext, involving credit card payment information

Regarding the insecure transmission of data over a network. When it comes to plaintext credit card information and payment details being transferred in this manner over HTTPS. What are the possible ...
ABC's user avatar
ABC
  • 115
0 votes
4 answers
761 views

Why can't we encrypt the message with sender's private key and receiver's public key in case of sending messages through a server?

I read that why do we need E2EE and can't rely only on HTTPS for sending messages through a messaging app. The reason which i understood is when sender sends the message to the server, the TLS ...
shiwang's user avatar
shiwang
  • 103

15 30 50 per page
1
2 3 4 5
15