All Questions
Tagged with tls cryptography
219
questions
1
vote
1
answer
26
views
what should be the response of keyupdate if the initial KeyUpdateRequest is set to update_not_requested not update_requested
"The KeyUpdate handshake message is used to indicate that the sender is updating its sending cryptographic keys."
"If the request_update field is set to "update_requested", ...
3
votes
1
answer
2k
views
How does the SSL/TLS protocol determine if a certificate is expired or not?
I already tried googling but no luck. All search results always tell you how to check cert expiration manually, but that is not my question. Yes I can use OpenSSL for example, but what I am asking is ...
0
votes
2
answers
479
views
Why AES256 with SHA384 in TLS [closed]
Is there any concrete/solid rationale for this choice of cipher? Seems to be the default when I connect via TLS1.2 to an Apache2 server (whatever latest version on Debian 11) with configuration lines ...
1
vote
0
answers
568
views
How exactly does OpenVPN's tls-auth option apply HMAC to packet messages?
Update: I've been able to work out everything I was asking about packet structure when I was finally able to get Wireshark to work, but there is one last thing I'm confused on which I detail at the ...
1
vote
1
answer
482
views
Is providing a static TLS key during an OpenVPN handshake useless for commercial providers?
When using OpenVPN, tls-auth and tls-crypt are widely adopted options, allowing a static key to be used in the initial handshake. This helps prevent against DoS attacks, as without the valid key a ...
4
votes
1
answer
4k
views
Can we add TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 on windows server 2012 using gpedit although not supported by windows OS by default?
We are using IIS on Windows 2012-R2 server to host dotnet apps. From the app, when we try connecting to an external 3rd party api we see TLS handshake failure. On running ssllabs test on that api, I ...
1
vote
1
answer
979
views
How are session keys transferred between a client and a server?
Session keys are generated during TLS handshake and are transferred from clients to server through asymmetric encryption FOR ONCE.
However, I have heard that session keys are single-use, which mean a ...
1
vote
1
answer
94
views
Asymmetric encryption between a monitoring unit and a tablet device
My task is to find asymmetric cryptography that a private key will be associated with a monitoring unit. The monitoring unit will connect to a tablet device which will show a live feed from the ...
1
vote
2
answers
1k
views
Possible attacks using public key in a certificate
this is purely an exploratory question.
If this is not the right place to ask for it,
please point me to the right one.
TLS version: TLS 1.2
CIPHER SUITE : TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(any ...
4
votes
1
answer
882
views
Role of the handshake secret (vs master secret) in TLS v1.3
In TLS v1.3, there are three secrets
from which other secrets/keys are derived:
early secret
handshake secret
master secret
See this diagram.
The early secret does not include the Diffie-Hellman ...
0
votes
1
answer
374
views
What is the workflow from client to server for SSL enabled sites?
I have a basic question on workflow of SSL enabled sites from client browser to server. My understanding is when the browser has to access some https enabled site, the browser contacts some CAs. I am ...
6
votes
1
answer
884
views
Exactly why is it not possible to "drop-out" of TLS 1.3 proxy inspection?
I have been reading a number of articles that state it is not possible for an inspection proxy to simply drop-out/disengage from a TLS 1.3 connection in the same way that is possible in TLS 1.2.
Such ...
0
votes
1
answer
702
views
How to generate ffdhe from rfc7919
Everyone recommends to use the pre-defined ffdhe groups from https://www.rfc-editor.org/rfc/rfc7919
There are multiple sources (for example mozilla) where I can download the DH PARAMETERS file but how ...
0
votes
1
answer
141
views
Vulnerabilities and potential scale for sensitive data transferred in plaintext, involving credit card payment information
Regarding the insecure transmission of data over a network.
When it comes to plaintext credit card information and payment details being transferred in this manner over HTTPS. What are the possible ...
0
votes
4
answers
761
views
Why can't we encrypt the message with sender's private key and receiver's public key in case of sending messages through a server?
I read that why do we need E2EE and can't rely only on HTTPS for sending messages through a messaging app. The reason which i understood is when sender sends the message to the server, the TLS ...