All Questions
509
questions
2
votes
1
answer
436
views
server negotiating TLS1.3 but sent TLS1.2 ciphersuite
I sent a client hello indicating TLS1.3 support, and it contains a list of all ciphersuites that support TLS1.3, TLS1.2 and TLS1.1
And consider server negotiated TLS1.3 indicating serverHello....
- 41
1
vote
1
answer
53
views
In TLS1.3 can the client hello have the extensions which were not sent as part of HelloRetryRequest
I am having a Handshake session of PSK_only mode in TLS1.3 , where I use PSK's established out of band.
consider, client Hello is sent with the extensions of supported_versions, PreSharedKey, ...
- 41
0
votes
1
answer
83
views
How to get debug output from `openssl s_server` when (PSK-only DTLS) handshake fails?
We have tested our DTLS client using the openssl s_server program from OpenSSL 3.2.1. The handshake failed because we used the wrong PSK on the client. To our surprise, the server neither responded ...
- 111
0
votes
1
answer
93
views
Would there be any utility for multiple clients sharing the same TLS session key?
I was wondering if there is any utility for multiple hosts sharing the same TLS session key. I have come across proxies and the way they intercept TLS connections is to make the client accept its ...
- 1
0
votes
2
answers
258
views
What is the impact of disabled TLS hostname verification?
If I have a java client that connects to a server, but in the java client code where the connection is built, it skips hostname verification disabled.
When a client tries to connect to serverA.com, ...
- 67
0
votes
2
answers
143
views
Automatically check if a certificate matches specific ciphers
My nginx backend server supports the following ciphers:
ssl_ciphers "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:...
- 1
0
votes
0
answers
100
views
Connecting Logstash To Elasticsearch via SSL (Docker Container)
My environment consists of 2 docker containers, one running Logstash and another running Elasticsearch on the SAME host & SAME docker network.
I am trying to setup SSL between the 2 of them (this ...
0
votes
1
answer
536
views
Criteria for Common Name of Certificate Authority and how it affects SSL certificates
It is not clear to me how the Common Name affects a certificate authority and the certificates that are ultimately created. For example, I have this simple script that creates some files for a ...
- 275
1
vote
1
answer
139
views
Creating SSL certificates that can work on any local area network?
Let's say I made a platform called the HelloWorld Platform. The HelloWorld Platform consists of one RaspberryPi that hosts PHP based REST API and one RaspberryPi that has temperature sensor that ...
- 275
1
vote
0
answers
70
views
Other benefits of creating my certificate authority aside from the firefox issue and centralized management of certificates?
I've been trying to read more about self-signed SSL certificates versus creating my own certificate authority to sign SSL certificates. I am still not completely clear on this.
I'll start by ...
- 275
0
votes
1
answer
265
views
Why openssl verify does not work for the certificate chain of a correctly configured site?
I download its certificates. To do that, I used the openssl debug output of the command
openssl s_client -connect security.stackexchange.com:443 -servername security.stackexchange.com -showcerts -...
- 3,030
-1
votes
1
answer
179
views
NET::ERR_CERT_COMMON_NAME_INVALID adguard [closed]
NET::ERR_CERT_COMMON_NAME_INVALID
This is the error that we're getting.
And it also says that "adguard has blocked access to this page".
What's the solution to this?
Would ssl pinning fix ...
- 141
0
votes
1
answer
143
views
What happens at a low level when authenticating server certificates?
Regarding the TLS 1.3 Handshake Protocol:
When the Server sends it's certificate, exactly how does the Client validate this?
I know at a high level the Client is verifying the data the Server sent ...
- 145
0
votes
0
answers
127
views
Can I Use an OpenPGP Smart Card to Sign a TLS Certificate?
I've been looking around for smart cards with support for Ed25519. More specifically, I'd like to have a TLS CA with the private key on a YubiKey. The latest YubiKey 5 supports secp256k1, secp384r1, ...
- 6,823
0
votes
0
answers
108
views
TLS session keys [duplicate]
I Have a confusion here.
From what I know, in TLS1.2, the Client sends Client Hello and then the Server Sends a Server Hello, Certificate(with its public key) and Certificate chain, and then a Server ...
- 133