Questions tagged [tls]
SSL (Secure Sockets Layer) and/or TLS (Transport Layer Security)
5,854
questions
0
votes
2
answers
143
views
Automatically check if a certificate matches specific ciphers
My nginx backend server supports the following ciphers:
ssl_ciphers "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:...
1
vote
1
answer
146
views
What is the exact danger of not waiting for peer's close_notify response?
OpenSSL documentation says the following: (Source: https://openssl.org/docs/man3.0/man3/SSL_shutdown.html)
It is acceptable for an application to only send its shutdown alert and then close the ...
0
votes
0
answers
99
views
Testing in case of TLS 1.3 with AES-GCM
At work, I'm used to sniffing and capturing on network interfaces by which client and server intercom on LAN in my domain so as to grab genuine business data, followed by my customized replaying to ...
0
votes
0
answers
87
views
Decrypt TLS (DHE cypher) inside of TDS (Microsoft SQL Tabular Data Stream protocol)
Is there a possibility to decrypt TLS data encapsulated within TDS Microsoft TSQL protocol?
The TLS handshake seems to occur within TDS data, right after the TDS pre-login
The handshake itself is ...
0
votes
0
answers
100
views
Connecting Logstash To Elasticsearch via SSL (Docker Container)
My environment consists of 2 docker containers, one running Logstash and another running Elasticsearch on the SAME host & SAME docker network.
I am trying to setup SSL between the 2 of them (this ...
0
votes
0
answers
120
views
Openssl command to verify authenticity of CA Issuer? And the "magic" behind it? [duplicate]
I am not confident in my understanding of Certificate Authority and signing certificates. I'm wondering how do you verify the authenticity of an issuer when inspecting an entity certificate.
Here's ...
4
votes
1
answer
242
views
Why does Fedramp disallow TLS 1.2 via HSTS?
I just stumbled upon this fedramp document: https://www.fedramp.gov/assets/resources/templates/FedRAMP-Moderate-Readiness-Assessment-Report-(RAR)-Template.docx
It contains the following note in 4.2.2 ...
0
votes
0
answers
64
views
Will this certificate Pinning plan work as expected?
I have a mobile app deployed to millions of user in both Android and iOS.
My Security dpto rotates our certs once a year.
Our certs are issued by GlobalSign.
I would like to pin the certificate ...
1
vote
2
answers
121
views
Authenticating a device for remote motor control
I'm looking for a standard solution to the following problem. I've been unable to find how something like this is normally accomplished. Even a key word that points me in the right direction would be ...
1
vote
2
answers
153
views
How is issuing a certificate revocation response different from re-issuing the certificate itself?
I am reading about how certificates work in the context of X.509, SSL/TLS/HTTPS. According to Wikipedia, the client (e.g. a browser) is supposed to check the revocation status for each non-root ...
0
votes
1
answer
536
views
Criteria for Common Name of Certificate Authority and how it affects SSL certificates
It is not clear to me how the Common Name affects a certificate authority and the certificates that are ultimately created. For example, I have this simple script that creates some files for a ...
1
vote
1
answer
139
views
Creating SSL certificates that can work on any local area network?
Let's say I made a platform called the HelloWorld Platform. The HelloWorld Platform consists of one RaspberryPi that hosts PHP based REST API and one RaspberryPi that has temperature sensor that ...
0
votes
1
answer
145
views
How can I test in my device checks DNS CAA correctly and rejects TLS certificates that are signed by an unauthorized CA?
I would like to know how I can test if my devices, or browsers1 checks and applies DNS Certification Authority Authorization (CAA) correctly. And if it does not, how I can enable it and enforce CAA to ...
1
vote
0
answers
70
views
Other benefits of creating my certificate authority aside from the firefox issue and centralized management of certificates?
I've been trying to read more about self-signed SSL certificates versus creating my own certificate authority to sign SSL certificates. I am still not completely clear on this.
I'll start by ...
3
votes
0
answers
123
views
Does the DNS belong to the threat model in the ACME protocol with the TLS challenge
If I use the ACME protocol to generate Certificates and I use the TLS Challenge, is the DNS Server a critical part in the threat model?