Skip to main content
Information Security

Questions tagged [tls]

Ask Question

SSL (Secure Sockets Layer) and/or TLS (Transport Layer Security)

5,854 questions
Newest Active Bountied Unanswered
0 votes
2 answers
143 views

Automatically check if a certificate matches specific ciphers

My nginx backend server supports the following ciphers: ssl_ciphers "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:...
Shahar G's user avatar
Shahar G
  • 1
1 vote
1 answer
146 views

What is the exact danger of not waiting for peer's close_notify response?

OpenSSL documentation says the following: (Source: https://openssl.org/docs/man3.0/man3/SSL_shutdown.html) It is acceptable for an application to only send its shutdown alert and then close the ...
Dragan's user avatar
Dragan
  • 13
0 votes
0 answers
99 views

Testing in case of TLS 1.3 with AES-GCM

At work, I'm used to sniffing and capturing on network interfaces by which client and server intercom on LAN in my domain so as to grab genuine business data, followed by my customized replaying to ...
Y.Z's user avatar
Y.Z
  • 101
0 votes
0 answers
87 views

Decrypt TLS (DHE cypher) inside of TDS (Microsoft SQL Tabular Data Stream protocol)

Is there a possibility to decrypt TLS data encapsulated within TDS Microsoft TSQL protocol? The TLS handshake seems to occur within TDS data, right after the TDS pre-login The handshake itself is ...
mouch's user avatar
mouch
  • 113
0 votes
0 answers
100 views

Connecting Logstash To Elasticsearch via SSL (Docker Container)

My environment consists of 2 docker containers, one running Logstash and another running Elasticsearch on the SAME host & SAME docker network. I am trying to setup SSL between the 2 of them (this ...
Dhiwakar Ravikumar's user avatar
Dhiwakar Ravikumar
  • 101
0 votes
0 answers
120 views

Openssl command to verify authenticity of CA Issuer? And the "magic" behind it? [duplicate]

I am not confident in my understanding of Certificate Authority and signing certificates. I'm wondering how do you verify the authenticity of an issuer when inspecting an entity certificate. Here's ...
learningtech's user avatar
learningtech
  • 275
4 votes
1 answer
242 views

Why does Fedramp disallow TLS 1.2 via HSTS?

I just stumbled upon this fedramp document: https://www.fedramp.gov/assets/resources/templates/FedRAMP-Moderate-Readiness-Assessment-Report-(RAR)-Template.docx It contains the following note in 4.2.2 ...
gerwout's user avatar
gerwout
  • 41
0 votes
0 answers
64 views

Will this certificate Pinning plan work as expected?

I have a mobile app deployed to millions of user in both Android and iOS. My Security dpto rotates our certs once a year. Our certs are issued by GlobalSign. I would like to pin the certificate ...
Leonardo's user avatar
Leonardo
  • 119
1 vote
2 answers
121 views

Authenticating a device for remote motor control

I'm looking for a standard solution to the following problem. I've been unable to find how something like this is normally accomplished. Even a key word that points me in the right direction would be ...
Joseph Rappaport's user avatar
Joseph Rappaport
  • 11
1 vote
2 answers
153 views

How is issuing a certificate revocation response different from re-issuing the certificate itself?

I am reading about how certificates work in the context of X.509, SSL/TLS/HTTPS. According to Wikipedia, the client (e.g. a browser) is supposed to check the revocation status for each non-root ...
paperskilltrees's user avatar
paperskilltrees
  • 113
0 votes
1 answer
536 views

Criteria for Common Name of Certificate Authority and how it affects SSL certificates

It is not clear to me how the Common Name affects a certificate authority and the certificates that are ultimately created. For example, I have this simple script that creates some files for a ...
learningtech's user avatar
learningtech
  • 275
1 vote
1 answer
139 views

Creating SSL certificates that can work on any local area network?

Let's say I made a platform called the HelloWorld Platform. The HelloWorld Platform consists of one RaspberryPi that hosts PHP based REST API and one RaspberryPi that has temperature sensor that ...
learningtech's user avatar
learningtech
  • 275
0 votes
1 answer
145 views

How can I test in my device checks DNS CAA correctly and rejects TLS certificates that are signed by an unauthorized CA?

I would like to know how I can test if my devices, or browsers1 checks and applies DNS Certification Authority Authorization (CAA) correctly. And if it does not, how I can enable it and enforce CAA to ...
Bob Ortiz's user avatar
Bob Ortiz
  • 6,715
1 vote
0 answers
70 views

Other benefits of creating my certificate authority aside from the firefox issue and centralized management of certificates?

I've been trying to read more about self-signed SSL certificates versus creating my own certificate authority to sign SSL certificates. I am still not completely clear on this. I'll start by ...
learningtech's user avatar
learningtech
  • 275
3 votes
0 answers
123 views

Does the DNS belong to the threat model in the ACME protocol with the TLS challenge

If I use the ACME protocol to generate Certificates and I use the TLS Challenge, is the DNS Server a critical part in the threat model?
haschibaschi's user avatar
haschibaschi
  • 131

15 30 50 per page
1 2 3
4
5
391