Questions tagged [tls]
SSL (Secure Sockets Layer) and/or TLS (Transport Layer Security)
5,854
questions
1
vote
1
answer
15
views
ELI5: If SSL encrypts traffic, why does it expire?
SSL, nowadays TLS, encrypts traffic between the server and client. However, the certificate is only valid for a certain period of time until its expiration.
What I don't understand is, why does TLS ...
- 33.8k
1
vote
1
answer
1k
views
How to check to see whether DNS over TLS is blocked in my network by ISP?
I'm looking for a method to check whether DNS over TLS is blocked in my network by my ISP or not. A method that isn't just trial and error of a bunch of popular DoT providers to see which one connects ...
CommunityBot
- 1
1
vote
0
answers
40
views
TLS Server Certificate Validations 1.2 [duplicate]
I have just started to study the TLS 1.2 protocol and would like to know what checks are performed on the client side by the browser when checking the server certificate. I would be glad if you could ...
- 204k
2
votes
3
answers
3k
views
Intercept HTTP Traffic of an android app?
I was trying to test and intercept traffic from an app developed on Rhodes open source framework, I setup a proxy with burp, and of course I have installed burp certificate on my device hence I can ...
CommunityBot
- 1
3
votes
4
answers
3k
views
Can mutual TLS work with a self-signed client certificate?
Is it conceptually possible to allow in the server a specific self signed client certificate for mutual TLS?
If possible but not recommended. Why?
I have a client to who I have to provide a server ...
- 2,125
1
vote
1
answer
26
views
what should be the response of keyupdate if the initial KeyUpdateRequest is set to update_not_requested not update_requested
"The KeyUpdate handshake message is used to indicate that the sender is updating its sending cryptographic keys."
"If the request_update field is set to "update_requested", ...
- 12k
2
votes
2
answers
114
views
Security Concern Opening Up Azure VM to AWS IPs
We have an IIS webserver hosted in Azure. We want to monitor this server via our cloud SIEM hosted in AWS. To monitor, there is a requirement to open outbound 443, on the VM, to a few hundred AWS ...
CommunityBot
- 1
0
votes
2
answers
751
views
Does distributing an SSL certificate and private key pose a security risk?
I found some applications bundle an SSL certificate and associated private key signed by a public CA for a domain name pointing to 127.0.0.1, probably to bypass the certificate/mixed content warning ...
CommunityBot
- 1
1
vote
1
answer
152
views
Is it reasonable to have a product that requires LLMNR or mDNS?
I am trying to figure out the best way to manage security certificates for embedded devices who's webpage is accessed via IP address, and then the scenario for when that IP address changes.
Currently, ...
CommunityBot
- 1
0
votes
2
answers
211
views
Is Symmetric Key Exchange over HTTPS safe?
I am auditing a webapplication that gives access to a financial backend. The web application provides the frontend in a HTTPS session properly encrypted, and after the client authenticating inside the ...
CommunityBot
- 1
5
votes
4
answers
3k
views
Company decrypting SSL, is it common?
We've just implemented a proxy that decrypts all SSL traffic in order to classify and scan it. Naturally a lot of our users feel concerned. We're a small company (100 users) owned by a big company (...
- 54.6k
5
votes
2
answers
1k
views
How did I obtain a wildcard SSL certificate without port 80 opened for a challenge?
I wanted to secure my apps running in a private subnet with SSL. Albeit not necessary, it is very nice to have.
Because of my constant changes, I opted for a wildcard ssl certificate through my DNS ...
- 143
1
vote
1
answer
88
views
How exactly do corporate companies decrypt employee SSL/HTTPS traffic on company owned corporate devices? [duplicate]
I understand that corporate companies can/do decrypt employee SSL/HTTPs traffic because the company owned device has a company owned SSL certifiate.
I thought the first certificate would encrypt the ...
- 155
47
votes
5
answers
98k
views
Can HTTPS server configured without a server certificate?
I have noticed that, a HTTPS connection can be set up with the server configured to use a certificate, and when additional security is required, the server can ask the client to provide a client ...
19
votes
4
answers
8k
views
HTTP: how likely are you to be compromised by using it just once?
My question is, if somebody, today, in 2024, sent a password or a credit card number to some random HTTP website just once, how likely is that password or credit card number to be found on a hacker ...
- 1,008