Questions tagged [tls]
SSL (Secure Sockets Layer) and/or TLS (Transport Layer Security)
5,854
questions
1
vote
1
answer
25
views
ELI5: If SSL encrypts traffic, why does it expire?
SSL, nowadays TLS, encrypts traffic between the server and client. However, the certificate is only valid for a certain period of time until its expiration.
What I don't understand is, why does TLS ...
1
vote
0
answers
41
views
TLS Server Certificate Validations 1.2 [duplicate]
I have just started to study the TLS 1.2 protocol and would like to know what checks are performed on the client side by the browser when checking the server certificate. I would be glad if you could ...
1
vote
1
answer
26
views
what should be the response of keyupdate if the initial KeyUpdateRequest is set to update_not_requested not update_requested
"The KeyUpdate handshake message is used to indicate that the sender is updating its sending cryptographic keys."
"If the request_update field is set to "update_requested", ...
5
votes
2
answers
1k
views
How did I obtain a wildcard SSL certificate without port 80 opened for a challenge?
I wanted to secure my apps running in a private subnet with SSL. Albeit not necessary, it is very nice to have.
Because of my constant changes, I opted for a wildcard ssl certificate through my DNS ...
1
vote
1
answer
88
views
How exactly do corporate companies decrypt employee SSL/HTTPS traffic on company owned corporate devices? [duplicate]
I understand that corporate companies can/do decrypt employee SSL/HTTPs traffic because the company owned device has a company owned SSL certifiate.
I thought the first certificate would encrypt the ...
-1
votes
1
answer
79
views
How do we secure our network traffic from packet sniffing tools [beyond TLS/SSL] [duplicate]
From following link: Decrypting TLS with Netsh/WireShark
I found its pretty easy to segregate the keys file from tcp requests and later decrypt with WireShark.
Are there any reliable/bullet-proof ...
2
votes
1
answer
436
views
server negotiating TLS1.3 but sent TLS1.2 ciphersuite
I sent a client hello indicating TLS1.3 support, and it contains a list of all ciphersuites that support TLS1.3, TLS1.2 and TLS1.1
And consider server negotiated TLS1.3 indicating serverHello....
1
vote
1
answer
53
views
In TLS1.3 can the client hello have the extensions which were not sent as part of HelloRetryRequest
I am having a Handshake session of PSK_only mode in TLS1.3 , where I use PSK's established out of band.
consider, client Hello is sent with the extensions of supported_versions, PreSharedKey, ...
4
votes
2
answers
1k
views
Securing HTTP File Transfer over local network
My intention is to transfer files between a computer and a cell phone in the same network. I have created a system consisting of two apps for this purpose (everyone should be able to use the apps): ...
19
votes
4
answers
8k
views
HTTP: how likely are you to be compromised by using it just once?
My question is, if somebody, today, in 2024, sent a password or a credit card number to some random HTTP website just once, how likely is that password or credit card number to be found on a hacker ...
0
votes
0
answers
26
views
Define DH parametes in python-mbedtls [migrated]
I'm using python-mbedtls library - https://github.com/Synss/python-mbedtls/tree/master
my goal is to create handshake with different cipher suites,
I've managed to do so with the given server and ...
2
votes
1
answer
61
views
Why is the browser being prompted for a client certificate without a Certificate Request in the handshake?
When I visit a particular site, foobar.com, I am being prompted for a client certificate, which is unexpected for this site.
I assumed there would be a Certificate Request message in the HTTPS ...
6
votes
1
answer
154
views
Do browsers like FireFox, Chrome, Opera, and Tor store TLS 1.3 session tickets on the disk?
Do browsers save TLS 1.3 session tickets on the disk to resume a TLS session after the browser process has been killed and restarted?
Are there any glaring security risks of caching TLS 1.3 session ...
0
votes
1
answer
49
views
Anlyzing PSK-TLS handshake (Handshake Finished record) in Wireshark
I am doing testing with some ethernet device, for which I use an own TLS implementation (using OpenSSL for the actual cryptographic functions). There are pre shared keys used. When I am connecting to ...
1
vote
1
answer
55
views
What are the risk of using http when capturing open events on an email
I want to configure a custom domain for open and click tracking in Amazon Simple Email Service (SES). However, I've encountered a limitation where Amazon SES only allows HTTPS domains for tracking ...