Questions tagged [tls]
SSL (Secure Sockets Layer) and/or TLS (Transport Layer Security)
5,854
questions
1289
votes
3
answers
691k
views
How does SSL/TLS work?
How does SSL work? I just realised we don't actually have a definitive answer here, and it's something worth covering.
I'd like to see details in terms of:
A high level description of the protocol.
...
585
votes
3
answers
526k
views
What's the difference between SSL, TLS, and HTTPS?
I get confused with the terms in this area. What is SSL, TLS, and HTTPS? What are the differences between them?
445
votes
9
answers
320k
views
Is BASIC-Auth secure if done over HTTPS?
I'm making a REST-API and it's straight forward to do BASIC auth login. Then let HTTPS secure the connection so the password is protected when the api is used.
Can this be considered secure?
420
votes
14
answers
69k
views
How is it possible that people observing an HTTPS connection being established wouldn't know how to decrypt it?
I've often heard it said that if you're logging in to a website - a bank, GMail, whatever - via HTTPS, that the information you transmit is safe from snooping by 3rd parties. I've always been a little ...
372
votes
6
answers
343k
views
What is certificate pinning?
I'm superficially familiar with SSL and what certs do. Recently I saw some discussion on cert pinning but there wasn't a definition. A DDG search didn't turn up anything useful. What is certificate ...
310
votes
3
answers
78k
views
CRIME - How to beat the BEAST successor?
With the advent of CRIME, BEAST's successor, what possible protection is available for an individual and/or system owner in order to protect themselves and their users against this new attack on TLS?
250
votes
4
answers
113k
views
SSL3 "POODLE" Vulnerability
Canonical question regarding the recently disclosed padding oracle vulnerability in SSL v3. Other identical or significantly similar questions should be closed as a duplicate of this one.
What is the ...
245
votes
14
answers
48k
views
My college is forcing me to install their SSL certificate. How to protect my privacy?
My college administration is forcing us to install Cyberoam Firewall SSL certificate so that they can view all the encrypted traffic to "improve our security". If I don't install the certificate than ...
243
votes
5
answers
155k
views
What is the difference between https://google.com and https://encrypted.google.com?
Is it there any difference between the encrypted Google search (at https://encrypted.google.com) and the ordinary HTTPS Google search (at https://google.com)?
In terms of security what were the ...
234
votes
8
answers
211k
views
What is the difference between SSL vs SSH? Which is more secure?
What is the difference between SSH and SSL? Which one is more secure, if you can compare them together?
Which has more potential vulnerabilities?
219
votes
7
answers
219k
views
Does https prevent man in the middle attacks by proxy server?
There is a desktop client A connecting to website W in a https connection
A --> W
Somehow between A and W, there is a proxy G.
A --> G --> W
In this case, will G be able to get the ...
203
votes
7
answers
35k
views
How do mobile carriers know video resolution over HTTPS connections?
Verizon is modifying their "unlimited" data plans. Customers in the USA can stream video at 480p -or- pay to unlock higher resolutions (both 720p and +1080p). They are not the only mobile carrier to ...
172
votes
11
answers
129k
views
Is visiting HTTPS websites on a public hotspot secure?
It's often said that HTTPS SSL/TLS connections are encrypted and said to be secure because the communication between the server and me is encrypted (also provides server authentication) so if someone ...
170
votes
4
answers
383k
views
Difference between .pfx and .cert certificates
What is the difference between .pfx and .cert certificate files?
Do we distribute .pfx or .cert for client authentication?
170
votes
13
answers
107k
views
https security - should password be hashed server-side or client-side?
I am building a web application which requires users to login. All communication goes through https. I am using bcrypt to hash passwords.
I am facing a dilemma - I used to think it is safer to make a ...