Questions tagged [tls]
The tls tag has no usage guidance.
395
questions
0
votes
0
answers
45
views
Pure-ftpd set up for TLS "AUth command unsupported"
I enabled TLS on pure-ftpd as per instructions. Created DH file, installed certificates, increased the logging level.
Now, when connecting from filezilla, I receive a hello stating that TLS is enabled/...
- 1
0
votes
1
answer
4k
views
DiskStation: OpenVPN TLS Handshake error (self-signed cert & defaults)
I have a DS 1813+ (DSM 5 4493 Update 1 - latest) and am having issues setting up OpenVPN:
DS' 3rd interface is directly connected on a static IP, with the DS firewall set to only allow the VPN app on ...
CommunityBot
- 1
3
votes
1
answer
5k
views
Where to get libcurl for Windows with --compressed option enabled?
So, I'm copying some curl commands from developer tools on Firefox and they often include the flag --compressed and even if removing it often makes command execute succesfully, my aim is to be able to ...
CommunityBot
- 1
0
votes
1
answer
5k
views
lftp behind firewall – what ports need to be opened?
I need to setup a secure file transfer from Linux client to z/OS ftp server using TLS 1.2 secure protocol. I am trying to use the lftp client for this purpose.
My Linux server is behind a firewall. I ...
CommunityBot
- 1
0
votes
0
answers
30
views
Random ERR_SSL_PROTOCOL_ERROR errors on certain browsers
A number of users of my websites are reporting seeing error messages like "The connection to this website is not secure - SSL_ERR_PROTOCOL_ERROR" randomly with different frequency. The ...
- 101
0
votes
0
answers
43
views
Wget show error certificate of <domain> name was signed using an insecure algorithm, while curl works
We are trying to check domain
wget domain <like httpx://abc.com>
we are getting error "The certificate of domain(abc.com) was signed using an insecure algorithm. But SSL certificate is ...
0
votes
0
answers
531
views
Kubectl get pods ERROR: couldn't get current server API group list: Get "LINK": tls: first record does not look like a TLS handshake
My K8s cluster is running on Azure VM. I'm facing with a TLS error when I try to get something from a cluster. However the config of k8s is correct and it has the public IP I need, also it has all the ...
- 1
0
votes
1
answer
6k
views
OpenVPN TLS 1.2 cipher suites
This is a repost of my original question (OpenVPN cant establish connection with any TLS 1.2 cipher)
The problem is split in two because a solution was found for the 128-bit cipher suites.
OpenVPN can'...
CommunityBot
- 1
0
votes
1
answer
84
views
TLS Certificate Verification Error
We have a WordPress website configured to send mail using smtp.office365.com via the WP Mail plugin, but can't currently send mail with SSL Verification enabled. Without verification, the email works ...
- 401
1
vote
1
answer
6k
views
How should I generate a self signed SSL for an intranet server, following these specific requisites?
My knowledge about SSL is very basic and I need to generate self-signed SSL certificates for a local server [server.local] so I can use it in a mobile app for SSL pinning.
How do I create a self-...
- 8,255
1
vote
1
answer
282
views
How do I remove a certificate from (RedHat) Linux ca-trust?
I installed a duplicate certificate for a CN in the ca-trust store of my RHEL8 systems (The 'Subject' field is the same, but the keys are different). I added the PEM file to /etc/pki/ca-trust/source/...
- 1,485
2
votes
2
answers
4k
views
OpenSSL - Unhandled critical extension
We are trying to create a node.js application which should interact with a server over HTTPS (>TLS v1.2). We are given some list of key, cert files to establish a connection with the server. Node ...
CommunityBot
- 1
6
votes
1
answer
52k
views
Unable to connect to FTP server using Filezilla with router in-between
While connecting to my web server using filezilla, i am getting this error:
Status: Resolving address of ftp.mysite.org.in
Status: Connecting to 199.199.199.18:21...
Status: Connection established, ...
CommunityBot
- 1
5
votes
2
answers
30k
views
How to select the client certificate?
I am using Chrome and Edge to visit a web site that requires client certificate (mTLS). For the first time, both Chrome and Edge pops up a panel that asks me to select a certificate. There was only ...
- 31
2
votes
1
answer
12k
views
Unable to read an email protected by Rights Management Service
My colleague received an email from H company. This email is protected by Microsoft Rights Management Service.
His email client is Outlook Express, and he use POP3 to received it to local disk (the ...
CommunityBot
- 1
1
vote
0
answers
125
views
Unable to cURL on some platforms, in particular DigitalOcean VPS
I am on Ubuntu 23.10 (GNU/Linux 6.5.0-27-generic x86_64) is not working, curl is 8.2.1 suspect is there is something on the machine.
I have two Virtual Private Servers (VPS) based on Digital Ocean ...
1
vote
1
answer
11k
views
Kubernetes net/http: TLS handshake timeout
We have created a self managed kubernetes cluster using the kubeadm approach. It is a 3 node cluster hosted on AWS EC2 instances (1-Master and 2-Slaves).
We have created a separate NGINX server to ...
CommunityBot
- 1
0
votes
1
answer
6k
views
Registry key "protocols" empty
Im checking a windows 2019 server and the key "protocols" is empty
Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols
On my Windows 10 also is ...
CommunityBot
- 1
1
vote
0
answers
79
views
I've tried preventing TLSv1.0 and TLS1.1 in Apache, but the protocols are still active
I have a web site (one of a few) on a server. I'm trying to up the score of my domain in https://www.ssllabs.com/ssltest - but it doesn't seem to be working.
Contents of:
/etc/apache2/sites-available/&...
- 201
0
votes
1
answer
48
views
Outdated CentOS 5.11 and https
I have CentOS 5.11 on server, which is too outdated.
It has Apache/2.2.22 (Unix) and Apache Tomcat/5.5.25
Unfortunately migration to the new OS is not possible at the moment.
The website hosted on the ...
- 465k
0
votes
1
answer
5k
views
How can I view the TLS 1.2 and 1.3 certificates in Wireshark?
I'm testing a new proxy and monitoring the connection using Wireshark, but I'm not seeing any certificate at all. my goal is to find out exactly what sensitive and identifiable data is leaving my ...
CommunityBot
- 1
85
votes
4
answers
254k
views
Specifying minor TLS version when using curl
Is there a way to specify curl to use a specific TLS version? Like 1.1 or 1.2? I can see only sslv3 and tlsv1 options in command help. I took latest src and compiled it with openssl 1.0.1e. Still dont ...
- 83.6k
0
votes
0
answers
121
views
Client Side Cannot Find Client Cert in TLS Mutual Authentication
This is a windows .NET application. Am working on the client side. Increased SSChannel logging and discovered ... .
Creating a TLS client credential.
The remote server has requested TLS client ...
27
votes
3
answers
86k
views
keytool commands to replace existing SSL certificate?
I've a linux centos server running glassfish 3.1.2 app server. The default certs coming from GlassFish install for ports 4848 and 8181 are 1024 bits. I need to replace these with 2048 bits versions. ...
- 1,580
0
votes
0
answers
104
views
FTP over SSL, FTPS TLS not working - Rejecting data connection - Only is allowed
< 2024-02-08 10:31:19.445 Read 16 bytes
< 2024-02-08 10:31:19.459 200 'TYPE' OK.
< 2024-02-08 10:31:19.459 PASV
. 2024-02-08 10:31:19.554 TLS connect: SSL negotiation finished successfully
. ...
- 101
1
vote
0
answers
35
views
What are OpenSSL 3's "auto" DH parameters?
The Postfix documentation says the following:
With Postfix ≥ 3.7, built with OpenSSL version is 3.0.0 or later, if the parameter value is either empty or "auto", then the DH parameter ...
- 111
0
votes
0
answers
529
views
How can I fix this? “XRAY: transport/internet/websocket: failed to serve http for WebSocket > accept tcp [::]:8443: use of closed network connection.”
Recently I bought a Germany based VPS server to create my own VPN using v2ray because I live in Iran and the internet is heavily censored here.
I connected my domain to CloudFlare CDN to avoid my ...
- 56.1k
0
votes
1
answer
355
views
Is there a fully qualified DNS hostname for DNS over TLS (DoT) for Cloudflare Family?
In my router, I want to enable DNS over TLS for my DNS requests. I want to use cloudflare's server, namely the family one blocking malware.
Malware Blocking Only
Primary DNS: 1.1.1.2
Secondary DNS: 1....
- 2,228
394
votes
23
answers
756k
views
How do I list the SSL/TLS cipher suites a particular website offers?
How can I retrieve a list of the SSL/TLS cipher suites a particular website offers?
I've tried openssl, but if you examine the output:
$ echo -n | openssl s_client -connect www.google.com:443
...
- 519
0
votes
0
answers
117
views
Why does openssl client show TLSv1.0 as unsupported when nmap is showing it as supported?
I tried to identify what TLS protocols an internal web app supports over http1.1 and ended up on identification with nmap and openssl:
nmap --script ssl-enum-ciphers -p 443 127.0.0.1
openssl s_client ...
- 8,255
0
votes
0
answers
81
views
Selective TLS connection fail
I have a VB.NET application that connects to a remote server, which I have no authority whatsoever, via a username/password, retrieves some data and populates a local database.
Lately the application ...
- 501
0
votes
0
answers
55
views
TLS termination of NLB
Objective:
I would like to achieve the following with AWS and understand how to configure it:
AWS Configuration:
ACM certificate (associated with NLB listener).
NLB (in a public subnet, accepting TLS ...
0
votes
1
answer
101
views
How to publish a php website privately so I can make tests?
I want to publish my website as http secure connection but I want to keep it private so only I can view it. I want to prepare and test its security before its official release.
Is there any service ...
can kaygısız
5
votes
2
answers
1k
views
Does AES 256 GCM have any restricted byte sequences imposed on its cypher text?
Specifically I am inquiring, if the cypher text can include a byte sequence such as 170303, which is one possible TLS record header.
Normally the application that parses the TCP byte stream delimits ...
- 5,980
2
votes
2
answers
7k
views
OpenVPN cant establish connection with any TLS 1.2 cipher
OpenVPN cant establish connection with any TLS 1.2 cipher.
TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
TLS-DHE-RSA-WITH-AES-128-GCM-SHA256
TLS-DHE-RSA-WITH-AES-128-CBC-...
- 56.1k
0
votes
1
answer
278
views
New self-signed TLS certificate on IIS 7.5 and Windows 7 not recognized
TL;DR: I have Win7 and IIS 7.5 with only one website on my PC, which is a dev copy of a site I am developing for a friend. The site has an admin module that requires HTTPS. Pre-Covid, everything ...
- 131
1
vote
1
answer
1k
views
Disable TLS 1.3 over TCP
After you create a website in Internet Information Services (IIS) Manager, in the config file in the path below,
C:\Windows\System32\inetsrv\config\applicationHost.config
You can modify the following ...
- 11
1
vote
1
answer
472
views
Facebook and Instagram images are broken in some browsers
On my main computer (Windows 10, 1803, 17134.165) no images or videos on Facebook or Instagram are displayed when using most browsers.
All of the images and videos (from both sites) are being served ...
- 1
13
votes
2
answers
77k
views
How do I use the openssl command to decode a certificate/public key .PEM file?
I have my localhost TSL/SSL certificate from Chrome stored to a .PEM file. Was wondering how do I use the oppenssl command to decode it into a list of human-readable fields.
Googling this only ...
1
vote
1
answer
83
views
Intermittent connection issues to a particular website
I am facing connection issues with a website. All of them seem to be connected:
The website host name: napi.kotaksecurities.com (using https)
telnet napi.kotaksecurities.com 443: fails sometimes, ...
- 11
0
votes
1
answer
206
views
PolarProxy doesnt write packets to the pcap file
Im trying to use PolarProxy on windows to capture some packets but when i test it out it doesnt write anything to the pcap file
I tried using --autoflush 1 which is meant to write it to pcap file ...
- 56
1
vote
2
answers
533
views
Pop3 using SSL/TLS fails since yesterday
I have several email accounts with a specific provider. Since yesterday both POP3 and SMTP fail silently on all accounts and all email readers (Thunderbird on Linux, K9 on Android).
Thunderbird's ...
- 220
1
vote
1
answer
299
views
How to disable CBC ciphers in Firefox
The ssllabs.com browser check shows a list of cipher suites supported by my browser. Some are labeled as WEAK, I think because they do not support perfect forward secrecy.
I can disable some of them ...
- 8,477
0
votes
0
answers
56
views
Miktrotik: disconnect TCP connection
I am working on a mobile device project. I have the mobile device connected on a local USB Wifi hotspot on an Ubuntu PC and I can WireShark the TLS connections which the mobile device creates towards ...
- 101
0
votes
1
answer
101
views
During SSL tunneling what IP address is seen by the destination server?
If I setup a SSL tunnel via a HTTPS proxy, what IP address will the destinations server see? Would it be the IP address of the client or the IP address of the proxy? Is there any point (e.g. during ...
- 5,902
0
votes
0
answers
77
views
I am trying to mimic the connection of my softether vpn to setup a openvpn with TLS 1.2 instead of SSL
I am trying to setup a openvpn with tls 1.2 instead of ssl with tcp, as in this screenshot:
How can I mimic the connection like the softether (on the left) in order to setup openvpn (on the right)?
- 2,283
2
votes
2
answers
5k
views
SSL Certificate Issuer History for particular domain or website
Is it possible to find out the history of issuers of SSL certificates for a particular website? For example if a website had a cert issued from one company A originally, then the website had a new ...
- 8,457
0
votes
1
answer
189
views
How to disable individual TLS Extensions client side on Windows and Mac?
I am trying to test different TLS 1.2/1.3 extensions support by turning them on and off on client side. I failed to find any way to do that in chrome://flags (or any other browser).
Is there a way to ...
- 237
0
votes
2
answers
1k
views
PopTrayU - 'Error connecting with SSL'?
Without having made any changes, starting in July 2020, I got:
An error occurred.
Error Type: EIdOSSLConnectError
Error connecting with SSL.
EOF was observed that violates the protocol
I have several ...
- 1,011
1
vote
0
answers
5k
views
How to temporarily disable TLS1.3 in Chrome?
I need to temporarily disable the TLS 1.3 protocol leaving only TLS 1.2 for some testing purpose.
I found some procedures on Google but they didn't not work. Please give me the guidance.
Ahamed Fayaz.