Questions tagged [tls]
The tls tag has no usage guidance.
401 questions
1
vote
0
answers
21
views
Can we authenticate to ETCD with TLS cert AND password for the same connection?
I want to configure my ETCD cluster to enable authentication with TLS certificate and password at the same time (for the same connection, not just enable the two authentication mechanisms).
Then for a ...
- 11
0
votes
0
answers
24
views
Building iPXE with HTTPS support
I created certs usign acme.sh (lets encrypt) for my home openwrt router.
In the end it reported
[Fri Nov 29 18:xx:xx UTC 2024] The intermediate CA cert is in: /root/.acme.sh/somefqdn_ecc/ca.cer
[Fri ...
- 111
9
votes
5
answers
3k
views
How to upgrade the TLS on old server without reinstalling the core OS?
I'm in a rather sticky situation. Currently my server supports TLS 1.2 but not TLS 1.3 (security protocols).
It has the following installed:
Linux version 2.6.32-431.29.2.el6.x86_64 #1 SMP
OpenSSL 1....
- 91
0
votes
1
answer
149
views
How to access this website? (This site can’t provide a secure connection)
I cannot find any way of accessing websites which do not support the latest version of TLS. (At least I think this is what the issue is.)
The website I am trying to access is:
https://juliaacademy....
- 3,214
0
votes
1
answer
176
views
Unable to get local issuer certificate error in CentOS 9
When I try to send notification thru OpenProject in CentOS 9. I get an error:
certificate verify failed (unable to get local issuer certificate))
When I try directly to test with OpenSSL, I'm able ...
- 1
0
votes
1
answer
75
views
How to encrypt local traffic between WireGuard hosts?
I have a physical server and a virtual server connected via wireguard. The virtual server acts as a gateway to allow remote access to services hosted on the physical server without the need to expose ...
- 1
1
vote
0
answers
151
views
OpenSSL refusing SHA3-256 md
I practicing on OpenSSL and Nginx. I created my local root CA, and used it to sign my local server. I made sure to use SHA3-256 to sign any certificate, it is indicated in my openssl.cnf file.
...
- 31
1
vote
1
answer
190
views
Cannot connect to server which provides certificate signed using SHA1 and RSA (linux, openssl 3)
I have legacy SqlServer to which I try to connect to, but connection fails because of TLS handshake error. After analyzing traffic with Wireshark it seems I found the reason: certificate is signed ...
- 111
0
votes
0
answers
164
views
Pure-ftpd set up for TLS "AUth command unsupported"
I enabled TLS on pure-ftpd as per instructions. Created DH file, installed certificates, increased the logging level.
Now, when connecting from filezilla, I receive a hello stating that TLS is enabled/...
- 1
0
votes
0
answers
121
views
Random ERR_SSL_PROTOCOL_ERROR errors on certain browsers
A number of users of my websites are reporting seeing error messages like "The connection to this website is not secure - SSL_ERR_PROTOCOL_ERROR" randomly with different frequency. The ...
- 101
0
votes
0
answers
191
views
Wget show error certificate of <domain> name was signed using an insecure algorithm, while curl works
We are trying to check domain
wget domain <like httpx://abc.com>
we are getting error "The certificate of domain(abc.com) was signed using an insecure algorithm. But SSL certificate is ...
0
votes
0
answers
826
views
Kubectl get pods ERROR: couldn't get current server API group list: Get "LINK": tls: first record does not look like a TLS handshake
My K8s cluster is running on Azure VM. I'm facing with a TLS error when I try to get something from a cluster. However the config of k8s is correct and it has the public IP I need, also it has all the ...
- 1
0
votes
1
answer
152
views
TLS Certificate Verification Error
We have a WordPress website configured to send mail using smtp.office365.com via the WP Mail plugin, but can't currently send mail with SSL Verification enabled. Without verification, the email works ...
- 441
1
vote
1
answer
1k
views
How do I remove a certificate from (RedHat) Linux ca-trust?
I installed a duplicate certificate for a CN in the ca-trust store of my RHEL8 systems (The 'Subject' field is the same, but the keys are different). I added the PEM file to /etc/pki/ca-trust/source/...
- 1,525
1
vote
0
answers
204
views
Unable to cURL on some platforms, in particular DigitalOcean VPS
I am on Ubuntu 23.10 (GNU/Linux 6.5.0-27-generic x86_64) is not working, curl is 8.2.1 suspect is there is something on the machine.
I have two Virtual Private Servers (VPS) based on Digital Ocean ...
1
vote
0
answers
166
views
I've tried preventing TLSv1.0 and TLS1.1 in Apache, but the protocols are still active
I have a web site (one of a few) on a server. I'm trying to up the score of my domain in https://www.ssllabs.com/ssltest - but it doesn't seem to be working.
Contents of:
/etc/apache2/sites-available/&...
- 201
0
votes
1
answer
98
views
Outdated CentOS 5.11 and https
I have CentOS 5.11 on server, which is too outdated.
It has Apache/2.2.22 (Unix) and Apache Tomcat/5.5.25
Unfortunately migration to the new OS is not possible at the moment.
The website hosted on the ...
- 3
0
votes
0
answers
253
views
Client Side Cannot Find Client Cert in TLS Mutual Authentication
This is a windows .NET application. Am working on the client side. Increased SSChannel logging and discovered ... .
Creating a TLS client credential.
The remote server has requested TLS client ...
0
votes
0
answers
139
views
FTP over SSL, FTPS TLS not working - Rejecting data connection - Only is allowed
< 2024-02-08 10:31:19.445 Read 16 bytes
< 2024-02-08 10:31:19.459 200 'TYPE' OK.
< 2024-02-08 10:31:19.459 PASV
. 2024-02-08 10:31:19.554 TLS connect: SSL negotiation finished successfully
. ...
- 101
1
vote
0
answers
74
views
What are OpenSSL 3's "auto" DH parameters?
The Postfix documentation says the following:
With Postfix ≥ 3.7, built with OpenSSL version is 3.0.0 or later, if the parameter value is either empty or "auto", then the DH parameter ...
- 111
0
votes
0
answers
939
views
How can I fix this? “XRAY: transport/internet/websocket: failed to serve http for WebSocket > accept tcp [::]:8443: use of closed network connection.”
Recently I bought a Germany based VPS server to create my own VPN using v2ray because I live in Iran and the internet is heavily censored here.
I connected my domain to CloudFlare CDN to avoid my ...
- 1
0
votes
1
answer
599
views
Is there a fully qualified DNS hostname for DNS over TLS (DoT) for Cloudflare Family?
In my router, I want to enable DNS over TLS for my DNS requests. I want to use cloudflare's server, namely the family one blocking malware.
Malware Blocking Only
Primary DNS: 1.1.1.2
Secondary DNS: 1....
- 2,389
0
votes
0
answers
177
views
Why does openssl client show TLSv1.0 as unsupported when nmap is showing it as supported?
I tried to identify what TLS protocols an internal web app supports over http1.1 and ended up on identification with nmap and openssl:
nmap --script ssl-enum-ciphers -p 443 127.0.0.1
openssl s_client ...
- 167
0
votes
0
answers
92
views
Selective TLS connection fail
I have a VB.NET application that connects to a remote server, which I have no authority whatsoever, via a username/password, retrieves some data and populates a local database.
Lately the application ...
- 533
0
votes
0
answers
81
views
TLS termination of NLB
Objective:
I would like to achieve the following with AWS and understand how to configure it:
AWS Configuration:
ACM certificate (associated with NLB listener).
NLB (in a public subnet, accepting TLS ...
0
votes
1
answer
120
views
How to publish a php website privately so I can make tests?
I want to publish my website as http secure connection but I want to keep it private so only I can view it. I want to prepare and test its security before its official release.
Is there any service ...
can kaygısız
5
votes
2
answers
1k
views
Does AES 256 GCM have any restricted byte sequences imposed on its cypher text?
Specifically I am inquiring, if the cypher text can include a byte sequence such as 170303, which is one possible TLS record header.
Normally the application that parses the TCP byte stream delimits ...
- 281
0
votes
1
answer
364
views
New self-signed TLS certificate on IIS 7.5 and Windows 7 not recognized
TL;DR: I have Win7 and IIS 7.5 with only one website on my PC, which is a dev copy of a site I am developing for a friend. The site has an admin module that requires HTTPS. Pre-Covid, everything ...
- 131
1
vote
1
answer
98
views
Intermittent connection issues to a particular website
I am facing connection issues with a website. All of them seem to be connected:
The website host name: napi.kotaksecurities.com (using https)
telnet napi.kotaksecurities.com 443: fails sometimes, ...
- 11
1
vote
1
answer
2k
views
Disable TLS 1.3 over TCP
After you create a website in Internet Information Services (IIS) Manager, in the config file in the path below,
C:\Windows\System32\inetsrv\config\applicationHost.config
You can modify the following ...
- 163
0
votes
1
answer
309
views
PolarProxy doesnt write packets to the pcap file
Im trying to use PolarProxy on windows to capture some packets but when i test it out it doesnt write anything to the pcap file
I tried using --autoflush 1 which is meant to write it to pcap file ...
- 1
1
vote
1
answer
412
views
How to disable CBC ciphers in Firefox
The ssllabs.com browser check shows a list of cipher suites supported by my browser. Some are labeled as WEAK, I think because they do not support perfect forward secrecy.
I can disable some of them ...
- 143
0
votes
1
answer
133
views
During SSL tunneling what IP address is seen by the destination server?
If I setup a SSL tunnel via a HTTPS proxy, what IP address will the destinations server see? Would it be the IP address of the client or the IP address of the proxy? Is there any point (e.g. during ...
0
votes
0
answers
86
views
I am trying to mimic the connection of my softether vpn to setup a openvpn with TLS 1.2 instead of SSL
I am trying to setup a openvpn with tls 1.2 instead of ssl with tcp, as in this screenshot:
How can I mimic the connection like the softether (on the left) in order to setup openvpn (on the right)?
3
votes
2
answers
6k
views
SSL Certificate Issuer History for particular domain or website
Is it possible to find out the history of issuers of SSL certificates for a particular website? For example if a website had a cert issued from one company A originally, then the website had a new ...
- 133
1
vote
2
answers
702
views
Pop3 using SSL/TLS fails since yesterday
I have several email accounts with a specific provider. Since yesterday both POP3 and SMTP fail silently on all accounts and all email readers (Thunderbird on Linux, K9 on Android).
Thunderbird's ...
- 331
0
votes
1
answer
245
views
How to disable individual TLS Extensions client side on Windows and Mac?
I am trying to test different TLS 1.2/1.3 extensions support by turning them on and off on client side. I failed to find any way to do that in chrome://flags (or any other browser).
Is there a way to ...
- 281
1
vote
0
answers
7k
views
How to temporarily disable TLS1.3 in Chrome?
I need to temporarily disable the TLS 1.3 protocol leaving only TLS 1.2 for some testing purpose.
I found some procedures on Google but they didn't not work. Please give me the guidance.
0
votes
0
answers
621
views
"scoop" package manager can't install anything (or I think something's wrong with making secure connections)
I usually use scoop to manage my various packages on Windows. I haven't updated in a while but I recently tried to install an application via scoop and it gave me the following error:
Unable to read ...
- 765
0
votes
0
answers
230
views
Network Access Points providing cert on connection, how?
How is it connection providers in public locations are able to send a certificate on connection?
I seem to recall there is a protocol they use, but I read that many years ago.
Or is it as simple as on ...
- 1
0
votes
0
answers
188
views
TLS Error: TLS key negotiation failed to occur withing 60 seconds
I'm working remotely using my laptop by connecting to the office VPN server (in India), if I connect from UAE, the connection works immediately fine... But now when I try to connect from Egypt (using ...
- 1
2
votes
1
answer
1k
views
Browsing HTTPS and TLS 1.3 websites in old browsers [closed]
Nowadays, browsing any website with obsolete browsers such as IE5 or Firefox 2 from emulated environments is an impossible mission due to unsupported TLS versions as shown here:
Due to the prevailing ...
- 121
0
votes
0
answers
218
views
What cause client not to sent [ChangeCipherSpec] package
I face a problem. i have a device when doing TLS handshake, Client fail to send [ChangeCipherSpec], currently all https website is failed but http is working.
i check it from wireshark, it show as ...
- 1
0
votes
2
answers
533
views
tls wrapper over plaintext tcp
is there any tool I can make tls forwarder over raw tcp?
I have a server which has no encryptions, purely plaintext tcp comunications.
I wanna connect to it over tls but cannot change the server code.
...
- 23
0
votes
0
answers
269
views
Disabling an IP based access to my Nginx site
I do not want people to be able to access my Nginx site, unless it is through the domain name. I have a Flash instance running that controls the requests. Anyways I have used this command,
server {
...
Justin Battaglia
1
vote
1
answer
17k
views
How to tell curl to use one client cert from the Windows Cert Store?
Disclaimer: I am new to curl.
When I go to https://server.cryptomix.com/secure/ with Chrome, I am asked by Chrome to choose one client cert among the few ones I currently have in my Windows Cert Store....
- 63
0
votes
1
answer
25
views
Does the http load balancer work for any Port?
I have a Python server on my VM in Google cloud platform. I was wondering if I add an https load balancer to this, is my Python Socket server also secured with that TLS handstand? Or does this only ...
0
votes
0
answers
709
views
Missing folder '/etc/pki/trust/anchors'?
I am trying to create an ssl certificate via openssl, through my virtual machine at google cloud. But one of the last steps is to copy my ca.crt from my root, to the'/etc/pki/trust/anchors' folder.
...
2
votes
1
answer
538
views
Client-side TLS proxy?
Does a client-side proxy exist that would transform my HTTP request into HTTPS before sending it to the server?
Meaning that my software application sends an HTTP request to this client-side proxy, ...
- 141
1
vote
1
answer
149
views
Why no SSL certificate trust store at the user level?
Most OSes have a global trust store (e.g., /usr/local/share/ca-certificates. However, this method requires root to modify, and affects all users.
Most applications have a way to trust certificates at ...
- 215