Transport Layer Security is a cryptographic protocol for encrypting and authenticating network communications, and replaces SSL. It is commonly used to secure Internet protocols such as HTTP.
Questions tagged [tls]
573 questions
8
votes
2 answers
Can I detect if the SSL client doesn't support Server Name Indication and provide the standard HTTP website in that case?
I will need to use SSL SNI, but unfortunately from a recent Cloudflare blogpost only 90% of the network supports it. How can I (for example, with nginx) detect if the client supports SNI and provide/redirect to the HTTP version of the website? Is…
cedivad
- 690
5
votes
3 answers
Why is server FIN'ing after starting TLS session?
TLS server is doing something I don't understand.
TCP handshake executes normally.
SSL Client Hello executes normally.
SSL Server Hello seems normal. Provides certificate, says Server Hello Done.
Dissection shows client issues "Client Key…
Woody Weaver
- 111
2
votes
1 answer
Can server and client both use a certificate with the same CN?
I am working on implementing TLS for a Client-Server application.
But, the problem is both client and server are in same server:
both communicate with just a port number.
So what should the common name (CN) be for agent and server?
If I use…
Rahulmishra72
1
vote
1 answer
Utilising TLS within internal search domains
Consider a domain such as service.internal.domain. By setting the internal search domain to .internal.domain, users can access the address simply by typing service into a browser.
However, due to the TLS certificate being issued to…
Carey
- 133
1
vote
2 answers
Why can't I redirect my https:// domain to another https:// domain on the same IP address without a security exception?
After some internet searches, I've determined that the HTTP request sent before the SSL connection dictates to the browser which IP address the domain is registered against. As a result, any forced redirects will subsequently use the original…
Dandy
1
vote
1 answer
Cipher suites supported by TLS1.1. and 1.2
We have SSLv3 disabled in DataPower. I ran sslscan to check what all cipher suites can be used currently during SSL handshake.
In the sslscan output, I have found out that below cipher suites are being accepted.
TLSv1 256 bits AES256-SHA
TLSv1 …
user2607367
- 11
1
vote
2 answers
Consequences of disabling SSL2 and SSL3 on our webserver
Our system is quite old and as a result gets an F grade for SSL from Qualsys SSL because the server supports SSL2 and SSl3.
We have now identified all the browsers people are using. The oldest is IE7.
If we disable SSL2 and SSL3 ensuring TLS 1 on…
DomBat
- 149
1
vote
1 answer
TLSv1 dosnt work witout enabling the sslv2
I'm using Apache 2.2.4 version. I already know this version only support SSLv2, SSLv3 and TLSv1.0, but something weird happens when I use it:
When SSLv2 is disabled, the web browser (internet explorer in my case) uses SSLv3
SSL 3.0, 3DES with 168…
user3351747
- 11
1
vote
1 answer
Can TLS certificates be reused on different servers running on same domain/different ports?
I'm a programmer, not a system admin. I have a DreamHost VPS that I screw around with for my personal Website and a number of side projects that are typically just experiments in multimedia through HTML5. Nothing particularly serious, and they all…
moron4hire
- 113
0
votes
2 answers
Two same https websites on two different IP's
Can I have the same https website (for example https://www.example.com/) hosted on two different IPs?
azatuni
- 93
0
votes
2 answers
SSL config on Apache
I have an Apache/2.4.18 server with OpenSSL/1.0.1s. I used the
Mozilla SSL Configuration Generator
to generate the SSL config:
SSLProtocol all -SSLv3
SSLCipherSuite …
user4444173
- 11
0
votes
1 answer
How does Server remember the cipher suite negotiated in handhake in TLS?
I couldn't find a satisfactory answer to this question anywhere. Hoping to get some respite here!
Client and Server engages in handshake, decides upon a cipher suite to use say X.
Now, next time client sends a request (regular), it will be encrypted…
Ouney
- 101
0
votes
2 answers
using syslog over TLS
I need some info on syslog communication using TLS. Could you please help me on that.
Currently we are using syslog communication without any security. That is using UDP protocol with the server listening on port number 514. This is unsecure. We…
Girish
- 21
0
votes
0 answers
Apache server chooses TLS1.2 for all request even when TLS1.2 is disabled in IE9 / Windows7
Following is my apache ssl protocol and cipher configuration
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite HIGH:MEDIUM:-SSLv2:!ADH
When tested on IE9 with TLS1.2 checkbox checked in browser settings, ssl protocol and cipher suite for the…
nithya J