Questions tagged [tls]
SSL (Secure Sockets Layer) and/or TLS (Transport Layer Security)
5,912 questions
1
vote
0
answers
85
views
Intercepting and manipulating via MITM but with generic TLS traffic, not https. And with Android as a target
I’m trying to intercept TLS traffic on port 8443 between an Android app and a IPcam (8443 is the webcam’s port) on my LAN, on-the-fly (like Burp Suite does with HTTP(S)). Protocol in 8443 is not HTTPS....
- 513
0
votes
1
answer
69
views
How do browsers detect ssl_error_no_cypher_overlap(firefox)/ERR_SSL_VERSION_OR_CIPHER_MISMATCH(chrome) errors?
When server sends TLS ALERT: ERROR CODE 40 (FATAL HANDSHAKE FAILURE), how does browser know exactly that it's a cipher mismatch/overlap error? Do the browsers assume/presume it?
Or is the only error ...
2
votes
0
answers
56
views
sslv3 alert certificate unknown on IOS only
I work for a company that is using an Azure hosted Ubuntu VM as a server to forward a VNC connection from a control that we design and a user's computer or phone. Starting some time yesterday morning (...
- 21
2
votes
1
answer
327
views
does this cipher TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 work with TLS 1.3?
I am running a TLS server using java, when I configure the server with this cipher and TLS 1.3 , I am getting an error that cipher does not support tls 1.3.
On this website https://ciphersuite.info/cs/...
- 559
1
vote
2
answers
109
views
Are TLS proxies incompatible with zero-trust?
It has become a common corporate occurrence to introduce a TLS proxy server with a root cert on corporate devices in order to decrypt and inspect traffic.
At the same time, the concept of zero-trust ...
- 111
0
votes
1
answer
114
views
Securely Transfer Files Between 2 Client Facing System
How do we securely transfer files using HTTP or other protocol in such case?
I have 2 apps, one behave like client and other like server. Both app are publicly available. If I put any secret in the ...
- 111
6
votes
3
answers
1k
views
Which is better, configurable TLS version, or hardcoded TLS version?
I am reviewing TLS configurations in my code, there are several places where there is TLS.
In these places, TLS version is hardcoded to TLSv1.2. I want to make sure that TLS 1.3 is also supported. To ...
- 559
7
votes
2
answers
2k
views
how to define when a key (or a secret in general) has become too old?
I will illustrate my question by looking at SSL certificates:
In general, we can expect a SSL/TLS certificate to be using, at least, a 2048-bit RSA key. Now, as long as quantum computers are not a ...
- 81
0
votes
2
answers
148
views
Can I skip verifying server CA in mTLS if I don't need request confidentiality nor response integrity?
Consider this scenario in an HTTPS (m)TLS [*] request:
A trusted client sends a select query (the request) to a read-only database server
The server uses a self-signed certificate, so it is ...
- 133
4
votes
1
answer
97
views
What is best way to intercept https traffic on an APK that uses WebView
I have this project where I am trying to to intercept HTTPS traffic of an APK.
I have done this plenty of times with HTTP Toolkit and Bypassing pinning.
This project however has been very difficult as ...
- 41
0
votes
1
answer
110
views
Why is Apple able to encrypt their OCSP requests but others (Amazon Trust Services, Comodo, DigiCert, GlobalSign, Sectigo, etc) cannot?
Apple hosts https://ocsp2.apple.com even though it’s supposedly not possible to encrypt OCSP requests, which supposedly need to be sent unencrypted over port 80. How does Apple use HTTPS anyway and ...
- 340
0
votes
3
answers
253
views
Is VPN really that required? [closed]
Cracking HTTP with TLS 1.3 would take longer than anyone's life.
Some articles said cracking AES 256 by brute force would take around 2,158,000,000,000 years.
With VPN, I can bypass geo-blocks - hide ...
0
votes
1
answer
112
views
Why do we use TLS if we already have IPsec, and visa versa? [duplicate]
I couldn't understand why IPsec was used when the application data we were going to send was already encrypted by TLS. Or, if at the end of the day, all the data we send is encrypted at the bottom ...
- 9
0
votes
1
answer
83
views
the integration of NGINX and HSM in TLS offloading
I'm trying to understand the interaction between NGINX and a Hardware Security Module (HSM) during TLS offloading, particularly in relation to session key handling.
Here's my current understanding:
...
- 51
0
votes
1
answer
150
views
For e-mails without TLS connection, where is the connection not encrypted?
I am working on securing e-mails, and I have encountered opportunistic TLS.
I have this issue where a server I am sending e-mails to is configured to not accept anything lower than TLSv1.3. However, ...
- 3