Collaborate Disseminate
I sent a client hello indicating TLS1.3 support, and it contains a list of all ciphersuites that support TLS1.3, TLS1.2 and TLS1.1
And consider server negotiated TLS1.3 indicating serverHello.supported_versions=0304, but ciphersuite select… Continue reading server negotiating TLS1.3 but sent TLS1.2 ciphersuite
I sent a client hello indicating TLS1.3 support, and it contains a list of all ciphersuites that support TLS1.3, TLS1.2 and TLS1.1
And consider server negotiated TLS1.3 indicating serverHello.supported_versions=0304, but ciphersuite select… Continue reading server negotiating TLS1.3 but sent TLS1.2 ciphersuite
If I have a system where I have 100% control over the client operating system and the server operating system, is there any use case for enabling more than one cipher suite (or any of the options that something like openssl will let you co… Continue reading If I control both sides of a connection, is there any reason to support alternate cipher suites?
I am migrating to Artifactory on RHEL8 as a Docker remote repository, i.e. Artifactory is a proxy for a docker registry hosted through Jfrog.io.
We have a legacy registry with config in /etc/docker/certs.d/. Another instance works fine wit… Continue reading docker daemon reports ‘tls: unconfigured cipher suite’ for Nginx reverse proxy of Artifactory Docker registry
If we upgrade to Amazon Cloudfront’s TLSv1.2_2021, how do we know if the 18 weak cipher suites listed below will no longer be used? The Security Policy Matrix does not seem to list them.
Our website currently uses TLSv1.2_2018 under Amazon… Continue reading What cipher suites are no longer support under Amazon CloudFront’s TLSv1.2_2021? [migrated]
Eleptial Curve is now included in PGP. However when I run gpg2 –full-gen-key, I get
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
(14) Existing… Continue reading Why is ECC (Eliptical Curve) an `–expert` feature in PGP?
The Dutch National Cyber Security Centre publishes advice for TLS configuration. Their latest guidelines can be found on their website.
One of the points in their latest guidline is that ffdhe2048 parameters should be phased out and replac… Continue reading Which clients do not support 3072 bits DH parameters [closed]
I was looking at Cipher Suites indicated on SSLLabs and I noticed something, here is a result for google.com (for instance):
With TLS 1.2, examples of Cipher Suites are:
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: in which I understand that… Continue reading TLS 1.3 Cipher Suites: authentication algorithm unspecified?
I manage some websites and one of them got a poor security rating (from sec scorecard). I have a managed server, so I asked the IT guys to help, but also would like to understand this issue a little more.
The problem is, there are old TLS1… Continue reading Remove old Cipher Suites [migrated]
I have to get rid of so called "weak security" in a Tomcat application.
A penetration test identified services that accept connections with insecure TLS encryption and hashing algorithms: TLS 1.0/1.1,SHA1,CBC
Without being a Tomc… Continue reading Disabling weak cipher suites in Tomcat does not work as expected