Collaborate Disseminate
Security Newbie,
I’m using OpenSSL for my client, and noticed that when testing it against Bad ssl’s sha1-intermediate test, it accepts it although the agreed upon cipher is TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f). I had to set the … Continue reading Does the entire certificate chain need to be signed with the agreed upon cipher under TLS?
Is it possible to change the ciphers list of openssl session?
I want to start a session without any encryption, and after some time to change the ciphers and renegotiate.
To renegotiate I’m doing this:
SSL_renegotiate(ssl);
SSL_do_handsh… Continue reading openssl – renegotiate and change ciphers
Since a single hardware pass of an XOR with a 64 bit key is very fast, would Triple DES-X using seven 64 bit keys used in the following manner be virtually identical in terms of code size, memory consumption, and execution speed to 3DES?
… Continue reading Would Triple DES-X with 7 keys be much slower than standard Triple DES? [migrated]
I have a number of contacts who can only decrypt 3DES, when it comes to S/MIME encrypted mails. I’m aware that this is by far not ideal, but better than no encryption at all.
My problem is, that I can’t find a way to force Thunderbird to … Continue reading Force specific encryption cipher for S/MIME mails
I’m currently trying to get a bidirectional TLS 1.2 connection working between 2 local Karaf-based XMLRPC servers that by design only accept POST requests. The environment is Windows 10 and both XMLRPC servers are running in the same JDK: … Continue reading How do I verify the supported ciphersuites of a TLS server that only accepts POST requests?
openssl ciphers -v ‘ECDH+AESGCM:DH+AESCGM’ gives:
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDH-RSA-… Continue reading Why are the following two sets of ciphers "different"?
This question already has an answer here:
x509: must the signature algorithm and public key algorithm match?
1 answer
When i use Openssl to connect to facebook.com I see ‘ECDHE-ECDSA-AES128-GCM-SHA256’ ciphersuite used.
openssl s_client -connect www.facebook.com:443
SSL handshake has read 3280 bytes and written 373 bytes
—
New, TLSv1/SSL… Continue reading Openssl using the cipher parameter result in handhsake failure
(This is hypothetical, but based on a real-life problem I’ve had)
Context:
I am developing an (embedded) device which includes a few exposed network services. I’m responsible for security, not developing these services, so … Continue reading Ensuring all network services on a device use strong TLS cipher suites
This question already has an answer here:
For LUKS: The most preferable and safest cipher?
3 answers
I want to encrypt my… Continue reading Best luks setup disk [duplicate]