Collaborate Disseminate
On reading the documentation Apache documentation. A cipher suite example has been given :
RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5
I have understood the explanation given by them. My question is whether it decides the … Continue reading Understanding SSL Cipher suite in Apache
Situation
I am developing a cross-platform C application which uses OpenSSL. I would like to release it for at least the following operating systems:
Windows 7+
MacOS High Sierra
Debian 8+
Ubuntu 14.04+
Fedora 27+
Centos … Continue reading Openssl SSL_CTX_set_cipher_list() in cross-platform C application
I’ve worked with TLS certs before, but only on a basic level. I’m trying to understand some specific recommendations for implementing TLS (quoted below).
(For context, my goal is to secure HTTPS connections to a web page whi… Continue reading Basic TLS questions: Implementing a specific TLS version and cipher
I was looking at the TLS handshake and I noticed that the client will send its list of supported cipher suites and the server will select a cipher suite. The server never sends its list of supported cipher suites. How does a … Continue reading How does a client (like SSLLabs) know all the cipher suites a server supports if the server doesn’t send its list of supported cipher suites?
I’m currently teaching myself about cryptography with the intentions of learning more about cryptanalysis. As of now I’m learning about cipher modes!
I understand that I should be looking into CBC, CFB, and OFB.
I understand… Continue reading What cipher mode is usually used for network traffic encryption?
I’m trying to set a secure cipher suite for a Windows 2012 R2 IIS Web Server. I’m trying to start off using the following SSL Labs – TLS/SSL best practices list:
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_… Continue reading Mapping TLS/SSL Cipher Suites
This question already has an answer here:
I try to understand where the signature is used in TLS 1.2.
The ciphersuite of google.com is TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256. However, if I look at the certificate, I can find an ECDSA key but the signature algorithm is RSA. So I’m wondering what is the purpose of ECDSA ?
I know that ECDHE parameters are sent in a separate TLS message. ECDSA is perhaps used to sign these parameters with ECDSA ?
Also, can you confirm that if TLS_ECDH_ECDSA_WITH_xxx is used, ECDH parameters are not in the certificate but in a separate message right ?
Continue reading Why RSA is used in TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ciphersuite [duplicate]
I have disabled 3DES in registry. Port 3389 is successfully disable 3DES (TLS_RSA_WITH_3DES_EDE_CBC_SHA).
However, 3DES ciphers are still occur in port 443. What should be done to remove 3DES ciphers in port 443?
Thank you… Continue reading Unable to disable 3DES cipher in port 443
I’m migrating Dovecot from an Ubuntu 14.04 server to Debian 9. All good apart from one client using Entourage 2008 which now no longer works – my dovecot log reports:
failed: error:1417A0C1:SSL routines:tls_post_process_clie… Continue reading Debug OpenSSL connection from client to resolve ‘no shared cipher’ problem in Dovecot
This question already has an answer here:
Now that it is 2015, what SSL/TLS cipher suites should be used in a high security HTTPS environment?
4 answers