Collaborate Disseminate
I have a client which connects to a server securely on multiple protocols, namely MQTT and HTTPS.
Because of the following CVE, CVE-2009-3555, we decided to disable all client-initiated session renegotiation. We also decided to keep server… Continue reading Disable client-initiated session renegotiation from the client side
Learn how to write plain-speaking and purposeful security advisories from one of the most widely-used open source tools in the world. Continue reading Serious Security: Learning from curl’s latest bug update
I want to capture HTTPS traffic, save it, and validate it at a later time. I want to ensure that at a later time I’m able to validate the HTTPS traffic using the certificate which was presented at the handshake.
Any ideas how to do that? I… Continue reading Validate HTTPS traffic at later time [duplicate]
for example, you want to do // without commenting how do I do it (I’m trying to access a URL using curl)
Continue reading How do I use the Double slash comment in c++ without commenting
I published the following diary on isc.sans.edu: “Infostealer in a Batch File“: It’s pretty common to see malicious content delivered as email attachments. Every day, my mailboxes are flooded with malicious content… which is great from a research point of view. Am I the only one to be happy when I see
The post [SANS ISC] Infostealer in a Batch File appeared first on /dev/random.
I am doing some web scraping for streaming files, .m3u8 mime type. In this particular instance, I can’t create a functional request that does not end up with a 403 Forbidden error.
How to reproduce:
Go here in the browser: https://sbplay…. Continue reading Url only works from the browser it is generated from. Copying it into a Curl Command fails, and gives a 403 error. How can I fix this?
I’m writing an API which is running on my own web server written in Go. I have a local environment set up to run it all under HTTS using a self signed cert and it all works great. It all works and I can see that the traffic is indeed encry… Continue reading Does using the "-k" flag with curl disable only the certificate verification?
My SSL server uses the following certificate setup: leaf -> intermediate -> root (trusted ca). I have verified using openssl that it’s returning both leaf and intermediate certificate (at least I think it does):
$ openssl s_client -s… Continue reading SSL error when using curl with only trusted root certificate but server is already returning full certificate chain
I have golang app that works as server which a single client accesses by the IP hostname (aaa.bbb.ccc.ddd). Trying to implement mTLS.
Since I have only one client, its cert/key pair (myclient.crt/myclient.key) is directly stored in the ser… Continue reading Certificate subject name ‘xxx’ does not match target host name ‘yyy’ [duplicate]
I’m a beginner in security but I am trying to send a request to a server through mutual authentication.
I was given
CA pem file
client cert pem file
private key pem file
Right now, I’m trying to establish a connection to the server but i… Continue reading Debugging HTTP 403 Forbidden when using cURL for mutual authentication SSL (mTLS) [migrated]