Collaborate Disseminate
Scenario:
A web server with a web app for remote staff.
The web server is behind a reverse proxy (traefik)
The web server has a host based firewall configured to allow connections only from the proxy on the designated port. Those connectio… Continue reading Which external vulnerabilities remain for a web server secured with mTLS?
If i have a cluster where all the nodes share a single certificate and private key does it count as mutual TLS? Technically both parties in the communication have a certificate and present it to each other.
Continue reading Setting up mutual TLS with a shared certificate
My client says their API traffic must take the path WAF -> Custom Firewall -> Backend API. Also, mTLS must be terminated after the traffic has gone through the network appliance.
I have created an Envoy proxy that can perform mTLS be… Continue reading Using HTTP header to transmit client certificate for mTLS
A recent Nginx release allows me to set listen 443 quic; to enable HTTP/3. Neat. I had been using HTTP/2 with TLS1.3 before, so I did not expect that change much, just optimize round trips with otherwise matching security properties.
One m… Continue reading Does HTTP/3 necessitate additional – beyond HTTP/2 via TLS1.3 – restrictions on client authentication (mTLS)?
In a mutual TLS connection, both the client and server authenticate each other using digital certificates.
However, when the client presents a certificate, the server only sees the client’s IP address and not the domain name to be able to … Continue reading Client certificate validation [duplicate]
I have a OIDC provider that can’t use mutual TLS authentication due to mTLS problems like certificates expiration (what if client didn’t rotate certificate and it’s expired now? Client cant authenticate to server to e.g. inform server that… Continue reading Using certificate-constrained access tokens created by private key used to authentication (with private_key_jwt)
When last time I was thinking about mTLS, I came to a conclusion that this is too hard to implement but at the same time it provides high security. The reason why it’s hard to implement is that it’s not done on application layer, so e.g we… Continue reading Mutual TLS replacement
I’m not understanding how does Sendgrid verify that’s it’s me who’s sending them the HTTPS request on their webhook endpoint.
Specifically, in their docs they show how to obtain their public key (to verify that I’m connected to sendgrid) b… Continue reading mTLS on webhooks
When we use mTLS, then client and server are authenticated. In this scenario, does it make any sense to send HTTP requests in signed tokens (like JWS)?
Continue reading Does send HTTP requests as signed tokens make sense when mutual TLS is used?
I came across this use case where mobile devices operating in a pull architecture (connecting to an AWS cloud service endpoint) based on some device triggers will request to be unlocked via a TLS connection. The response will just send a s… Continue reading Is there a need for mutual Authentication in the following use case? if so why?