Collaborate Disseminate
November 2024 Patch Tuesday is here, and Microsoft has dropped fixes for 89 new security issues in its various products, two of which – CVE-2024-43451 and CVE-2024-49039 – are actively exploited by attackers. The exploited vulnerabilities (… Continue reading Microsoft fixes actively exploited zero-days (CVE-2024-43451, CVE-2024-49039)
To summarize my question:
How can a client support both TLS 1.2 and 1.3 ?
I have looked at How browsers pick TLS… Which summarized is: if a client connects to a server, it negotiates the handshake as to whether it will handle TLS 1.3 or… Continue reading OpenSSL "method" picking between TLS 1.2 and 1.3 [duplicate]
In the TLS handshake, I noticed that key messages like ClientHello and ServerHello aren’t piggybacked onto ACK packets and are instead sent as separate packets. From a networking perspective, this seems inefficient because there could be … Continue reading Why in this TLS handshake, the ClientHello,ServerHello, etc are not Piggybacked in the ACKs packets? [closed]
I am new to SSL configuration.
I bought 3 yrs SSL from domain.com for nginx conf and downloaded the given certs, I found there were 4 files:
maydomain.com.crt
SSL_DV_CertificateAuthorityRoot.crt
SSL_DV_IntermediateCA_2.crt
SSL_DV_Intermed… Continue reading I bought SSL from domain privider but no privkey found how to generate privkey [closed]
I have an OpenSSL-encrypted file on a remote server that I need to decrypt. However, I don’t want the root user on that server to access my decryption password. I understand that using the password directly in the command or storing it in … Continue reading Securely Decrypting an OpenSSL Encrypted File on a Remote Server Without Exposing Password to Root
Context
During a CTF, as www-data, I managed to exfiltrate an .rnd file used by phpseclib on a PHP app (I exfiltrated the entire app). Since SSHD is configured with PubkeyAuthentication yes and PasswordAuthentication no, my guess is that i… Continue reading exfiltred .rnd file exploitation
While trying to generate SSL certificate using
openssl ec
and
openssl ecparam
utilities, I see a big list of Elliptic curves as output of command
openssl ecparam -list_curves
I’m confused which specific curve should I use. I’ve this qu… Continue reading What should be optimal basis of choosing specific curve in Openssl Elliptic operations
I am running testssl scan on an http port, after running the scan I got some errors highlighted in red.
The main one that I noticed is that certificate does not have SAN.
testlssl output:
subjectAltName (SAN) missing (NOT ok) — Br… Continue reading Is missing SAN in certificate a security issue?
A while ago, I created self-signed certificates for my internal domains with openssl:
openssl req -x509 -newkey ec -pkeyopt ec_paramgen_curve:secp384r1 -days 3650 -nodes -keyout mysite.eden.internal.key -out eden.django.crt -subj "/C=… Continue reading Subject alternative name missing from certificate signed by own CA [duplicate]
I found that I can print information about the cipher suites allowed in each SECLEVEL with
openssl ciphers -v -s -tls1_2 ‘EECDH+AESGCM @SECLEVEL=2’
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-R… Continue reading What Server Temp Key algorithms are allowed in each SECLEVEL?