Collaborate Disseminate
While analyzing the handshake process in TLS 1.3 and comparing it to TLS 1.2, I began to wonder if the simplified handshake structure in TLS 1.3 introduces new vulnerabilities. This concern is particularly relevant in scenarios involving S… Continue reading Does the Simplified Handshake in TLS 1.3 Increase Susceptibility to SSL/TLS Flood Attacks?
While debugging yesterday’s Cloudflare incident, I found out their intermediate certificate issuer field differ from its signing CA subject, despite the AKI/SKI were correct.
Here’s the relevant CA info,
❯ openssl x509 -noout -text -in ~/D… Continue reading Intermediate issuer field didn’t match its CA subject field
While debugging yesterday’s Cloudflare incident, I found out their intermediate certificate issuer field differ from its signing CA subject, despite the AKI/SKI were correct.
Here’s the relevant CA info,
❯ openssl x509 -noout -text -in ~/D… Continue reading Intermediate issuer field didn’t match its CA subject field
November 2024 Patch Tuesday is here, and Microsoft has dropped fixes for 89 new security issues in its various products, two of which – CVE-2024-43451 and CVE-2024-49039 – are actively exploited by attackers. The exploited vulnerabilities (… Continue reading Microsoft fixes actively exploited zero-days (CVE-2024-43451, CVE-2024-49039)
To summarize my question:
How can a client support both TLS 1.2 and 1.3 ?
I have looked at How browsers pick TLS… Which summarized is: if a client connects to a server, it negotiates the handshake as to whether it will handle TLS 1.3 or… Continue reading OpenSSL "method" picking between TLS 1.2 and 1.3 [duplicate]
In the TLS handshake, I noticed that key messages like ClientHello and ServerHello aren’t piggybacked onto ACK packets and are instead sent as separate packets. From a networking perspective, this seems inefficient because there could be … Continue reading Why in this TLS handshake, the ClientHello,ServerHello, etc are not Piggybacked in the ACKs packets? [closed]
I am new to SSL configuration.
I bought 3 yrs SSL from domain.com for nginx conf and downloaded the given certs, I found there were 4 files:
maydomain.com.crt
SSL_DV_CertificateAuthorityRoot.crt
SSL_DV_IntermediateCA_2.crt
SSL_DV_Intermed… Continue reading I bought SSL from domain privider but no privkey found how to generate privkey [closed]
I have an OpenSSL-encrypted file on a remote server that I need to decrypt. However, I don’t want the root user on that server to access my decryption password. I understand that using the password directly in the command or storing it in … Continue reading Securely Decrypting an OpenSSL Encrypted File on a Remote Server Without Exposing Password to Root
Context
During a CTF, as www-data, I managed to exfiltrate an .rnd file used by phpseclib on a PHP app (I exfiltrated the entire app). Since SSHD is configured with PubkeyAuthentication yes and PasswordAuthentication no, my guess is that i… Continue reading exfiltred .rnd file exploitation
While trying to generate SSL certificate using
openssl ec
and
openssl ecparam
utilities, I see a big list of Elliptic curves as output of command
openssl ecparam -list_curves
I’m confused which specific curve should I use. I’ve this qu… Continue reading What should be optimal basis of choosing specific curve in Openssl Elliptic operations