Collaborate Disseminate
The RFC – 7030 section 4.2.2, EST protocol, suggests to use the Change Subject Name attribute when the client would like to use a different subject for the new issued certificate during reenrollment.
There are two things
I can’t use the O… Continue reading How to include ChangeSubjectName in CSR?
I was wondering if there is any utility for multiple hosts sharing the same TLS session key. I have come across proxies and the way they intercept TLS connections is to make the client accept its certificate and then act as client to the e… Continue reading Would there be any utility for multiple clients sharing the same TLS session key?
If I have a java client that connects to a server, but in the java client code where the connection is built, it skips hostname verification disabled.
When a client tries to connect to serverA.com, what is the impact if hostname verificati… Continue reading What is the impact of disabled TLS hostname verification?
I am working on a project where I need to securely encrypt and decrypt files on a product without the ability for direct communication or key derivation after the product is sold. The challenge is that I can only store encrypted data on th… Continue reading Encryption without a classic exchange scenario
If I take the following two commands, the results between the two are incredibly different:
openssl speed -aead -evp AES-128-CBC-HMAC-SHA256 -seconds 30
openssl speed -evp AES-128-CBC-HMAC-SHA256 -seconds 30
The results for the first look … Continue reading Why are there significantly different performance results using openssl speed when using -aead and not using it?
My nginx backend server supports the following ciphers:
ssl_ciphers "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-… Continue reading Automatically check if a certificate matches specific ciphers
Basically, as the title says.
Neither keytool nor openssl allow that.
EDIT: apparently, pkcs12 doesn’t support that. So, use JKS, which you can easily create with keytool.
I am not a security expert, so please forgive me if the question is too obvious. We have been working with Blowfish to encrypt some of our files. We recently updated our very old OpenSSL version from 1.1.1 to 3.0.12 and we found out that B… Continue reading Why is Blowfish Cipher considered now "legacy" algorithm in OpenSSL?
My environment consists of 2 docker containers, one running Logstash and another running Elasticsearch on the SAME host & SAME docker network.
I am trying to setup SSL between the 2 of them (this is because Elasticsearch needs SSL and … Continue reading Connecting Logstash To Elasticsearch via SSL (Docker Container)
I was trying to encrypt and sign MIME data using openssl smime command.
I have below MIME data –
From:"=?ISO-8859-1?B?3M0SEg=?=" <abc@dcc.final>
Subject:=?ISO-8859-1?B?yNA==?=
=?ISO-8859-1?B?3IDE4?=
=?ISO-8859-1?B?OjE0?=
… Continue reading How to add MIME headers in encrypt and sign SMIME data using openssl smime command