Collaborate Disseminate
I sent a client hello indicating TLS1.3 support, and it contains a list of all ciphersuites that support TLS1.3, TLS1.2 and TLS1.1
And consider server negotiated TLS1.3 indicating serverHello.supported_versions=0304, but ciphersuite select… Continue reading server negotiating TLS1.3 but sent TLS1.2 ciphersuite
I am having a Handshake session of PSK_only mode in TLS1.3 , where I use PSK’s established out of band.
consider, client Hello is sent with the extensions of supported_versions, PreSharedKey, psk_key_exchange_modes
Q1)If server sends a Hel… Continue reading In TLS1.3 can the client hello have the extensions which were not sent as part of HelloRetryRequest
I created a private key using Analog device’s signtool. It can be found part of "CrossCore Embedded Studio for Blackfin, SHARC and SHARC+ – Release (Rev. 2.12.0)". Link: https://www.analog.com/en/resources/evaluation-hardware-and… Continue reading How to generate an X9.62 encoded ECDSA prime256v1 private key using OpenSSL?
Landing here to an scenario where the command below generated a correct rsa-sha2-512 key
ssh-keygen -t rsa-sha2-512 -b 4096
When that same Windows machine tries to access the SFTP with the sftp -vv built-in command, the used version of Op… Continue reading How an old OpenSSL package would generate a key that itself cannot use?
We have tested our DTLS client using the openssl s_server program from OpenSSL 3.2.1. The handshake failed because we used the wrong PSK on the client. To our surprise, the server neither responded with a TLS Alert message nor did it show … Continue reading How to get debug output from `openssl s_server` when (PSK-only DTLS) handshake fails?
The RFC – 7030 section 4.2.2, EST protocol, suggests to use the Change Subject Name attribute when the client would like to use a different subject for the new issued certificate during reenrollment.
There are two things
I can’t use the O… Continue reading How to include ChangeSubjectName in CSR?
I was wondering if there is any utility for multiple hosts sharing the same TLS session key. I have come across proxies and the way they intercept TLS connections is to make the client accept its certificate and then act as client to the e… Continue reading Would there be any utility for multiple clients sharing the same TLS session key?
If I have a java client that connects to a server, but in the java client code where the connection is built, it skips hostname verification disabled.
When a client tries to connect to serverA.com, what is the impact if hostname verificati… Continue reading What is the impact of disabled TLS hostname verification?
I am working on a project where I need to securely encrypt and decrypt files on a product without the ability for direct communication or key derivation after the product is sold. The challenge is that I can only store encrypted data on th… Continue reading Encryption without a classic exchange scenario
If I take the following two commands, the results between the two are incredibly different:
openssl speed -aead -evp AES-128-CBC-HMAC-SHA256 -seconds 30
openssl speed -evp AES-128-CBC-HMAC-SHA256 -seconds 30
The results for the first look … Continue reading Why are there significantly different performance results using openssl speed when using -aead and not using it?