Collaborate Disseminate
Sitting in a corporate environment trying to access outside resources such as NPM packages or URL’s using Python has become problematic in my company. With the recent changes to the SSL libraries there are now issues with certificate verif… Continue reading Allowing Unsafe Legacy Renegotiation in a corporate environment
OpenVPN allows the use of their ‘reneg-sec’ option to renegotiate keys for the data channel at a specified interval. This helped protect against exploits like Sweet32 with 64 bit block ciphers a while ago. Apparently, only 32GB of retrieve… Continue reading Is key renegotiation necessary with a larger cipher in OpenVPN?
I am trying to verify whether I am vulnerable to the OpenSSL TLS renegotiation vulnerability CVE-2021-3449 (fixed in OpenSSL 1.1.1k).
When I connect to the website using openssl s_client -tls1_2 -connect example.com:443, it says "Secu… Continue reading How to verify TLS renegotiation DoS vulnerability? (CVE-2021-3449)
I am trying to verify the SSL renegotiation vulnerability reported for one of our URLs by a vulnerability scanner. The scan report lists the SSL Renegotiation vulnerability as – ‘Insecure Transport: SSLv3/TLS Renegotiation Stream Injectio… Continue reading How to verify SSL/TLS renegotiation vulnerability?
I will attempt to explain the situation and question clearly.
If I am ambiguous, please let me know and I will try to explain better.
Assume that I control both client and server. We have access to the source.
The client a… Continue reading Possible to add new cert, remove old cert, force renegotiation without dropping connection?
I tried
https://www.ssllabs.com/ssltest/analyze.html?d=imap.spamarrest.com%3A993&hideResults=on
but it said
Ports other than 443 not supported
I need to check imap.spamarrest.com:993
Continue reading How can you check and analyze SSL ports other than 443?
I tried
https://www.ssllabs.com/ssltest/analyze.html?d=imap.spamarrest.com%3A993&hideResults=on
but it said
Ports other than 443 not supported
I need to check imap.spamarrest.com:993
Continue reading How can you check and analyze SSL ports other than 443?
I tried
https://www.ssllabs.com/ssltest/analyze.html?d=imap.spamarrest.com%3A993&hideResults=on
but it said
Ports other than 443 not supported
I need to check imap.spamarrest.com:993
Continue reading How can you check and analyze SSL ports other than 443?
Should I use SSL/TLS renegotiation? In other words: does SSL/TLS renegotiation enhance or weaken the security?
After all these articles circulating online about md5 exploits, I am considering switching to another hash algorithm. As far as I know it’s always been the algorithm of choice among numerous DBAs. Is it that much of a benefit to use MD5 in… Continue reading Is MD5 considered insecure?