Collaborate Disseminate
I performed an external vulnerability scan on a public IP address and it reported a critical vulnerability with the following details
NVT: SSL and TLS – SSL/TLS: Report Vulnerable Cipher Suites for HTTPS.
It has a summary of some outdate… Continue reading How to disable outdated ciphers [closed]
As we all know, SSL protocols as well as TLS 1.0 and TLS 1.1 are vulnerable to various types of attacks, such as BEAST, Padding Oracle Attack, Sweet32, Downgrade Attack, and others.
But have you ever come across any practical examples of e… Continue reading Practical examples of SSL and TLS vulnerabilities
Where can I get the definitive list of weak ciphers? Various tools are listing ciphers as weak but these vary somewhat. Which CBC ciphers specifically currently suffer with known weaknesses and where can I get more information on this?
The… Continue reading Weak SSL/TLS Ciphers
I am having a Handshake session of PSK_only mode in TLS1.3 , where I use PSK’s established out of band.
consider, client Hello is sent with the extensions of supported_versions, PreSharedKey, psk_key_exchange_modes
Q1)If server sends a Hel… Continue reading In TLS1.3 can the client hello have the extensions which were not sent as part of HelloRetryRequest
Nexpose reports the following vulnerability:
TLS/SSL Server Supports The Use of Static Key Ciphers. Negotiated with the following insecure cipher suites:
TLS 1.2 ciphers: TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_GCM_SHA384
Bu… Continue reading Nexpose reporting ciphers not present in machine
I am migrating to Artifactory on RHEL8 as a Docker remote repository, i.e. Artifactory is a proxy for a docker registry hosted through Jfrog.io.
We have a legacy registry with config in /etc/docker/certs.d/. Another instance works fine wit… Continue reading docker daemon reports ‘tls: unconfigured cipher suite’ for Nginx reverse proxy of Artifactory Docker registry