tls-downgrade – WindowsTechs.com

OpenSSL "method" picking between TLS 1.2 and 1.3 [duplicate]

Posted on October 18, 2024 by SpacemanScott

To summarize my question:
How can a client support both TLS 1.2 and 1.3 ?
I have looked at How browsers pick TLS… Which summarized is: if a client connects to a server, it negotiates the handshake as to whether it will handle TLS 1.3 or… Continue reading OpenSSL "method" picking between TLS 1.2 and 1.3 [duplicate]→

Setting Min TLS version for OpenConnect client

Posted on May 17, 2020 by Kayvan Tehrani

I’m using ‘OpenConnect version v8.05’ on Red Hat Enterprise Linux 8.1 (Ootpa) in order to connect to a server.
The server only accepts SSLv3, TLSv1.0 ciphers and I don’t have access to the server for security update/upgrade.
When I try to … Continue reading Setting Min TLS version for OpenConnect client→

Android Clear Text Traffic

Posted on March 1, 2020 by nachofest

Learning about android security I came across the tag:

usesCleartextTraffic=True.

I am not quite sure about its use in practical terms.

Lets say I have an app which specifies this tag as True, and I have http as well as https requests t… Continue reading Android Clear Text Traffic→

What is extension intolerance in the context of TLS?

Posted on February 7, 2020 by Polynomial

SSL Labs checks for TLS version intolerance and TLS extension intolerance. I’ve seen another answer on this site that covers version intolerance, but what does extension intolerance mean, specifically, in this context?

The most informatio… Continue reading What is extension intolerance in the context of TLS?→

TLS downgrade attacks

Posted on March 20, 2019 by Chri3

I’m currently looking at e-mail security and wondered whether server to server e-mail communication that enforces TLS, will prevent the risk of TLS downgrade attacks?

Continue reading TLS downgrade attacks→

Why is TLS1.2 wrapped in TLS1.3?

Posted on January 18, 2019 by 匿名柴棍

I was just curious about TLS1.3 which Cloudflare is one of the companies leading the implementation. I then visited blog.cloudflare.com and turned on my Wireshark. I am not 100% clear about all technical details of TLS1.3, bu… Continue reading Why is TLS1.2 wrapped in TLS1.3?→

How to prevent TLS downgrade on client side?

Posted on October 18, 2018 by Thomas

Today I noticed by experiment that Google Chrome (69.0.3497.100) and Firefox (62.0.3) both were willing to connect to a server which only supported TLS 1.0, even though the corresponding support was removed in the browser set… Continue reading How to prevent TLS downgrade on client side?→

How can I know the protocol versions supported at OpenSSL1.1.0g

Posted on October 3, 2018 by user9371654

How can I identify the versions (TLSv1.2, TLSv1.1, TLSv1.0, SSLv3, etc.) supported in OpenSSL1.1.0g when I manually compile it from its source (NOT the one shipped with the OS like ubuntu) without explicit disabling any versi… Continue reading How can I know the protocol versions supported at OpenSSL1.1.0g→

Why would TLSv1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA still be used?

Posted on September 19, 2018 by Ryan

First, I may be asking a dumb question. I am trying to learn, so please, take it easy on me.

Second, if this is not the right place for this question, or you can link me elsewhere, please tell me/ do so.

Third, I appreciat… Continue reading Why would TLSv1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA still be used?→

SSL – Does Change_cipher protects against downgrade ?

Posted on June 4, 2018 by Arthur Attout

An excerpt of one of my courses about SSL/TLS says the following,

This excerpt is just after the Handshake finish phase of SSL (with change_cipher_spec and finished messages).

Role of the finish phase : counter the dow… Continue reading SSL – Does Change_cipher protects against downgrade ?→