TLS – Page 10 – WindowsTechs.com

Why data exchange between 2 web apps using redirection with query parameters or auto-form-post CANNOT be trusted by each other, even when using HTTPS?

Posted on March 21, 2024 by Mee

Why data exchange between two web applications using redirection with query parameters or auto-form-post CANNOT be trusted by each web application, even when using HTTPS?
Note:
I understand that data exchange using query parameters has inh… Continue reading Why data exchange between 2 web apps using redirection with query parameters or auto-form-post CANNOT be trusted by each other, even when using HTTPS?→

Would there be any utility for multiple clients sharing the same TLS session key?

Posted on March 19, 2024 by imawful

I was wondering if there is any utility for multiple hosts sharing the same TLS session key. I have come across proxies and the way they intercept TLS connections is to make the client accept its certificate and then act as client to the e… Continue reading Would there be any utility for multiple clients sharing the same TLS session key?→

What is the impact of disabled TLS hostname verification?

Posted on March 18, 2024 by Anonymous

If I have a java client that connects to a server, but in the java client code where the connection is built, it skips hostname verification disabled.
When a client tries to connect to serverA.com, what is the impact if hostname verificati… Continue reading What is the impact of disabled TLS hostname verification?→

Using HTTP header to transmit client certificate for mTLS

Posted on March 12, 2024 by chriaass

My client says their API traffic must take the path WAF -> Custom Firewall -> Backend API. Also, mTLS must be terminated after the traffic has gone through the network appliance.
I have created an Envoy proxy that can perform mTLS be… Continue reading Using HTTP header to transmit client certificate for mTLS→

Checking Against the CN Of Every Certificate In The Certificate Chain

Posted on February 23, 2024 by Dhiwakar Ravikumar

Is it possible to check against the CN (Common Name) or SAN (Subject Alternative Names) of each and every certificate in the certificate chain for a match ?
I have 2 docker containers hosted on my VM, one of the containers (Logstash) conne… Continue reading Checking Against the CN Of Every Certificate In The Certificate Chain→

Checking Against the CN Of Every Certificate In The Certificate Chain

Posted on February 23, 2024 by Dhiwakar Ravikumar

Automatically check if a certificate matches specific ciphers

Posted on February 22, 2024 by Shahar G

My nginx backend server supports the following ciphers:
ssl_ciphers "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-… Continue reading Automatically check if a certificate matches specific ciphers→

What is the exact danger of not waiting for peer’s close_notify response?

Posted on February 19, 2024 by Dragan

OpenSSL documentation says the following: (Source: https://openssl.org/docs/man3.0/man3/SSL_shutdown.html)

It is acceptable for an application to only send its shutdown alert and then close the underlying connection without waiting for th… Continue reading What is the exact danger of not waiting for peer’s close_notify response?→

Testing in case of TLS 1.3 with AES-GCM

Posted on February 18, 2024 by Y.Z

At work, I’m used to sniffing and capturing on network interfaces by which client and server intercom on LAN in my domain so as to grab genuine business data, followed by my customized replaying to auto-testing business processing logic of… Continue reading Testing in case of TLS 1.3 with AES-GCM→

SSL certificates and firewall blacklists

Posted on February 16, 2024 by Eftal Gezer

We have a domain, erbaharlab.com, which we have bought for our research group.
www.erbaharlab.com contains our research group website, nanospacejm2.erbaharlab.com contains a conference website and there might be other conference subdomains… Continue reading SSL certificates and firewall blacklists→