Collaborate Disseminate
We have a service running as a container for which there some reported vulnerabilities in OpenSSL. Our service is behind the Application Load Balancer, which ideally should terminate the traffic at the load balancer before decrypting the t… Continue reading Can OpenSSL vulnerabilities be mitigated by Load Balancer service from Cloud Providers
Microsoft is set to bids farewell to outdated Transport Layer Security (TLS) 1.0 and 1.1 protocols in Windows. The company plans to drop support for the encryption protocols starting with Windows 11 Insider Preview Builds in September. Transport Layer Security (TLS) is a cryptographic protocol that ensures secure data transmission over a computer network. It…
The post PSA: Microsoft to Disable Older TLS Protocols in Windows appeared first on Petri IT Knowledgebase.
Continue reading PSA: Microsoft to Disable Older TLS Protocols in Windows
I am developing a TCP-Proxy in C#/.NET using dotNetty (Port of Netty). The proxy is translating messages between two different systems. It will be hosted on a server in the company network, so it is not exposed to the internet.
I am wonder… Continue reading Securing an internal tcp proxy
I’m trying to set-up a certificate chain (CA root -> Intermediate CA -> Server certificate)
Here’s my attempt:
Creating CA Root:
##!/usr/bin/env bash
set -xeuo pipefail
CA_DIR=server/generated/ca-root
REQ_DIR=server/requests
I’m using NordVPN and it’s popped up with this about how it couldn’t validate a TLS certificate:
I’ve tried looking up what ISRG is but I don’t get much of an explanation on it anywhere. It appears both at my home and work wifi connection… Continue reading NordVPN Couldn’t Estabish a Secure Connection – ISRG Root X2
My understanding is that, when you connect to an HTTPS website, the communication is encrypted via asymmetric encryption, therefore private and public keys play a role there. My assumption there is that I, the user, own the private key.
My… Continue reading Consequences of stolen TLS private key
While these VPNs can work inside of China, I wonder how private and secure they are since China is known for its great firewall, like most technically advanced countries. Are these methods working? Because China can "see through the t… Continue reading Can China decrypt SSL as soon as people using their ISP?
Alice and Bob have TLS certificate authorities. My device trusts Alice’s CA, and connects to servers that present a certificate rooted at Alice’s CA. It does not explicitly trust Bob’s CA, or the servers that use his certificates.
Alice tr… Continue reading Can you sign a TLS root certificate that already exists? [duplicate]
Sitting in a corporate environment trying to access outside resources such as NPM packages or URL’s using Python has become problematic in my company. With the recent changes to the SSL libraries there are now issues with certificate verif… Continue reading Allowing Unsafe Legacy Renegotiation in a corporate environment
I understand that in a non-authenticated Diffie-Hellman setup, a man-in-the-middle attack can occur. Now i’m curious about the feasibility of the following scenario:
Let’s assume a situation where www.example.com exclusively supports authe… Continue reading Evading authenticated diffie hellman with MITM