Collaborate Disseminate
OpenSSL defines an SSL_CTX struct which can be charged with (client or server) identities. If you pass it to SSL_connect, you’re a client; if you pass it to SSL_accept, you’re a server.
With SSPI/SChannel on Windows it appears that you’re … Continue reading What value is there in separating outbound vs. inbound credential usage in a TLS API?
We have started TLS and MTLS enforcement in all our private customer connections on our servers but we are facing design constraints in regards to High Availability TLS deployments.
For context, we are dealing with long-lived TCP sockets t… Continue reading TLS and high-availability [migrated]
I have a pretty standard web app (react client, node server), https-enabled.
I want to add the ability for the web app to access a device on the local LAN. The device has REST APIs and I can install a certificate in it to enable https.
He… Continue reading Certificate structure for accessing a local device from a web app
When you try to go to a website, chrome sometimes intercepts the connection and says there is a problem with the website’s security certificate. This can be many things such as a common name error, outdated security certificate, or a self … Continue reading How to Get Chrome to Prioritize Order of Errors Shown for Security Certificates
I was looking at Cipher Suites indicated on SSLLabs and I noticed something, here is a result for google.com (for instance):
With TLS 1.2, examples of Cipher Suites are:
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: in which I understand that… Continue reading TLS 1.3 Cipher Suites: authentication algorithm unspecified?
My understanding is that for each SSL certificate, there is a private and public key that web browsers use to confirm that it is a valid certificate signed by a trusted Certificate Authority.
How does the Certificate Authority decide which… Continue reading How do certificate authorities choose which private/public keys to use to encrypt each SSL certificate so a browser can know that they’re legit? [duplicate]
When using AES GCM for encryption within TLS and referring to the below diagram:
Is iv[0:3] the fixed IV established from the handshake and iv[4:11] are the current (write) sequence number + 1?
For TLS 1.2 the additional data is type || … Continue reading How to form the IV and Additional Data for TLS when encrypting the plaintext
I am investigating censorship in India, and know with a high degree of confidence that it is being blocked based on the SNI extension in the TLS ClientHello.
I am in control of both the Client (in India) and the Server (in Germany). I sus… Continue reading Possible to determine who on the Internet is resetting (RST) my TCP connection? [closed]
When TLS 1.3 is used with GCM AES (128), does the GCM auth tag (calculated right at the end) get included within the record?
I am looking at the 1.3 RFC and section 5.2 doesn’t seem to explicitly mention the GCM auth tag being included an… Continue reading Does TLS 1.3 include the auth tag from GCM in the record?
I have a sandbox Windows 2016 server in the cloud that only I use for dev, testing, and experimentation. I can access the site remotely from Chrome, but no matter what I try, Chrome displays the ominous SSL cert warning:
Relevant facts:
… Continue reading Tried 3 things to make Chrome accept remote self-signed SSL cert