Collaborate Disseminate
I’m working on a small project which requires SSL for encryption and after a lot of searching I found the content I need in this video
https://youtu.be/Npq-8W13wrs
The code in the video:
Server:
Client:
But here the person had used a cer… Continue reading How ssl and .pem file works and how secure are they?
I wanted to know that if I make an application and need to use ssl to encrypt the TCP connection then is it necessary to save the keys in .pem file, like what if malicious software just steals that .pem file from any clients computer, will… Continue reading Working of .pem file
Up until now, all of our devices have been HTTP only, so HTTPS is new territory for us. We ship embedded devices to customers with a default IP address and a self-signed certificate and key. These devices have a web page, but they do not s… Continue reading Best practices for managing certificates for IP-only embedded devices
A recent Nginx release allows me to set listen 443 quic; to enable HTTP/3. Neat. I had been using HTTP/2 with TLS1.3 before, so I did not expect that change much, just optimize round trips with otherwise matching security properties.
One m… Continue reading Does HTTP/3 necessitate additional – beyond HTTP/2 via TLS1.3 – restrictions on client authentication (mTLS)?
When I log into ProtonMail I can see that the webpage is using HTTPS, which gives me piece of mind that everything is transmitted securely.
I was curious, however, whether ProtonMail used any client side cryptographic protections on my cre… Continue reading Protonmail encryption during login
I want to test TLS SCSV on a very old version of firefox with Insecure Version Fallback enabled. However, I can not find any server that uses the insecure fallback.
Continue reading Is there a website that I can test TLS SCSV with?
I have read many posts related to the intermediate CA certificates and I do hope my question is not a duplication.
Where do TLS clients fetch intermediate CA certificates from?
In SSL server handshake, does server also send CA certificate
… Continue reading How do TLS clients validate intermediate CA certificates?
We deploy hardened Windows Server 2022 servers in AWS. These servers reach out to RDS servers using a TLS encrypted channel. During the TLS negotiation, the Windows server is reaching out to Windows Update, presumably to get a current li… Continue reading Windows Server Reaches out to WindowsUpdate during TLS negotation
I am trying to setup SSL key logging with Apache 2.4 on Ubuntu 22.04.
I followed the very good Walkthrough provided by Lekensteyn in this post: Extracting openssl pre-master secret from apache2
What I have found is that the key logging do… Continue reading Problem Extracting SSL keys from Apache 2.4
While making a payment for a Google service, I noticed that clicking the Verify button (in the screenshot below) would not move to the next screen.
Curious, I opened up the developer console and noticed two calls to https://224.32.32.221/… Continue reading Why would Google Pay try to fetch data from an IP address over SSL? [closed]