Collaborate Disseminate
In TLS 1.3 (RFC8446), there are many secrets and keys. As far as I’ve understood, every certificate (usually only the server) has a long term key associated with it which is used with HKDF to generate a temporary key for the certificate ve… Continue reading Permanent Keys/Secrets in TLS 1.3
Is there any concrete/solid rationale for this choice of cipher? Seems to be the default when I connect via TLS1.2 to an Apache2 server (whatever latest version on Debian 11) with configuration lines SSLCipherSuite HIGH:!aNULL and SSLProt… Continue reading Why AES256 with SHA384 in TLS
Google makes ACME API available to all Google Cloud users to allow them to automatically acquire and renew TLS certificates for free.
The post Google Cloud Users Can Now Automate TLS Certificate Lifecycle appeared first on SecurityWeek.
Continue reading Google Cloud Users Can Now Automate TLS Certificate Lifecycle
Google makes ACME API available to all Google Cloud users to allow them to automatically acquire and renew TLS certificates for free.
The post Google Cloud Users Can Now Automate TLS Certificate Lifecycle appeared first on SecurityWeek.
Continue reading Google Cloud Users Can Now Automate TLS Certificate Lifecycle
I’m writing a thesis about IEC 104 (TCP/IP) communication which is safeguarded by IEC 62351-3 (TLS).
However, most publicly available datasets only use "plain" IEC-104 without TLS.
Would it be possible (and do you know of any too… Continue reading Apply TLS Encryption to PCAP File Retroactively [closed]
RFC 4851 for EAP-FAST says the following:
3.5. EAP-FAST Session Identifier
The EAP session identifier is constructed using the random values
provided by the peer and server during the TLS tunnel establishment.
The Session-Id is defined as… Continue reading EAP-FAST session ID format in RFC is not matching packet capture
The team is trying to decide which SSL implementation should be used in a specific embedded device. The device should be FIPS 140-3 certified. A part of the team wants to buy the license for the Mocana implementation because they worked wi… Continue reading Is there any advantage of using Mocana SSL library vs openSSL?
In setting up SMTP MTA Strict Transport Security (RFC 8461) for my domain, I’ve noticed some contradictory advice and practice: although the maximum value for the max_age policy value is around one year and the RFC states that "implem… Continue reading What are the risks of an MTA-STS policy with a long max_age?
The subject (sort of) says it all…
Is there a TLS library (other than OpenSSL which does everything 🙂 ) that allows me to:
Add my own extensions to the TLS
Get the certificate data so I can make a certificate fingerprint
What I’m try… Continue reading Is there an SSL library that allows me to add and access extensions and the certificate data?
I would like to setup a webserver using TLS without relying on third party CA.
Is it still possible in 2023 ?
FreeBSD was using the feature and is now using Let’s Encrypt (as well as a lot of privacy-conscious projects)
Do you have an exam… Continue reading Is DANE-EE TLSA version 3 (Domain-issued certificate from rfc6698) still supported in 2023?