Collaborate Disseminate
TLS, byte by byte performs an unusual and interesting function: it fetches itself over HTTPS, and provides a complete annotation of what’s going on in the process, one byte at …read more Continue reading Watch a Web Page Fetch Itself Over TLS, Complete With Commentary
I’m trying to scan my server (Apache2 on Debian), which is configured to support only TLS1.2 (and 1.3, presumably?). The config line is:
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
I scan it with:
msf6 > use auxiliary/scanner/ssl/ssl_versi… Continue reading Why does metasploit SSL scanner only show highest version available?
According to its website, my bank does not recommend to use open wifi networks for online banking without VPN.
Why is that?
I understand, that 10-20 years ago many site and application sent the data unencrypted. But I haven’t found any web… Continue reading Is there any security threat with open WiFi connection in 2023 for online banking? [duplicate]
I am studying how to determine which packets carrying TLS records belong to the same TLS session (much like Wireshark does).
For a given TLS record that belongs to a specific packet(s), are we always able to determine its relation to its o… Continue reading Are TCP source and destination port numbers sufficient to determine which packets carrying TLS records belong to a specific TLS session? [closed]
Many new TLDs have mandatory HTTPS requirements. Is there a way to disable that for subdomains? If not does that mean an expensive wildcard SSL certificate will need to be used with these domains?
So if I have a service running at sub.doma… Continue reading Do subdomains of a TLD with mandatory HTTPS require a wildcard certificate?
Almost latest version of Chrome 112.0.5615.49 (Official Build) (x86_64), on macOS Ventura 13.1, keeps negotiating TLS only up to 1.2 version. I tried some of the same websites in Waterfox (Mozilla based browser) and confirmed TLS 1.3 via W… Continue reading Recent Chrome version not supporting TLS 1.3 on mac Ventura 13.1 [closed]
I wrapped my Socks5 traffic in TLS using Stunnel and the Stunnel server is listening on the port 443:tcp.
I can connect successfully to Stunnel server and exchange Socks5 traffic.
From the perspective of DPI (Deep packet inspection), is th… Continue reading Does the traffic tunnelled using Stunnel on port 443:TCP appear the same as normal HTTPS to DPI?
I am considering how to make my chat application a bit more secure. It has a similar structure to IRC, multiple users can join each server, and servers can be hosted by anyone. I have been using TLS so far, but it has the problem of requir… Continue reading Suitable method of encryption for user-hosted chat platforms
I have Linux servers, which was reported by IT security team having various obsolete ciphers, and I need to disable them and replace with newer versions if they used by applications. However I stumble, that I can’t even find these ciphers…. Continue reading How to find and disable specific ciphers on Linux?
By default the SNI is sent in plaintext before a shared key is agreed upon. Is it possible for an attacker to modify SNI value without endpoints finding it out?
If I understand RFC 8446 (TLS 1.3) correctly, the Transcript Hash contains all… Continue reading Is TLS SNI susceptible to MitM attacks?