Collaborate Disseminate
The sequence number should be a 64 bit number in every TLS record, but the record header layer is only 5 bytes long and I am looking at a Wireshark pcap, where the TLS record only includes the header and encrypted application data. There i… Continue reading Where in the TLS 1.3 record is the sequence number located? [closed]
I am interested in the security provided by SMTPS.
Consider the scenario below where I send an email to a friend. I am using protonmail, and my friend is using yahoo. The actual email services used are not particularly important for this… Continue reading Does SMTPS provide end-to-end encryption? If no, what is the limitation? [closed]
One of the Paho MQTT client SSL options allows checking whether "a certificate matches the given host name.". If I enable this option then I cannot establish a TLS connection to MQTT using an IP address. In case it is relevant: t… Continue reading How does the MITM attack work when a client does not check the hostname vs the certificate? [duplicate]
And if yes, how exactly do I do that.
PS: I’m referring to browser communications, not any other packets from any other communications, for websites open in the browser.
Edit:
So I found this, that answers my question somewhat, so I’d lik… Continue reading Is it possible to view TLS 1.3 packets being sent from my browser AND find payloads going to a specific domain
I have a few websites and apps that I need to protect from DDoS attacks. These websites and apps are delivered by various servers that sit in several small data centers around the world.
I’m thinking of getting some kind of cloud-based DDo… Continue reading How to avoid breaking end-to-end encryption while employing cloud-based DDoS protection?
We have 2 servers communicating, server A (a server that I own), and server B (server on the internet that I trust). I get some info from server B, which are FIX messages (https://en.wikipedia.org/wiki/Financial_Information_eXchange).
Serv… Continue reading Using FIX over TLS, is there a need to sign FIX mesages?
I am trying to test different TLS 1.2/1.3 extensions support by turning them on and off on client side. I failed to find any way to do that in chrome://flags (or any other browser).
Is there a way to do it system-wide by changing settings … Continue reading How to disable individual TLS Extensions client side on Windows and Mac?
I need to temporarily disable the TLS 1.3 protocol leaving only TLS 1.2 for some testing purpose.
I found some procedures on Google but they didn’t not work. Please give me the guidance.
Continue reading How to temporarily disable TLS1.3 in Chrome? [migrated]
I was trying to do vulnerability testing to an android mobile banking app so to get the endpoints of the API I installed the app into android emulator and captured the requests with transparent proxy called PolarProxy (it’s very affective… Continue reading Is there is another ways to authenticate requests to remote server other than Client Certificates?
I’m looking to create an NGINX reverse proxy to my WiFi router, and I’m looking to verify the connection. My router uses a self-signed certificate which lists the tplinkwifi.net domain as the Subject Common Name (CN) but doesn’t include an… Continue reading Unable to verify TLS cert with only CommonName in NGINX reverse proxy