Collaborate Disseminate
I manage some websites and one of them got a poor security rating (from sec scorecard). I have a managed server, so I asked the IT guys to help, but also would like to understand this issue a little more.
The problem is, there are old TLS1… Continue reading Remove old Cipher Suites [migrated]
I’m learning for the first time the concept of revoking certificates. I created a certificate with openssl then I tried to revoke it. But my revoke command causes an error.
Here’s what I did
# generate key
openssl genrsa -out root.key 2… Continue reading openssl ca -revoke causes `Can’t open ./demoCA/cacert.pem`
It seems that Firefox and Chrome both support x25519 keys, but they do not accept keys signed using Ed25519. Am I correct?
If so, where can I find the official source of this information?
Is it possible to use TPM for SSL Client Authentication (with a client certificate) and thereby ensure on the server/backend side knows, that the request comes from the specific client machine (even the key cannot be stolen) when I have an… Continue reading Can TPM be used for SSL Client Certificates for an existing applications?
I have 2 endpoints that are exchanging data (FIX messages), and the originating endpoint is genrating the fix files are sending them on an ecrypted channel (TLS or Stunnel). In a security audit, it was recommended that the files are signed… Continue reading are files sent in a TLS channel signed? [duplicate]
Edit:
To clarify, this question is all about whether we should insist on implementing TLS for internal communications over public cloud tenants as a man-in-the-middle risk reduction control, given the complexity and sophistication required… Continue reading TLS and MiTM Attacks Relevancy over Public Cloud (SDN) internal networks
HTTPS security is based on the chain of trust. The initial trusted party (root authority) signs a certificate for some other party and then it can sign for some other.
Does that mean If I have a valid HTTPS certificate for my website, I ca… Continue reading A Potential threat in HTTPS [duplicate]
If you as a client trust the server and know the IP of the server, and intend to initiate a HTTPS request to that IP, what are the potential vulnerabilities in disabling server certificate verification, such as disabling this with curl via… Continue reading Does disabling TLS server certificate verification (E.g. curl –insecure option) expose client to MITM
In a ssl/tls, the public key for a domain is included in the ssl/tls certificate that your computer downloaded and stored locally.
In the ethereum blockchain ecosystem, the public key is derived from the message signature since there is no… Continue reading ssl\tls public key vs ethereum blockchain public key [closed]
I have a site published in IIS. The site using HTTPS protocol and the web hosting certificate is already expired. This web hosting certificate path is under the trust root certificate which is not expired yet. I am very new to this so I am… Continue reading Renew a web hosting certificate on IIS [closed]