Collaborate Disseminate
When I check Google’s certificate (from browser), I notice the root certificate is GTS Root R1. However, I don’t see this root certificate in certificate manager.
Whereas for microsoft.com or oracle.com the root certificates are DigitCert … Continue reading Why cannot I see google’s root certificate in certificate manager?
Is there a way/software to manage and sign multiple SSL certificates? We have many intranet web applications that show the certificate error risk in the web browser. I have been googling a lot but SSL certificates still mystify me, I know … Continue reading What is the proper way to manage a company’s SSL certificates?
When ephemeral Diffie-Hellman (DHE) is used with TLS, the key-exchange key can/will be discarded after a key-exchange. right?
Is there good reason to use HSM for generating and storing DHE key, when the block cipher key is still stored in … Continue reading Does saving of ECDHE keypairs to HSM increase security of TLS?
I have an iOS device on Corellium (jailbreaked). I’m on OpenVPN. I have Burp running locally and the iOS device has a proxy that runs through my Burp instance.
All the traffic I am seeing is plaintext and not encrypted. Does this mean that… Continue reading iOS App on Corellium going through Burp shows plaintext
If I share the following url link to a stranger, will it compromise any of my information. does this url encoding undergoing some encryption processes?thanks
Continue reading Does url of payment link reveal sensitive info?
The TLS 1.3 extension includes this table indicating which Extensions can be sent in which Records:
+————————————————–+————-+
| Extension | TLS 1.3 |
+—… Continue reading What is the purpose of a TLS 1.3 Server sending the Server Name Indication extension in the Encrypted Extensions record?
I have a Kubernetes cluster on Azure AKS with an ingress controller that uses TLS 1.3 protocol. I want to disable a specific cipher suite (e.g., TLS_AES_128_GCM_SHA256) for security reasons.
I’ve tried configuring the "ssl-ciphers&quo… Continue reading How to disable a specific cipher for TLS 1.3 on Azure AKS with ingress controller? [migrated]
In TLS 1.3’s version of Mutual TLS authentication there are two places the Client can send their Certificate (and Certificate Verify) records:
In the handshake itself, directly before sending the Client Finished (see below)
Later in the T… Continue reading What keys are used to secure the Client’s Certificate & Certificate Verify records in TLS 1.3 Mutual Authentication during Post Handshake Auth.?
I have a desktop application on Windows that connects to a server which I don’t have access to. I want to reverse engineer an API for personal use so I can connect from a custom interface instead of using the official application.
Using Wi… Continue reading Decrypting TLS traffic from windows desktop application [closed]
When creating certificates with the step CLI I have the option to create a leaf certificate for a certain subject or sign a certificate signing request (CSR). I could not really determine a difference between those two, given I use the sam… Continue reading What is the difference between a signed CSR and a leaf certificate?