Collaborate Disseminate
An IoT device using mutual TLS can have a long running TLS connection to a server, during which time its client certificate could expire or be revoked. When that happens should the server notice and terminate the connection?
Continue reading Should certificate validity be policed on open TLS connections?
In a mutual TLS connection, both the client and server authenticate each other using digital certificates.
However, when the client presents a certificate, the server only sees the client’s IP address and not the domain name to be able to … Continue reading Client certificate validation [duplicate]
If API client (Postman for example) makes a call to an exposed HTTPS API endpoint, is the communication between client and server encrypted?
Continue reading Is an API call to HTTPS endpoint encrypted?
I have a scenario where my Nextjs frontend application is running in the cloud with a domain & SSL and I have a nodejs backend.
When I make an API call to the backend nodejs server, I get a CORS error stating a "https to http comm… Continue reading https to http communication error while frontend call to backend
I noticed that, while browsing through many bug bounty and vulnerability disclosure programs, they don’t accept issues that are related to TLS/SSL, which includes expired security certificates.
Why are companies so unwilling to accept expi… Continue reading Why do many companies reject expired SSL certificates as bugs in bug bounties?
Supposing I have connected my laptop to the ethernet cable and all the traffic in the ethernet cable is encrypted (let’s say VPN, HTTPS, etc.). Can someone who is eavesdropping the traffic with physical access to the Ethernet cable (via an… Continue reading Can someone who is eavesdropping signals from Ethernet cable, gather sensitive information [duplicate]
I have a domain that properly redirects as expected to protocol https://newhavendisplay.com, except for https://www.newhavendisplay.com, which triggers the "This connection is not private" security warning upon visiting. However,… Continue reading URL redirects properly to all URL protocols except https://www
Is it possible to use both mTLS and regular TLS (as fallback) ?
I would like it to try to auth user with mTLS and fallback to standard login/password when it fail.
Is this a good idea in term of security ? The goal is to simplify life to r… Continue reading mTLS fallback to standard TLS
I don’t know if what I’m asking is even possible, but I’ll ask anyway.
I’m trying to get FireFox or Chrome to trust a self-signed certificate used on a website I’m running locally. I started up an ubuntu server and ran these commands:
# go… Continue reading Added root authority certificate for firefox, but still not trusting certificate
I am trying to learn how ssl chain of trust works with practical examples. I thought maybe openssl would be a good education tool. But I’m running into a few problems while practicing, and I’m at a lost on how to approach my education.
B… Continue reading How to practice making self-signed certificates with intermediate CAs