Collaborate Disseminate
As part of TLS1.3 handshake client hello sent containing the TLS1.3 version support as part of suppored_versions extension, consider if as part of server hello supported_versions extension is not present, but Legacy_version is set to 0x030… Continue reading In TLS1.3 server hello can the legacy version field set to 0x0304
My website is served with TLS and does not use a (TLS-terminating) CDN. Is it still advisable to use Cache-Control: private for protected pages to account for (e.g. corporate) TLS termination proxies on the users‘ end (even though it is no… Continue reading Cache-control and TLS termination proxies
SSL, nowadays TLS, encrypts traffic between the server and client. However, the certificate is only valid for a certain period of time until its expiration.
What I don’t understand is, why does TLS even expire in the first place? Its purpo… Continue reading ELI5: If SSL encrypts traffic, why does it expire?
I have just started to study the TLS 1.2 protocol and would like to know what checks are performed on the client side by the browser when checking the server certificate. I would be glad if you could describe it in as much detail
Continue reading TLS Server Certificate Validations 1.2 [duplicate]
"The KeyUpdate handshake message is used to indicate that the sender is updating its sending cryptographic keys."
"If the request_update field is set to "update_requested", then the receiver MUST send a KeyUpdate o… Continue reading what should be the response of keyupdate if the initial KeyUpdateRequest is set to update_not_requested not update_requested
Content removed because this was spam
I wanted to secure my apps running in a private subnet with SSL. Albeit not necessary, it is very nice to have.
Because of my constant changes, I opted for a wildcard ssl certificate through my DNS provider Cloudflare by providing Nginx Pr… Continue reading How did I obtain a wildcard SSL certificate without port 80 opened for a challenge?
I understand that corporate companies can/do decrypt employee SSL/HTTPs traffic because the company owned device has a company owned SSL certifiate.
I thought the first certificate would encrypt the data and only the last one could decrypt… Continue reading How exactly do corporate companies decrypt employee SSL/HTTPS traffic on company owned corporate devices? [duplicate]
From following link: Decrypting TLS with Netsh/WireShark
I found its pretty easy to segregate the keys file from tcp requests and later decrypt with WireShark.
Are there any reliable/bullet-proof methods that can prevent such decryption of… Continue reading How do we secure our network traffic from packet sniffing tools [beyond TLS/SSL] [duplicate]
If a company creates a self signed Root CA certificate and then install that in their computers’ store for trusted root certificates, then create a leaf certificate and install that on their internal server, then that certificate will be t… Continue reading What is the technical reason why HTTP/3 is not available when certificate is from private CA? [closed]