Collaborate Disseminate
Is it possible for a single server to use two different certificate chains for TLS?
For instance, rootCA1, intermediateCert1, serverCert1, rootCA2, intermediateCert2, serverCert2.
If this is possible, what order should the .PEM file use: s… Continue reading Multiple certificate chains on a single server for TLS
I’ve got a mailserver and the hostname is mx.domain.com. Of course the server is configured to send emails to $mydomain and/or $myhostname.$mydomain in Postfix. Do I need to create the CSR/key for the FQDN or just the domain?
I am using Do… Continue reading SSL cert for mailserver, which domain? mail client refuses self-signed
We have 3rd-Party CDN in front of Financial/Banking APIs which involves sensitive data, login, access token, cookies, etc.
We would like to leverage WAF and SSL Inspection capability of CDN. This requires SSL Offloading at CDN.
How to avoi… Continue reading 3rd-Party CDN SSL Inspection for Financial/Banking API Traffics
I am configuring an OpenVPN server and I would like to use TLS-CRYPT-V2. For that, in the documentation, it is said that I have to create a TLS-CRYPT-V2 key for the server and one for each client, because it is more secure.
But I don’t kno… Continue reading How does TLS-CRYPT-V2 work in OpenVPN?
I am pentesting a java thick client application, and the communication between client and server is RMI over TLS.
On a certain button, there is an action triggered from the client to the server. In this action, the method triggered sends s… Continue reading how to alter a value in RMI TLS communication
Nexpose reports the following vulnerability:
TLS/SSL Server Supports The Use of Static Key Ciphers. Negotiated with the following insecure cipher suites:
TLS 1.2 ciphers: TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_GCM_SHA384
Bu… Continue reading Nexpose reporting ciphers not present in machine
We have tested our DTLS client using the openssl s_server program from OpenSSL 3.2.1. The handshake failed because we used the wrong PSK on the client. To our surprise, the server neither responded with a TLS Alert message nor did it show … Continue reading How to get debug output from `openssl s_server` when (PSK-only DTLS) handshake fails?
Venafi introduced a 90-Day TLS Readiness solution to help enterprises prepare for Google’s proposed 90-day limit for the lifecycle of a digital certificate.
The post Machine Identity Firm Venafi Readies for the 90-day Certificate Lifecycle appeared fir… Continue reading Machine Identity Firm Venafi Readies for the 90-day Certificate Lifecycle
I’m trying to understand where TLS is required. I’ve heard that TLS encrypts data when a client communicates with a server through HTTP by verifying the server and passing encryption keys. This protection is done through a TLS certificate signed by a CA (Certificate Authority). I can imagine a hacker trying to claim who they are while communicating through the web.
But will this apply to a LAN system? For example, in Hashicorp’s Vault, they mentioned: “End-to-End TLS. Vault should always be used with TLS in production.”. If system A (say Vault) tries to communicate with system B (say Backend Service) connected through LAN how can the systems be verified through a CA? (or perhaps the question should be, does it need one?)
The image below helps illustrate the question I’m facing.
Reference:
https://www.cloudflare.com/learning/ssl/what-is-ssl/
What’s the point of certificates in SSL/TLS?
https://developer.hashicorp.com/vault/tutorials/operations/production-hardening
Como puedo mejorar la seguridad de mi red LAN en la empresa
Continue reading Como puedo mejorar la seguridad de mi red local