Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [openssl]

OpenSSL: The Open Source Toolkit for SSL and TLS

OpenSSL is an open source project which develops software for Secure Sockets Layer (SSL v2/v3), Transport Layer Security (TLS v1), as well being a full-strength general purpose cryptography library.

OpenSSL provides both a library (for use within your own program), and a series of command line tools for common tasks.

1601 questions
0
votes
0 answers

Apache Wont Start with SSL (Mis?)Configured

I'm trying to get PHP and Apache running with SSL on a RedHat server, AWS. After setting up the deployment restarting apache fails. Job for httpd.service failed because the control process exited with error code. See "systemctl status…
chris85
  • 81
  • 2
  • 11
0
votes
1 answer

Self-Signed SSL Certificate for Nginx in Ubuntu 16.04 And authorization (HTTP ERROR 403)

I have followed this link for self-signed ssl certificate for nginx.My nginx conf is like below: server { listen 80; server_name myMachineIP; return 302 https://$server_name$request_uri; access_log /var/log/nginx/mysite.access.log; error_log…
Jasmine
  • 243
  • 1
  • 3
  • 9
0
votes
1 answer

How do you enable TLS1.3 in nginx?

i tried to configure nginx 1.11.12 with TLS1.3 but every time i failed. Can you please explain me how to do that using nginx 1.11.12 and openssl 1.1.0e ?
John Z.
  • 1
  • 2
0
votes
2 answers

Use openssl s_server as a reverse proxy

Is it somehow possible to use openssl s_server as a kind of reverse proxy by forwarding all data after the handshake to a different port. To be more concrete, I would like to create a simple tftp-over-dtls setting for testing purposes.
mat
  • 548
  • 6
  • 20
0
votes
1 answer

how to check whether lzo is working in openvpn

I have compiled two binaries of openvpn (one with lzo enabled and other without), Now i want to know whether lzo compression is actually working or not, So I ping from my client to server, but now i don't know how to check size of ping packet on…
roboboykm
  • 1
0
votes
1 answer

OpenVPN internal IP calls

I'd like to setup a OpenVPN Server, connect multiple devices and have a software (database included) that can communicate with the devices that are connected on to the server. The software will be located in the same network. Q1: How is the software…
Rapsoulis
  • 85
  • 1
  • 6
0
votes
1 answer

Use self-signed certificate for internal servers?

I have an Nginx/Gunicorn/Django web server and PostgreSQL database server that I only want to access using SSL. I've purchased, installed, and configured a certificate on my web server from a certificate authority and so now my users can only…
Jim
  • 330
  • 7
  • 16
0
votes
1 answer

Compiling a hardened OpenSSL

I would like to compile OpenSSL from source. There are a number of configuration options I can use when compiling it. I prefer it to be as secure and hardened as possible, and it will eventually be used when compiling Apache HTTPD. There are some…
Dylan Klomparens
  • 634
  • 2
  • 9
  • 22
0
votes
0 answers

Nessus scan continues to find EDH-RSA-DES-CBC3-SHA enabled despite being disabled in SSLCipherSuite

I am a complete novice when it comes to server security but I'll try to properly explain my issue. I am trying to disable cipher suites for Apache TLS termination on my Mac Server to pass a nessus scan, and I have been able to pass all but one…
bos570
0
votes
1 answer

postfix SSL routines:SSL3_GET_KEY_EXCHANGE:unable to find ecdh parameters

We recently had this error while our postfix MTA tries to encrypt a connection via TLS: postfix/smtp[20716]: warning: TLS library problem: 20716:error:1408D13A:SSL routines:SSL3_GET_KEY_EXCHANGE:unable to find ecdh parameters:s3_clnt.c:1336: The…
Ronald
  • 61
  • 2
  • 4
0
votes
0 answers

Force enable tlsv1 nginx

For backwards compatibility with some of our partners, we have to run TLSv1 on some of our websites. The problem is after latest upgrades current settings no longer accept TLSv1 even though it's setup in the Vhost file. I'm running Nginx 1.4.6 with…
Claudio Pinto
  • 101
  • 1
0
votes
0 answers

How to fix Padding Oracle vulnerability on CentOS 7

I have set up a test web server on CentOS 7 to find a way to fix Padding Oracle vulnerability, which I got when I scanned our production site on ssllabs.com. On the test server, I installed openssl(1.0.2j, which is latest as of 1/12/2017) and…
masa
  • 3
  • 1
  • 1
  • 3
0
votes
2 answers

Unable to verify signature (openssl)

I am trying to verify a signature, but get "unable to load key file." This is a CentOS server with OpenSSL version 1.0.2 (22 Jan 2015). The keys are generated like this: ssh-keygen -t rsa -f serverkey -N '' -b 2048 mv serverkey…
Zek
  • 568
  • 3
  • 10
  • 24
0
votes
2 answers

How do I create an ECC certificate for Windows Azure Mobile?

I want my mobile clients to use less CPU power and use less network bandwidth and therefore want to use an ECC certificate for Azure Mobile Apps How do I generate an ECC based certificate for use with Azure Mobile?
makerofthings7
  • 8,911
  • 34
  • 121
  • 197
0
votes
0 answers

Windows Server 2012rs Certification Authority, IIS, Linux client, OpenSSL

I have a Windows Server 2012r2 acting as both a Certification Authority and an IIS https server. I have a linux client. This command works just fine on my linux client and behaves in exactly the expected way, so I can believe that my client is…
Chris Miller
  • 1
1 2 3
99 100