Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [ssl]

SSL and its successor, TLS, are encryption and authentication protocols that encrypt the full contents of a TCP connection, as well as potentially verifying the identities of the devices making the connection.

SSL and its successor - TLS - is primarily used to encrypt the connection between two applications at the presentation layer. It is most often used to secure websites in the form of HTTPS protocol but can also be used for other protocols and applications.

7024 questions
11
votes
3 answers

Can Netcat talk to an encrypted port?

I am doing some trouble shooting on an application that listens on tcp 443. This particular application talks via SSL. I wanted to connect to it with netcat. Is this possible? Note: I'm not asking if netcat can encrypt its traffic.
Lexicon
  • 257
  • 1
  • 2
  • 10
11
votes
3 answers

Does SNI represent a privacy concern for my website visitors?

Firstly, I'm sorry for my bad English. I'm still learning it. Here it goes: When I host a single website per IP address, I can use "pure" SSL (without SNI), and the key exchange occurs before the user even tells me the hostname and path that he…
pagliuca
  • 243
  • 2
  • 10
11
votes
2 answers

Which openvpn cipher should I use?

From both a performance and security standpoint, which cipher should I use with openvpn? According to http://openvpn.net/index.php/open-source/documentation/howto.html#security , the default is Blowfish, and the recommendation/example is to use…
Daniel S. Sterling
  • 1,584
  • 2
  • 11
  • 13
11
votes
3 answers

Fixing BEAST vulnerability on Apache 2.0 running on RHEL 4

I have a web server running Apache 2.0 on RHEL4. This server recently failed a PCI scan. Reason: SSLv3.0/TLSv1.0 Protocol Weak CBC Mode Vulnerability Solution: This attack was identified in 2004 and later revisions of TLS protocol which contain a…
Debianuser
  • 421
  • 4
  • 12
  • 29
11
votes
1 answer

How to specify multiple root certificates for nginx client certificate verification?

For a project as part of the European Grid Infrastructure (EGI) we need SSL client certificate verification for a service running on nginx. As there are several root CAs allowed within EGI, we need nginx to check them all during client certificate…
Florian Feldhaus
  • 251
  • 2
  • 4
  • 11
11
votes
4 answers

Need help trouble shooting Https webserver error - SSL Handshake failed

I followed this guide: http://hints.macworld.com/article.php?story=20041129143420344 Here is my virtual host definition SSLEngine on SSLProxyEngine On RequestHeader set Front-End-Https "On" CacheDisable * …
NullVoxPopuli
  • 305
  • 1
  • 4
  • 13
11
votes
2 answers

Does https include protection from a replay attack?

Is it possible to perform a replay attack on a request transfered via https? Meaning, does the https protocol enforce a mechanism similar to digest access authentication where a nonce is introduced into the request to prevent replay.
oneself
  • 397
  • 1
  • 5
  • 15
11
votes
2 answers

How can I verify/read an IIS7 SSL renewal CSR with OpenSSL

I have the privilege of handling ~5 SSL CSRs per week, checking their validity before passing them off to our CA for action. I use OpenSSL on an Ubuntu machine to check that they are valid, testing things like the correct OU name, a sensible CN, key…
Jim Cheetham
  • 311
  • 2
  • 8
11
votes
3 answers

Setup IIS 7.5 with multiple website bindings and SSL?

On IIS 7.5 I am trying to achieve this with two websites: Default Web Site is bound to: (blank host header port 80 - http) (blank host header port 443 - https) go.example.com www71.example.com the IP address of go.example.com 2nd web site "Beta"…
JK01
  • 339
  • 2
  • 7
  • 16
11
votes
4 answers

differences of SSL certificates?

What are differences of SSL certificates for web server, such like extended validation, Smart Seal, wildcards, single root? What certificates are appropriate for what needs?
Kazimieras Aliulis
  • 2,324
  • 2
  • 26
  • 46
11
votes
1 answer

Apache SSL VirtualHosts on a single IP using UCC/SAN certificate

I need to host several Apache virtual hosts with SSL from a single IP. Now - I understand that because SSL wraps around the HTTP request, there's no way to know which host is being requested until a public key has been sent to the client first. This…
Mikuso
  • 265
  • 1
  • 3
  • 7
10
votes
1 answer

A+ rating still unsecure by Google Chrome's opinion

I am provisioning my server on DigitalOcean, and although I am getting an A+ rating from ssllabs, https://www.ssllabs.com/ssltest/analyze.html?d=zandu.biz when I connect to my site, https://www.zandu.biz or https://zandu.biz, I get a unsecure notice…
The Architect
  • 229
  • 2
  • 6
10
votes
2 answers

How can I set up Encrypted SNI on my own servers?

I have Web servers that run multiple virtual hosts, and I'd like to keep eavesdroppers from telling which virtual host a client is accessing. There's already a TLS extension for solving this problem: encrypted SNI. I see that Cloudflare supports it…
Joseph Sible-Reinstate Monica
  • 336
  • 1
  • 2
  • 14
10
votes
2 answers

NGINX SSL does not respond over IPv6

On a Debian server with nginx, I get no response from a web server over HTTPS and IPv6. HTTP works fine. netstat reports port 443 listening on the IPv6 address firewall is open, ipv6scanner.com reports port 443 open locally (over terminal) wget…
j.kaspar
  • 211
  • 1
  • 8
10
votes
1 answer

OpenVPN 2.4 security differences between tls-crypt and tls-auth

I was reading and tls-crypt and was curious would that increase security and reduce the chance of keys being compromised during handshakes and that it offers better security over tls-auth? Maybe someone could better explain tls-auth and tls-crypt…
Jason
  • 3,931
  • 19
  • 66
  • 107
1 2 3
99 100