Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [ssl]

SSL and its successor, TLS, are encryption and authentication protocols that encrypt the full contents of a TCP connection, as well as potentially verifying the identities of the devices making the connection.

SSL and its successor - TLS - is primarily used to encrypt the connection between two applications at the presentation layer. It is most often used to secure websites in the form of HTTPS protocol but can also be used for other protocols and applications.

7024 questions
9
votes
1 answer

Meaning of ssl_ciphers line on nginx.conf

What is the meaning of the following line from an nginx.conf file? ssl_ciphers HIGH:!aNULL:!MD5; I know the ssl cipher is specifying which algorithm to use to secure the server communication and I'm assuming !aNULL and !MD5 is specifying to not…
nobody
  • 201
  • 1
  • 2
  • 7
9
votes
1 answer

Windows 2008 R2 Standard server - how to disable RC4

I have just used www.ssllabs.com and ran a few tests - my server is capped to a B grade because my server accepts RC4 This server accepts the RC4 cipher, which is weak. Grade capped to B. I've researched and found that to disable RC4 I need to add…
Dave
  • 160
  • 1
  • 2
  • 14
9
votes
3 answers

Certificate stops working after computer reboot

Got a strange issue that I just can't find any clues. We have a program (Qlikview) which talks to a remote admin service via SSL (Qlikview Server) but it uses the certificate to validate the client. The issue is happening on any client computer…
user2728476
  • 91
  • 1
  • 1
  • 3
9
votes
3 answers

SSL certificate invalid in Chrome

For the website scirra.com (click for SSL Labs Server Test Results) Google Chrome reports the following icon: It's an EV SSL, and it seems to work fine in Firefox and Internet Explorer, but not Chrome. What is the reason for this?
Tom Gullen
  • 385
  • 4
  • 8
  • 24
9
votes
2 answers

HAproxy 1.5 Trusted CAs

I'm trying to get HAproxy 1.5.x to trust any certificate authority already in the trust store of the machine (/etc/ssl/certs) without having to explicitly specify the individual ca-file root authority certificate to be trusted. I want to avoid the…
Jonathan Oliver
  • 329
  • 1
  • 3
  • 13
9
votes
1 answer

Does an SQL Server instance allow both secure and non-secure connections at the same time?

we have an application running MS SQL Server 2012. For one specific use case we'd like to SSL protect the jdbc connection. I've checked the following links: How to enable SSL encryption for an instance of SQL Server by using Microsoft Management…
kaidentity
  • 193
  • 1
  • 1
  • 5
9
votes
1 answer

Jenkins won't serve with CA signed certificate

tl;dr Fixed I've been running a Jenkins instance for a while with a self signed certificate, which works fine except the hassle of having to create certificate validation exceptions in browsers. So today I got a free tier 1 certificate from…
l0b0
  • 1,140
  • 1
  • 8
  • 17
9
votes
1 answer

Root cause of "curl: (56) SSL read: errno -5961" errors

I was evaluating some SSL failures, and noticed that when I use curl to one of the failing sites, I got curl: (56) SSL read: errno -5961; however, my google queries for that error didn't show the reason for the openssl failure. Question: What does…
Mike Pennington
  • 8,305
  • 9
  • 44
  • 87
9
votes
2 answers

Amazon ELB HTTPS Not working

I'm trying to get HTTPS working with AWS ELB. I've been trying for about an hour, but no matter what i try, i just get connection timed out when connecting via HTTPS. HTTP works fine, but not HTTPS. Can anyone provide some assistance?
Aaron
  • 93
  • 1
  • 4
9
votes
1 answer

bind apache ssl port with different port with same openssl port 443

I have a server (linux base) in which i installed dotcms and it runs on port 80 and openssl is on port 443. both are started in running process. Recently i installed apache on my server. and when i started apache it stuck because default ssl port on…
Waqas Ghouri
  • 193
  • 1
  • 1
  • 6
9
votes
2 answers

None of the cipher suites supported by the client application are supported by the server

I am getting this error in my server's windows event log: An TLS 1.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection…
MGOwen
  • 307
  • 2
  • 4
  • 11
9
votes
1 answer

SSL setup with apache in front of tomcat

i m trying to setup Apache with SSl and proxy SSL requests to my tomcat instance. I think i made the SSL work but theres still a error that shows up: Bad Gateway The proxy server received an invalid response from an upstream server. * SSL…
SaifDeen
  • 193
  • 1
  • 1
  • 5
9
votes
1 answer

Can I turn on HSTS for 1 subdomain

I would like to enforce HSTS for only 1 subdomain, but not the whole domain, is this possible ? xxx.yyy.com -> HSTS on zzz.yyy.com -> HSTS off yyy.com -> HSTS off
grosser
  • 277
  • 4
  • 8
9
votes
2 answers

Bug setting up stunnel server: `SSL3_GET_CLIENT_HELLO:wrong version number`

I'm setting up an stunnel server on Windows XP, and I get this bug when a client tries to access: 2013.02.14 00:02:16 LOG7[8848:7664]: Service [https] accepted (FD=320) from 107.20.36.147:56160 2013.02.14 00:02:16 LOG7[8848:7664]: Creating a new…
Ram Rachum
  • 5,231
  • 7
  • 34
  • 46
9
votes
9 answers

Configured MySQL for SSL , but SSL is still DISABLED..!

I configured SSL for MySQL using the following script. #!/bin/bash # mkdir -p /root/abc/ssl_certs cd /root/abc/ssl_certs # echo "--> 1. Create CA cert, private key" openssl genrsa 2048 > ca-key.pem echo "--> 2. Create CA cert, certificate" openssl…
Sunrays
  • 128
  • 1
  • 1
  • 9
1 2 3
99 100