Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [ssl]

SSL and its successor, TLS, are encryption and authentication protocols that encrypt the full contents of a TCP connection, as well as potentially verifying the identities of the devices making the connection.

SSL and its successor - TLS - is primarily used to encrypt the connection between two applications at the presentation layer. It is most often used to secure websites in the form of HTTPS protocol but can also be used for other protocols and applications.

7024 questions
8
votes
1 answer

HaProxy - 502 Bad Gateway : HTTP spoken on HTTPS port

I'll try to explain my issue. I'm working on HaProxy 1.5.8 / apache 2.2, and I try to do some SSL configuration, but I fail, and fail, and fail. Let's see some logs: Haproxy Logs Aug 13 17:00:28 localhost haproxy[10930]: x.x.x.x - -…
Ze.Miw
  • 83
  • 1
  • 1
  • 3
8
votes
2 answers

Creating sub certificates from a root certificate (SSL)

If I purchase a signed certificate for example.com, can I then produce sub-certificates for a.example.com and b.example.com? These sub-certificates would have PEM files whose privacy cannot be assured. Can I do this, maintaining the privacy of the…
chrism2671
  • 2,579
  • 9
  • 34
  • 45
8
votes
2 answers

sendmail rejecting some connections with handshake failure: SSL alert number 40

My sendmail server on CentOS 5 started to reject some connections with the following message logged: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1092:SSL alert number 40 When I try to connect to it using…
Tometzky
  • 2,679
  • 4
  • 26
  • 32
8
votes
2 answers

Apache's deprecated SSLCertificateChainFile directive (AH02559)

Recently I've upgraded Apache from 2.2 to 2.4 and I cannot figure out how to deprecate a SSLCertificateChainFile directive. The error: me@jessie:~$ sudo apache2ctl configtest AH02559: The SSLCertificateChainFile directive…
Neurotransmitter
  • 468
  • 1
  • 6
  • 17
8
votes
2 answers

How to simulate SSL client failing handshake?

I have a bug in my app, which is triggered when the client disconnects in the middle of SSL handskahe. The only way I found to trigger it is to run 100 threads in JMeter and suddenly stop the test, resulting in some of those 100 threads ending in…
Pitel
  • 189
  • 8
8
votes
4 answers

Nginx reverse proxy without SSL termination

I'm trying to set up Microsoft Remote Desktop Web Services on a Windows 2k12 server. This is fully functional, however I would like (need to) put a reverse proxy (Nginx) in front of it. I only have 1 external ip (fixed) and I am hosting multiple…
Goez
  • 1,838
  • 1
  • 11
  • 15
8
votes
1 answer

How to enable certain SSL cipher while having disabled the group?

I would like to enable the SSL cipher EDH-DSS-DES-CBC3-SHA (also known as TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA) in my nginx SSL environment to support IE8 on Windows XP. The base SSL ciphers for nginx…
burnersk
  • 2,056
  • 5
  • 27
  • 39
8
votes
1 answer

How to add an existing key to the certutil key database

I have created an SSL keypair with OpenSSL. I uploaded the Certificate Signing Request to my SSL Certificate provider and got my certificate files. I added my certificate and the required CA certificates to the certificate database using certutil.…
Steven Roose
  • 185
  • 1
  • 1
  • 6
8
votes
2 answers

In response to the OpenSSL Poodle vulnerability should I disable SSLv3?

OpenSSL just announced another new vulnerability in it's memory routines. You can read all about it here: https://www.openssl.org/news/secadv_20141015.txt The workaround is to disable SSLv3. Will this disable HTTPS on our website completely? What…
Oxon
  • 265
  • 2
  • 6
8
votes
1 answer

Adding a self-signed cert to the trusted certs within cURL in Windows?

I have created a self-signed cert from the instructions on this page, have installed it and it appears to all be working correctly, but now I need cURL to trust it. Since the later versions of cURL don't include a trusted list within a .pem file, I…
Brett
  • 319
  • 1
  • 3
  • 12
8
votes
3 answers

HAProxy and Intermediate SSL Certificate Issue

We are currently experiencing an issue with verifying a Comodo SSL certificate on an Ubuntu AWS cluster. Browsers are displaying the site/content fine and showing all the relevant certificate information (at least, all the ones we've checked), but…
Sam K
  • 191
  • 1
  • 1
  • 5
8
votes
2 answers

OpenSSL always shows "unsupported" for all subjectAltName "otherName" UTF8 values

It seems like OpenSSL is broken when trying to read back subjectAltName/otherName/UTF8 values that were written by itself: The relevant openssl.cnf configuration (using an official but random OID): [alt_names] DNS.1 = www.foo.com DNS.2 =…
Dustin Oprea
  • 560
  • 2
  • 8
  • 19
8
votes
3 answers

Upgrade HTTP connection to SSL/TLS

I currently have a server which automatically redirects all HTTP requests to the equivalent HTTPS site. The problem is that is seems like some browsers do not accept the SSL certificate (StartSSL.com) or does not support SNI, therefore they get an…
foxylion
  • 193
  • 6
8
votes
2 answers

SSLCipherSuite - disable weak encryption, cbc cipher and md5 based algorithm

A developer recently ran a PCI Scan with TripWire against our LAMP server. They identified several issues and instructed the following to correct the issues: Problem: SSL Server Supports Weak Encryption for SSLv3, TLSv1, Solution: Add the…
John
  • 7,343
  • 23
  • 63
  • 87
8
votes
3 answers

CentOS PHP cURL NSS error 5938

Having a strange issue with cURL and PHP on a couple of CentOS boxes. Locally, I'm running CentOS 6.3. Remote is CentOS 5.9 Locally, the box receives a request, scp's a file to the remote server, then performs a cURL request via PHP to the remote…
stormdrain
  • 1,439
  • 7
  • 28
  • 52
1 2 3
99 100