Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [tls]

Transport Layer Security is a cryptographic protocol for encrypting and authenticating network communications, and replaces SSL. It is commonly used to secure Internet protocols such as HTTP.

573 questions
4
votes
1 answer

IIS SMTP TLS encryption issue

I enabled TLS in IIS SMTP Virtual Server with a self-signed server certificate. Made sure that the certificate has the FQDN of the server. Checked the TLS encryption checkbox in Virtual SMTP > Properties > Delivery tab > Outbound Security. When I…
mjohnjoseph
  • 49
  • 1
  • 2
4
votes
2 answers

Nginx SSL certificate served for all server name resolving the server IP

Given I have 2 subdomains configured in the DNS (so pinging both reply for both with the IP address of my server) and for those subdomains I have 2 different TLS certificates. I have configured nginx this way: # If we receive X-Forwarded-Proto, pass…
ZedTuX
  • 201
  • 3
  • 8
4
votes
0 answers

How can I explicitly disable TLS when sending to one specific recipient?

I have a SendMail 8.14 server deployed in the middle of an SMTP workflow (Outbound mail looks like Exchange -> SendMail -> Appliance -> Internet) I have TLS configured for the first three hosts. This works fine for the most part but I need to…
Mike B
  • 11,871
  • 42
  • 107
  • 168
4
votes
2 answers

2008 R2 TLS 1.2 enabled in registry, rebooted, but not functioning

Yes, I rebooted the server. Several times. This actually affects both TLS 1.1 and 1.2. The only one currently working is 1.0. I followed the instructions here: http://support.microsoft.com/kb/245030 I've double checked all the names and values; I've…
pantsburgh
  • 63
  • 1
  • 1
  • 7
4
votes
3 answers

Postfix and compromised accounts

First of all, sorry for my English. I think it's very common to set the permit_mynetworks and permit_sasl_authenticated restrictions on first positions of the smtpd_recipient_restriction list, but, if an account is compromised (a virus uses stolen…
ABu
  • 499
  • 1
  • 6
  • 19
4
votes
1 answer

Why does Windows CA Server issue multiple certificates for the same user?

I am currently implementing an EAP/TLS WIFI implementation to replace our EAP/MSCHAP2 wifi implementation. I am using Windows Server 2008 and I've installed a certificate authority. User certificates are pushed using group policy. A wireless network…
gerwout
  • 43
  • 4
4
votes
4 answers

LDAP over SSL/TLS working for everything but login on Ubuntu

I have gotten OpenLDAP with SSL working on a test box with a signed certificate. I can use an LDAP tool on a Windows box to view the LDAP over SSL (port 636). But when I run dpkg-reconfigure ldap-auth-config to setup my local login to use ldaps,…
Oliver Nelson
  • 239
  • 3
  • 9
4
votes
1 answer

postfix TLS disconnect from unknown

I install centos 6.4 posttfix with sasl and TLS my postconf -e alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory =…
mardon
  • 243
  • 1
  • 5
  • 17
4
votes
3 answers

How do I limit SSL/TLS connections to at least 128-bit encryption?

When I'm ordering an SSL cert for my public web server, how can I be sure that the web server (IIS 6 in my case) will only allow SSL/TLS client connections supporting our corporate standard of at least 128-bits symmetric encryption. I'm aware you…
spoulson
  • 2,183
  • 5
  • 22
  • 30
4
votes
1 answer

Securing MONGO with TLS (and mutual TLS)

Following instructions outlined in MongoDB SSL encryption and Spring's Driver, I got 2.1.0 and after building it, it says it doesn't recognize sslOnNormalPorts, sslPEMKeyFile or sslPEMKeyPassword. But I saw a --keyFile, and used it (I had to strip…
Ustaman Sangat
  • 141
  • 2
4
votes
1 answer

Should I use HTTP code 301 or 426 on port 80 of a HTTPS only server?

When a user hits my SSL/TLS only server at port 80, should I advertise Upgrade Required (426) or redirect with Moved Permanently (301)? What are the drawbacks and benefits of each approach? As far as I can tell, all modern browsers support TLS…
psilva
  • 143
  • 4
4
votes
2 answers

How to change sendmail fallback behavior if TLS handshake fails?

I have a CentOS 5.x server running sendmail that is failing to negotiate TLS with SOME various recipient servers. I'm looking into it. In the meantime though, I've noticed that sendmail will NOT bother falling back to use standard unencrypted…
Mike B
  • 11,871
  • 42
  • 107
  • 168
3
votes
1 answer

Can I get a CA-signed SSL cert for a host accessed by IP address?

I have a server which is accessed by IP address over a LAN. The IP address is sometimes changed, and it is never accessed with a DNS hostname. Is it possible to get a CA-signed certificate which doesn't depend on the host having a particular DNS…
kdt
  • 1,400
  • 3
  • 22
  • 34
3
votes
0 answers

How do I get Prosody to use TLS 1.2?

I have Prosody running on my Ubuntu 14.04 LTS server. I have OpenSSL 1.01f installed, which is confirmed by running openssl version. TLSv1.2 is supported and confirmed by running openssl ciphers -v 'TLSv1.2' I followed this guide to enable forward…
jeff1234567890
  • 31
  • 3
3
votes
2 answers

Secure Email Settings for Email Clients & for PHPMailer

I'm trying to work out how to make my outgoing/incoming email's as secure as I can possibly make them. First of all, my domain has Wildcard OV SSL Certificates, I have copies of the .csr, .crt and .key files but I don't have any PKCS12 files of .p12…
Ryflex
  • 139
  • 1
  • 11
1 2 3
38 39