Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [tls]

Transport Layer Security is a cryptographic protocol for encrypting and authenticating network communications, and replaces SSL. It is commonly used to secure Internet protocols such as HTTP.

573 questions
17
votes
2 answers

Configure OpenLDAP with TLS=required

Nowadays, OpenLDAP needs to be configured with ldapmodify cn=config, as describe here. But nowhere I can find how you configure it to only accept TLS traffic. I just confirmed that our server accepts unencrypted traffic (with ldapsearch and…
Halfgaar
  • 8,084
  • 6
  • 45
  • 86
16
votes
3 answers

Why is Internet Explorer 11 unable to connect to HTTPS sites when TLS 1.2 is enabled?

Normally I don't use Internet Explorer at all. I use it only in design time for interface tests (development machine and with unencrypted http). Every week I run the SSL Labs server test which says IE11 is able to access my sites. Today I discovered…
burnersk
  • 2,056
  • 5
  • 27
  • 39
14
votes
1 answer

How to disable SSLCompression on Apache httpd 2.2.15? (Defense against CRIME/BEAST)

I read about the CRIME attack against TLS Compression (CVE-2012-4929, CRIME is a successor to the BEAST attack against ssl & tls), and I want to protect my webservers against this attack by disabling SSL Compression, which was added to Apache 2.2.22…
Stefan Lasiewski
  • 23,667
  • 41
  • 132
  • 186
13
votes
1 answer

How to disable RC4 on postfix?

I have make a security check of our postfix server on https://de.ssl-tools.net/mailservers and get a warning that "ECDHE_RSA_WITH_RC4_128_SHA" is still supported. But don't know how to disable that ...
Steffen
  • 989
  • 3
  • 13
  • 31
13
votes
4 answers

How to disable TLS 1.1 & 1.2 in Apache?

I have an Ubuntu 12.04.2 LTS server running Apache 2.2.22 with mod_ssl and OpenSSL v1.0.1. In my vhosts config (everything else within which behaves as I would expect), I have the SSLProtocol line with -all +SSLv3. With that configuration, TLS 1.1 &…
Kyle Lowry
  • 279
  • 1
  • 2
  • 9
13
votes
5 answers

CentOS openLDAP cert trust issues

# LDAPTLS_CACERTDIR=/etc/ssl/certs/ ldapwhoami -x -ZZ -H ldaps://ldap.domain.tld ldap_start_tls: Can't contact LDAP server (-1) additional info: TLS error -8172:Peer's certificate issuer has been marked as not trusted by the user. # openssl…
84104
  • 12,905
  • 6
  • 45
  • 76
13
votes
4 answers

What is TLS and how does it compare to SSL?

Is TLS the "new" version of SSL? What features does it add, or security issues does it address? Can anything that supports SSL support TLS? What would be involved in making the switch? Is the switch worth it? Why is it that emails are sent over…
makerofthings7
  • 8,911
  • 34
  • 121
  • 197
12
votes
3 answers

How to disable TLS 1.0 in Windows 2012 RDP

Background: The only thing I can find on how to do this relates to RDP on windows 2008, which seems to have something called "Remote Desktop Session Host Configuration" in Administrative Tools. This does NOT exist in windows 2012 and there appears…
Michael Barber
  • 165
  • 2
  • 3
  • 10
12
votes
9 answers

OpenLDAP TLS Authentification

I am trying to implement TLS as per https://help.ubuntu.com/lts/serverguide/openldap-server.html When I try to modify cn=config database with this ldif file: dn: cn=config add: olcTLSCACertificateFile olcTLSCACertificateFile:…
Amar Prasovic
  • 171
  • 1
  • 2
  • 7
12
votes
2 answers

In postfix, how to enforce tls + auth over 587 while leaving tls optional for 25

I would like to host mail services for some domains. I have succesfully setup postfix to consult sql for those virtual domains. What I would like to do is: For connections on 25: Deny relaying (only deliver to recipients of my virtual domains) …
Paralife
  • 329
  • 1
  • 4
  • 10
11
votes
3 answers

Can I use Public-Key-Pins with LetsEncrypt?

Can I setup Public-Key-Pins when I setup a cronjob to renew the LetsEncrypt certificate every 30 days? If the certificate is renewed then the Public-Key-Pin is also renewed right?
Bob Ortiz
  • 444
  • 4
  • 21
11
votes
3 answers

How to configure IIS 7.5 SSL \ TLS to work with iOS 9 ATS

Problem: Our mobile app can no longer establish a secure connection to our web-service since iOS 9 now uses ATS. Background: iOS 9 introduces App Transport Security Server Setup: Windows Server 2008 R2 SP1 (VM) IIS 7.5, SSL certs from digicert.…
RobDigital
  • 283
  • 3
  • 9
11
votes
3 answers

How do I connect to an OpenVPN server and dump the certificate chain presented when connecting?

My first thought was to use something like openssl s_client but this only supports TCP not UDP and it seems there requires some special magic to get TLS over UDP working, how do I interface with that and get a dump of the certficate chain presented?…
Shelvacu
  • 373
  • 1
  • 2
  • 15
11
votes
4 answers

Server sent passive reply with unroutable address when connecting to FTP site with FileZilla

I get the error "Server sent passive reply with unroutable address. Using server address instead." when connecting to a FTP site (not SFTP). I have connected to this site many times, however FileZilla asked me to accept a certificate on this…
crmpicco
  • 231
  • 1
  • 3
  • 11
11
votes
1 answer

How widely supported is forced TLS on inbound SMTP connections?

I run an MTA consisting of the standard Postfix, SpamAssassin, ClamAV, SPF/DKIM checks etc. This MTA is used for inbound email only, doesn't host any accounts and forwards any mail that passes said checks to a shared webhost. I'm aware that a few…
Craig Watson
  • 9,575
  • 3
  • 32
  • 47
1
2
3
38 39