Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [tls]

Transport Layer Security is a cryptographic protocol for encrypting and authenticating network communications, and replaces SSL. It is commonly used to secure Internet protocols such as HTTP.

573 questions
11
votes
3 answers

Fixing BEAST vulnerability on Apache 2.0 running on RHEL 4

I have a web server running Apache 2.0 on RHEL4. This server recently failed a PCI scan. Reason: SSLv3.0/TLSv1.0 Protocol Weak CBC Mode Vulnerability Solution: This attack was identified in 2004 and later revisions of TLS protocol which contain a…
Debianuser
  • 421
  • 4
  • 12
  • 29
10
votes
4 answers

Webserver randomly serves different vhosts

We've got nginx running on Ubuntu Trusty. It serves several websites over https, running on one ip address. Randomly, although it seems slightly related to work load, sometimes single requests turn up on the wrong vhost. This leads to requests on…
Thom Wiggers
  • 292
  • 1
  • 13
10
votes
2 answers

How to create TLS SHA256 certificate request

One of our business partners is requesting us to use a TLS SHA256 certificate to connect to their APIs. I am not sure how to generate these requests. I have used openssl in the past to create these requests but it generated an SSL certificate using…
Jeff
10
votes
1 answer

Postfix Recipient address rejected: Access denied Error

Trying to use zend mail smtp to send email from my php app login authenticated and give me this constant error I don't have to deal with I look into de 36 question here on serverfault.com changing parameters as they explain without success. The…
MikZuit
  • 391
  • 2
  • 7
  • 16
10
votes
1 answer

OpenVPN Error : TLS Error: local/remote TLS keys are out of sync: [AF_INET]

Fist off thanks for reading this, I appreciate any and all suggestions. I am having some serious problems reconnecting to my OpenVPN client using Riseup.net's VPN. I have spent a few days banging my head against the wall in attempts to set this up…
Lucidity
  • 103
  • 1
  • 1
  • 5
10
votes
1 answer

Disable SSL / TLS compression in Apache 2.2.x

Is there a way to disable SSL/TLS Compression in Apache 2.2.x when using mod_ssl? If not, what are people doing to mitigate the effects of CRIME/BEAST in older browsers? Related Links:…
DevGav
  • 325
  • 2
  • 3
  • 8
10
votes
1 answer

OpenLdap TLS authentication setup

I am trying to setup openldap on ubuntu 12.04 by following this guide https://help.ubuntu.com/12.04/serverguide/openldap-server.html When I tried to enable TLS on the server by creating a self signed crtificate as decribed in the guide above, I got…
CrazycodeMonkey
  • 111
  • 1
  • 2
  • 4
10
votes
5 answers

SSL connection hangs as client hello (curl, openssl client, apt-get, wget, everything)

I've run into a problem on my Debian VPS (a xen domU) regarding SSL. Namely almost all SSL connections hangs at client hello. For example: # curl -vI https://graph.facebook.com About to connect() to graph.facebook.com port 443 (#0) Trying…
Niklas B
  • 421
  • 1
  • 3
  • 8
9
votes
2 answers

How can I use wildcards for sendmail TLS_Rcpt?

sendmail lets one place restrictions on TLS conversations. I want to check that messages sent to example.com are sent to a server that has a *.messagelabs.com certificate. I want to protect against DNS spoofing and MitM. If messagelabs only had one…
Law29
  • 3,557
  • 1
  • 16
  • 28
9
votes
1 answer

In OpenVPN, what's the risk of omitting the key-direction when using tls-auth?

In my TLS enabled OpenVPN configuration I would like to use the additional security offered by using tls-auth. The good news is, is that it works as expected. However, I have a question about the optional key-direction parameter (either as a second…
gertvdijk
  • 3,504
  • 4
  • 30
  • 46
9
votes
3 answers

Certificate stops working after computer reboot

Got a strange issue that I just can't find any clues. We have a program (Qlikview) which talks to a remote admin service via SSL (Qlikview Server) but it uses the certificate to validate the client. The issue is happening on any client computer…
user2728476
  • 91
  • 1
  • 1
  • 3
9
votes
2 answers

Postfix TLS Error

I'm working with a Postfix/Dovecot/Roundcube setup, aiming for a virtual user mail system that can send mail through the internet, as documented here. Everything seems to work well; Dovecote shows no problems, I can telnet into all of my ports;…
steelcowboy
  • 93
  • 1
  • 1
  • 4
9
votes
2 answers

None of the cipher suites supported by the client application are supported by the server

I am getting this error in my server's windows event log: An TLS 1.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection…
MGOwen
  • 307
  • 2
  • 4
  • 11
8
votes
3 answers

How to correctly configure MongoDB to use Letsencrypt SSL on Ubuntu

How do I correctly configure MongoDB to use Letsencrypt SSL on Ubuntu? I have created an SSL certificate using Letsencrypt and combined it via: cat /etc/letsencrypt/live/example.com/fullchain.pem /etc/letsencrypt/live/example.com/privkey.pem >…
Petah
  • 650
  • 2
  • 13
  • 24
8
votes
2 answers

Can Squid be used as "TLS termination proxy" to encrypt TCP connections using client certificates?

Abstract I need an encrypted TCP connection from multiple clients to a single port over the internet. Can this be realized with Squid? Concrete situation We use a monitoring and client management solution in our company which is accessible over…
marsh-wiggle
  • 2,145
  • 5
  • 29
  • 45
1 2
3
38 39