Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [tls]

Transport Layer Security is a cryptographic protocol for encrypting and authenticating network communications, and replaces SSL. It is commonly used to secure Internet protocols such as HTTP.

573 questions
8
votes
2 answers

Postfix "Trusted TLS connection established" but "Server certificate not verified"

I´m using a Postfix TLS Policy to enforce TLS for outgoing email. Unfortunately in some cases the certificate verification fails and I don´t know why. For instance, this is an excerpt of my TLS Policy #/C=US/O=DigiCert…
Jofre
  • 549
  • 1
  • 4
  • 11
8
votes
2 answers

Is there an equivalent to SSLLabs' SSL test for SSL/TLS that is not HTTPS?

I've used SSL Labs' SSL Server Test for testing SSL setup for HTTP servers, but it doesn't support other situations in which SSL is used, such as IMAP. Is there an equivalent detailed test for non-HTTP servers using SSL? I've used SSL Shopper's SSL…
Mark Raymond
  • 199
  • 1
  • 2
  • 8
8
votes
2 answers

Can I detect if the SSL client doesn't support Server Name Indication and provide the standard HTTP website in that case?

I will need to use SSL SNI, but unfortunately from a recent Cloudflare blogpost only 90% of the network supports it. How can I (for example, with nginx) detect if the client supports SNI and provide/redirect to the HTTP version of the website? Is…
cedivad
  • 690
  • 3
  • 13
  • 25
8
votes
3 answers

Is it possible to enable TLS v 1.2 in Debian squeeze

I am currently running a Debian Squeeze server with Apache. My OpenSSL version is 0.9.8, and I would like to get up to a version capable of running TLS v 1.2. So far my research shows that this is not possible, but I feel like I am missing…
June Lewis
  • 291
  • 2
  • 3
  • 8
8
votes
2 answers

SSLCipherSuite - disable weak encryption, cbc cipher and md5 based algorithm

A developer recently ran a PCI Scan with TripWire against our LAMP server. They identified several issues and instructed the following to correct the issues: Problem: SSL Server Supports Weak Encryption for SSLv3, TLSv1, Solution: Add the…
John
  • 7,343
  • 23
  • 63
  • 87
8
votes
3 answers

What's the difference between: Verisign Thawte Geotrust Rapidssl certs?

Verisign owns all these certificate issuing companies: Verisign Thawte Geotrust and Rapidssl. What is the difference between them and why is the price difference so great? Update: Here are just a couple of differences I've come across: GeoTrust is…
makerofthings7
  • 8,911
  • 34
  • 121
  • 197
8
votes
4 answers

SSL connection errors from Apache

I'm running a (self-signed) SSL cert site on Apache/2.2.14 on Ubuntu 10.04, but various browsers are giving errors on half the connection attempts. Just now saw this transient error from Chrome: "Error 126 (net::ERR_SSL_BAD_RECORD_MAC_ALERT):…
Yang
  • 1,665
  • 6
  • 21
  • 35
7
votes
1 answer

Does Windows 2003 support TLS 1.1 and 1.2?

Does windows 2003 support TLS 1.1 and 1.2. The server need to consume the service hosted on other server, using https with TLS 1.1 and 1.2 certificate.
John Hpa
  • 181
  • 1
  • 1
  • 5
7
votes
1 answer

Is it possible to use Kerberos over TLS through sssd?

Background I am trying to log in (via SSH, to an Amazon Linux EC2 instance running sssd) as users that I've created in my AWS Directory Services Simple AD. I am authenticating with Kerberos and identifying the user with LDAP (all through sssd.) I…
2rs2ts
  • 325
  • 3
  • 11
7
votes
3 answers

How to disable RC4 in Windows 2012?

I want to disable RC4 in Windows Server 2012. From this link, I should disable the registry key or RC* [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC*] But I am not able to find anything under…
Homam
  • 253
  • 1
  • 3
  • 7
7
votes
2 answers

How to Disable TLSv1.0 and TLSv1.1 in Nginx

I'm trying to figure out how to disable TLSv1 and 1.1 Nginx and ONLY allow connections on 1.2. This is for testing reasons more than in production use and for the life of me cannot figure out why Nginx won't let me do this. Nginx SSL config: ssl…
Lost
  • 71
  • 1
  • 1
  • 2
7
votes
1 answer

How to switch between TLS 1.0 and SSL 3.0 at Java/JRE level?

I am using java 1.6. I have setup my tomcat as my ssl enabled server. And i have setup a ssl enabled client (java code). When i do a communication from my client to server. In java ssl dump in tomcat logs, I always see TLSv1 picked as SSL protocol…
Anita
  • 79
  • 1
  • 1
  • 2
7
votes
3 answers

Monit failing to connect to Dovecot over SSL IMAP

I run Monit to keep check on processes on a Debian server. It's working as normal for all other services (Apache SSL, Postfix, SSH etc.) but Monit's checks on Dovecot are failing repeatedly. I think this may have started after installing some…
Vilas
  • 71
  • 1
  • 4
7
votes
2 answers

Enable TLS 1.1 and 1.2 on Windows Server 2008 SP2

Is it possible to enable TLS 1.1 and 1.2 on Windows Server 2008 SP2 (not R2) running IIS7? I've tried changing the registry and using IIS Crypto to enable it but it seems its not working. If its not possible then how could I mitigate the Beast…
officeboi101
  • 121
  • 1
  • 3
  • 5
7
votes
1 answer

If I get a certificate signed for ECDSA will older browsers be able to use RSA?

I'm looking into using ECDHE-ECDSA and there are a lot of great articles on why (https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/) and (http://blog.cloudflare.com/ecdsa-the-digital-signature-algorithm-of-a-better-internet), for…
paintedbicycle
  • 199
  • 1
  • 3
  • 15
1 2 3
38 39