Highest Voted 'tls' Questions - Server Fault Stack Exchange

6

votes

1 answer

Specify a SHA-1 or SHA-2 cert depending on client abilities

With SHA1 certs being deprecated by major browsers it seems wise to get a SHA2 signed cert. But in doing so you will be locking out IE6 users. While for most people this won't be an issue in some cases it may lock out significant users. Looking at…

nginx ssl tls

asked Sep 24 '14 at 11:56

Jeremy French

675
3
12
25

6

votes

3 answers

Should web farms be concerned with TLS handshake overhead

I have a web farm where the web servers are responsible for negotiating the secure connections. Does anyone else with a web farm go out of their way to reduce TLS handshake overhead by ensuring that TLS resume handshakes are supported? And if so,…

web-hosting tls protocols web-farm

asked Sep 02 '09 at 21:57

Brian Adams

61
1

6

votes

2 answers

What are the effects of having the TLS certificate and private key in same file?

I have noticed that a number of different web and mail server software allow or require you to provide the TLS certificate (including server certificate, CA intermediate certificate, and CA root certificate) and private key in a single .pem…

ssl web-server email-server ssl-certificate tls

asked Oct 02 '13 at 19:17

user981178

445
1
3
13

6

votes

1 answer

postfix TLS configuration for incoming gmx-mail

I set up my mailserver with postfix 2.7.1 and dovecot 1.2.15 and everything seemed to work just fine, but now I found out that people using @gmx.net addresses cannot send emails to me and rather receive the error message Connected to …

postfix configuration tls starttls

asked Oct 13 '12 at 23:13

Stefan

163
3

6

votes

2 answers

Is there a way to completely disable outbound opportunistic TLS support in SendMail?

CentOS 5.x SendMail 8.14.4 An overzealous network security feature is causing TLS negotiations to fail when my Sendmail server tries to talk to external hosts. This is causing sendmail to constantly requeue some messages because it won't fail over…

linux centos smtp sendmail tls

asked Jan 05 '12 at 00:45

Mike B

11,871
42
107
168

6

votes

2 answers

Exim TLS and Secure SMTP

I'm in the process of converting an existing mail server to support encrypted SMTP for our clients, but I've run into this brick wall with very little useful log data to help me forward. Everything works fine when using regular unencrypted SMTP;…

linux smtp exim gentoo tls

asked Sep 05 '11 at 19:50

Richard Keller

2,040
2
19
31

6

votes

2 answers

Why does IE think that my certificate is invalid?

I have my chained certificate from Dreamhost set up and working for all browsers. I have 2 sites with 2 certs from dreamhost, example.com and sub.example.com. All browsers are fine with the certs on both sites, except IE6, 7, and 8 (on XP, haven't…

nginx ssl https internet-explorer tls

asked Nov 18 '10 at 19:08

John Bachir

2,364
7
29
37

5

votes

1 answer

Outlook refusing to display HTTPS images from server using internally-signed cert

We are currently transitioning our site to use HTTPS everywhere, and this includes the emails that we send to customers. On our internal testing environments, we are using IIS with SSL certificates signed by our own company-internal CA. This CA is…

tls outlook

asked Oct 10 '16 at 15:11

Ian Kemp

119
10

5

votes

1 answer

Samba TLS Setup

I'm reading this Samba Manpage and according to this, you can setup TLS. I've got 2 questions. On the Server-side, TLS options requires the path of the certificate and keys? How would that work on the client-side? How can I see that it would…

encryption tls ubuntu samba

asked May 13 '16 at 23:46

jarvis

2,006
4
18
31

5

votes

2 answers

Checking HTTPS setup on Apache/Nginx before using

You have just got a new HTTPS (SSL/TLS) Certificate, and what you hope is the correct Intermediate Certificates. This is setup in Apache with: SSLCertificateKeyFile /etc/ssl/www.example.com.key SSLCertificateChainFile…

apache-2.2 nginx ssl https tls

asked Apr 01 '16 at 16:25

Craig Francis

633
1
8
23

5

votes

1 answer

Why is a TLS handshake taking forever (20 seconds) on a VPS?

I have a server that generally works fine, but gets stuck for 20 seconds when trying to connect with SSL (either SSH or HTTPS display the same pattern.) I tried various connections without SSL, such as a telnet: telnet server-name 80 Entered a GET…

linux tls slow-connection

asked Feb 13 '16 at 23:59

Alexis Wilke

2,210
1
20
37

5

votes

2 answers

how to create a SSL certificate chain from my own CA?

I use my own CA to create SSL certs for services in my infra. These certs are signed directly by my CA. It comes to me that this is likely a weak strategy, as if the cert was to be compromised, I need to create new ones from the one CA. If the CA…

ssl openssl tls certificate-authority self-signed-certificate

asked Dec 11 '15 at 18:34

MrE

418
1
6
14

5

votes

0 answers

How is TLS_FALLBACK_SCSV supported on Windows Server?

According to the last SSL Labs report, everything is green on my server, except support for TLS_FALLBACK_SCSV. Not currently possible with IIS it seems I've read everywhere that this is not supported on Windows Servers, for example, here: Scott…

tls windows

asked Oct 22 '15 at 10:13

KevinM

51
1
1
5

5

votes

3 answers

Why is server FIN'ing after starting TLS session?

TLS server is doing something I don't understand. TCP handshake executes normally. SSL Client Hello executes normally. SSL Server Hello seems normal. Provides certificate, says Server Hello Done. Dissection shows client issues "Client Key…

tls

asked Sep 30 '15 at 03:05

Woody Weaver

101
1
2
8

5

votes

1 answer

openvpn, option tls-cipher not working, no shared cipher

while experimenting with setting up openvpn, i stumbled upon this tip on a website. it says that you can limit the list of ciphers, to prevent downgrade attacks. i testet it in a lan with 2 computers, both running a kubuntu 14.04 with OpenVPN 2.3.2.…

openvpn tls

asked Sep 25 '15 at 10:52

coffeekid

124
2
8

Questions tagged [tls]