Highest Voted 'tls' Questions - Server Fault Stack Exchange

5

votes

3 answers

How can one measure the breakdown of visitors that support TLS 1.2?

We are deprecating support for TLS 1.0 and 1.1 on our websites since they are no longer considered secure. How can we see the % of our visitors that would be affected by this change? (i.e. those visitors that don't support TLS 1.2.) We use Windows…

iis windows-server-2012-r2 tls

asked Sep 23 '15 at 15:23

realworldcoder

281
1
3
15

5

votes

1 answer

How to mitigate STARTTLS MITM (downgrading and forged certificates) between email servers?

I'm not as technically inclined as most on this site so please keep that in mind. I wanted to learn more about email security so I did some research and everything is according to my understanding, so please correct me wherever needed. The…

ssl tls starttls

asked Jun 04 '15 at 02:25

Ian Last

51
3

5

votes

1 answer

IIS 7.5 and above - enable schannel cipher DHE_RSA_AES_128_GCM following patch KB2992611 - Is this safe?

I recently became aware that following the release of patch KB2992611 in November, Microsoft made available four new cipher suites for schannel (and thus…

windows security iis tls schannel

asked Apr 16 '15 at 16:32

Steve365

1,263
9
16

5

votes

1 answer

Postfix STARTTLS only on port 25

I want to enable STARTTLS on port 25, but for unknown reasons it only works on port 465. master.cf: smtp inet n - - - - smtpd -o syslog_name=postfix/smtp -o smtpd_tls_wrappermode=yes -o…

debian postfix smtp tls starttls

asked Mar 19 '15 at 15:38

JohnnyFromBF

1,259
6
21
25

5

votes

1 answer

Nginx doesn't send certificate chain

I've got the following certificate (first one is my own, the other two are from Comodo PositiveSSL): -----BEGIN…

nginx ssl https tls

asked Feb 10 '15 at 20:25

autrilla

153
1
4

5

votes

0 answers

LDAP with TLS: connect error(-11)

I configured OpenLDAP and today I've configured the TLS for more security following these guide lines: Configure OpenLDAP with TLS=required Modifying the cn=config.ldif with config file: dn: cn=config changetype: modify add:…

openldap tls ldap starttls

asked Feb 04 '15 at 15:23

Neil

355
3
9
16

5

votes

2 answers

Is it possible to create DANE TLSA records when the DNS server doesn't support it?

I'd like to set up DANE for the domain which handles my email. My domain is registered at OVH, and I'm using their anycast DNS servers. They do support DNSSEC, but not TLSA records. Is there a fallback record type I can use? (like I can use TXT if…

tls dnssec

asked May 23 '14 at 13:03

GDR

329
4
14

5

votes

1 answer

Postfix: set up outgoing server to server encryption

I'm trying to configure postfix that it sends a mail encrypted with TLS to the recipient server. What I have: receiving mails encrypted (other server -> my server) and users can connect encrypted to my server. Server: Debian 7.2 with postfix…

postfix tls

asked Dec 10 '13 at 11:15

Jadawin

111
1
8

5

votes

2 answers

Is there a way to make TLS work with rsyslog in Ubuntu 12.04?

I configure rsyslog to load the TLS module (to talk to loggly) and I'm getting this error: Jun 20 13:14:00 feynman rsyslogd-2068: could not load module '/usr/lib/rsyslog/lmnsd_gtls.so', rsyslog error -2078 [try http://www.rsyslog.com/e/2068 ] that…

ubuntu tls rsyslog

asked Jun 20 '13 at 13:21

Pablo Fernandez

7,438
25
71
83

5

votes

2 answers

VSFTPD - FTP over TLS - Upload stops after exactly 82k?

I installed a VSFTP daemon on a CentOS server, using a RSA certificate for logging in using explicit TLS. Now, I cannot upload more than 82k. With files under that limit, there is no problem. The FTP works like a charm. But as soon as a file reaches…

centos ftp tls vsftpd

asked Sep 10 '12 at 14:16

Redsandro

435
1
4
12

5

votes

4 answers

Server suddenly running out of entropy

Since a reboot yesterday, one of our virtual servers (Debian Lenny, virtualized with Xen) is constantly running out of entropy, leading to timeouts etc. when trying to connect over SSH / TLS-enabled protocols. Is there any way to check which…

linux tls entropy-pool

asked Jul 09 '12 at 13:40

Creshal

259
1
5
16

5

votes

1 answer

Apache won't upgrade connection to TLS

I have written a IPP server in PHP running under Apache. With the standard IPP clients it works just fine. But when I try to print from an iOS device the connections breaks when the client tries to switch to TLS. This seems to be covered by RFC 2817…

apache-2.2 ssl http tls

asked Jun 08 '12 at 11:43

Jörg Ludwig

131
6

5

votes

2 answers

SASL PLAIN authentication failed: another step is needed in authentication

I have one host (rhea) where I have installed a postfix to relay the emails from my home server (tronics24), which is on a DSL connection. I have generated self-signed certificates: (on rhea) touch smtpd.key chmod 600 smtpd.key openssl genrsa 1024 >…

postfix tls sasl

asked Apr 26 '12 at 00:58

blueFast

4,200
13
37
54

5

votes

2 answers

SSL/TLS Cipher Priority

I am working on trying to make sense of what is required for both PCI DSS compliance as well as FIPS compliance in relation to SSL/TLS cipher suites. I have been reading the guide here and here. However, I have not been able to find anything that…

tls pci-dss ssl fips-140-2

asked Feb 22 '12 at 22:28

John

2,276
7
44
60

5

votes

2 answers

Can you connect to a TLS FTP site using the Windows command line FTP client?

We setup vsftp on an Ubuntu server for our customers. We had a few customers ask for a secure option, so we setup explicit FTP over TLS and we removed the ability to connect unsecured. Now we are having customers ask how they can connect using the…

windows tls ftps ftp

asked Dec 01 '11 at 14:01

Dan Polites

151
1
1
4

Questions tagged [tls]