Questions tagged [tls]

Transport Layer Security is a cryptographic protocol for encrypting and authenticating network communications, and replaces SSL. It is commonly used to secure Internet protocols such as HTTP.

573 questions

votes

1 answer

Logging TLS version used by clients connecting to Apache

Recently in the news was an announcement that the PCI standards in the UK will outlaw the use of TLS1.0. Unfortunately, this means that we're going to have to stop using TLS1.0 on our web servers for ecommerce by summer next year. We want to know…

asked Oct 08 '15 at 15:28

John Hunt

votes

0 answers

Sophos firewall default settings do not allow HTTPS from Java 6 clients

Our current (default) Sophos firewall (Apache reverse proxy) settings does not allow Java 6 clients to connect over HTTPS. The ssltest result shows that the reason is "Client does not support DH parameters > 1024 bits". ssltest reports with 'A'…

firewall java https tls sophos

asked Sep 23 '15 at 08:17

mjn

votes

2 answers

Add SSL certificate after curl error: "unable to get local issuer certificate"

I'm trying to access a partners SOAP API, for that goal I made a CSR and received a CRT. I've made a PEM file with my key and the CRT: cat mycert.crt mykey.key > mycertandkey.pem When I try to hit the service with curl: curl --verbose --cert…

ssl openssl tls curl

asked Jun 30 '15 at 14:21

Ixio

votes

1 answer

HTTP Strict Transport Security (HSTS), Azure and HTTP Strict Transport Security IIS Module

Question: How do you properly install and configure HTTP Strict Transport Security (HSTS) in an Azure website? Apparently for IIS the method to use is to install this module: http://hstsiis.codeplex.com/ The problem is that, according to the…

iis ssl https azure tls

asked Jun 09 '15 at 09:40

PussInBoots

votes

2 answers

How can the HSTS header be added to WebLogic?

Is there an implementation for using the Strict-Transport-Security header to WebLogic? I figure it would be using something in web.xml under I know how to do this for an Apache based server, but I am unsure on adding it in for…

ssl tls http-headers weblogic

asked May 22 '15 at 15:59

Vnge

votes

1 answer

WARNING: None of the ciphers specified are supported by the SSL engine

I have a working web service running through Apache Tomcat 7 with the following connector element in server.xml:

ssl tomcat tls tomcat7

asked May 20 '15 at 20:36

Withheld

votes

2 answers

Connect to websocket server without specifying port

I'm trying to create a secure node.js server without a websocket server on the same port. The port is 8080. I can access the url in the browser and I can connect to websockets when I specify the port. https://ws.site.com // Works wss://ws.site.com…

nginx ssl https tls

asked May 19 '15 at 12:50

tbleckert

votes

1 answer

nginx: How to log TLS error (if unsupported ciphers / protocol)

I'm in the progress of switching to 100% https. Server is running nginx+libressl. Before going https:100% I'm interested in seeing which clients would no longer be able to connect to my site. E.g. As I do not support SSL3. I checked nginx error…

nginx ssl openssl tls

asked Apr 26 '15 at 18:55

Florian Schneider

votes

1 answer

Completely getting rid of SSLv3 on Apache

Our security team is asking that we completely disable SSLv3 on some of our servers running Apache. I've used the SSLProtocol entry in the ssl.conf file (like SSLProtocol ALL -SSLv2 -SSLv3) and various SSLCipherSuite entries to try to disable this…

tls apache-2.2 nmap

asked Mar 01 '15 at 23:59

Stefan

votes

0 answers

rabbitmq-shovel amqps connection handshake failure

I fail to setup a rabbitmq shovel over amqps. The same shovel works fine over amqp. my (edited)…

ssl tls rabbitmq amqp

asked Apr 01 '15 at 22:29

dazl

votes

1 answer

openvpn TLS handshake fails on client because firewall drops packets (but why?)

I seem to have problem with my openvpn server - client connection. now, the important information is in the log (verb3) of my client: Mon Mar 30 17:09:59 2015 OpenVPN 2.2.2 x86_64-slackware-linux-gnu [SSL] [LZO2] [EPOLL] [eurephia] built on Jul 4…

iptables openvpn tls

asked Mar 30 '15 at 16:11

nass

votes

2 answers

Is it necessary to purchase an OID for ADCS?

I am interested in utilizing ADCS to generate trusted certificates for internal web applications. However, from my readings it appears that I need to purchase an OID, which looks pretty expensive. Is there a way to do this without paying? This is…

tls windows certificate-authority

asked Mar 26 '15 at 16:41

appsecguy

votes

3 answers

Why is Android / IE using 3DES when AES is available?

I have a Zimbra installation and want to harden the cipher suites. I disabled some and am quite OK with what is left. The problem now is that the Qualys SSL test shows a lot of clients will use 3DES, which is only left available as last fallback by…

security ssl web-server tls

asked Mar 09 '15 at 16:07

Josef

votes

3 answers

How to force a own set of ciphers in Postfix 2.11?

I would like to force a own set of TLS cipher suites rather than use the Postfix built in ones. My desired set of ciphers is (taken from nginx…

ssl postfix openssl tls

asked Feb 21 '15 at 09:31

burnersk

2,056
5
27
39

votes

1 answer

Problems using HSTS header at top level domain with includeSubdomains

Let's say I run a company "Example Inc" and have a website at: https://www.example.com Now because I'm security conscience I'm using https and would like to set the HSTS header to force its use. I'd also includeSubdomains for a long time, let's say…

tls web-server man-in-the-middle

asked Feb 04 '15 at 22:45

Barry Pollard

4,591
15
26

Prev 1 2 3

…

38 39 Next