Stack Overflow
Stack Overflow

Questions tagged [tls1.3]

TLS (Transport Layer Security) version 1.3 is a security protocol. It is an upgrade of TLS version 1.2, and provides improvements in speed, efficiency, security and privacy.

374 questions
5
votes
1 answer

Tls 1.3 client does not report failed handshake when client certificate verification by server failed

I have a C client using OpenSSL that is failing a test when using a certificate that fails validation on the server side during the SSL_do_handshake() call on the server. When the application was using TLS 1.2 The SSL_do_handshake() failure on the…
David Ritter
  • 110
  • 9
5
votes
1 answer

Does .NET Core 3 support TLS 1.3

I am using .NET Core 3.0 to make a proxy which support only TLS 1.3, I saw that Tls13 = 12288 is defined in SslProtocols. But during my test it only throws exception "The client and server cannot communicate, because they do not possess a common…
user8882898
5
votes
2 answers

Changes in SSLEngine usage when going up to TLSv1.3

Java 11 was released with TLSv1.3 support, used by default. It works OK in context of HTTPS and SSL sockets, but it seems that when using SSLEngine there are additional hurdles due to changes in TLSv1.3 behavior. So there is a robust implementation…
alamar
  • 18,729
  • 4
  • 64
  • 97
4
votes
0 answers

Configure key material for SSL session tickets

I can see from the Erlang TLS 1.3 documentation that we can enable session resumption on the server by setting, for eg. {session_tickets, stateless}, The documentation also states Session tickets are protected by application traffic keys, and in…
Savior
  • 3,225
  • 4
  • 24
  • 48
4
votes
2 answers

C# HttpClient: Could not create SSL/TLS secure channel

i want to send a simple request to "https://etebarkala.com". Tried from .net versions 4.5 to 4.8 with no success This website opens easily with a browser There isn't any ssl validation error or warnings result: The request was aborted: Could not…
Masoud Chegeni
  • 41
  • 1
  • 3
4
votes
1 answer

What's the purpose of OpenSSL's internal client-side session cache?

I'm making changes to a client-side SSL application in order to support TLSv1.3. In order to support session reuse, I'm calling SSL_CTX_sess_set_new_cb to register a callback that OpenSSL calls whenever it has negotiated a new session with the…
Craig M. Brandenburg
  • 3,354
  • 5
  • 25
  • 37
4
votes
1 answer

Is Traefik on Docker significantly slower with HTTPS (vs HTTP)?

I've deployed a local instance of https://librespeed.org/ in order to test my LAN speeds. After changing some old cables, the speeds were good (~800mpbs symmetric). I wanted to leave the service running and give it a URL, so I created a…
Laski
  • 99
  • 7
4
votes
1 answer

How do you make an ssl certificate with tls 1.3?

so, for a while now I've been trying to figure out how do you issue an SSL certificate with tls 1.3 and not tls 1.2 because I'm not sure if I need to change something in my OpenSSL.cnf file or if I need to add something to it? here's the extensions…
Lucky M
  • 61
  • 1
  • 2
4
votes
2 answers

$ssl_early_data from nginx: should the application use it somehow?

I'm preparing to turn on nginx ssl_early_data to enable RTT-0 with TLS 1.3. I understand that, if I don't do it right, replay attacks become possible. I understand that, to prevent this, you need to also use $ssl_early_data Requests sent within…
Dr. Gianluigi Zane Zanettini
  • 2,010
  • 3
  • 32
  • 61
4
votes
1 answer

socat openssl-listen - ensuring TLSv1.3 is in use

I have a working client/server scenario using socat with the following commands: Server socat openssl-listen:5000,reuseaddr,cert=server.pem,cafile=server.crt,verify=0 STDIO Client socat stdio…
robertlayton
  • 612
  • 1
  • 7
  • 20
4
votes
1 answer

How to implement TLS 1.3 in Java Spring boot Application?

I want to implement TLS 1.3 in my spring boot application. https://blog.gypsyengineer.com/en/security/an-example-of-tls-13-client-and-server-on-java.html In this blog i have seen that TLS 1.3 can be used only with Java 11.. is that true? Please give…
sandeep
  • 51
  • 1
  • 1
  • 2
3
votes
1 answer

Go's TLS 1.3 Implementation Ignores Key Usage

Doing some work with TLS 1.3 in both Go and Java, I recently found that Go ignores Key Usage status flags. On the other hand, Java's implementation checks key usage following the RFC. I'm thinking in particular about the digital signature bit: the…
enocom
  • 1,496
  • 1
  • 15
  • 22
3
votes
0 answers

How to setup AWS Network Load Balancer (NLB) with TLS termination for Grpc service running in EKS?

I'm using AWS Load Balancer Controller for setup AWS NLB with TLS termination for Grpc service (grpc-dotnet implementation) running in EKS. Traffic between NLB and Pod in EKS is unencrypted. I also tried to set it up in UI but it ends with same…
Holden Cauldfield
  • 51
  • 4
3
votes
2 answers

HTTP Web Request TLS 1.3 with C# .NET Core 3.1 exception "The client and server cannot communicate, because they do not possess a common algorithm."

When attempting a web request to a site which requires TLS 1.3 https://shop.claytonengineering.com/. I'm receiving the following exception on "request.GetResponse();". Exception: The SSL connection could not be established, see inner…
Jay Metro
  • 31
  • 1
  • 2
3
votes
1 answer

Perl: send mail using office 365

I am trying to send mail using perl through server office 365 The operation succeed 8 times out of 10 (i.e. randomly fail in 20% of cases). use Net::SMTPS; my $mailer = Net::SMTPS->new("smtp.office365.com", Port => "587", doSSL =>…
Yuval Cohen
  • 33
  • 2
1
2
3
24 25