TLS (Transport Layer Security) version 1.3 is a security protocol. It is an upgrade of TLS version 1.2, and provides improvements in speed, efficiency, security and privacy.
Questions tagged [tls1.3]
374 questions
2
votes
1 answer
TLS 1.3 early data where to put $ssl_early_data
I've set ssl_early_data on; to my nginx.conf (inside http { }) and according to these commands,
echo -e "HEAD / HTTP/1.1\r\nHost: $host\r\nConnection: close\r\n\r\n" > request.txt
openssl s_client -connect example.tld:443 -tls1_3 -sess_out…
obeN
- 416
- 1
- 5
- 16
2
votes
0 answers
Unable to Connect to PostgreSQL Using JDBC Over TLS 1.3
I have installed PostgreSQL 12.1 on a Windows 10 machine. I am attempting to connect to the server using PostgreSQL JDBC 42.2.10, running in AdoptOpenJDK 11.0.7 created with jlink. The self-signed certificate used on the server uses 2048-bit RSA…
Jeff G
- 4,470
- 2
- 41
- 76
2
votes
0 answers
fetchmail warns about imap.gmail.com server certificate
I'm quite new here but i want to share my problem and found solution to everyone.
Maybe this helps someone and save time.
I choosen stackoverflow, because i've often found here a solution for my problems.
Problem: fetchmail prompts some warnings…
Oliver_D.
- 21
- 3
2
votes
1 answer
How does one add certificate_authorities to CertificateRequest message in TLSv1.3
I'm setting up mutual authentication using TLS 1.3 using a spring boot server and curl client for testing. My truststore containts two certificate chains which are loaded correctly - in fact the mutual authentication works in this test…
ljgw
- 2,751
- 1
- 20
- 39
2
votes
1 answer
What is the equivalent of SSLSessionID for TLS1.3 sessions
In TLSv1.2 the client was able to resume with the SSLSessionID. This ID stayed constant among multiple resumed sessions.
In my modified apache webserver, i have a logic, that checks the session-cookie against the SSLSessionID. If the SSLSessionID…
USP-dos
- 83
- 1
- 9
2
votes
1 answer
Sending `Encrypted Extension` and `Server Finished` in one handshake message. Is it mandatory in TLS1.3?
As per RFC 8446 (TLSv1.3) [https://www.rfc-editor.org/rfc/rfc8446]
Encrypted Extension and Finished are two different handshake messages.
But in RFC 8448 (Example Handshake Traces for TLS 1.3) [https://www.rfc-editor.org/rfc/rfc8448]
In all examples…
Bhanu
- 663
- 5
- 13
2
votes
0 answers
How to decrypt TLS1.3 packets in scapy with session keys or handshake/traffic secrets
I'm analysing TLS1.3 traffic using wireshark. Using a keylog I am able to decrypt the traffic there. I was wondering if it is possible to decrypt the packet in scapy as well. I have seen that there is a TLS layer available in scapy but I'm not sure…
Tschet
- 21
- 1
2
votes
1 answer
"TLS wrong version number" with OpenSSL 1.1.1
I try to use Docker Registry REST API V2 on a local Registry instance.
Run Registry: docker run -d --network host --name registry registry:2 (docs).
Command for checking Registry:
$ curl https://localhost:5000/v2/_ping
curl: (35) error:1408F10B:SSL…
Aleks Ya
- 859
- 5
- 15
- 27
2
votes
2 answers
Nginx with TLS 1.3
Trying to use TLS 1.3 certificates in Nginx (1.15.8), I found that the official Nginx was built with openssl 1.1.0, where as for TLS 1.3, openssl 1.1.1 is needed.
To solve this, I built my own openssl 1.1.1 from sources and then nginx from sources…
Eldad Assis
- 10,464
- 11
- 52
- 78
2
votes
1 answer
Handshake Failure with TLS1.2 client and TLS1.3 server
After openssl upgrade to 1.1.1 version, I have a cenario where my client ( odbc) is running at TLS1.2 and my server (database) is running at TLS 1.3 and it fails with
following error at client side.
"SSL Handshake Failure reason…
ramakrushna mishra
- 43
- 1
- 6
1
vote
0 answers
Unknown self-signed certificate in a curl connection to an endpoint coded in Jakarta
probably a silly question but i'm starting using certificates and I still have a lot of stuff to learn.
I'm trying to make an authenticated connection to an API using a client certificate. The idea is that the server recognised the certificate and…
Samuel Góngora
- 141
- 1
- 11
1
vote
0 answers
How to set num of session tickets in TLS 1.3 Java
I have a Java server-client application.
Client:
SSL connect
SSL_write data
SSL_shutdown
TCP close socket
Server:
SSL accept
SSL read
close socket
Above design worked fine.Till we upgraded to TLS 1.3. Now this does not work. when the client closes…
Omi
- 976
- 2
- 20
- 35
1
vote
1 answer
Issue with Mutual TLS Authentication Setup on Vespa Data Plane
I have set up mutual TLS authentication on my Vespa Data Plane by configuring a TLS certificate, following the steps outlined in the Vespa security guide:
https://cloud.vespa.ai/en/security/guide.
The process involved generating a TLS certificate…
Hrithik Raj
- 11
- 1
1
vote
0 answers
How to find calls for hashing handshaking messages in OpenSSL library?
I am finding the procedures inside OpenSSL library, which update a running hash during TLS 1.3 handshaking (all handshaking messages form that hash). To do this I have set breakpoint inside OpenSSL hashing function (in digest.c), waiting for them to…
Tobic
- 13
- 3
1
vote
0 answers
Does Java 8 with Bouncy Castle as security provider support X25519 namedgroup?
I am using java 8 (1.8.0_332-b09) and bouncy castle as security provider for establishing a TLS 1.3 connection.
As part of handshake, Client Hello in packetcapture shows the supported namedgroups as follows :
secp256r1, secp384r1, secp521r1,…
Discovery
- 29
- 2