Super User
Super User

Questions tagged [tls]

Use for questions related to "Transport Layer Security", a network protocol

Transport Layer Security is a network protocol to encrypt the transport layer of an TCP/IP connection.

(Transport Layer Security (TLS) versions 1.0 [RFC2246] and 1.1 [RFC4346] were superseded by TLS 1.2 [RFC5246] in 2008, which has now itself been superseded by TLS 1.3 [RFC8446]. Datagram Transport Layer Security (DTLS) version 1.0 [RFC4347] was superseded by DTLS 1.2 [RFC6347] in 2012).

409 questions
411
votes
23 answers

How do I list the SSL/TLS cipher suites a particular website offers?

How can I retrieve a list of the SSL/TLS cipher suites a particular website offers? I've tried openssl, but if you examine the output: $ echo -n | openssl s_client -connect www.google.com:443 CONNECTED(00000003) depth=1 /C=ZA/O=Thawte Consulting…
Jeremy Powell
  • 7,289
92
votes
5 answers

Can the telnet or netcat clients communicate over SSL?

I would like to test client connections with IMAP over SSL, HTTPS, and other secure text-based Internet protocols over SSL/TLS, the same way I would using telnet or netcat if they were not tunneled over a secure protocol. Is there a way to get…
user553702
  • 1,451
90
votes
4 answers

Specifying minor TLS version when using curl

Is there a way to specify curl to use a specific TLS version? Like 1.1 or 1.2? I can see only sslv3 and tlsv1 options in command help. I took latest src and compiled it with openssl 1.0.1e. Still dont see a direct option in help. Is there any other…
vpram86
  • 2,838
27
votes
3 answers

keytool commands to replace existing SSL certificate?

I've a linux centos server running glassfish 3.1.2 app server. The default certs coming from GlassFish install for ports 4848 and 8181 are 1024 bits. I need to replace these with 2048 bits versions. Looking for help to create the keytool command…
user68950
16
votes
2 answers

How do I use the openssl command to decode a certificate/public key .PEM file?

I have my localhost TSL/SSL certificate from Chrome stored to a .PEM file. Was wondering how do I use the oppenssl command to decode it into a list of human-readable fields. Googling this only returned info on how to work with the private…
Daniel Donnelly
  • 323
  • 1
  • 3
  • 9
13
votes
1 answer

In Wireshark where can I find the TLS Server's Certificate

I'm looking at a TLS v1.3 headers in Wireshark and I'm not sure where I would find the server certificate that is used to confirm that the server is who they claim to be. The Client Sends Hello then the Server Sends Hello with two TLS Record…
masonCherry
  • 387
13
votes
2 answers

Why are Root CAs with SHA1 signatures not a risk

Take Verisign's website, for example, which has a root CA with a sha1 hash signature. Am I mistaken with understanding that were one to find a collision, they could impersonate the Verisign root CA, and use that to generate an intermediate and then…
Chris K
  • 271
11
votes
3 answers

How to troubleshoot "Secure Connection Failed" in Firefox appearing since the version 38?

Since I upgraded Firefox to the version 38 I encounter problem while sending a certain form on the website https://usercenter.checkpoint.com/ Most of the website works normally but sending a form during opening a support ticket (URL in the log…
pabouk - Ukraine stay strong
  • 7,028
11
votes
2 answers

How to configure Emacs smtp for using a secure server (gmail)

This is a question originally posed on https://answers.launchpad.net/vm/+question/108267 on 2010-04-26. It asks how one should configure Emacs mail sending packages on MS Windows for use with secure SMTP server such as gmail, which require TLS and…
Uday Reddy
  • 395
11
votes
2 answers

What is the purpose of chain.pem files?

A general question about chaim.pem files; I used a csr obtained from my host, and used the Certbot from LetsEncrypt to generate a https cert; I used the following command $ certbot certonly --manual --csr file-with-my-csr.txt The certbot produced…
joedotnot
  • 513
10
votes
2 answers

TLS and Alert 21 after Handshake

We have a client/server running TLS v1.0 and keep getting the Encryption Alert 21 from the client after the initial handshake. They are using cipher block chaining and I've read where the block cipher input length being different than something…
IT_Andy
9
votes
1 answer

NOQUEUE: reject: Relay access denied

I recently setup a mail server following the instructions on linode.com (https://library.linode.com/email/postfix/postfix2.9.6-dovecot2.0.19-mysql) except I am using postgreSQL instead of mySQL. Everything about the server is working properly except…
drewag
  • 311
8
votes
5 answers

How to upgrade the TLS on old server without reinstalling the core OS?

I'm in a rather sticky situation. Currently my server supports TLS 1.2 but not TLS 1.3 (security protocols). It has the following installed: Linux version 2.6.32-431.29.2.el6.x86_64 #1 SMP OpenSSL 1.0.1e-fips Apache/2.4.37 It also has a lot of…
mike_s
  • 87
8
votes
2 answers

How to select the client certificate?

I am using Chrome and Edge to visit a web site that requires client certificate (mTLS). For the first time, both Chrome and Edge pops up a panel that asks me to select a certificate. There was only one to choose, the sole one in my Personal store…
u936293
  • 1,337
8
votes
2 answers

SSL_ERROR_BAD_CERT_DOMAIN but name is correct

Our admin created a new cert for our rt server. Since then, I get a SSL_ERROR_BAD_CERT_DOMAIN error in Firefox. However the site works from Chrome and curl. The cert is signed by our internal CA (freeipa), for which I've installed the public cert on…
Gary van der Merwe
  • 601
1
2 3
27 28