Questions tagged [tls-downgrade]
20 questions
1
vote
0 answers
SSLv3 downgrading attack - avoiding fallback alert
I know it won't work on every server because some don't allow SSLv3 but I tried many servers and my attack doesn't seem to work.
For now, I attempt to downgrade to TLS 1.0 (also recognized by the number 769 in the protocol).
I have a full MITM setup…
![](../../users/profiles/125022.webp)
Zach P
- 131
- 4
1
vote
1 answer
Restrict cipher suites within specific protocol versions
I need to disable the weak ciphers within a weak protocol version, namely TLS1.0, on a windows server 2012 R2 running IIS. I understand that cipher suites are tied to protocol, i.e. TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384 would be specific to…
![](../../users/profiles/32378.webp)
George
- 739
- 1
- 6
- 22
0
votes
2 answers
How to prevent TLS downgrade on client side?
Today I noticed by experiment that Google Chrome (69.0.3497.100) and Firefox (62.0.3) both were willing to connect to a server which only supported TLS 1.0, even though the corresponding support was removed in the browser settings.
In Wireshark I…
![](../../users/profiles/94386.webp)
Thomas
- 121
- 1
- 1
- 6
0
votes
1 answer
How can I know the protocol versions supported at OpenSSL1.1.0g
How can I identify the versions (TLSv1.2, TLSv1.1, TLSv1.0, SSLv3, etc.) supported in OpenSSL1.1.0g when I manually compile it from its source (NOT the one shipped with the OS like ubuntu) without explicit disabling any version in the…
![](../../users/profiles/171162.webp)
user9371654
- 469
- 1
- 6
- 15
-4
votes
3 answers
What is the community doing for supporting downgrading TLS?
There is not much an average end-user can do about their internet connection or available hardware/software.
If you live in Kazakhstan, you'll have all https MitM'ed since 2016-01-01, since the country has to know what blogs people are reading, and…
![](../../users/profiles/16831.webp)
cnst
- 1,884
- 2
- 19
- 30