Transport Layer Security is a cryptographic protocol for encrypting and authenticating network communications, and replaces SSL. It is commonly used to secure Internet protocols such as HTTP.
Questions tagged [tls]
574 questions
137
votes
2 answers
How can I verify if TLS 1.2 is supported on a remote web server from the RHEL/CentOS shell?
I'm on CentOS 5.9.
I'd like to determine from the linux shell if a remote web server specifically supports TLS 1.2 (as opposed to TLS 1.0). Is there an easy way to check for that?
I'm not seeing a related option on openssl but perhaps I'm…

Mike B
- 11,570
- 42
- 106
- 165
84
votes
3 answers
How to inspect remote SMTP server's TLS certificate?
We have an Exchange 2007 server running on Windows Server 2008. Our client uses another vendor's mail server. Their security policies require us to use enforced TLS. This was working fine until recently.
Now, when Exchange tries to deliver mail…

Skyhawk
- 14,149
- 3
- 52
- 95
53
votes
9 answers
How do I disable TLS 1.0 without breaking RDP?
Our credit card processor recently notified us that as of June 30, 2016 we will need to disable TLS 1.0 to remain PCI compliant. I tried to be proactive by disabling TLS 1.0 on our Windows Server 2008 R2 machine, only to find that immediately after…

Mike
- 1,261
- 5
- 18
- 31
47
votes
6 answers
46
votes
5 answers
Failed tls handshake. Does not contain any IP SANs
I'm trying to set up logstash forwarder, but I have issues with making a proper secure channel. Trying to configure this with two ubuntu (server 14.04) machines running in virtualbox. They are 100% clean (not touched hosts file or installed any…

connery
- 495
- 1
- 4
- 8
40
votes
5 answers
What are the exact protocol level differences between SSL and TLS?
This is a technical deep dive after this overview question was asked.
What are the protocol differences between SSL and TLS?
Is there really enough of a difference to warrant a name change? (versus calling it "SSLv4" or SSLv5 for the newer versions…

makerofthings7
- 8,821
- 28
- 115
- 196
37
votes
8 answers
Is enforcing encryption for SMTP a good idea (yet)?
I am running an email server which is currently set up to use TLS if possible, when sending and receiving emails.
When you read in the documentation about this, there is also the option to enforce TLS and not accept plain text transmission of…

comfreak
- 1,451
- 1
- 21
- 32
35
votes
2 answers
Postfix TLS over SMTP - RCPT TO prompts renegotiation then 554 5.5.1 Error: no valid recipients
I've setup ispconfig3 on my debian six server, and here is a little smtp over ssl:
The server is postfix
AUTH PLAIN (LOL!)
235 2.7.0 Authentication successful
MAIL FROM: lol@lol.com
250 2.1.0 Ok
RCPT TO: lol@lol.com
RENEGOTIATING
depth=0…

lol
- 465
- 1
- 5
- 12
31
votes
5 answers
Functional implications of differences in SSL and TLS
I know that TLS is essentially a newer version of SSL, and that it generally supports transitioning a connection from unsecured to secured (commonly through a STARTTLS command).
What I don't understand is why TLS is important to an IT Professional,…

Randell
- 1,133
- 7
- 18
- 25
30
votes
1 answer
How can I let nginx log the used SSL/TLS protocol and ciphersuite?
My goal is to ensure proper security for clients connecting to my nginx. I'm following Mozilla's guide to configure TLS properly on my nginx installation, but I don't have an overview of the actual protocols/ciphersuites being used in practice.
What…

gertvdijk
- 3,362
- 4
- 30
- 46
29
votes
3 answers
Disable TLS 1.0 in NGINX
I have a NGINX acting as a reverse proxy for our sites and is working very well. For the sites that need ssl I followed raymii.org to make sure to have as strong of a SSLLabs score as possible. One of the sites needs to be PCI DSS compliant but…

Shawn C.
- 393
- 1
- 4
- 7
29
votes
3 answers
What effect does https traffic have on web cache proxy servers?
I just took two university courses on computer security and internet programming. I was thinking about this the other day:
Web cache proxy servers cache popular content from servers on the web. This is useful, for example, if your company has a 1…

ejsuncy
- 393
- 1
- 4
- 7
24
votes
2 answers
Curl: unable to get local issuer certificate. How to debug?
I’ve got an odd problem. Updated my LAMP dev machine (Debian) to PHP 7. Afterwards I cannot connect to a specific TLS encrypted API via Curl anymore.
The SSL cert in question is signed by thawte.
curl https://example.com
gives me
curl: (60) SSL…

Rob
- 343
- 1
- 2
- 6
18
votes
5 answers
Do any well-known CAs issue Elliptic Curve certificates?
Background
I've seen that Comodo has an elliptic curve root ("COMODO ECC Certification Authority"), but I don't see mention of EC certificates on their web site.
Does Certicom have intellectual property rights that prevent other issuers from…

erickson
- 291
- 1
- 3
- 10
16
votes
1 answer
Where is the private key after using certreq for CSR generation on Windows 10?
I tried to follow the website below for instructions on how to generate the CSR for my web server:
http://www.entrust.net/knowledge-base/technote.cfm?tn=8649
However, it only generates the CSR. Where is the private key? I was told that the key is…

Chong Lip Phang
- 265
- 1
- 2
- 7