tls

  1. What is the difference in security between a VPN- and a SSL-connection?
  2. fixing IETF X.509 SSL Certificate Signature Collision Vulnerability
  3. Do Google Chrome and Chromium validate Trusted Root CA "Basic Constraints" fields?

  4. Knowing a web application is HTTPS only, do HTTP cookie need the secure flag?
  5. Difference between S-HTTP and HTTPS

  6. Is an SSL VPN instead of a normal VPN a good idea?

  7. How to determine if a browser is using an SSL or TLS connection?
  8. How strong should a database password be?

  9. Is BASIC-Auth secure if done over HTTPS?
  10. Let's Encrypt for intranet websites?
  11. Securing internal micro-services - Letsencrypt vs. Self-signed certificates - Best practices

  12. Raspberry Pi Self-Signed Certificate Error

  13. How to check if a server is not vulnerable to Logjam?

  14. Manage SSL certificates for a multi-tenant website

  15. Why are some attacks more famous than others (heartbleed, BEAST, POODLE, etc)?

  16. Decrypt TLS traffic
  17. Using SSL (e.g. storing private keys) in SAAS / managed applications
  18. Question on DH key exchange
  19. How can I add a custom domain to an SAN for a certificate for consul domains like active.vault.service.consul?

  20. HTTPS is not green and there is no padlock icon, is it safe for a debit card payment?
  21. Is HTTPS required to support the framing functionality defined in HTTP/2
  22. Firefox Issue - ssl_error_bad_mac_alert
  23. Will the sever send a 'Server Hello' if ciphers are not negotiated?

  24. How to Prevent DDos Attacks?

  25. Securing multiple connections with different protocols all together
  26. Problem using custom CryptoNG KSP on IE 11

  27. self-signed chain of certificates vs self-signed single certificate

  28. Public wifi security protocols
  29. HTTPS or HTTPS within VPN for WIFI security?
  30. How to make OpenSSL errors more verbose for MQTT client?

  31. Is it secure to transfer certificates from Service 1 to Service 2 over HTTPS?
  32. What if the Certificate Authority is starts forging the TLS certs?
  33. Running openssl s_client with an aes encrypted key fails

  34. Switching connection encryption on the fly (browser padlock)

  35. Multiple SSL certificates on load balancer

  36. How to integrate client certificates for upstream servers with nginx as reverse proxy?

  37. Is it more secure to close port 80 and leave port 443 open

  38. Why allow HTTPS but not SSH?

  39. SSL/TLS - Does the client select symmetric key for data encryption?
  40. Does HTTPS protect you from fingerprinting by the NSA?

  41. Example of application /websites use DHE for key exchange?
  42. Should I trash my router if it still runs OpenSSL 0.9.8p and OpenVPN 2.2.2 in 2017?

  43. Is this technique a secure way to confirm a user's bank account details, without requiring them to provide their credentials?
  44. Is an HTTP page form that connects to a server over SSL, secure as good as the whole page being over HTTPS?

  45. SSL Unsupported protocol error
  46. SSL/TLS handshake potential vulnerabilities

  47. Generating debian SSH keys with Python (paramiko library)

  48. TLS Extentions: Omitting TLS Handshake Messages
  49. SSLCipherSuite !3DES not working
  50. A security audit wants encypted user/pass for login in asp.net - this seems pointless or is it not?

  51. Secure flag for ASPXAUTH Cookie in MVC
  52. TLS session resumption failure Windows 2012 R2

  53. Data integrity and authentication of an Arduino using JSON Web Tokens and HMACs

  54. Is visiting HTTPS websites on a public hotspot secure?
  55. How to support Forward Secrecy in OpenSSL
  56. If ssl certs authenticate the servers ip address, how come I can't find a whitelisted ip address in any secure certs or am i looking in wrong place?

  57. How to generate SHA-2 certif with openssl

  58. How to diasble TLS_RSA_WITH_IDEA_CBC_SHA and TLS_RSA_WITH_3DES_EDE_CBC_SHA in the compilation of openssl?
  59. Central Authentication Server for SSH and Web wanted
  60. How to check if some encryptions are disabled in OpenSSL?

  61. How can I be sure that I am using the real Facebook?

  62. Setup a Proxy with a Cordova / Ionic Android App (aka Open Source version of PhoneGap )
  63. Why http request signatures are useful?
  64. Renewing certificates in web services using mutual (2-way) authentication

  65. What provides better safeguards against decryption/hacking: HTTPS or a well-made mobile app?
  66. What elliptic curves are supported by browsers?

  67. Difference between SSL connection and SSL session
  68. What's the difference between X.509 and PKCS#7 Certificate?

  69. How do I run proper HTTPS on an Internal Network?

  70. TLS Handshake with DH

  71. EV SSL vs TLS - which one is an advanced version

  72. Vendor Mutual SSL required on behalf of different organisations

  73. Why does OpenVPN use two channels and not just TLS?
  74. Is it secure for a site to serve the login page with HTTPS from a trusted CA but have HTTP for non-login pages

  75. How can an expired SSL certificate make the server and/or client vulnerable to MITM attacks?

  76. Mixing Off-The-Record and classic SSL

  77. OpenSSL Handshake failed, point is not on curve

  78. How do cookies work together with token binding?
  79. Testing for CCS Injection

  80. Decrypt TLS from an IDS

  81. Can we decrypt captured malware (Meterpreter) HTTPS/SSL traffic with the keys from memory?

  82. SHA-1 deprecation impact on personal PKI certificates
  83. Can SSL traffic encrypted with a weak cypher be bruteforced?
  84. SSLStrip2 and HSTS

  85. Install the same certificate on public facing servers and dev / qa servers
  86. Is SSL/TLS Sufficient For Safe Transit of Bianry Data via API Traffic
  87. HTTPS Inspection: how to detect at (own) server? / does it break Apache digest authentication?

  88. Is it already the right time to say goodbye to TLS1.1 support on web servers?

  89. Client Side Encryption (CSE) across multiple clients
  90. Are there any security concerns if certificates work with multi-level subdomains?

  91. Certificate Pinning with CDN

  92. Self sign SSL certificate for my mobile app?
  93. Security implications of a missing SCSV, but with only TLS 1.2 allowed
  94. Is it a bad practice to use a SSL self signed certificates for production mobile apps?

  95. Understanding 'About Key Crypto' from Oracle Page

  96. TLS-RSA vs TLS-ECDHE-RSA vs static DH
  97. Diffie Hellman master secret TLS1.2
  98. SSL for external micro-services for Tor hidden service
  99. Firefox 57 SEC_ERROR_UNTRUSTED_ISSUER
  100. MQTT over TLS using RabbitMQ