Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 4 years ago.
Improve this question
I am new to SSL.
Right now I am developing an cordova mobile application.
According to digicert tutorial, there are 5 steps for ssl handshake(? I am not sure if this is right terminology)
Browser connects to a web server (website) secured with SSL (https). Browser requests that the server identify itself.
Server sends a copy of its SSL Certificate, including the server’s public key.
Browser checks the certificate root against a list of trusted CAs and that the certificate is unexpired, unrevoked, and that its common name is valid for the website that it is connecting to. If the browser trusts the certificate, it creates, encrypts, and sends back a symmetric session key using the server’s public key.
Server decrypts the symmetric session key using its private key and sends back an acknowledgement encrypted with the session key to start the encrypted session.
Server and Browser now encrypt all transmitted data with the session key.
I am trying to send a request to a backend server which is secured with SSL. Is there any extra step that I have to implement in order to do steps 1-5 or is all I have to do changing the url from http to https? If I send a request to https://url, Are steps 1-5 going to be done automatically?
The SSL Handshake steps you have explained are perfect and in a proper queue. You do not need to implement any extra step.
The SSL Handshake process will be held between the browser and server, If the genuine SSL installed properly in the server, the browser will complete the handshake process without falling for any error.
Related
Closed. This question is not about programming or software development. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 6 days ago.
Improve this question
I need help setting up the smtp mail on Wiki.Js. I have recently hosted wikijs on a sub domain and tried to setup mail but it ssl port error or invalid authentication data. I have used sendgrid and smtp2go with both of them same error.
Invalid login: 535 Incorrect authentication data
OR
139801162820400:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../deps/openssl/openssl/ssl/record/ssl3_record.c:331:
I have gone through the docs of sendgrid and smtp2go and followed step by step.
Sendgrid Docs
SMTP2Go
How to solve this?
These errors typically indicate incorrect credentials over port 443, or a mismatch between the SSL/TLS protocol versions being used by the client and server. Ensure that the same OpenSSL version and TLS version is used on both ends.
You can also check this thread about the same Error. It may help you fix the issue.
Is there any way that I can create a proof of a file downloaded using https? With proof I mean a cryptographic record of some sort that links the contents of a file to a site at a certain time. If I understand TLS correctly, the server certificate is only used as a basis to establish a session key that is known to both parties, so each request is not signed but just encrypted for transfer. Any ideas if this can be done and if so how?
In HTTPS the certificate is only used for authentication and with the obsolete RSA key exchange also for key exchange. Application data are only protected against modification by some man in the middle but they are not signed by the sender. While a HTTP server could be explicitly implemented to sign and timestamp the content, one can not enforce such operation against an arbitrary existing server.
For more see
Where in a TLS connection can I get the signature of the content sent by the server?
Why does HTTPS not support non-repudiation?
How to prove some server sent some file over HTTPS
Proving authenticity of data accessed over TLS by an untrusted third party
I am developing an app with a server part programmed in Go and a client programmed in C#, the connection between the two is made using TCP socket communication, and to ensure the connection I am using TLS.
My question is whether there would be any security problem in my case when using self-signed certificates for TLS communication.
I understand that for a web server that uses https it is necessary to use certificates signed by a certificate authority (CA) but in my case, when connecting my own client application I don't see why I should use one of these.
If anyone knows anything about it, it would be a great help.
Certificates are used for authenticating the end points, and usually the cert is signed by a certificate authority which your client (such as a web browser) already trusts. Using a self-signed cert in that scenario can lead to problems, as the browser won't trust it, and so will pop a warning box. However, the real issue is that for the typical user, a warning from your server is as good as indistinguishable from an attacker using another self-signed certificate. They'll click-away and KABOOM!
If this is a closed environment, and you control both the server and client, then the self-signed certificate is irrelevant. In fact, you don't even need one at all, and may be better off with one of the alternatives, like TLS-PSK, or TLS-SRP.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 9 months ago.
Improve this question
Can kubernetes TLS certificates be signed by a public Certificate Authority?
Our cluster was security scanned using Nessus and it brought to light a few "vulnerabilities".
Description: The server's X.509 certificate cannot be trusted
Solution: Purchase or generate a proper SSL certificate for this service.
Output:
The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :
-Subject : CN=kube-apiserver
-Issuer : CN=kubernetes
The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :
|-Subject : CN=<redacted>-ca#1651240129
|-Issuer : CN=<redacted>-ca#1651240129
I found in the documentation where you can setup the cluster in External CA mode, but does not seem like this could work based on how the PKI works in Kubernetes (1.23.x). https://kubernetes.io/docs/tasks/administer-cluster/kubeadm/kubeadm-certs/#renew-certificates-with-external-ca
IIRC, internal cluster certificates must be signed by the in-cluster CA.
But ingress certificates (ones which are visible outside the cluster) CAN be signed by authorities such as Entrust or Symantec.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 8 years ago.
Improve this question
If I was needing a secure contact form that uses SSL to encrypt/secure a contact email form would I need an actual SSL certificate or would CloudFlare's Flexible SSL be enough?
According to Cloudflare, Flexible SSL only provides SSL between the visitor and CloudFlare. Therefore visitor sees HTTPS on your site, but there will be no SSL between CloudFlare and your web server. However your visitors will still see the site as being HTTPS enabled. But This doesn't mean that you will get secure connection all the way from client to server. If you really need security, go with cloudflare's Full SSL or Full SSL (Strict). In that case You'll need to have a valid SSL certificate installed on your web server.
References : SSL at CloudFlare