tls1.3

.NET 4.8 TLS 1.3 Issue on Windows 10

核能气质少年 提交于 2021-02-15 07:53:06
问题 A .NET 4.8 application running on Windows 10 (version 10.0.19041) with enabled TLS 1.3 using the registry as per how to enable TLS 1.3 in windows 10 However running the following code: try { System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls13; using (var client = new WebClient()) { var img = client.DownloadData("URL of an image - Only TLS 1.3 at client side - removed for privacy purposes"); MemoryStream ms = new MemoryStream(img); Image i = Image.FromStream(ms); i

$ssl_early_data from nginx: should the application use it somehow?

二次信任 提交于 2021-02-11 15:20:52
问题 I'm preparing to turn on nginx ssl_early_data to enable RTT-0 with TLS 1.3. I understand that, if I don't do it right, replay attacks become possible. I understand that, to prevent this, you need to also use $ssl_early_data Requests sent within early data are subject to replay attacks. To protect against such attacks at the application layer, the $ssl_early_data variable should be used. What I don't understand is if it's enough to put this directive in the nginx configuration or if/how the

Apache 2.4.37 with openssl 1.1.1: cannot perform post-handshake authentication

爷,独闯天下 提交于 2021-02-04 17:44:07
问题 I updated apache to last version 2.4.37 and openssl to 1.1.1 and now, when client authenticates, I get this error only with Firefox 63, but not in Chrome: [ssl:error] AH: verify client post handshake, referer: https://******/login [ssl:error] AH10158: cannot perform post-handshake authentication, referer: https://******/login [ssl:error]SSL Library Error: error:14268117:SSL routines:SSL_verify_client_post_handshake:extension not received I used wireshark to try to find the problem, and I

Java 11 and 12 SSL sockets fail on a handshake_failure error with TLSv1.3 enabled

家住魔仙堡 提交于 2020-11-30 12:25:31
问题 While developing a SSL-based (non HTTP) server in Java 12, I met unexpected difficulties for having the server and the client talk together. The connection was always interrupted with a handshake_failure error. After lots of efforts (initially I was incriminating my certificates), I was able to isolate the issue thanks to a HelloWorld SSL client/server pair at the socket level: the handshake failure was caused by the presence of TLSv1.3 among the protocols enabled by default in the JDK. So

Java 11 and 12 SSL sockets fail on a handshake_failure error with TLSv1.3 enabled

吃可爱长大的小学妹 提交于 2020-11-30 12:23:08
问题 While developing a SSL-based (non HTTP) server in Java 12, I met unexpected difficulties for having the server and the client talk together. The connection was always interrupted with a handshake_failure error. After lots of efforts (initially I was incriminating my certificates), I was able to isolate the issue thanks to a HelloWorld SSL client/server pair at the socket level: the handshake failure was caused by the presence of TLSv1.3 among the protocols enabled by default in the JDK. So

Java 11 and 12 SSL sockets fail on a handshake_failure error with TLSv1.3 enabled

自作多情 提交于 2020-11-30 12:20:13
问题 While developing a SSL-based (non HTTP) server in Java 12, I met unexpected difficulties for having the server and the client talk together. The connection was always interrupted with a handshake_failure error. After lots of efforts (initially I was incriminating my certificates), I was able to isolate the issue thanks to a HelloWorld SSL client/server pair at the socket level: the handshake failure was caused by the presence of TLSv1.3 among the protocols enabled by default in the JDK. So

How to handle HttpWebRequest C# with Tls 1.3

北城以北 提交于 2020-06-28 07:58:32
问题 I am unable to connect to an HTTPS server (TLS 1.3) using WebRequest because of this error message: The request was aborted: Could not create SSL/TLS secure channel. The previous TLS version was 1.2 and with below code I could GET the page properly but as the page ssl upgraded to TLS 1.3 I got the error and also I cannot find any solution about it: ServicePointManager.Expect100Continue = true; ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12; In fact, I think it should be