Tag: ssl

Apache, Debian

Apache web server SSL authentication

Mutual authentication or two-way authentication refers to two parties authenticating each other at the same time, being a default mode of authentication in some protocols (IKE, SSH) and optional in others (TLS). By default the TLS protocol only proves the identity of the server to the client using X.509 certificate and the authentication of the …

Debian

Debian 8 Apache SSL/TLS

Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), both of which are frequently referred to as “SSL”, are cryptographic protocols that provide communications security over a computer network. Several versions of the protocols are in widespread use in applications such as web browsing, email, Internet faxing, instant messaging, and voice-over-IP (VoIP). Major …

Hacking, Penetration Testing

Fast full-featured SSL scanner

SSLyze is a Python tool that can analyze the SSL configuration of a server by connecting to it. It is designed to be fast and comprehensive, and should help organizations and testers identify mis-configurations affecting their SSL servers. Key features Multi-processed and multi-threaded scanning: it’s very fast. Support for all SSL protocols, from SSL 2.0 …

C

How to overcome ERROR_INTERNET_INVALID_CA error in C

ERROR_INTERNET_INVALID_CA (12045) – The function is unfamiliar with the Certificate Authority that generated the server’s certificate. //… DWORD invalidcaFlags, invalidcaFlagsLen = sizeof(invalidcaFlags); requestAgain: if (!CLFU(HttpSendRequestA)(request, headers, headersSize, data, dataSize)) { if (GetLastError() == ERROR_INTERNET_INVALID_CA) {   InternetQueryOption(request, INTERNET_OPTION_SECURITY_FLAGS, (LPVOID)&Flags, &FlagsLen);   Flags |= SECURITY_FLAG_IGNORE_UNKNOWN_CA;   InternetSetOption(request, INTERNET_OPTION_SECURITY_FLAGS, &Flags, sizeof(Flags));   goto requestAgain; }   CLFU(InternetCloseHandle)(request); …

Footprinting, Reconnaissance

SSL Protocol Scanner – Reconnaissance

sslscan – queries SSL/TLS enabled services, such as HTTPS, to discover supported cipher suites. The output includes prefered ciphers of the SSL service, the certificate and is in Text and XML formats. Usage: sslscan [Options] [host:port | host]sslscan [Options] [host:port | host] Options: –targets=<file> A file containing a list of hosts to check. Hosts can …

Auditing, Hacking, Penetration Testing

Test SSL/TLS clients for resistance against MITM attacks

sslcaudit – automates the testing process of SSL/TLS clients for resistance against MITM attacks. It is useful for testing thick clients, mobile applications, appliances, pretty much anything communicating over SSL/TLS over TCP. A correctly implemented SSL/TLS client exhibits the following testable behavior: 1> Rejects self-signed certificates, certificates not signed by a trusted CA. 2> Validates …

CakePHP, PHP

CakePHP 3 – Force all actions to require SSL

Let’s see how we can force all actions to require SSL and how to tell cakePHP to redirect to the ssl version of our application. We are going to edit src/Controller/AppController class. Add use directive: use CakeEventEvent;use CakeEventEvent; Create function beforeFilter: public function beforeFilter(Event $event) { parent::beforeFilter($event); $this->Security->requireSecure(); }public function beforeFilter(Event $event) { parent::beforeFilter($event); $this->Security->requireSecure(); …

General

How SSL Works

Secure Sockets Layer (SSL), is a cryptographic protocol that provides secure communication over the Internet. Secure communication has three main goals, privacy, message integrity, and authentication. SSL uses asymmetric cryptography for key exchange, symmetric encryption for privacy, and message authentication codes for message integrity. When the browser requests an SSL connection with the website, it …