SSL/TLS Server Test of
|
|
- Teresa Henry
- 5 years ago
- Views:
Transcription
1 SSL/TLS Server Test of Test SSL/TLS implementation of any service on any port for compliance with PCI DSS requirements, HIPAA guidance and NIST guidelines. FINAL GRADE December 22nd :37 CET :443 COMPLIANCE WITH Assessment Executive Summary HIGHLIGHTS The server supports cipher suites that are not approved by NIST guidelines and HIPAA guidance. Non-compliant with NIST and HIPAA The server prefers cipher suites supporting Perfect-Forward-Secrecy. 1
2 SSL Certificate Overview RSA CERTIFICATE INFORMATION Issuer Trusted Common Name Signature Algorithm Subject Alternative Names Transparency Validation Level CRL OCSP OCSP Must-Staple Supports OCSP Stapling Valid From Valid To COMODO RSA Domain Validation Secure Server CA Yes RSA 4096 bits sha256withrsaencryption DNS: DNS:rotenburger-gruene.de No DV No No October 12th 2017, 02:00 CEST October 13th 2018, 01:59 CEST CERTIFICATE CHAIN Server certificate Signature Algorithm SHA256 PIN Expires in RSA 4096 bits sha256withrsaencryption c eeb616acdb e4ed906643ef709e0ab631bb3153b b RyxzPluyd5IIT7rNUNF3Rmvu9dDxhGne/FWLIjmTxyM= 295 days COMODO RSA Domain Validation Secure Server CA Intermediate CA Signature Algorithm SHA256 PIN Expires in RSA 2048 bits sha384withrsaencryption 39df71b20e752359b f181016fcba83909d1f0480b6b13d1238b7 klo23nt2ehfdxcfx3ehtdresmz3asj1muo+4aidjiuy= 4,070 days COMODO RSA Certification Authority Intermediate CA Signature Algorithm SHA256 PIN Expires in RSA 4096 bits sha384withrsaencryption cf1895b94a858aeb07eeb4dfb6da49d97983f5c6e84d0dbab4c3adcdb4c29929 grx4ta9hpzx6tshkmcrvpaptqgo67cydnvprlg5yrme= 890 days AddTrust External CA Root Self-signed Root CA RSA 2048 bits 2
3 Signature Algorithm SHA256 PIN Expires in sha1withrsaencryption df63f84c2b bf13c7deafb11c68393f493a67035dc87693cedf11a9247 lcppfqbkrlj3ecvfakeip0+44vaojuymbnoaeuk7teu= 890 days CERTIFICATE CHAIN CONTINUED Server certificate Signature Algorithm SHA256 PIN Expires in RSA 4096 bits sha256withrsaencryption c eeb616acdb e4ed906643ef709e0ab631bb3153b b RyxzPluyd5IIT7rNUNF3Rmvu9dDxhGne/FWLIjmTxyM= 295 days COMODO RSA Domain Validation Secure Server CA Intermediate CA Signature Algorithm SHA256 PIN Expires in RSA 2048 bits sha384withrsaencryption 39df71b20e752359b f181016fcba83909d1f0480b6b13d1238b7 klo23nt2ehfdxcfx3ehtdresmz3asj1muo+4aidjiuy= 4,070 days COMODO RSA Certification Authority Self-signed Root CA Signature Algorithm SHA256 PIN Expires in RSA 4096 bits sha384withrsaencryption fa45b88ceead aa6cc10667de2d45de5c39f90f51b4f1d b1b2 grx4ta9hpzx6tshkmcrvpaptqgo67cydnvprlg5yrme= 7,333 days 3
4 Test For Compliance With PCI DSS Requirements Reference: PCI DSS Requirements 2.3 and 4.1 CERTIFICATES ARE TRUSTED All the certificates provided by the server are trusted. SUPPORTED CIPHERS List of all cipher suites supported by the server: TLSV1.2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS_DHE_RSA_WITH_AES_256_GCM_SHA
5 TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_256_GCM_SHA384 TLS_RSA_WITH_AES_256_GCM_SHA TLSV1.1 TLSV1.0 5
6 SUPPORTED PROTOCOLS List of all SSL/TLS protocols supported by the server: TLSv1.0 TLSv1.0 TLSv1.1 TLSv1.1 TLSv1.2 TLSv1.2 Deprecated. Dropped in June 2018 DIFFIE-HELLMAN PARAMETER SIZE Diffie-Hellman parameter size: 2048 bits SUPPORTED ELLIPTIC CURVES List of all elliptic curves supported by the server: P-256 (prime256v1) (256 bits) P-256 (prime256v1) (256 bits) POODLE OVER TLS The server is not vulnerable to POODLE over TLS. Not vulnerable CVE The server is not vulnerable to OpenSSL padding-oracle flaw (CVE ). Not vulnerable SERVER DOES NOT SUPPORT CLIENT-INITIATED INSECURE RENEGOTIATION The server does not support client-initiated insecure renegotiation. HEARTBLEED The server version of OpenSSL is not vulnerable to Heartbleed attack. Not vulnerable CVE The server is not vulnerable to CVE (OpenSSL CCS flaw). Not vulnerable 6
7 Test For Compliance With HIPAA Reference: HIPAA of 1996, Guidance Specifying the Technologies and Methodologies that Render Protected Health Information Unusable, Unreadable, or Indecipherable to Unauthorized Individuals. X509 CERTIFICATES ARE IN VERSION 3 All the X509 certificates provided by the server are in version 3. SERVER DOES NOT SUPPORT OCSP STAPLING The server does not support OCSP stapling for its RSA certificate. Its support allows better verification of the certificate validation status. SUPPORTED PROTOCOLS List of all SSL/TLS protocols supported by the server: TLSv1.0 TLSv1.0 TLSv1.1 TLSv1.1 TLSv1.2 TLSv1.2 SUPPORTED CIPHERS List of all cipher suites supported by the server: TLSV1.2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 7
8 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS_DHE_RSA_WITH_AES_256_GCM_SHA TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_256_GCM_SHA384 TLS_RSA_WITH_AES_256_GCM_SHA TLSV1.1 TLSV1.0 8
9 DIFFIE-HELLMAN PARAMETER SIZE Diffie-Hellman parameter size: 2048 bits SUPPORTED ELLIPTIC CURVES List of all elliptic curves supported by the server: P-256 (prime256v1) (256 bits) P-256 (prime256v1) (256 bits) TLSV1.1 SUPPORTED The server supports TLSv1.1 which is mandatory to comply with HIPAA guidance. TLSV1.2 SUPPORTED The server supports TLSv1.2 which is the only SSL/TLS protocol that currently has no known flaws or exploitable weaknesses. EC_POINT_FORMAT EXTENSION The server supports the EC_POINT_FORMAT TLS extension. 9
10 Test For Compliance With NIST Guidelines Reference: NIST Special Publication Revision 1 - Section 3 X509 CERTIFICATES ARE IN VERSION 3 All the X509 certificates provided by the server are in version 3. SERVER DOES NOT SUPPORT OCSP STAPLING The server does not support OCSP stapling for its RSA certificate. Its support allows better verification of the certificate validation status. SUPPORTED CIPHERS List of all cipher suites supported by the server: TLSV1.2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS_DHE_RSA_WITH_AES_256_GCM_SHA
11 TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_256_GCM_SHA384 TLS_RSA_WITH_AES_256_GCM_SHA TLSV1.1 TLSV1.0 11
12 SUPPORTED PROTOCOLS List of all SSL/TLS protocols supported by the server: TLSv1.0 TLSv1.0 TLSv1.1 TLSv1.1 TLSv1.2 TLSv1.2 DIFFIE-HELLMAN PARAMETER SIZE Diffie-Hellman parameter size: 2048 bits SUPPORTED ELLIPTIC CURVES List of all elliptic curves supported by the server: P-256 (prime256v1) (256 bits) P-256 (prime256v1) (256 bits) TLSV1.1 SUPPORTED The server supports TLSv1.1 which is mandatory to comply with NIST guidelines. TLSV1.2 SUPPORTED The server supports TLSv1.2 which is the only SSL/TLS protocol that currently has no known flaws or exploitable weaknesses. EC_POINT_FORMAT EXTENSION The server supports the EC_POINT_FORMAT TLS extension. 12
13 Test For Industry Best-Practices DNSCAA This domain does not have a Certification Authority Authorization (CAA) record. Information CERTIFICATES DO NOT PROVIDE EV The RSA certificate provided is NOT an Extended Validation (EV) certificate. Information SERVER HAS CIPHER PREFERENCE The server enforces cipher suites preference. SERVER PREFERRED CIPHER SUITES Preferred cipher suite for each protocol supported (except SSLv2). Expected configuration are ciphers allowed by PCI DSS and enabling PFS: TLSv1.0 TLSv1.0 TLSv1.1 TLSv1.1 TLSv1.2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLSv1.2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 SERVER PREFERS CIPHER SUITES PROVIDING PFS For TLS family of protocols, the server prefers cipher suite(s) providing Perfect Forward Secrecy (PFS). ALWAYS-ON SSL The HTTP version of the website redirects to the HTTPS version. MIXED CONTENT The website includes HTTP content in HTTPS. Misconfiguration or weakness SERVER DOES NOT PROVIDE HSTS The server does not enforce HTTP Strict Transport Security. We advise to enable it to enforce the user to browse the website in HTTPS. Misconfiguration or weakness SERVER DOES NOT PROVIDE HPKP The server does not enforce HTTP Public Key Pinning that helps preventing man-in-the-middle attacks. Information TLS_FALLBACK_SCSV The server supports TLS_FALLBACK_SCSV extension for protocol downgrade attack prevention. SERVER DOES NOT SUPPORT CLIENT-INITIATED SECURE RENEGOTIATION The server does not support client-initiated secure renegotiation. SERVER-INITIATED SECURE RENEGOTIATION The server supports secure server-initiated renegotiation. 13
14 SERVER DOES NOT SUPPORT TLS COMPRESSION TLS compression is not supported by the server. 14
SSL/TLS Server Test of grupoconsultorefe.com
SSL/TLS Server Test of grupoconsultorefe.com Test SSL/TLS implementation of any service on any port for compliance with PCI DSS requirements, HIPAA guidance and NIST guidelines. GRUPOCONSULTOREFE.COM FINAL
More informationSSL/TLS Security Assessment of e-vo.ru
SSL/TLS Security Assessment of e-vo.ru Test SSL/TLS implementation of any service on any port for compliance with industry best-practices, NIST guidelines and PCI DSS requirements. The server configuration
More informationSSL Report: ( )
Home Projects Qualys.com Contact You are here: Home > Projects > SSL Server Test > www.workbench.nationaldataservice.org SSL Report: www.workbench.nationaldataservice.org (141.142.210.100) Assessed on:
More informationSSL Report: printware.co.uk ( )
1 of 5 26/06/2015 14:27 Home Projects Qualys.com Contact You are here: Home > Projects > SSL Server Test > printware.co.uk SSL Report: printware.co.uk (194.143.166.5) Assessed on: Fri, 26 Jun 2015 12:53:08
More informationSSL Report: bourdiol.xyz ( )
Home Projects Qualys.com Contact You are here: Home > Projects > SSL Server Test > bourdiol.xyz > 217.70.180.152 SSL Report: bourdiol.xyz (217.70.180.152) Assessed on: Sun Apr 19 12:22:55 PDT 2015 HIDDEN
More informationHigh-Tech Bridge s Free SSL Server Test API Developer Documentation Version v1.2 24th of January 2018
HTB_SSLDOCS_v1.2.pdf Page 1 of 55 High-Tech Bridge s Free SSL Server Test API Developer Documentation Version v1.2 24th of January 2018 Table of Contents... 1 General overview... 2 Server information...
More informationSSL Report: sharplesgroup.com ( )
1 of 5 26/06/2015 14:28 Home Projects Qualys.com Contact You are here: Home > Projects > SSL Server Test > sharplesgroup.com SSL Report: sharplesgroup.com (176.58.116.26) Assessed on: Fri, 26 Jun 2015
More informationSSL Report: cartridgeworld.co.uk ( )
1 of 5 26/06/2015 14:21 Home Projects Qualys.com Contact You are here: Home > Projects > SSL Server Test > cartridgeworld.co.uk SSL Report: cartridgeworld.co.uk (95.138.147.104) Assessed on: Fri, 26 Jun
More informationFindings for
Findings for 198.51.100.23 Scan started: 2017-07-11 12:30 UTC Scan ended: 2017-07-11 12:39 UTC Overview Medium: Port 443/tcp - NEW Medium: Port 443/tcp - NEW Medium: Port 443/tcp - NEW Medium: Port 80/tcp
More informationSSL Visibility and Troubleshooting
Page 1 of 6 view online Avi Vantage provides a number of features to help understand the utilization of SSL traffic and troubleshoot SSL-related issues. Visibility Every virtual service provides a number
More informationTLS1.2 IS DEAD BE READY FOR TLS1.3
TLS1.2 IS DEAD BE READY FOR TLS1.3 28 March 2017 Enterprise Architecture Technology & Operations Presenter Photo Motaz Alturayef Jubial Cyber Security Conference 70% Privacy and security concerns are
More informationScan Report Executive Summary
Scan Report Executive Summary Part 1. Scan Information Scan Customer Company: Date scan was completed: Vin65 ASV Company: Comodo CA Limited 11/20/2017 Scan expiration date: 02/18/2018 Part 2. Component
More informationScan Report Executive Summary
Scan Report Executive Summary Part 1. Scan Information Scan Customer Company: Date scan was completed: Vin65 ASV Company: Comodo CA Limited 08/28/2017 Scan expiration date: 11/26/2017 Part 2. Component
More informationOverview of SSL/TLS. Luke Anderson. 12 th May University Of Sydney.
Overview of SSL/TLS Luke Anderson luke@lukeanderson.com.au 12 th May 2017 University Of Sydney Overview 1. Introduction 1.1 Raw HTTP 1.2 Introducing SSL/TLS 2. Certificates 3. Attacks Introduction Raw
More informationSSL Server Rating Guide
SSL Server Rating Guide version 2009k (14 October 2015) Copyright 2009-2015 Qualys SSL Labs (www.ssllabs.com) Abstract The Secure Sockets Layer (SSL) protocol is a standard for encrypted network communication.
More informationTLS 1.1 Security fixes and TLS extensions RFC4346
F5 Networks, Inc 2 SSL1 and SSL2 Created by Netscape and contained significant flaws SSL3 Created by Netscape to address SSL2 flaws TLS 1.0 Standardized SSL3 with almost no changes RFC2246 TLS 1.1 Security
More informationBut where'd that extra "s" come from, and what does it mean?
SSL/TLS While browsing Internet, some URLs start with "http://" while others start with "https://"? Perhaps the extra "s" when browsing websites that require giving over sensitive information, like paying
More informationScan Report Executive Summary. Part 2. Component Compliance Summary Component (IP Address, domain, etc.):
Scan Report Executive Summary Part 1. Scan Information Scan Customer Company: Date scan was completed: Vin65 ASV Company: Comodo CA Limited 02/18/2018 Scan expiration date: 05/19/2018 Part 2. Component
More informationCIS 5373 Systems Security
CIS 5373 Systems Security Topic 4.3: Network Security SSL/TLS Endadul Hoque Slide Acknowledgment Contents are based on slides from Cristina Nita-Rotaru (Northeastern) Analysis of the HTTPS Certificate
More informationRequirements from the. Functional Package for Transport Layer Security (TLS)
Requirements from the Functional Package for Transport Layer Security (TLS) Version: 1.0 2018-12-17 National Information Assurance Partnership Revision History Version Date Comment Introduction Purpose.
More information32c3. December 28, Nick https://crypto.dance. goto fail;
32c3 December 28, 2015 Nick Sullivan @grittygrease nick@cloudflare.com https://crypto.dance goto fail; a compendium of transport security calamities Broken Key 2 Lock 3 Lock 4 5 6 HTTP HTTPS The S stands
More informationVersion: $Revision: 1142 $
Check for SSL Weak Ciphers Application: https Port: 443 ScriptID: 103440 Weak ciphers offered by this service: SSL2_RC4_128_MD5 SSL2_RC4_128_EXPORT40_WITH_MD5 SSL2_RC2_CBC_128_CBC_WITH_MD5 SSL2_RC2_CBC_128_CBC_EXPORT40_WITH_MD5
More informationScan Report Executive Summary. Part 2. Component Compliance Summary Component (IP Address, domain, etc.):ekk.worldtravelink.com
Scan Report Executive Summary Part 1. Scan Information Scan Customer Company: Date scan was completed: Travolutionary ASV Company: Comodo CA Limited 10-03-2018 Scan expiration date: 01-01-2019 Part 2.
More informationSecure Socket Layer Health Assessment
Secure Socket Layer Health Assessment Mick Pouw, Eric van den Haak February 5, 2014 1 Introduction Background Research Questions 2 Research Implementing SSL, the right way Common mistakes Classifying mistakes
More informationEcosystem at Large
Testing TLS in the E-mail Ecosystem at Large IT-SeCX 2015 Wilfried Mayer, Aaron Zauner, Martin Schmiedecker, Markus Huber Overview Background Methodology Results Mitigation 2 Background Transport Layer
More informationComing of Age: A Longitudinal Study of TLS Deployment
Coming of Age: A Longitudinal Study of TLS Deployment Accepted at ACM Internet Measurement Conference (IMC) 2018, Boston, MA, USA Platon Kotzias, Abbas Razaghpanah, Johanna Amann, Kenneth G. Paterson,
More informationfeature HTTPS Posture Assessment Ideal Configuration
feature HTTPS Posture Assessment HTTPS has been around since 1994. Historically, HTTP over Secure Sockets Layer (SSL)/Transport Layer Security (TLS) was treated as a dark and capricious form of magic best
More informationBugzilla ID: Bugzilla Summary:
Bugzilla ID: Bugzilla Summary: CAs wishing to have their certificates included in Mozilla products must 1) Comply with the requirements of the Mozilla CA certificate policy (http://www.mozilla.org/projects/security/certs/policy/)
More informationSSL/TLS: Still Alive? Pascal Junod // HEIG-VD
SSL/TLS: Still Alive? Pascal Junod // HEIG-VD 26-03-2015 Agenda SSL/TLS Protocol Attacks What s next? SSL/TLS Protocol SSL/TLS Protocol Family of cryptographic protocols offering following functionalities:
More informationInstall the ExtraHop session key forwarder on a Windows server
Install the ExtraHop session key forwarder on a Windows server Published: 2018-12-17 Perfect Forward Secrecy (PFS) is a property of secure communication protocols that enables short-term, completely private
More informationState of TLS usage current and future. Dave Thompson
State of TLS usage current and future Dave Thompson TLS Client/Server surveys Balancing backward compatibility with security. As new vulnerabilities are discovered, when can we shutdown less secure TLS
More informationComodo Certificate Manager Software Version 5.0
Comodo Certificate Manager Software Version 5.0 Introducing The Certificate Dashboard Comodo CA Limited, 3rd Floor, 26 Office Village, Exchange Quay, Trafford Road, Salford, Greater Manchester M5 3EQ,
More informationIBM Education Assistance for z/os V2R1
IBM Education Assistance for z/os V2R1 Items: TLS V1.2 Suite B RFC 5280 Certificate Validation Element/Component: Cryptographic Services - System SSL Material is current as of June 2013 Agenda Trademarks
More informationOne Year of SSL Internet Measurement ACSAC 2012
One Year of SSL Internet Measurement ACSAC 2012 Olivier Levillain, Arnaud Ébalard, Benjamin Morin and Hervé Debar ANSSI / Télécom SudParis December 5th 2012 Outline 1 SSL/TLS: a brief tour 2 Methodology
More informationThe State of TLS in httpd 2.4. William A. Rowe Jr.
The State of TLS in httpd 2.4 William A. Rowe Jr. wrowe@apache.org Getting Started Web references have grown stale Web references have grown stale Guidance is changing annually https://www.ssllabs.com/ssltest/analyze.ht
More informationYour Apps and Evolving Network Security Standards
Session System Frameworks #WWDC17 Your Apps and Evolving Network Security Standards 701 Bailey Basile, Secure Transports Engineer Chris Wood, Secure Transports Engineer 2017 Apple Inc. All rights reserved.
More informationDefeating All Man-in-the-Middle Attacks
Defeating All Man-in-the-Middle Attacks PrecisionAccess Vidder, Inc. Defeating All Man-in-the-Middle Attacks 1 Executive Summary The man-in-the-middle attack is a widely used and highly preferred type
More informationScan Report Executive Summary
Scan Report Executive Summary Part 1. Scan Information Scan Customer Company: Date scan was completed: WineDirect ASV Company: Comodo CA Limited 10/11/2018 Scan expiration date: 01/09/2019 Part 2. Summary
More informationTLS Security and Future
TLS Security and Future Martin Stanek Department of Computer Science Comenius University stanek@dcs.fmph.uniba.sk Cryptology 1 (2017/18) Content Fixing issues in practice Trust, Checking certificates and
More informationPROVING WHO YOU ARE TLS & THE PKI
PROVING WHO YOU ARE TLS & THE PKI CMSC 414 MAR 29 2018 RECALL OUR PROBLEM WITH DIFFIE-HELLMAN The two communicating parties thought, but did not confirm, that they were talking to one another. Therefore,
More informationLegacy of Heartbleed: MITM and Revoked Certificates. Alexey Busygin NeoBIT
Legacy of Heartbleed: MITM and Revoked Certificates Alexey Busygin busygin@neobit.ru NeoBIT Notable Private Key Leaks 2010 DigiCert Sdn Bhd. issued certificates with 512-bit keys 2012 Trustwave issued
More informationComputer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 10r. Recitation assignment & concept review Paul Krzyzanowski Rutgers University Spring 2018 April 3, 2018 CS 419 2018 Paul Krzyzanowski 1 1. What is a necessary condition for perfect
More informationComodo Certificate Manager Software Version 5.6
Comodo Certificate Manager Software Version 5.6 Introducing The Certificate Dashboard Comodo CA Limited, 3rd Floor, 26 Office Village, Exchange Quay, Trafford Road, Salford, Greater Manchester M5 3EQ,
More informationSSL GOOD PRACTICE GUIDE
SSL GOOD PRACTICE GUIDE VERSION: 1.0 DATE: 20/09/2013 TASK NUMBER: SSL_Whitepaper PREPARED FOR Paul Docherty Director Portcullis Computer Security Ltd The Grange Barn Pike s End Pinner Middlesex HA5 2EX
More informationSSL / TLS. Crypto in the Ugly Real World. Malvin Gattinger
SSL / TLS Crypto in the Ugly Real World Malvin Gattinger 2016-03-17 SSL/TLS Figure 1: The General Picture SSL or TLS Goal: Authentication and Encryption Secure Sockets Layer SSL 1 (never released), 2 (1995-2011)
More informationInformation Security CS 526
Information Security CS 526 Topic 14: Key Distribution & Agreement, Secure Communication Topic 14: Secure Communication 1 Readings for This Lecture On Wikipedia Needham-Schroeder protocol (only the symmetric
More informationXerox Product Security
Xerox Product Security OpenSSL Vulnerabilities Poodle, Freak and Logjam Version 1.4 June 30, 2016 Page 1 Disclaimer The information provided in this Xerox Product Response is provided "as is" without warranty
More informationBIG-IP System: SSL Administration. Version
BIG-IP System: SSL Administration Version 13.0.0 Table of Contents Table of Contents About SSL Administration on the BIG-IP System...7 About SSL administration on the BIG-IP system... 7 Device Certificate
More informationNo Need for Black Chambers
No Need for Black Chambers Testing TLS in the E-mail Ecosystem at Large Wilfried Mayer, Aaron Zauner, Martin Mulazzani, Markus Huber (FH St-Poelten) Overview Background Methodology Results Abuse-handling
More informationBIG-IP System: SSL Administration. Version
BIG-IP System: SSL Administration Version 13.1.0 Table of Contents Table of Contents About SSL Administration on the BIG-IP System...7 About SSL administration on the BIG-IP system... 7 Device Certificate
More informationScan Report Executive Summary
Scan Report Executive Summary Part 1. Scan Information Scan Customer Company: Date scan was completed: Vin65 ASV Company: Comodo CA Limited 06/08/2018 Scan expiration date: 09/06/2018 Part 2. Component
More informationSecuring Communications with your Apache HTTP Server. Lars Eilebrecht
with your Apache HTTP Server Lars Eilebrecht Lars@apache.org About Me Lars Eilebrecht Independent IT Consultant Contributor to the Apache HTTP Server project since 1996 Member of the ASF Security Team
More informationScan Report Executive Summary. Part 2. Component Compliance Summary IP Address :
Scan Report Executive Summary Part 1. Scan Information Scan Customer Company: Date scan was completed: Vin65 ASV Company: Comodo CA Limited 03/18/2015 Scan expiration date: 06/16/2015 Part 2. Component
More informationInstallation and usage of SSL certificates: Your guide to getting it right
Installation and usage of SSL certificates: Your guide to getting it right So, you ve bought your SSL Certificate(s). Buying your certificate is only the first of many steps involved in securing your website.
More informationPDxxxxx {P/N} {Doc Description} PRELIMINARY PDS-104_SECURED_WEB_BROWSING_UG. PDS-104G - Secured web browsing certificate management.
PDS-104G - Secured web browsing certificate management User Guide TABLE OF CONTENTS PDS-104_SECURED_WEB_BROWSING_UG 1 INTRODUCTION...2 1.1 GENERAL... 2 1.2 ENFORCING SECURED WEB BROWSING... 2 1.3 SECURED
More informationCryptography SSL/TLS. Network Security Workshop. 3-5 October 2017 Port Moresby, Papua New Guinea
Cryptography SSL/TLS Network Security Workshop 3-5 October 2017 Port Moresby, Papua New Guinea 1 History Secure Sockets Layer was developed by Netscape in 1994 as a protocol which permitted persistent
More informationSecurity Improvements on Cast Iron
IBM Software Group Security Improvements on Cast Iron 7.0.0.2 Subhashini Yegappan, Software Support Engineer (syegapp@us.ibm.com) Raja Sreenivasan, Advisory Software Engineer (rsreeniv@in.ibm.com) 31-Mar-2015
More information13/11/2014. Pa rt 2 S S L i m p a c t a n d o p t i m i s a t i o n. Pa rt 1 A b o u t S S L C e r t f i c a t e s. W h a t i s S S L / T L S
13/11/2014 SSL/TLS: IMPACT AND SOLUTIONS With I ntroduction W h a t i s S S L / T L S Pa rt 1 A b o u t S S L C e r t f i c a t e s Pa rt 2 S S L i m p a c t a n d o p t i m i s a t i o n INTRODUCTION
More informationCSE484 Final Study Guide
CSE484 Final Study Guide Winter 2013 NOTE: This study guide presents a list of ideas and topics that the TAs find useful to know, and may not represent all the topics that could appear on the final exam.
More informationSSL/TLS Deployment Best Practices
Version 1.0 24 Feb 2012 SSL/TLS Deployment Best Practices Ivan Ristic Qualys SSL Labs Introduction SSL/TLS is a deceptively simple technology. It is easy to deploy, and it just works... except that it
More informationEncryption, Certificates and SSL DAVID COCHRANE PRESENTATION TO BELFAST OWASP CHAPTER OCTOBER 2018
Encryption, Certificates and SSL DAVID COCHRANE PRESENTATION TO BELFAST OWASP CHAPTER OCTOBER 2018 Agenda Basic Theory: encryption and hashing Digital Certificates Tools for Digital Certificates Design
More informationSecuring Connections for IBM Traveler Apps. Bill Wimer STSM for IBM Collaboration Solutions December 13, 2016
Securing Connections for IBM Traveler Apps Bill Wimer (bwimer@us.ibm.com), STSM for IBM Collaboration Solutions December 13, 2016 IBM Technote Article #21989980 Securing Connections for IBM Traveler mobile
More informationAbout FIPS, NGE, and AnyConnect
About FIPS, NGE, and AnyConnect, on page 1 Configure FIPS for the AnyConnect Core VPN Client, on page 4 Configure FIPS for the Network Access Manager, on page 5 About FIPS, NGE, and AnyConnect AnyConnect
More informationNetwork Security: TLS/SSL. Tuomas Aura T Network security Aalto University, Nov-Dec 2010
Network Security: TLS/SSL Tuomas Aura T-110.5240 Network security Aalto University, Nov-Dec 2010 Outline 1. Diffie-Hellman 2. Key exchange using public-key encryption 3. Goals of authenticated key exchange
More informationVerifying Real-World Security Protocols from finding attacks to proving security theorems
Verifying Real-World Security Protocols from finding attacks to proving security theorems Karthik Bhargavan http://prosecco.inria.fr + many co-authors at INRIA, Microsoft Research, Formal security analysis
More informationINFORMATION SUPPLEMENT. Use of SSL/Early TLS for POS POI Terminal Connections. Date: June 2018 Author: PCI Security Standards Council
Use of SSL/Early TLS for POS POI Terminal Connections Date: Author: PCI Security Standards Council Table of Contents Introduction...1 Executive Summary...1 What is the risk?...1 What is meant by Early
More informationWAP Security. Helsinki University of Technology S Security of Communication Protocols
WAP Security Helsinki University of Technology S-38.153 Security of Communication Protocols Mikko.Kerava@iki.fi 15.4.2003 Contents 1. Introduction to WAP 2. Wireless Transport Layer Security 3. Other WAP
More informationSECRETS OF THE ENCRYPTED INTERNET: WORLDWIDE CRYPTOGRAPHIC TRENDS
SESSION ID: PDAC-F02 SECRETS OF THE ENCRYPTED INTERNET: WORLDWIDE CRYPTOGRAPHIC TRENDS David Holmes Threat Researcher F5 Networks, Inc. @dholmesf5 Who is that Guy? David Holmes Childhood crypto enthusiast
More informationUNCLASSIFIED INFORMATION TECHNOLOGY SECURITY GUIDANCE
INFORMATION TECHNOLOGY SECURITY GUIDANCE GUIDANCE ON SECURELY CONFIGURING NETWORK PROTOCOLS ITSP.40.062 August 2016 FOREWORD The Guidance on Securely Configuring Network Protocols is an UNCLASSIFIED publication,
More informationA Technology Brief on SSL/TLS Traffic
A Technology Brief on SSL/TLS Traffic This document provides an overview of SSL/TLS technology and offers examples of how Symantec solutions can help manage the increasing SSL traffic within enterprise
More informationSSL247 SHA-2 MIGRATION
SSL247 SHA-2 MIGRATION Table of contents SHA-1 deprecation, moving to SHA-2...1 SHA-2 Compatibility...5 What is SHA-1 and why it is being deprecated?...1 OS, Browser and Server support...5 What is SHA-2?...1
More informationHTTPS is Fast and Hassle-free with Cloudflare
HTTPS is Fast and Hassle-free with Cloudflare 1 888 99 FLARE enterprise@cloudflare.com www.cloudflare.com In the past, organizations had to choose between performance and security when encrypting their
More informationECC Certificate Addendum to the Comodo EV Certification Practice Statement v.1.03
ECC Certificate Addendum to the Comodo EV Certification Practice Statement v.1.03 Comodo CA, Ltd. ECC Certificate Addendum to Comodo EV CPS v. 1.03 6 March 2008 3rd Floor, Office Village, Exchange Quay,
More informationHow to Configure SSL Interception in the Firewall
Most applications encrypt outgoing connections with SSL or TLS. SSL Interception decrypts SSL-encrypted HTTPS and SMTPS traffic to allow Application Control features (such as the Virus Scanner, ATP, URL
More informationTransport Level Security
2 Transport Level Security : Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 28 October 2013 css322y13s2l12, Steve/Courses/2013/s2/css322/lectures/transport.tex,
More informationPayment Card Industry (PCI) PIN Transaction Security (PTS) Hardware Security Module (HSM) Evaluation Vendor Questionnaire Version 2.
Payment Card Industry (PCI) PIN Transaction Security (PTS) Hardware Security Module (HSM) Evaluation Vendor Questionnaire Version 2.0 May 2012 Document Changes Date Version Author Description April 2009
More informationCyber Security Advisory
1KHW028570 2015-11-20 English 2.00 1/5 SSL 3.0 Protocol Vulnerability and POODLE Attack in FOX660 series ABB-VU-PSAC- 1KHW028570 Notice The information in this document is subject to change without notice,
More informationSecure Sockets Layer (SSL) / Transport Layer Security (TLS)
Secure Sockets Layer (SSL) / Transport Layer Security (TLS) Brad Karp UCL Computer Science CS GZ03 / M030 20 th November 2017 What Problems Do SSL/TLS Solve? Two parties, client and server, not previously
More informationNetwork Security: TLS/SSL. Tuomas Aura T Network security Aalto University, Nov-Dec 2014
Network Security: TLS/SSL Tuomas Aura T-110.5241 Network security Aalto University, Nov-Dec 2014 Outline 1. Diffie-Hellman key exchange (recall from earlier) 2. Key exchange using public-key encryption
More informationKenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data
Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V3.0, MAY 2017 Multiple Layers of Protection Overview Password Salted-Hash Thank you
More informationExposing The Misuse of The Foundation of Online Security
Exposing The Misuse of The Foundation of Online Security HLA ID: 90FZSBZFZSB 56BVCXVBVCK 23YSLUSYSLI 01GATCAGATC Cyber space is very similar to organic realm Keys & certificates are like HLA tags But,
More informationHigh -Tech Bridge s Web Server Security Service API Developer Documentation Version v1.3 February 13 th 2018
HTB_WEBSECDOCS_v1.3.pdf Page 1 of 29 High -Tech Bridge s Web Server Security Service API Developer Documentation Version v1.3 February 13 th 2018 General Overview... 2 Meta-information... 4 HTTP Additional
More informationCertification Report
Certification Report HP 3PAR StoreServ Storage Systems Version 3.2.1 MU3 Issued by: Communications Security Establishment Certification Body Canadian Common Criteria Evaluation and Certification Scheme
More informationPreventing POODLE Attacks on ecopy ShareScan
Preventing POODLE Attacks on ecopy ShareScan Topics Overview What Products are Affected? Steps to Protect Against POODLE Attacks Disabling SSL in Window s Registry Disabling SSL in Apache Tomcat 1 Overview
More informationIHE Change Proposal. Tracking information: Change Proposal Status: Date of last update: Sep 13, 2018 Charles Parisot, Vassil Peytchev, John Moehrke
IHE Change Proposal Tracking information: IHE Domain IT Infrastructure Change Proposal ID: CP-ITI-1145 Change Proposal Status: Final Text Date of last update: Sep 13, 2018 Person assigned: Charles Parisot,
More informationTLS/sRTP Voice Recording AddPac Technology
Secure IP Telephony Solution (TLS/SRTP Protocol) TLS/sRTP Voice Recording AddPac Technology 2015, Sales and Marketing www.addpac.com Contents Secure IP Telephony Service Diagram Secure VoIP Protocol &
More informationA Federal Agency Guide to Complying with Binding Operational Directive (BOD) 18-01
Table of Contents Introduction... 2 Required Actions Overview... 2 Required Actions Email Security... 3 Required Actions Web Security... 9 Status of Implementation... 11 Roles and Responsibilities... 11
More informationMTAT Applied Cryptography
MTAT.07.017 Applied Cryptography Transport Layer Security (TLS) Advanced Features University of Tartu Spring 2016 1 / 16 Client Server Authenticated TLS ClientHello ServerHello, Certificate, ServerHelloDone
More informationCryptography MIS
Cryptography MIS-5903 http://community.mis.temple.edu/mis5903sec011s17/ Cryptography History Substitution Monoalphabetic Polyalphabetic (uses multiple alphabets) uses Vigenere Table Scytale cipher (message
More informationCASE STUDY - Preparing for a PCI-DSS Audit using Cryptosense Analyzer
CASE STUDY - Preparing for a PCI-DSS Audit using Cryptosense Analyzer v1.0 December 2017 pci-dss@cryptosense.com 1 Contents 1. Introduction 3 2. Technical and Procedural Requirements 3 3. Requirements
More informationCOSC 301 Network Management. Lecture 15: SSL/TLS and HTTPS
COSC 301 Network Management Lecture 15: SSL/TLS and HTTPS Zhiyi Huang Computer Science, University of Otago COSC301 Lecture 15: SSL/TLS and HTTPS 1 Today s Focus WWW WWW How to secure web applications?
More informationDANE, why we need it. Daniel Stirnimann Bern, 29. March SWITCH 1
DANE, why we need it Daniel Stirnimann daniel.stirnimann@switch.ch Bern, 29. March 2017 2017 SWITCH 1 Why do we trust this website? 2017 SWITCH 2 Why do we trust this website? 1. DNS lookup for www.credit-suisse.com
More informationPayment Card Industry (PCI) Executive Report 11/01/2016
Payment Card Industry (PCI) Executive Report 11/01/2016 ASV Scan Report Attestation of Scan Compliance Scan Customer Information Approved Scanning Vendor Information Company: Rural Computer Consultants
More informationInternet security and privacy
Internet security and privacy SSL/TLS 1 Application layer App. TCP/UDP IP L2 L1 2 Application layer App. SSL/TLS TCP/UDP IP L2 L1 3 History of SSL/TLS Originally, SSL Secure Socket Layer, was developed
More informationVisiBroker for Visual Studio 2013
VisiBroker 8.5.2 for Visual Studio 2013 Release Notes Micro Focus The Lawn 22-30 Old Bath Road Newbury, Berkshire RG14 1QN UK http://www.microfocus.com Copyright Micro Focus 2015. All rights reserved.
More informationTRENDS IN WEB VULNERABILITIES MICHEL CHAMBERLAND
TRENDS IN WEB VULNERABILITIES MICHEL CHAMBERLAND Introduction Agenda Introduction Session Goals Presenter and Trustwave SpiderLabs background Analysis Overview Data Source Most frequently found SEVERE
More informationCS 161 Computer Security
Raluca Ada Popa Spring 2018 CS 161 Computer Security Discussion 6 Week of February 26, 2018 Question 1 TLS threats (10 min) An attacker is trying to attack the company Boogle and its users. Assume that
More informationSSL/TLS Vulnerability Detection Using Black Box Approach
Journal of Physics: Conference Series PAPER OPEN ACCESS SSL/TLS Vulnerability Detection Using Black Box Approach To cite this article: D Gunawan et al 2018 J. Phys.: Conf. Ser. 978 012121 View the article
More informationTransport Layer Security
CEN585 Computer and Network Security Transport Layer Security Dr. Mostafa Dahshan Department of Computer Engineering College of Computer and Information Sciences King Saud University mdahshan@ksu.edu.sa
More informationCryptography (Overview)
Cryptography (Overview) Some history Caesar cipher, rot13 substitution ciphers, etc. Enigma (Turing) Modern secret key cryptography DES, AES Public key cryptography RSA, digital signatures Cryptography
More information