Will mitmproxy support QUIC traffic in the future? I think the current version does not support it, at least from my trials. Is there an option already? Or this will be something which will not be possible at all?
Related
I went through a lengthy process removing mod_ssl and replaced it with gnutls because I wanted to use TLS 1.3.
The difference I’ve noticed is gnutls doesn’t support older, legacy methods, only new ones.
OpenSSL supports them all. Is that a better choice? I could find very little support configuring with gnutls and Apache other than the RTFM pages.
Cons pro? Should I move back to mod_ssl? I'm leaning towards, I made a mistake with GnuTLS just for TLS 1.3 and to get a good security ranking score.
Most people use OpenSSL, and it has been updated to work with newer versions of TLS as well as older versions (backwards compatibility).
As far as which is better, I don't know, but most use OpenSSL.
And regarding "Server Fault" in the comment, the user could have been more informative, and likely was referring to the domain, serverfault.com, which they did not elaborate to, making it confusing.
I need to connect a WinCE6.0 device to a web based server using HTTPS.
The problem: WinCE6.0 uses WinInet v6 which supports SSL2, SSL3 and TSL1.0 None of which are supported in the current (2018) best practices due to their security flaws.
I doubt I can drop in a newer version of WinInet and expect it to run.
I had thoughts of porting CURL to WinCE.
I'm thinking this issue has already been addressed by the CE community, but I'm not seeing an available solution.
How can I get an old embedded device to securely connect to the WWW?
From GuruCE:
If you want to use TLS 1.1 and 1.2 on CE a suitable solution is to use mbedTLS library from ARM. It has a BSD-like license, so not too restrictive. Only one change to the makefiles is needed to get it to work on CE.
I'm starting a new project, a cross-platform C++ program that will need to connect to servers of the user's choice using SSH code built into the program. I'm trying to decide between libssh and libssh2. (Licensing is not an issue; libssh's LGPL is fine.)
libssh2 seems, from this page, to be the way to go -- with one possible exception. It doesn't support SSH v1. I have no idea what percentage of servers out there might only support SSH v1 these days. Does anyone have experience in this area, or could point me to something that would answer that?
Alternatively, can anyone point out another SSH library with SCP capability that supports both SSH v1 and v2? Preferably one that is thread-safe and can also support non-blocking operations?
There still exist some hardware devices which only offer SSH1, but when it comes to software, locking to SSH1 is dangerous as SSH1 has security flaws. Consequently if you don't plan to connect to hardware, omitting SSH1 completely is a good idea.
SSHv1 has already been outdated in the times when I became familiar with Linux, back in 2004. SO I don't think that many servers will support SSHv1 only nowadays.
If a server does only support v1, it is to be considered in a very bad state, IMO.
I'm doing some performance analysis on an SSL-encrypted connection and I want to tease apart how much time is saved by not MACing (I still want AES-CBC however). Is there a way to disable just HMAC via the API?
You can't disable it in SSL or TLS, period, regardless of the implementation. It is a required part of the protocol. Without it the protocol wouldn't be secure.
I did a performance study a few years ago that showed that over the Internet, SSL is only 3x as slow as plaintext. I was pleasantly surprised at that.
If you want faster SSL, invest in a hardware crypto accelerator.
Using VBScript, want to talk to a HTTPS website but it fails with:
The client and server cannot
communicate, because they do not
possess a common algorithm
Found out this is because it needs to use SSL3. How can I tell it to use SSL v3?
Thanks
ServerXmlHTTP relies on WinHTTP, which supports SSLv3. See the WINHTTP_FLAG_SECURE_PROTOCOL_SSL3 in the documentation. What version of MSXML are you using? You may want to try using one of the later versions. See the documentation on ProgID information.