What are the major differences between HTTPS 1.x vs HTTPS 2.x?
Is the TLS and SSL part came in version 2.x?
Is HTTP/2 (https://en.wikipedia.org/wiki/HTTP/2) also called HTTPS 2? Is HTTP 1.1 ( https://www.rfc-editor.org/rfc/rfc2068 ) also called HTTPS 1?
There is no HTTPS 1.x or HTTPS 2.x. There are only HTTP 1.0, HTTP 1.1 and HTTP/2. HTTPS means only that any of these HTTP protocols are encapsulated inside a TLS connection.
The TLS part is basically the same for all of these. But there are some restrictions regarding the protocol versions, ciphers and TLS compression when using TLS with HTTP/2, see RFC 7540, section 9.2 for the details. And to make it easier for the server to know the major HTTP protocol version used inside this TLS connection the client should use the ALPN TLS extension to tell the server that it supports HTTP/2.
Related
gRPC is based on http2 which must be use ssl.
But I found I can create use insecure server.
I want to know insecure means that don't use ssl or use predefined certificate for http2?
HTTP/2 does not insist on SSL/TLS. But all web browsers only implement HTTP2 over SSL/TLS because of problems when using it over plaintext HTTP over the Internet. So if not using a web browser but another HTTP/2 client than you can use HTTP/2 without SSL/TLS.
So yes insecure gRPC is using an unencrypted HTTP/2 connection (h2c). Though some implementations do not support this, similar to how web browsers do not support unencrypted HTTP/2 (h2c).
I just received an email from Authorize.net informing that they deactivate connections to their server using TLS1.0 and TLS1.1.
Question are Godaddy SSL and Web Host set for TLS1.2 connections and is there anything need to change for configure TLS1.2 for my site?
How to check which TLS use in my website?
How to check which TLS use in my website?
Use Qualys SSL Labs vulnerability tester to check which TLS version you are using: https://www.ssllabs.com/ssltest/
You may certainly see that you support several versions (this is the most common case).
Question are Godaddy SSL and Web Host set for TLS1.2 connections and is there anything need to change for configure TLS1.2 for my site?
You have nothing to do, web hosting services by GoDaddy are already supporting TLS 1.2 connections (and TLS 1.0 and TLS 1.1 - they do not support SSL v3 nor SSL v2 anymore, and it's a good thing).
I'm running a web application that communicates with various APIs. One API requires TLSv1.2 while another will not support something that current (TLSv1 or TLSv1.1).
Does Websphere support multiple SSL versions?
I've found documentation about successfully changing the version of SSL, however I really need to be able to run TLSv1.1 and 1.2 together (if that's even possible) or run one version for one application while another for another application.
According to documentation for setting up SSL in WebSphere, to support the use of TLS 1.0, 1.1 and 1.2, I need to enable SSL_TLSv2:
Question: WAS is act SSL client, What does remote SSL server support
only TLSv1.0 or TLSv1.1 and Similar WAS is act SSL Server, What does
Remote SSL client does support only TLSv1.0 or TLSv1.1 or TLSv1.2.
What to do in order to work such environments?
Answer: There is an alternative option, SSL_TLSv2, which will enable
support for TLSv1.0, TLSv1.1, and TLSv1.2 in the environment. Please
use this setting SSL_TLSv2 in environments where support for multiple
TLS protocols is required, or if you are not sure whether your WAS
environment interacts with other servers or clients using non-TLSv1.2
protocols then, you can configure WAS to use SSL_TLSv2 using same
steps as given in the above.
Note:
Without poddle fix and configured WAS to use SSL_TLSv2
SSL_TLSv2 ==> Enables all SSL v3.0 and TLS v1.0, v1.1 and v1.2
protocols. Accepts SSLv3 or TLSv1 hello encapsulated in an SSLv2
format hello.
If you installed Poddle fix (will disable SSLv3 ) and configured WAS
to use SSL_TLSv2
SSL_TLSv2 ==> Enables these three TLS v1.0, v1.1 and v1.2 protocols.
So, changing the QoS settings to SSL_TLSv2 allows SSL Handshakes to multiple TLS versions when required.
https://www.playframework.com/documentation/2.3.1/ConfiguringHttps describes, in detail, how to implement SSL in Play Framework 2.3.x
However, I am wondering how to implement TLS 1.2 in Play Framework, do I also need something like Nginx?
I am fairly new to this subject. https://luxsci.com/blog/ssl-versus-tls-whats-the-difference.html shows us that SSL is older than TLS. I have heard that SSL is not secure any more, that's why I ask this question.
Nginx support TLS 1.2 without problems (check parameter "ssl_protocols"). Forget about SSL v2 and SSL v3, it is not secure, but most browsers support TLS v1.2, TLSv1.1 and TLS v1.
You can use Nginx as proxy, and configure HTTPS on nginx. Nginx has many usefull options, it can fast serving static files and proxying all other request to "play" application (to TCP port or to socket).
In your link there is information that you can run Play with HTTPS, so there is no need to use nginx, but I agreee with this part:
(..) using a reverse proxy in front of Play will give better control
and security of HTTPS.
Is it possible to globally disable TLS 1.1 for an application that is indirectly using OpenSSL?
I would like to disable TLS 1.1 for a C application that makes soap HTTPS calls using gSOAP.
Disabling TLS 1.1 fixes a intermittent SSL connection problem I have been experiencing for the last few days (SSL routines:SSL3_GET_RECORD:wrong version number).
Currently TLS 1.1 is disabled by using a custom build of gSOAP but ideally I would like to disable the protocol using a config file or some code in my application.
Ubuntu 12.04.5 LTS
OpenSSL 1.0.1-4ubuntu5.20
gSOAP 2.8.4-2
Although there is a global OpenSSL config file it can not be used to restrict the default SSL version(s). And unfortunately there seems to be no API or configuration for the gSOAP library to restrict the SSL version. So you must probably live with your custom build version and hope that someday they provide an API to set the SSL version.
At a minimum you will need gSOAP 2.8.28. Use the SOAP_TLSv1_2 option with soap_ssl_client_context() and soap_ssl_server_context() to restrict the TLS protocol to TLSv1.2 only. TLS1.0/TLS1.1/SSLv3 are disabled. You can't combine the SSL/TLS protocol options, so only TLSv1.2 will be enabled with this option. This works with OpenSSL 1.0.1 or later and recent GNUTLS versions. Perhaps there will be new options in upcoming gSOAP releases to support subsets of protocols, which would be nice.