Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 8 years ago.
Improve this question
I understand what data encryption is and what role SSL plays in it, but I need to know what role encryption would play in an online game? I have heard many reports of SSL in games, heart-bleed being a popular one, but I just don't see the need for data encryption in games. If something as miniscule as terrain data is being transferred from server to client then what is the need of encryption?
What role does data encryption play in games?
What data should and shouldn't be encrypted?
If encryption is needed, which is better, SSL or TLS? Or are they used for different purposes?
I'm not familiar with games; however, what I know is that both SSL and TLS are used for encryption in web communications. However, SSL is almost dead (at least SSLv3) due to the several attacks it cannot handle. I don't know if you have lately visit a “https” site which uses SSLv3 using either firefox or chrome but they may say something like this:
Firefox:
Unable to Connect Securely
Firefox cannot guarantee the safety of your data on xxx.xxx.xxx.xxx because it uses SSLv3, a broken security protocol.
Advanced info: ssl_error_no_cypher_overlap
Chrome:
This webpage is not available
A secure connection cannot be established because this site uses an unsupported protocol.
Error code: ERR_SSL_VERSION_OR_CIPHER_MISMATCH
So, the answer for your last question should be: Use TLS (TLS 1.2 if possible) instead of SSL. TLS in fact, is basically the evolution of SSL.
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 2 years ago.
Improve this question
What is TLS and why do we need it. Can someone explain to me what roles does it play in Kubernetes?
What will happen if I don't use it? Can someone explain it to me with an example?
Thank you for your time.
What is TLS and why do we need it?
TLS definition from wikipedia:
The TLS protocol aims primarily to provide privacy and data integrity between two or more communicating computer applications [...]
TLS supports many different methods for exchanging keys, encrypting data, and authenticating message integrity.
What roles does it play in Kubernetes?
It is used by k8s control plane for encrypting data in trasit. Encryption in transit protects your data if communications are intercepted while data moves between client and server. In case of k8s, e.g. kubelet or controller manager are usually clients and api-server is considered a server.
What will happen if I don't use it?
I am not sure if you can do this (not use it). I think its use is enforced by k8s components. All you can do is to ignore certificate validation.
But let's imagine for now that you managed to bootstrap a cluster without tls and all communcation is now plaintext based (meaning there is no encryption). Now if I manage to intercept the communication, I (malicious actor) can see what you are sending to the cluster. And since there is no mechanism to enforce data integrity, I can change this data to anything I want and pass it forward. You would have no way to check if you are exchanging data with the cluster or with me and if I am altering the data, adding malicious code or else.
Additionally, tls certificates are used by k8s components for authentication purpouses. This means that e.g. in order for kubelet to join the cluster it needs to prove that it is allowed to do this by showing it has a valid certificate, signed by known authority (this usually means selfsigned). You woudln't be able to verify that the kubelet is yours and that is's not some malicious kubelet I joined to your cluster.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 6 years ago.
Improve this question
I have hosted a website using VPS and pointed to it using DNS services of CloudFlare, The site is working properly. Now I am trying to install ssl provided by Lets Encrypt, I am able to complete the steps successfully but the site doesn't appear to be ssl enabled. Also when I completed the steps succesfully the process didn't generate any cert file.I have used the https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-14-04 could anybody tell me were I might be going wrong.
CloudFlare supports using Let's Encrypt between CloudFlare and your origin; however you must use the --webroot argument when you run the Let's Encrypt binary.
By using the webroot authentication method, a temporary file is placed to validate your domain for the certificate. There is a guide on how to do this on the CloudFlare help centre: How to Validate a Let’s Encrypt Certificate on a Site Already Active on CloudFlare
By using this method, you are able to ensure the connection between CloudFlare and your origin web server is fully encrypted using Strict SSL.
Now you have https on your server.
So the communication vpc-cloudfare can use https.
Now you have to configure cloudfare to use https betwenn cloudfare and the browsers.
See https://www.cloudflare.com/ssl/
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
I am having a server which supports RC4 SSL Cipher suites. I just want to know whether it is easy for a attacker to determine the contents and IP of the users who are connecting to my server?
Concerning the IP, that is out of scope for SSL. SSL works on top of TCP and thus doesn't even know about IPs. Hiding IPs is hard, since they're required to deliver data to the correct recipient. You can use proxies like TOR to hide your IP.
SSL keeps the content transferred over the encrypted connection secret. RC4 isn't the greatest encryption since it produces a biased bitstream. That allows an attacker to learn your secret data if it's transferred several billion times at a known position close the the beginning of the stream.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I have an SSL assigned to my main domain and I'm wondering if I can use the SSL to my sub-domain!! I frankly tried it out, but it shows warning page saying that this page is not safe or so on. Is there a solution to this so I can use the SSL on my sub-domain to let clients send their info on a secure connection.
The error message " This webpage is not available"
X.509 certificates (often called "SSL Certificates") are usually only bound to a single domain, usually mydomain.example, www.mydomain.example or secure.mydomain.example. They cannot be used on any other domain name, even if it's a subdomain (so a certificate for mydomain.example cannot be used for www.mydomain.example and vice-versa).
There currently exist 2 other types of certificates which can be used to simultaneously secure multiple domain names simultaneously:
A relatively new type of certificate called an "SAN Certificate" - short for "Subject Alternative Name" - also sometimes called "Unified Communications Certificates" after a feature in Microsoft Exchange Server which requires this certificate type. These certificates declare a finite list of hostnames they can be used against.
Then there's wildcard certificates. Historically these were very expensive but recently we've seen a huge drop in price. With one of these certs you can secure anysubdomain.mydomain.example including the top-level mydomain.example.
Without either of these SSL certificates you'll need to get an SSL cert for each domain name you want to secure.
Note that having a different certificate for each hostname/domain-name can cause problems because the TLS system establishes security for the channel before the HTTP Host: header is sent - this means that each secured website will need its own IP address or port number.
...unless you use SNI (Server Name Identification) certificates. The good news is that all modern browsers and servers support it SNI, so multiple secure websites can share IP addresses and port bindings with their own certificates (so without needing a single SAN certificate that lists all domains on it).
The bad news is that Internet Explorer on Windows XP cannot connect to SNI websites (but Chrome and Firefox are okay), and on the server-side you need at least Windows Server 2012 or later. So adopt SNI based on how popular IE+XP usage is.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
Mailclients offer both settings, the STARTTLS and SSL/TLS. What is the difference between STARTTLS and SSL/TLS?
The clearest explanation that I've read is from FastMail:
SSL and TLS both provide a way to encrypt a communication channel
between two computers (e.g. your computer and our server). TLS is the
successor to SSL and the terms SSL and TLS are used interchangeably
unless you're referring to a specific version of the protocol.
STARTTLS is a way to take an existing insecure connection, and upgrade
it to a secure connection using SSL/TLS. Note that despite having TLS
in the name, STARTTLS doesn't mean you have to use TLS, you can use
SSL.
Read the rest of the info they have, including a discussion of port numbers and POP/IMAP vs SMTP, here: https://www.fastmail.fm/help/technology_ssl_vs_tls_starttls.html
The question is quite vague, but I guess I understand it. STARTTLS means "explicit TLS" where the connection is established on regular port and then STARTTLS command is sent to initiate SSL handshake and switch to protection mode. Another option probably defines implicit SSL/TLS on a dedicated port. In implicit mode first the handshake takes place and then the application-level protocol runs over the established secure channel.
If you select "TLS if available" Thunderbird will make a TCP/IP connection to the mail server and send a command to ask what capabilities the mail server has. If it says it supports STARTTLS Thunderbird will change the connection to a TLS connection. However, if the mail server doesn't support STARTTLS the connection doesn't fail. Thunderbird continues to use a normal connection. This is a security risk since Thunderbird doesn't display some icon to indicate whether the connection is secure like a browser does, and you're vulnerable to man in the middle attacks (MITM).
Source:
http://kb.mozillazine.org/Secure_connections_-_Thunderbird