Security questions related to SSL (Secure Sockets Layer), a protocol that provides privacy (encryption) and data integrity over a network connection. See also: [tag:ssl]
Questions tagged [ssl-security]
12 questions
164
votes
5 answers
How can I set the Secure flag on an ASP.NET Session Cookie?
How can I set the Secure flag on an ASP.NET Session Cookie, so that it will only be transmitted over HTTPS and never over plain HTTP?
Alex
- 75,813
- 86
- 255
- 348
7
votes
1 answer
Two-way authentication using ssl in dotnet
I have a project where I need to send a datafile through a web request. We need to setup Two-way authentication also known as mutual authentication. We are not sure if we need a special cert or not but we know that it needs to be level 3.
I am…
Nick
- 841
- 2
- 9
- 30
4
votes
1 answer
Android: opending a keystore as an asset to make an SSLSocketFactory
I have a Bouncy Castle keystore, which I'd like to use to connect to an SSLSocketFactory.
Doing this in "desktop" Java is easy, but how do you do it on the android.
It doesn't seem to make much difference whether you put in assets or res/raw -…
Don Henderson
- 61
- 4
4
votes
2 answers
[DBNETLIB][ConnectionOpen (SECDoClientHandshake()).]SSL Security error
Our ASP/IIS web server talks to a SQL 2005 db server.
Eventually, without a pattern, some pages start showing error instead of the page content:
[DBNETLIB][ConnectionOpen (SECDoClientHandshake()).]SSL Security error.
Rebooting web server resolves…
ryw
- 9,375
- 5
- 27
- 34
4
votes
2 answers
Testing SSL with multiple SSL-Enabled Websites in IIS
I developed a ASP.NET application that needs to run in multiple instances on my machine (IIS7). I need to set up SSL for each instance, but I lose the option to do binding to a specific host name (that option is only available with regular HTTP). So…
Alex
- 75,813
- 86
- 255
- 348
3
votes
1 answer
Is it possible to order cipher suites from server side in Java?
In Java docs stated, that:
public final void setUseCipherSuitesOrder(boolean honorOrder)
Sets whether the local cipher suites preference should be honored.
Parameters:
honorOrder - whether local cipher suites order in #getCipherSuites should…
Ernestas Gruodis
- 8,567
- 14
- 55
- 117
3
votes
4 answers
If a site is secured via SSL, can a network sniffer still read the URLs being requested?
Can URLs be sniffed even though a client communicates with a server over SSL? I'm asking because I'm doing remote login & redirect to a physically different server via URL, and wondered if securing the communication via SSL would prevent replay…
Alex
- 75,813
- 86
- 255
- 348
0
votes
1 answer
Disable Weak Cipher suites for Google Cloud Run custom domain?
We use a custom domain for our clients on Google Cloud Run. Since the custom domain gets a SSL certificate auto-assigned, we cant yet upload our own SSL certificate for the domain.
However, our clients have been reporting a weak cipher…
Alok Mishra
- 3
- 2
0
votes
1 answer
Log displays TLSv1 instead of SSLv3
I have enabled logs in my application using -Djavax.net.debug=all option. Code that have written is supposed to use SSLv3 protocol, but in logs when I am checking it is displaying as ::
*** ClientHello, TLSv1
*** ServerHello, TLSv1
As far as I…
Bhaskar
- 159
- 1
- 2
- 17
0
votes
1 answer
Android SSLSocket#getInputstream() throws HandshakeException on earlier versions of Android 6.0
In my application, I need to work on the SSLSocket.
I have this code which is working on Android6.0 and above and When I run the same code on Android version 5.+ I am getting HandshakeException
private void openSSLSocket(String mHost, int mPort){
…
Varun Narisetty
- 165
- 9
0
votes
2 answers
Lead Forensics and SSL
We have an ASP.NET website on IIS. We have a Lead Forensics link. Which has been working fine prior to switching to require SSL on all pages. It is something similar to: