Skip to main content
Cryptography

Questions tagged [tls]

Ask Question

SSL (Secure Sockets Layer) and its successor TLS (Transport Layer Security) are protocols which provide communication security (privacy and integrity) for a bidirectional data channel.

675 questions
Newest Active Bountied Unanswered
17 votes
3 answers
1k views

[This appears to be a controversial topic. I am not knowledgeable enough to attempt to choose sides; I would just like to verify that I have understood the argument.] [tl;dr: The questions are at the ...
chaosflaws's user avatar
  • 275
1 vote
0 answers
78 views

I am trying to understand the rationale behind the design choices in TLS 1.3, and am stuck on a couple points regarding the derivation of the master secret ($\mathsf{MS}$) from the derived handshake ...
Augustine's user avatar
  • 11
0 votes
1 answer
94 views

I’m analyzing a Matrix protocol connection and captured its traffic in Wireshark. In the TLS handshake, I looked at the Server Hello message and came across a few confusing things: -The "Change ...
jafar qolam ali's user avatar
  • 191
2 votes
1 answer
124 views

I am writing a TLS client which advertises all IANA registry parameters. One such TLS parameter in the registry is ECDSA_SHA1 which is a signature scheme supported for TLS 1.3 communication. Now, my ...
smtptest's user avatar
  • 23
3 votes
0 answers
126 views

This is a bit of a follow-up question to What are the design-level constraints in TLS 1.3 for post-quantum adoption? The IETF draft to increase the TLS 1.3 record size to accommodate larger post-...
Mike Edward Moras's user avatar
  • 18.2k
1 vote
1 answer
261 views

To be more specific: How do the structural design choices in TLS 1.3 (such as message flow, handshake compression, and record layer framing) interfere with or limit the integration of large post-...
Mike Edward Moras's user avatar
  • 18.2k
1 vote
1 answer
202 views

After seeing the number of entrants in the NIST PQCS that were broken and after considering that hash-based signature schemes are more studied, I've concluded that SPHINCS+ is a safer bet for digital ...
Melab's user avatar
  • 4,338
2 votes
1 answer
277 views

In the TLS 1.3 handshake, the server has to sign stuff in its Hello, and the client has to verify the server's certificate and the signature which uses the certified key. I'm guessing that's a ...
Chris Hall's user avatar
  • 121
6 votes
1 answer
156 views

I’ve been reading the 2018 paper “More is Less: On the End-to-End Security of Group Chats in Signal, WhatsApp, and Threema”, which outlines several interesting vulnerabilities in the group messaging ...
jafar qolam ali's user avatar
  • 191
0 votes
0 answers
54 views

I have build multiple embedded devices with TLS1.2/3 + PSK using mbedtls and wolfssl libraries. My products have been with microcontrollers(ESP32, Silicon labs, etc.) and OpenWRT based Linux products. ...
Prajosh Premdas's user avatar
  • 101
1 vote
0 answers
86 views

Working on TLS1.2 on cipher suite ECDHE_RSA_AES_256_GCM_SHA384. On the server side, currently at the stage of server finish message. Always getting alert message.(Encrypted). And client closes. What I ...
Naushad CK's user avatar
  • 21
1 vote
1 answer
203 views

Using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 in tls 1.2 handshake. Reference to TLS 1.2 standard documentation regarding the key generation. And the question 50815 (Clarification needed in TLS 1.2 key ...
Naushad CK's user avatar
  • 21
0 votes
2 answers
189 views

I'm trying to understand the data that go into a TLS "Finished" handshake message. At present I'm focused on TLS 1.2 -- if I can't get that right then there's no point in looking at other ...
Peter M's user avatar
  • 1
2 votes
1 answer
167 views

From what I understand by reading TLS 1.2 RFC (key calculation), PRF is used for this with the master key to derive the IV, so both side can generate the same IV because of the nature of PRF. ...
Usama's user avatar
  • 123
1 vote
1 answer
223 views

Historical question as BEAST is mitigated in TLS 1.1 and earlier TLS is deprecated. BEAST is a chosen plaintext attack, possible in web browsers because cross-origin requests have cookies ...
paj28's user avatar
  • 125

15 30 50 per page
1
2 3 4 5
45