ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login
    1. Topics
    2. Tags
    3. tls
    Log in to post
    • All categories
    • OksanaO

      Stay Ahead of Cyber Threats with Windows 11: Explore the New Security Features

      Watching Ignoring Scheduled Pinned Locked Moved Starwind starwind windows 11 bitlocker dns tls
      2
      0 Votes
      2 Posts
      789 Views
      GreyG

      @Oksana Note that TPM can be bypassed for the installation.

      https://www.pcmag.com/news/microsoft-offers-tpm-20-bypass-to-install-windows-11-on-unsupported-pcs

    • OksanaO

      Windows Server 2022 Pushing Network Performance Even Further

      Watching Ignoring Scheduled Pinned Locked Moved Starwind windows server tls smb
      1
      0 Votes
      1 Posts
      458 Views
      No one has replied
    • 1

      SSL/TLS client certificates questions

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion ssl tls certificate https proxy linux mtls
      9
      0 Votes
      9 Posts
      1k Views
      1

      @flaxking said in SSL/TLS client certificates questions:

      Domain name doesn't matter, unless you're signing with a public CA. I'd think self-signed vs internal CA vs public CA would depend on what the authentication mechanism supports and how you have to manage the certificates. (i.e. if there are going to be a ton of them it might be easier for the authentication mechanism just to trust certificates signed by a certain internal CA rather than having to make each certificate trusted.

      From what I've seen so far, I've come to the same conclusion.

    • dbeatoD

      Gmail issue adding external email account to send.

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion gmail google tls ssl certificates smtp exim4 exim
      1
      1 Votes
      1 Posts
      971 Views
      No one has replied
    • scottalanmillerS

      Dovecot error:140760FC

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion dovecot email tls ssl pop3 starttls
      4
      0 Votes
      4 Posts
      947 Views
      wrx7mW

      Date/Time issue?

    • scottalanmillerS

      Standard Email Ports and Protocols

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion email mta mda smtp pop3 imap imap4 imaps smtps starttls tls ssl
      1
      1 Votes
      1 Posts
      558 Views
      No one has replied
    • wrx7mW

      Outlook Client - Stuck on Trying to Connect

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion office 365 tls outlook
      2
      1 Votes
      2 Posts
      2k Views
      wrx7mW

      I have a laptop that isn't kicking back that TLS error in that Office tool. I have tried moving another system that does get the TLS error into the same OU as the laptop and ran gpupdate /force and rebooted, also brought Windows fully current and uninstalled Webroot. Can't figure out the difference

    • DustinB3403D

      CentOS7 Server Apache Disable old TLS for higher versions

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion tls tls 1.2 tls 1.0 apache httpd
      12
      3 Votes
      12 Posts
      3k Views
      JaredBuschJ

      @coliver said in CentOS7 Server Apache Disable old TLS for higher versions:

      @jaredbusch said in CentOS7 Server Apache Disable old TLS for higher versions:

      @coliver said in CentOS7 Server Apache Disable old TLS for higher versions:

      @DustinB3403 I really like this site for information on securing various web servers.

      https://cipherli.st/

      I just implemented their Nginx setting but getting back that TLSv1 was accepted?

      https://www.ssllabs.com/ssltest/analyze.html?d=naggaroth.daerma.com

      First line should read TLS1.2 if you don't have a version of Nginx that supports 1.3.

      Correct. That is the only change I made to their config. I even reran dhparam

    • CloudKnightC

      Yealink T19PE2 FreePBX

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion yealink yealink t19 yealink t19pe2 freepbx pbx voip asterisk telephony tls
      18
      1 Votes
      18 Posts
      2k Views
      scottalanmillerS

      @stuartjordan said in Yealink T19PE2 FreePBX:

      I personally like freepbx and will continue using it, the interface is a bit dated I must admit, but that doesn't bother me.

      FreePBX interface is definitely dated. But also .... why would the interface ever matter that much? But even if it did, I've used 3CX and their interface was far worse.

    • wirestyle22W

      Generating CSR for RDS server using Subdomain

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion csr rds ssl tls certificate
      3
      1 Votes
      3 Posts
      993 Views
      wirestyle22W

      I had some confusion because of the age of the old CSR. It doesn't line up with the correct dates. I'll edit my original post when I know more.

    • scottalanmillerS

      Zimbra Unable to start TLS: hostname verification failed when connecting to ldap master

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion zimbra tls ldap ldaps
      12
      3 Votes
      12 Posts
      14k Views
      G

      Had this error after installing a new commercial certificate. The error seems valid as my server hostname and certificate name do not match, but it is my understanding this name mismatch is allowed and should still work.

      To resolve this I just ran these two commands as Zimbra user.
      zmlocalconfig -e ldap_starttls_required=false
      zmlocalconfig -e ldap_starttls_supported=0

      I am slightly concerned as to the security implications of disabling these settings. I am still on ldap not ldaps and this is on CentOS 7.

    • Emad RE

      How to setup Nginx TLS certificate based Authentication (VPN alternative)

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion nginx tls ssl cert certificate authentication
      21
      3 Votes
      21 Posts
      7k Views
      JaredBuschJ

      @aaronstuder said in How to setup Nginx TLS certificate based Authentication (VPN alternative):

      @emad-r 3650 🙂

      One of the main reasons that normal certs cannot be bought with forever expiration is because then people would be less apt to update them as ciphers are broken.

      Look at how many people still use(d) SSLv1 SHA1, etc., long after they were proven broken.

    • brianlittlejohnB

      Certbot Apache plugin broken in Fedora 26

      Watching Ignoring Scheduled Pinned Locked Moved Solved IT Discussion lets encrypt certbot apache fredora linux fedora 26 ssl ssl certificates tls
      20
      2 Votes
      20 Posts
      5k Views
      JaredBuschJ

      @zachary715 said in Certbot Apache plugin broken in Fedora 26:

      @scottalanmiller said in Certbot Apache plugin broken in Fedora 26:

      I ran into this issue, forgot about this thread, went through LetsEncrypt's threads and their solution for this problem led me... here! Very nice.

      Just did the exact same thing. Let'sEncrypt forum had the link which led me here right about the time @JaredBusch was responding in my other thread.

      It has been posted on here more than one time. I should probably find one of those posts and make @scottalanmiller tag it appropriately.

      Edit: Or too slow..

    • EddieJenningsE

      OpenSSL CSR with Subject Alternative Name

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion openssl how-to san subject alternative name csr pki certificates ssl tls
      5
      1 Votes
      5 Posts
      3k Views
      EddieJenningsE

      @JaredBusch said in OpenSSL CSR with Subject Alternative Name:

      @EddieJennings said in OpenSSL CSR with Subject Alternative Name:

      @JaredBusch Correct. The "ye olde way" is how I've typically made a CSR and private key. The link I included talks about making a configuration file, which allows you to include SAN in your CSR.

      Ah, did not read the link. Yes, using a config file is the only method to get any SAN on a cert with OpenSSL.

      And after re-reading my post, I realized how terrible it was :(. I was hoping to find a one liner kind of thing, but alas. That particular article made it clear how to do it.

    • scottalanmillerS

      Deploying an NGinx Reverse Proxy with SSL on a LAMP Server with SaltStack

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion lamp proxy reverse proxy nginx salt saltstack devops web server lets encrypt ssl tls https https2
      42
      2 Votes
      42 Posts
      7k Views
      stacksofplatesS

      This way you can share the config(s) under conf.d between multiple machines using the same roles (or whatever Salt calls them) and have different main NGINX server settings.

    • JaredBuschJ

      How do I setup TLS on a Postfix relay

      Watching Ignoring Scheduled Pinned Locked Moved Solved IT Discussion postfix tls encryption email
      6
      2 Votes
      6 Posts
      2k Views
      NashBrydgesN

      @JaredBusch Awesome. Tks Jared. Tested and works beautifully!

    • scottalanmillerS

      Troubleshooting Postfix Authentication to Relay

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion postfix intermedia email smtp tls sasl
      11
      0 Votes
      11 Posts
      3k Views
      scottalanmillerS

      @Mike-Davis said in Troubleshooting Postfix Authentication to Relay:

      @jt1001001 said in Troubleshooting Postfix Authentication to Relay:

      is there some sort of anti-spoofing settings with Intermedia?

      That's probably what is going on. I was working with their support last night and they said they couldn't transfer me to a level 2 tech because I wasn't listed on the account. This tech also told me that they allow anonymous emails on port 25, so I knew I was working with the wrong guy.

      Yes, bottom line here is that Intermedia is incompetent. Which has been a question for a long time - why would anyone use Intermedia when Office 365 does the same stuff for lower cost but has Microsoft themselves backing it?

    • DashrenderD

      Enabling RequireTLS on Exchange Send Connectors

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion tls exchange exchange 2010 starttls email
      59
      1 Votes
      59 Posts
      12k Views
      DashrenderD

      eJwqC0f.png

      This picture doesn't really say much, and now that they've fixed their inbound TLS issue, perhaps the unencrypted number will be a lot smaller from now on... just thought I'd share what they shared.

    • scottalanmillerS

      How to Require TLS for Outbound SMTP Connections with MDaemon

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion mdaemon alt-n smtp tls security encryption email
      82
      1 Votes
      82 Posts
      14k Views
      scottalanmillerS

      @BRRABill said in How to Require TLS for Outbound SMTP Connections with MDaemon:

      I think what he meant was encrypted from the e-mail client (Outlook, Webmail) to the MD server.

      That's confusing because it isn't email at that point but is just an internal application API. If it is Outlook, for example, it talks directly with Exchange as a client manipulating stuff on Exchange. If it is OWA, it's Exchange that you are looking at directly (the "email" is still on Exchange.)

    • stacksofplatesS

      DROWN Vulnerability

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion ssl tls vulnerability
      3
      2 Votes
      3 Posts
      1k Views
      travisdh1T

      SSLv2 shouldn't be running in the first place anymore. Ref: SSL Labs Documentation

    • 1
    • 2
    • 1 / 2