Ask Ubuntu
Ask Ubuntu

Questions tagged [tls]

Questions about Transport Layer Security (TLS) protocol, which allows client-server apps to communicate across a network in a way designed to try and prevent eavesdropping and tampering.

Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols that are designed to provide communication security over the Internet.

The TLS protocol allows client-server applications to communicate across a network in a way designed to prevent eavesdropping and tampering.

Since protocols can operate either with or without TLS (or SSL), it is necessary for the client to indicate to the server whether it wants to set up a TLS connection or not. There are two main ways of achieving this; one option is to use a different port number for TLS connections (for example port 443 for HTTPS). The other is to use the regular port number and have the client request that the server switch the connection to TLS using a protocol-specific mechanism (for example STARTTLS for mail and news protocols).

Source: http://en.wikipedia.org/wiki/Transport_Layer_Security

110 questions
158
votes
4 answers

How do I patch/workaround SSLv3 POODLE vulnerability (CVE­-2014­-3566)?

After the BEAST attack and Heartbleed bug, now I've heard about a new vulnerability in SSL/TLS called POODLE. How do I protect myself against being exploited? Are only servers or also clients affected? Is this OpenSSL/GnuTLS specific? What kind of…
gertvdijk
  • 69,427
18
votes
2 answers

Enable TLS 1.0 and TLS 1.1 on Ubuntu 20.04

I have recently reinstalled my server to Ubuntu 20.04. A support call came in and after a few days, I managed to notice that TLS v1.0 and v1.1 were not being provided by my web server, nginx. The configuration was fine and explicitly enables TLSv1…
reivilibre
  • 409
11
votes
5 answers

How to disable TLS 1.0, TLS 1.1 on Apache

I have enabled TLS 1.2 in my web server. But the http://ssllabs.com indicates that, I have enabled TLS 1.0 and 1.1 versions along with the TLS1.2 in my server. I modified my configurations files to disable 1.0 and 1.1 from my server. But it doesn't…
Eranga Kapukotuwa
  • 211
10
votes
2 answers

When I try to CURL a website I get SSL error

I installed Ubuntu 20 on my VPS. This is why I'm trying to do: curl -v https://imenik.tportal.hr/show?action=pretraga&type=bijeleStranice [1] 438975 root@vps:/var/www/html/tportal# * Trying 195.29.166.100:443... * TCP_NODELAY set * Connected to…
Misko Mali
  • 203
9
votes
7 answers

OpenLDAP error configuring StartTLS: ldap_modify: Other (e.g., implementation specific) error (80)

Configuring StartTLS for OpenLDAP. Ubuntu server 16.04 Slapd 2.4.42+dfsg-2ubuntu3.2 I have my own internal Certificate authority that is providing certificates. I have set up certificates and key: in /etc/ssl/certs: -rw-r----- 1 root ssl-cert …
Ph4edrus
  • 121
9
votes
1 answer

openssl/curl error: SSL23_GET_SERVER_HELLO:tlsv1 alert internal error

We encounter very strange problems connecting with openssl or curl to one of our servers, from Ubuntu 14.04 Executing: openssl s_client -connect ms.icometrix.com:443 gives: CONNECTED(00000003) 140557262718624:error:14077438:SSL…
cecemel
  • 193
7
votes
1 answer

gpg2 --refresh-keys general error

unfortunately I experience the following error when running $ gpg2 --refresh-keys gpg: refreshing 18 keys from hkps://keys.openpgp.org gpg: keyserver refresh failed: General error As you can gather from the above, I've configured the keyserver to…
apitsch
  • 342
6
votes
1 answer

The TLS connection was non-properly terminated

I'm a beginner ubuntu user, and probably removed something I should have not to. Now when I want to open in either Chrome, Chromium or Firefox some web pages: I cannot upload photos/any file, the page is running but nothing happens; Sometimes the…
maryannvalleys
  • 61
6
votes
1 answer

Does Ubuntu update its root certificate authority list automatically?

Will the root CA list become outdated if I never restart/upgrade the OS? Or does Ubuntu periodically update the root CA list in the background automatically (without restart/upgrade)?
Lisa
  • 173
6
votes
4 answers

Which TLS protocols are enabled in Ubuntu 14.04's OpenSSL?

This is a follow up to Override Distro Package with Custom Package?. Does anyone know if Ubuntu 14.04's OpenSSL enables all TLS protocols (TLS1.0, TLS1.1 and TLS1.2)? Or does it have protocols disabled (TLS1.1 and TLS1.2) like past…
user207039
6
votes
2 answers

Is it possible to disable a Certificate Authority system-wide or at least on Firefox?

I want to disable CAs that are under control of a country that's waging war against mine, how can I do it? I see one right away. The question still stands even if you are convinced there are none, it's not about whether there are matching CAs. sudo…
int_ua
  • 8,892
6
votes
1 answer

Ubuntu 16.04 openssl s_client write:errno=104

I'm getting the following error when trying to connect to github.com, google.com, dropbox.com via https, but stackoverflow.com, askubuntu.com and the majority of https websites work. Relevant details: I'm behind a work proxy, but I can connect fine…
icc97
  • 761
5
votes
2 answers

How to enable TLS 1.2 in apache?

The current enabled TLS on my server is "tls 1", how can i enable tls 1.2 on my ubuntu server, and do i have to upgrade my openssl first? # apache2ctl -v Server version: Apache/2.2.12 (Ubuntu) # openssl version -a OpenSSL 0.9.8g 19 Oct 2007 built…
MohammedSimba
  • 878
5
votes
2 answers

How to send TLS syslog message via logger command

I am working on ubuntu 16.04. Is there any way to send TLS syslog message by logger command?
Shaghayegh Mobasheri
  • 51
4
votes
1 answer

SSL/TLS error with links and lynx - possibly due to CloudFlare

I often work in the terminal - for example on a VPS I've set up - including for browsing with links and lynx. Unfortunately I've been getting some errors: links: Error loading https://www.thepiratebay.se/: SSL error lynx: Looking up…
Baard Kopperud
  • 1,064
  • 1
  • 13
  • 22
1
2 3 4 5 6 7 8