Unix and Linux Stack Exchange
Unix and Linux Stack Exchange

Questions tagged [tls]

Transport Layer Security denotes a set of protocols for cryptographically securing traffic. Its predecessor was invented by Netscape.

Technically SSL (more precisely: the Record Protocol) sits on top of the transport layer, but it is the responsibility of the application to use TLS. TLS can only be used with connection oriented transport protocol like TCP or SCTP. Connection-less protocols like UDP or DCCP can be secured with DTLS.

TLS is commonly used for protocols like POP3, IMAP, SMTP, LDAP, and other protocols. TLS can be initiated by using individual protocol port numbers (such as port 443 for HTTP over TLS), the protocol names are recognized by the trailing letter S (such as HTTPS vs. HTTP). Other protocols allow to initiate TLS by the STARTTLS command.

Key-exchange and authentication is done by cryptographic public-key methods. Public keys are authenticated by chains of X.509 certificates that lead to root certificates which are ultimate trust anchors. For HTTPS common browsers come with a set of root certificates pre-installed.

Related tags: , , ,

18 questions
18
votes
3 answers

How to make ldapsearch working on SLES over tls using certificate?

We need to connect our php script to LDAP over tls using a certificate. LDAP connection works nicely without tls. More details here https://stackoverflow.com/questions/15260252/how-to-use-multiple-tls-certificates-for-ldap-from-php-zend We managed…
Radek
  • 2,943
  • 18
  • 39
  • 52
18
votes
1 answer

mutt SMTP TLS error sending mail

When I try to send a mail, I get the following error: gnutls_handshake: An unexpected TLS packet was received. This is my .muttrc (myname, myaddress and mymail are placeholders): # Automatically log in to this mailbox at startup set…
bug
  • 2,418
  • 6
  • 22
  • 23
7
votes
1 answer

Disable SSLv3 In cURL?

I'm having a problem connecting to a website that is hosted with CloudFlare using cURL. When I try to connect to the website with HTTPS (using curl -v https://www.xxxxxx.com), it says: * About to connect() to www.xxxxxx.com port 443 (#0) * Trying…
SameOldNick
  • 473
  • 2
  • 5
  • 10
7
votes
4 answers

specify certificate of CA in Dovecot

In Postfix, I have specified my private key, my certificate, and the certificate of my CA smtpd_tls_CAfile = /etc/ssl/cacert.pem smtpd_tls_key_file = /etc/ssl/server.key smtpd_tls_cert_file = /etc/ssl/server.pem In dovecot, there are only…
Martin Vegter
  • 69
  • 66
  • 195
  • 326
6
votes
1 answer

TLS over unix pipe

Can I use TLS/SSL over Unix pipe with Unix command line? I want the equivalent of $ mkfifo /tmp/spipe $ echo a|openssl s_server -acceptFifo /tmp/spipe & [1] 25563 $ openssl s_client -connectFifo /tmp/spipe a [1] Done echo…
Elazar Leibovich
  • 3,131
  • 5
  • 27
  • 28
3
votes
2 answers

WeeChat decryption fails while reading from data socket

I'm using WeeChat for quite a while on different machines now. All instances are using the same settings over and over again. When I connect, everything is fine, like this output from WeeChat, just some certificate warnings, but I usually ignore…
q9f
  • 2,308
  • 8
  • 29
  • 39
3
votes
2 answers

How to globally configure secure clients using OpenSSL on Oracle Linux 5/RHEL 5?

My workplace recently patched one of our servers to address the POODLE vulnerability. Since then older Oracle Linux 5 clients (based on RHEL 5) can no longer securely connect to the server with any application. The client computers use OpenSSL…
Alvin Thompson
  • 81
  • 1
  • 6
3
votes
1 answer

Does fetchmail support SSL or TLS when using SMTP to forward email?

I am trying to forward emails that are fetched with fetchmail to another SMTP host, which enforces STARTTLS. I could not find a way to enable TLS in fetchmail. Is this possible at all? If so, how?
Arne
  • 813
  • 4
  • 12
  • 22
3
votes
1 answer

How to turn off STARTTLS for internal relaying of emails?

I read with interest from sendmail guide that it is possible to disable TLS. I tried doing so for internal mails by adding the following lines in /etc/mail/access: Try_TLS:my.server NO Try_TLS:localhost6.localdomain6 …
Question Overflow
  • 4,568
  • 19
  • 57
  • 84
2
votes
1 answer

Sendmail with TLS support changes FROM: address

I have multiple domains on one server and when sending email to server, which supports TLS, server changes FROM field to default domain ($j). What should i do (in .mc level please) to remain primary domain (all domains are qualified)? Jul 14…
tsst
  • 21
  • 2
1
vote
1 answer

Mplayer fails to play network stream

I'm trying to play youtube streams with mplayer. On running mplayer -cache 2048 https://www.youtube.com/watch?v=USUA_1WVM8I, I get the following output and the video does not play at all. MPlayer SVN-r37379 (C) 2000-2015 MPlayer Team 210 audio & 441…
Hashken
  • 313
  • 1
  • 4
  • 11
1
vote
0 answers

OpenVPN TLS Error

I'm having trouble getting OpenVPN to work. I have installed and configured OpenVPN on my centos machine and it seemed to be going fine. I followed the instructions in the following…
TheLovelySausage
  • 4,183
  • 9
  • 30
  • 49
1
vote
2 answers

Implementing TLS 1.2 when I SSH into a box as a measure against POODLE

Is it possible to edit sshd_config or ssh_config, such that the SSH connection into a machine configured to use TLS1.2 is successful and rejects connections configured to use TLS1.1 and below, as well as SSL3 and below? Is there any other way to do…
hack
  • 13
  • 1
  • 4
1
vote
1 answer

When would CUPS use TLS?

I'm running Debian Testing on amd64, with the apt-listbugs feature that tells me if bugs are present before upgrading. Now the package libgnutls-deb0-28 has a serious bug to the effect that "CUPS crashes when reading TLS". Because of this, I've…
Anthony
  • 206
  • 2
  • 5
1
vote
1 answer

TLS and Packet Filtering

I want to set up a client wit BSD packet filtering that only allows outgoing 443 connections. Would this do the trick in my pf.conf? block out block in pass out on eth0 inet proto tcp from (eth0) to any port 443 keep state Is there any reason to…
Peter Stephens
  • 11
  • 2
1
2