ssltest | Node Express A SSL labs config | Runtime Evironment library
kandi X-RAY | ssltest Summary
kandi X-RAY | ssltest Summary
Node Express A+ SSL labs config
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of ssltest
ssltest Key Features
ssltest Examples and Code Snippets
Community Discussions
Trending Discussions on ssltest
QUESTION
I often find myself debugging websites or analyzing what goes on under the hood. Fiddler has served me incredibly well for this, and often times I have it running.
I just noticed a very strange issue in which when I access a particular site while Fiddler is running, I get served with a 429 response. If I toggle it to not capture traffic, the site works just fine. The moment I turn it back on, 429 again. I have tried crafting the request myself to see if I can reproduce a 200, but to no avail.
I'm very intrigued by this, because it would seem like the site is detecting that Fiddler is running, but I can't quite wrap my head around it. I suppose that sites could be doing checks using JS and maybe WebSocket workers to detect this stuff, but how does the initial request immediately fail with a 429 just by having Fiddler intercept traffic?
EDIT: Reading https://stackoverflow.com/a/62194160/3511297 suggests that the TLS handshake certificate provided by Fiddler might be the key here.
EDIT #2: Reading up on it, it seems like Fiddler is unable to generate TLS 1.3 certificates, so that might be something, however according to ssllabs.com/ssltest , the site supports TLS 1.0, TLS 1.1, and TLS 1.3
...ANSWER
Answered 2021-Dec-09 at 12:37There are no TLS 1.3 certificates. Certificates in SSL/TLS are independent of the used TLS version. Only the used key-pair algorithm (e.g. RSA, ECC, ) can limit the TLS ciphers that can be used. But that only affects the connection between client and Fiddler not the connection to the server (which denies access).
Regarding the supported TLS versions Fiddler is a Windows/.Net application, therefore it inherits the TLS capability of Windows. According to some posts here of SO you may have to manually enable TLS 1.3. Also don't forget to enable tls1.3 in Fiddler HTTPS options.
But if there is really SSL/TLS fingerprinting used on server side I doubt that this is enough to change the fingerprint to something accepted. Usually the complete list of cipher suites as well as optional extensions like Application-Layer Protocol Negotiation (ALPN) also go into the fingerprint and I don't think you can enable such extensions in Fiddler without changes to Fiddler's code.
If you want to check the TLS fingerprint of Fiddler and your web browser(s) you can use Wireshark. Capture the TLS handshake traffic and then apply the run-time filter ssl.handshake.type == 1 (show only CLIENT_HELLO). Expand the entry Transport Layer Security -> TLSv1? Record Layer... -> Handshake Protocol: Client Hello and scroll down.
You will find two lines starting with JA3 (which is the name of a common TLS fingerprinting algorithm) like these:
QUESTION
After commenting out and uncommenting some lines in a YML file, I can't get my project pushed to our Gitlab anymore due to those prettier errors. To be precise, the commented out block is the server 8080 and uncommented block is the server 443.
...ANSWER
Answered 2022-Mar-17 at 21:41I am having similar issues with parsing errors with husky when trying to do a git commit. I "solved" it following this answer which says that you need to add a --no-verify flag:
git commit -m "message for the commit" --no-verify
Disclaimer: this overcomes the prettier errors but does not solve it. Be sure to check that your code works properly and follows the respective code guidelines before overpassing it. After you succesfully have done that, you will not need to use the --no-verify again unless you modify that file.
QUESTION
# nginx -V
nginx version: nginx/1.21.4
built with OpenSSL 1.1.1f 31 Mar 2020
ANSWER
Answered 2022-Feb-08 at 20:58I've found my issue, I've configured a default "catch all" server like this:
QUESTION
I'm trying to debug an issue that appeared for us on December 9th. We use the LinkedIn Profile API to login/register users on our platform and also optionally allow them to sync data from their LinkedIn profiles to their profiles on our platform. Since the 9th however, login and registration are both broken. We hadn't changed code related to this before the errors started coming.
Now, instead of receiving basic user profile data when trying to log someone in to our platform, we get errors from the LinkedIn API. These are coming from a Node.js server that was using the now deprecated request package, but has since been moved to axios and is still producing the error, albeit more verbose which is helpful. The error received from axios is as follows:
ANSWER
Answered 2021-Dec-27 at 21:46Ok after looking everywhere, the issue come from nodejs versions.
I tried a lot of things, changing request libraries, upgrading nginx and using TLS 1.3 version... etc
But the solution is using node 10+, I was using node 9.8 (I have test with 8.11, 10.24 and 14.18)
Resume :
- 8.11 -> ssl error
- 9.8 -> ssl error
- 10.24 -> OK
- 14.18 -> OK
This is ennoying as changing node version could imply breaking changes...
QUESTION
I'm hosting a site on AWS EC2. I got an SSL certificate using certbot. On Chrome, the site is accessed from HTTPS and the padlock appears. On Safari it says NOT SECURE next to my site's name, and cookies cannot be set (cookies are working in Chrome and they also appear in the Network panel of Safari--they're just not being set because my site isn't secure).
I don't know or understand why my site isn't secure in Safari.
When I click the padlock I can access this certificate (images attached):
I also did SSL Server Test on https://www.ssllabs.com/ssltest/analyze.html?d=arriveanywhere.xyz
I got a B grade and it said:
This server supports TLS 1.0 and TLS 1.1. Grade capped to B.
Additionally, it said I don't have a DNS CAA set up -- could this be my issue?
Please let me know why it's insecure in Safari but not Chrome...
I have looked around SO, and couldn't find an answer. I don't think this is a duplicate.
...ANSWER
Answered 2021-Jul-19 at 20:26Browsers traditionally default to http://... if no explicit method is given (i.e. only domain given). Typically sites will be configured to explicitly redirect http:// to https://, but your site is not configured like this. Still, Chrome will access the site with https:// anyway since starting in version 90, Chrome’s address bar will use https:// by default, improving privacy and even loading speed for users visiting websites that support HTTPS. Thus what you see is the new default.
QUESTION
This post is cross-posted, so make sure you check for updates in coderanch.
I'm quite stuck implementing OCSP revocation checking on my client/server application, I managed to make client-side OCSP work, I implemented my own OCSP responder with openssl and I'm checking certificates signed by my own CA.
The problem comes when trying to check them from the server. I followed the instructions on the Standard Edition Security Developer’s Guide, more exactly like this:
...ANSWER
Answered 2021-Jun-27 at 18:51Problem solved:
In my case, the server Stapling was not working cause a bad configuration of the server certificate.
The server certificate must be chained to the root CA certificate, and mine was alone. Also, I specified the authorityInfoAccess extension on the Certificate.
So:
My openssl config file for signing the ssl certs look like this (see authorityInfoAccess with the URI of your OCSP):
QUESTION
I want to have a subdomain (api.mysite.com) which makes calls to an EC2 classic load balancer (load-balancer-123456789.us-east-2.elb.amazonaws.com). Everything is hosted on AWS, to (theoretically) make it as straightforward as possible.
I created a domain and subdomain in AWS Route 53, as per the instructions here, and created an "A" record in the subdomain that links to my load balancer as an alias. That works fine, I can make calls to the load balancer through api.mysite.com, as long as I use HTTP.
But when I try to use HTTPS, I get ERR_SSL_PROTOCOL_ERROR. If I try to open the API in a browser, the security icon says that it's "not secure". I think the problem might be that the certificate is connected to the main domain (mysite.com) instead of the subdomain (api.mysite.com), but I can't figure out how to get it to resolve properly.
This SSL checking site shows the EC2 server itself (the one that the load balancer points to) and reports "Certificate not valid for domain name". It's an Ubuntu server, though I'm not sure if that should matter.
...ANSWER
Answered 2021-Jun-02 at 10:54The SSL certificate needs to specify the subdomain as well as the main domain. The easiest way to do this is through AWS's Certificate Manager, by requesting a new certificate.
Make sure to specify each relevant domain and subdomain in the certificate (in this case, both mysite.com and api.mysite.com.)
After creating the certificate, go to the Load Balancer, open up the Listeners tab, and select the HTTPS port. Then, change the SSL certificate for that port to the certificate that includes the relevant subdomain. If you use AWS Certificate Manager, it can be selected from the dropdown menu.
QUESTION
I encounter the folowing exception when connecting to the website of Western digital:
...ANSWER
Answered 2021-Apr-07 at 13:22.NET Core uses the ciphers supported by the native TLS stack, i.e. SChannel. Which ciphers are supported depend on the version of Windows. Which ciphers are supported by your OS (is documented in TLS Cipher Suites in Windows 7. As you can see, none of the ciphers offered by the server are supported by your OS.
With Firefox or Chrome browser the situation is different. These come with their own stack and are thus not limited on what the OS offers. That's why they work.
QUESTION
I just downloaded a certificate from ZeroSSL and got it working, but when I try to access the site, Google Chrome prevents me from visiting because of an invalid certificate error. I tried running the SSL Labs server test (https://www.ssllabs.com/ssltest/) on my site, and got that I have a mismatched name in my certificate.
I'm confused about what the names should be.
Subject, common names, alternative name, and issuer are all listed as my private IPv4 DNS address, and under the alternative names it says 'MISMATCH'. What are these expected to be? The domain I supplied to ZeroSSL is my correct domain name, so what is causing this mismatch?
...ANSWER
Answered 2021-Mar-23 at 16:54I found the issue. I'm running an Apache server on an AWS EC2 instance, and the path to the certificate that I specified inside of in my httpd.conf wasn't the path being used -- instead, the path specified as SSLCertificateFile inside of /etc/httpd/conf.d/ssl.conf was being used, which was set to be the certificate of the EC2 instance, not my certificate for my server. Everything is working now.
QUESTION
I'm facing a problem with an http request done in HTTP.java.
On desktop all works fine (that request is not performed because it's necessary only on Android).
In Android all works without that http request.
After that that http request is made, all others fail after timeout with UnknownHostException error, as if they no longer have access to the internet connection, even if it is active. Also after minutes and after the onResume all http requests fail. Although the app cannot get an http response, the AdMob ad appears in my App, so I think that probably the connection works (or does the AdMob library cache some ads and show them when needed?).
Often, in these cases sometimes it works again:
- uninstalling and reinstalling the App from Android Studio
- closing the App, waiting some minutes and reopening it
- clearing App data from the device
- waiting an undefined amount of time
❗ After several attempts I discovered that as soon as the problem occurs, almost every time, if I activate the airplane mode and then disable it, the data connection is deactivated and then reactivated, and the App can immediately execute all subsequent http requests without having to do anything else on your device and without even having to reopen the application.
- tested with wifi on a 1GB fibra network: same error
- I checked the connection: it is stable, in wifi and also with SIM
- in the manifest there is the permission for using internet (otherwise it would never have worked)
- at the same time, the same App on desktop works perfectly and at the best speed, receiving http responses in less than 1 second, so the server isn't the problem
- I tested also with the url https://www.google.it: same error, the same url is reachable in the device via browser in less than 1 second
- as in the line
.timeout(10000)I'm using a timeout of 10 seconds, the server has timeout set to 60 seconds - checked the server SSL "quality" at https://www.ssllabs.com/ssltest: got "A" in "Overall Rating"
- done the SIM "reboot" directly with a Vodafone operator
I'm testing on a real device with a flat 4G connection and with wifi, with "NetGuard - no-root firewall" VPN App installed.
This VPN works very well with all the other apps and probably mine too, but I can't rule out that it's the problem, although I hardly think it is (I use it since years without problems).
There is something wrong in my code? Or at least, how can I know the exact cause of this error?
Thanks.
AndroidLauncher.java:
...ANSWER
Answered 2021-Mar-02 at 03:51That error maybe relate to VPN connect, please close the application, off VNP if it was connected, re-connect to VPN and restart you application.
In all case, you must be connect the VPN before open the application.
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install ssltest
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page
