Apple has defined stricter rules for TLS server certificates, starting from iOS 13 and macOS 10.15. All TLS server certificates must comply with these new security requirements in iOS 13 and macOS 10.15: TLS server certificates and issuing CAs using RSA keys must use key sizes greater than or equal to 2048 bits. Certificates using … Read more
On the official changelog page you provided, under Changes between 1.0.0h and 1.0.1 [14 Mar 2012] you can see Initial TLS v1.2 support. *) Add TLS v1.2 server support for client authentication. [Steve Henson] *) Add TLS v1.2 client side support for client authentication. Keep cache of handshake records longer as we don’t know the … Read more
Edit 2016-01-03: The renewed certificate for s3.amazonaws.com uses the SHA256 algorithm and complies with ATS requirements. Original answer: s3.amazonaws.com uses a SHA1 cerificate that does not meet ATS requirements, resulting in a hard failure. Per the App Transport Security Technote, ATS in iOS9 has the following requirements: The server must support at least Transport Layer … Read more
As @skelwa already commented you will need to add the enabledTLSProtocols=TLSv1.2 configuration property in the connection string to resolve your issue. A complete connection string for Connector/J could look like this: jdbc:mysql://<host>:<port>/<dbname>?enabledTLSProtocols=TLSv1.2 For r2dbc you will need to use tlsVersion=TLSv1.2 instead. For Connector/J v8.0.28 enabledTLSProtocols was renamed to tlsVersions (see note). However, the original name … Read more
Git hub has removed TLS-1.0 from it’s authentication services. https://githubengineering.com/crypto-removal-notice/ Solutions Windows Clients Use Version 2.14.3 (or newer) of Git for Windows and newer include an up-to-date Git Credential Manager for Windows: https://gitforwindows.org/ You can also explicitly update your Git Windows Credential Manager to the latest version, 1.14.0, to get TLS-1.2 support: https://github.com/Microsoft/Git-Credential-Manager-for-Windows/releases/tag/v1.14.0 Visual Studio … Read more
Is TLS 1.1/1.2 enabled by default in .NET 4.5 and .NET 4.5.1? No. The default protocols enabled for the various framework versions are: .NET Framework 4.5 and 4.5.1: SSLv3 and TLSv1 .NET Framework 4.5.2: SSLv3, TLSv1, and TLSv1.1 .NET Framework 4.6 and higher: TLSv1, TLSv1.1, and TLS1.2 Sources: [1] [2] [3] While Microsoft recommends against … Read more
If you turn on “CONNECTS” in Fiddler, you can see the TLS/SSL version in Inspectors -> TextView To turn on Connects, go to Rules in the menu bar and remove the check from “Hide CONNECTs” Note: Decrypt HTTPs traffic must be disabled Reference: Viewing HTTPS Handshakes in Fiddler
I’ve been using curl through a mitm proxy for pen-testing and getting the same issue. I finally figured that curl needs a parameter telling it not to check certificate revocation, so the command looks something like this: curl “https://www.example.com” –ssl-no-revoke -x 127.0.0.1:8081 The -x parameter passes the proxy details – you may not need this. … Read more
After a few hours of playing with the Oracle JDK 1.6, I was able to make it work without any code change. The magic is done by Bouncy Castle to handle SSL and allow JDK 1.6 to run with TLSv1.2 by default. In theory, it could also be applied to older Java versions with eventual … Read more
You can check using following commands. For TLS 1.2: openssl s_client -connect www.google.com:443 -tls1_2 For TLS 1.1: openssl s_client -connect www.google.com:443 -tls1_1 For TLS 1: openssl s_client -connect www.google.com:443 -tls1 If you get the certificate chain and the handshake then the TLS version is supported. If you don’t see the certificate chain, and something similar … Read more