I would like to update the configuration of OpenSSL 1.0.2 (specifically 1.0.2k-fips as found on AWS's Amazon Linux 2 AMIs), so that any client using OpenSSL refuses TLSv1.1, TLSv1, or anything lower that is not TLSv1.2. I have learned that…
Metadata Versions: Ubuntu focal MongoDB 5.0.14 mongod started with args: /usr/bin/mongod --bind_ip_all --replSet=mongodb --auth --tlsCAFile=/etc/mongodb/external-ca.crt --tlsCertificateKeyFile=/etc/mongodb/external-cert.pem --tlsMode=preferTLS --clusterAuthMode=x509 --tlsAllowInvalidCertificates --tlsClusterCAFile=/etc/mongodb/internal-ca.crt --tlsClusterFile=/etc/mongodb/internal-cert.pem Problem Problem: Cannot connect to replica set with TLS enabled via mongosh I have TLS enabled on a replica…
I am using below commands: openssl req -new -newkey -keyout example.key openssl dhparam -out example.pem I submit the csr (also generated by openssl not shown above) file to CA which reply with a text file named sighned certificate. This text…
This is a pre-implementation question. We have a working fabric(2.2) application with an org containing 2 peers, an intermediate CA with TLS enabled and are now planning to implement HSM to store org related private keys. I read from official…
I know that several people asked the same: How to solve the "tls_process_ske_dhe:dh key too small" error But I want to really understand why the only solution proposed is to lower the security protocols. Instead of that I would really…
I am trying to implement TLS 1.2 from Websphere Application Server v9.0.5.6 to Oracle 19c Database. Both the WAS and Oracle are on different Virtual Machines running on Centos 7. Used Websphere provided IBM Java 8 and Oracle provided ojdbc8.jar…
After installing mongodb on CentOS 7 I ran into an issue with openssl versions. Version installed on the system is 1.0.2k-fips whereas during mongod startup 1.0.1e-fips is printed. How exactly is this possible and is there any way to tell…
Summary: We need to re-enable old TLS 1.0 / TLS 1.1 on Apache on Ubuntu 20.04 to support old application. Background: We have recently upgraded from Ubuntu 18.04 to 20.04. One of our old Windows application has stopped working. We…
I would like to set up a basic 3-node Redis Sentinel setup using the new TLS features of Redis 6. Unfortunately, it doesn't seem like Redis 6 Sentinel is smart enough to speak TLS to clients. Does anyone know of…
My company had some dotNET code which has been talking to Twitter's API happily over the last three months, tweeting our news out. On 29th July it stopped working, and the POST request was hit with this error: An existing…