current community

your communities

more stack exchange communities

company blog
Stack Exchange Inbox Reputation and Badges
tour help

Tagged Questions

An alternative implementation of SSL and TLS protocols to OpenSSL, that additionally supports PKCS #11, and S/MIME.

learn more… | top users | synonyms

1
vote
0answers
70 views

Reinstaling NSS library on CentOS (Amazon AMI)

I had a problem during updating of the packages on CentOS AMI from Amazon (S3). I got a bunch of duplicated packages. Among them: nss-softokn-freebl-3.16.2.3-14.2.38.amzn1.x86_64 is a duplicate with ...
18
votes
3answers
815 views

Untrusting an intermediate CA in Linux?

From this blog. Intermediate CAs are certificates signed by a root CA that can sign arbitrary certificates for any websites. They are just as powerful as root CAs, but there's no full list of ...
0
votes
0answers
636 views

cURL doesn't connect to HTTPS while wget does (NSS error -12286)

I'm getting error NSS error -12286 while downloading a file from HTTPS using curl. I can download the same file without issues using wget so I can exclude any firewall or blacklist issues. Already ...
1
vote
0answers
168 views

Handshake failed in Pidgin

I am trying to connect to our in-house XMPP server using piding in Arch Linux, but I always get SSL Handshake Failed error in Pidgin. These are the error lines I get when running pidgin -d: (10:52:...
3
votes
0answers
138 views

Linux Authentication Flow (NSS -> PAM -> AD)

I am a new system administrator at an organization looking to understand the process flow of authentication in regards to how NSS, PAM and WINBIND work together. We've been having winbind related ...
1
vote
0answers
34 views

Why does nss on Linux not fallback to unicast dns by default? [closed]

The default configuration for hosts in /etc/nsswitch.conf on Linux typically reads: hosts: files mdns4_minimal [NOTFOUND=return] dns myhostname This breaks on misconfigured networks that use ...
2
votes
0answers
133 views

Adding nssdb certificate from an install script

I am trying to write an script (postinst for a .deb package) that will install a secure websockets (wss:) application and a certificate that allows access from the Chrome browser. The developer has ...
3
votes
2answers
5k views

How to convert ssl ciphers to curl format?

The official ssl docs list ciphers in a different format than curl takes. For instance, if I want curl to use the cipher TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, I have to pass it curl --ciphers ...