• 11
name Punditsdkoslkdosdkoskdo

TLS server extension

We have an Ubuntu 12.04 server with Tomcat and Nginx webservers on it to serve two different portals. Tomcat is serving on 443 port and Nginx is serving on 8443 port. And this server got latest openssl and libssl.

When I run following command, Nginx port is listing out different TLS Server Extensions than Tomcat port!

openssl s_client -connect myserver.com:8443 -tlsextdebug 2>&1 | grep 'server extension'
  TLS server extension "renegotiation info" (id=65281), len=1
  TLS server extension "EC point formats" (id=11), len=4
  TLS server extension "session ticket" (id=35), len=0
  TLS server extension "heartbeat" (id=15), len=1

openssl s_client -connect myserver.com:443 -tlsextdebug 2>&1 | grep 'server extension'
  TLS server extension "renegotiation info" (id=65281), len=1

What is TLS server extension and why I see different list for my two services? Where can I configure them? And are they pose any security risks? I just started reading about TLS and googled for 'server extension' but couldn’t find any helpful information.


      • 1
    • Why isn't it expected that two different programs have different defaults? And you already had a look at the docs on how to configure the extensions? What is the result of this research?
      • 1
    • @sebix Thanks for response. I don't know anything about server extension concept. Don't know Who, where & how they are deciding which ones to use and configure. I stumbled into this While checking for heartbleed security bug. I see one is supporting heartbeat extension and another one is not! I just want to makesure these extensions are not old ones and causing any security gaps. If you have some good link about 'security extension', please point me to it. Thanks.
    • A reasonable good server software should give you the opportunity to set your own Options for OpenSSL or your TLS-Library. If your system is updated, there is no need to worried, Heartbleed got patched a year ago.

Warm tip !!!

This article is reproduced from Stack Exchange / Stack Overflow, please click

Trending Tags