Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

2 Questions about Burp Collaborator and using older SSL/TLS protocols

Jonathan | Last updated: Mar 09, 2023 05:15PM UTC

Hello, I was wondering if it is possible to enable older ssl/tls 1.0 & 1.1 on a private collaborator server? The company I work for sometimes tests clients using older infrastructure and we have run into issues in the past, where the clients being used to hit collaborator do not connect properly due to being restricted to the older protocols. In addition to that, would there be any implications to enabling the older protocols on Collaborator? Such as introducing vulnerabilities or anything that could be potentially dangerous?

Michelle, PortSwigger Agent | Last updated: Mar 10, 2023 01:26PM UTC

Hi To enable older SSL/TLS 1.0 & 1.1 on a private collaborator server you would need to use a private collaborator server. For the public collaborator server (oastify.com) the TLS is handled by Amazon. I hope this helps.

Jonathan | Last updated: Mar 10, 2023 02:39PM UTC

Hi Michelle... Can you please tell me how to enable them?

Jonathan | Last updated: Mar 13, 2023 03:05PM UTC

Bump

Michelle, PortSwigger Agent | Last updated: Mar 14, 2023 10:10AM UTC

Hi We've been checking through the options, and Java 9 had TLS 1.0 and 1.1 enabled by default which would mean you could use Burp 2022.3.8 to run a private collaborator in this scenario. I hope this helps. Please let me know if you have any further questions.

Jonathan | Last updated: Mar 27, 2023 07:51PM UTC

Hi Portswigger Team, I confirmed that with JRE 9 and Burp 2022.3.8 we can use TLS 1.0 and 1.1. I wanted to ask if you are aware of any vulnerabilities with this setup (besides TLS decryption) that we should be aware of?

Michelle, PortSwigger Agent | Last updated: Mar 28, 2023 02:12PM UTC