We talk about ECC all the time, but let’s be honest. It can all seem a little bit abstract, which is probably not helping its adoption-rate. The majority of the SSL/TLS certificates being issued today use RSA public key encryption. We know because we sell a lot of them. And as far as I can tell, a large part of that can be attributed to the fact that people still think that Elliptic Curve-based cryptosystems still aren’t widely supported by end users’ browsers and operating systems. Well, that’s not true. So today we’re going to talk a bit about the
et’s Encrypt is a new open source certificate authority that promises to provide free SSL certificates in a standardized, API accessible and non-commercial way. If you’ve installed SSL certificates in the past, you’re probably familiar with the process of signing up for a certificate with some paid for provider and then going through the manual process of swapping certificate requests and completed requests.
The below strong ciphers are copy/pastable for your Apache, NGINX, Lighttpd, haproxy, Postfix, Exim, ProFTPd, Dovecot, Hitch TLS Proxy, Zarafa, MySQL, DirectAdmin, PostgreSQL, OpenSSH Server/Client, Golang Server and UniFi Controller config mirrored directly from https://cipherli.st. They provide strong SSL security for all modern browsers, and you’ll obtain an A+ on the SSL Labs Test. In short, they: Set a strong Forward Secrecy enabled cipher suite Disable SSLv2 and SSLv3 Add HTTP Strict Transport Security and X-Frame-Deny headers Enable OCSP Stapling (except on Lighttpd, feature not supported yet) These examples are meant for sysadmins who have done this before (and sysadmins are
Vulnerability in SSL 3.0 Could Allow Information Disclosure The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the “POODLE” issue. The vulnerability, which is more formally known as CVE-2014-0160, allows an attacker to read up to 64 kilobytes of memory per attack on any connected client or server. Heartbleed got its name because it is a flaw in OpenSSL’s implementation of the Heartbeat Extension for the TLS and DTLS protocols (RFC 6520). The vulnerability, which is caused by poorly-written code, was discovered on the same day by Google and Codenomicon
After spending significant time Googling for an easy way to report IIS traffic on a per server basis and coming up empty handed I have decided to write my own Powershell script that will report web traffic server-wide, site-wide, chart images and automatically email it. The real magic behind it is Microsoft’s Log Parser. The query I have configured for mine is to count all the hits on aspx pages to give me the most accurate report. If you use anything else, you can add in an OR clause or replace aspx with whatever you need in the Log Parser lines: WHERE (cs-uri-stem LIKE