Still some work to do for some of my sites:
–jeroen
[WayBack]Â Helft homepaginas van Nederlandse overheidswebsites gebruikt geen https – IT Pro – Nieuws – Tweakers
Archive for the ‘TLS’ Category
Helft homepaginas van Nederlandse overheidswebsites gebruikt geen https – IT Pro – Nieuws – Tweakers
Posted by jpluimers on 2017/12/15
Posted in Communications Development, Development, Encryption, https, Internet protocol suite, Power User, Security, TLS | Leave a Comment »
Sending various HTTP request kinds using curl
Posted by jpluimers on 2017/07/25
I’ve been using cURL but always had a feeling not to its potential basically because the cURL man page [WayBack] is both massive and lacks concrete useful practical examples.
For instance, I knew about the --header and --verbose options (I always use verbose names even though shorter -H and -v exist) to pass a specific header and get verbose output, but the man page basic examples like this by Tader:
curl --header --verbose "X-MyHeader: 123" www.google.comsource: How to send a header using a HTTP request through a curl call? – Stack Overflow [WayBack]
There are some more examples at bropages.org/curl but they’re hardly organised or documented.
So I was really glad I found the below answer [WayBack] by Amith Koujalgi to web services – HTTP POST and GET using cURL in Linux – Stack Overflow.
But first note that recent versions (around 7.22 or higher) of cURL now need to combine the --silent and --show-error (or in short -sS) parameters to suppress progress but show errors: linux – How do I get cURL to not show the progress bar? – Stack Overflow [WayBack]
Back to the examples
Share this:
Posted in *nix, Communications Development, cURL, Delphi, Development, HTTP, https, Internet protocol suite, JavaScript/ECMAScript, JSON, Power User, REST, Scripting, Security, Software Development, TCP, TLS, XML, XML/XSD | 1 Comment »
Getting A or better grading on SSL Labs HTTPS tests
Posted by jpluimers on 2016/12/30
Now that everyone has had enough time to get proper TLS certificates using for instance LetsEncrypt, it’s time to up the ante: score better than an A on the SSL Labs tests from either their main site or dev site:
Here are some links to get there:
- HOWTO: A+ with all 100%’s on SSL Labs test using apache2.4 (READ WARNINGS) – Server – Let’s Encrypt Community Support
- Getting an A+ on Qualy’s SSL Labs Tester
- How to achieve an A+ rating? | Qualys Community
- HTTP Strict Transport Security – Wikipedia, the free encyclopedia
- Turn it up to 100: A+ on Qualys SSL Labs Test | Litespeed.io
- SSL Server Test: kelunik.com (Powered by Qualys SSL Labs)
- Apache 2.4 SSL config for A+ on SSLLabs.com
–jeroen
Share this:
Posted in *nix, Apache2, Communications Development, Development, Encryption, Internet protocol suite, Let's Encrypt (letsencrypt/certbot), Power User, Security, TCP, TLS | Leave a Comment »
Differences between SFTP and “FTP over SSH” – Stack Overflow
Posted by jpluimers on 2016/10/13
As I will likely have to secure some external FTP sessions soon and the endpoints the current FTP connects to are vague in what they support:
Here is the difference:
- SFTP (SSH file transfer protocol) is a protocol that provides file transfer and manipulation capabilities. It can work over any reliable data stream, but is typically used with SSH
- “FTP over SSH” uses the regular old FTP protocol, but an SSH tunnel is placed between client and server.
…
- FTP over SSL (FTPS), which is supported by .NET. (See http://msdn.microsoft.com/en-us/library/system.net.ftpwebrequest.enablessl.aspx.)
Source: Kristopher Johnson answering in c# – Differences between SFTP and “FTP over SSH” – Stack Overflow
–jeroen
Share this:
Posted in Communications Development, Development, Internet protocol suite, Software Development, SSH, TCP, TLS | Leave a Comment »
Hacking Team had more and more need for SSL MITM
Posted by jpluimers on 2015/07/07
Interesting reads:
- https://ht.transparencytoolkit.org/rcs-dev%5cshare/HOME/Naga/httpX/Presentation.pptx
- Hacking Team Breach Shows a Global Spying Firm Run Amok | WIRED.
- “Hacking Team Transparency Report” could sign Windows Kernel Drivers.
–jeroen
Share this:
Posted in Communications Development, Development, https, Internet protocol suite, LifeHacker, Power User, Security, TCP, TLS | Leave a Comment »
Time to upgrade: SHAAAAAAAAAAAAA | Check your site for weak SHA-1 certificates.
Posted by jpluimers on 2015/06/01
They days of SHA-1 are quickly coming to an end. Chrome has already marked SHA-1 signed TLS/SSL certificates for having an expiration > 2015-12-31 as insecure for a few weeks now. They promised to sunset SHA-1 about 9 months ago.
So if you haven’t done so, upgrade your HTTPS (and HTTP/2 which defaults to TLS) certificates to SHA-2. A great site of help here is SHAAAAAAAAAAAAA | Check your site for weak SHA-1 certificates. It is open source at GitHub.
You’ve less than 6 months now.
More in dept-reading (especially the comments by Ryan Sleevi): Chrome 42 (next stable) will mark SHA-1 signed certs with a validation date >2015 as insecure!.
–jeroen
PS: if you really need to do the balancing act, you technically can serve old certificates to SHA-2 incompatible clients while serving more secure certificates to modern clients. But it’s a risk, so you might as well tell these old clients they’re out.
Share this:
Posted in https, Power User, Public Key Cryptography, Security, TLS | Leave a Comment »
Time for a new “-goto cleanup;+goto fail;” T-Shirt; The Story of the GnuTLS Bug (via: existential type crisis)
Posted by jpluimers on 2014/03/05
A new *n*x bug got discovered in TLS certificate handling that is similar to the recently discovered iOS and OS X “goto fail” security issue.
This time the fix is performing a few replacements linke this:
-goto cleanup;
+goto fail;
Plus one addition:
+fail: // ADDED
+ result = 0;
Applications depending on GnuTLS are affected (there are other libraries providing TLS like OpenSSL), which are many.
Two must-do things:
- Closely watch the Linux, BDS, other *n*x and application security updates, as exploits will be available soon
- Read via: existential type crisis : The Story of the GnuTLS Bug as it explains the bug, tracks down the cause, and talks about “lessons to learn”.
I’m with Jan Wildeboer here and updates should get in very soon: Read the rest of this entry »
Share this:
Posted in Communications Development, Development, Internet protocol suite, Power User, Security, TCP, TLS | Tagged: GnuTLS, goto cleanup, TLS | Leave a Comment »
The Wiert Corner - irregular stream of stuff 