🥳 Multiple major releases today
• @small-tech/auto-encrypt v5.0.0 (https://codeberg.org/small-tech/auto-encrypt#readme)
• @small-tech/auto-encrypt-localhost v10.0.0 (https://codeberg.org/small-tech/auto-encrypt-localhost/#readme)
• @small-tech/https v6.0.0 (https://codeberg.org/small-tech/https/#readme)
These releases bring short-lived certificates, IP Address (IPv4 and IPv6) support, and ACME Renewal Information (ARI) support to Auto Encrypt and @small-tech/https, implement a consistent asynchronous API across all three packages, and include loads of little fixes and code quality improvements.
This brings us very close to getting Web Numbers¹ support implemented natively in Kitten².
OCSP support is removed from Auto Encrypt and Windows support is dropped from all three packages as Microsoft is complicit in Israel’s genocide of the Palestinian people³ and Small Technology Foundation⁴ stands in solidarity with the Boycott, Divestment, and Sanctions (BDS) movement. Furthermore, Windows is an ad-infested and surveillance-ridden dumpster fire of an operating system and, alongside supporting genocide, you are putting both yourself and others at risk by using it.
Enjoy!
💕
🇵🇸 To support families facing genocide in Gaza, consider donating to them via Gaza Verified: https://gaza-verified.org/donate/
¹ https://ar.al/2025/06/25/web-numbers/
² https://kitten.small-web.org/
³ https://www.bdsmovement.net/microsoft
⁴ https://small-tech.org/
#SmallWeb #SmallTech #AutoEncrypt #AutoEncryptLocalhost #https #TLS #NodeJS #web #dev #ACME #LetsEncrypt #WebNumbers #Kitten #BDS #Palestine #Gaza #FreePalestine
🥳 @small-tech/auto-encrypt-localhost version 9.0.1 released
Automatically provisions and installs locally-trusted TLS certificates for Node.js https servers (including Polka, Express.js, etc.) As used in Kitten¹
This is a housekeeping release:
• Add TypeScript type definitions.
• Improve code quality; fix all type warnings.
• Update dependencies and remove all npm vulnerability warnings.
Enjoy! 💕
¹ https://kitten.small-web.org
#SmallTech #SmallWeb #AutoEncryptLocalhost #TLS #web #dev #NodeJS #JavaScript #SmallTechnologyFoundation
🥳 @small-tech/syswide-cas v7.0.2 released
Enables Node.js to use custom Certificate Authorities (CAs) alongside the bundled root CAs.
https://codeberg.org/small-tech/syswide-cas#readme
• Drops legacy Node support
• Is now ESM
• Improved code quality
• Added TypeScript type information
Full change log: https://codeberg.org/small-tech/syswide-cas/src/branch/main/CHANGELOG.md
Enjoy!
💕
#SmallTech #releases #syswideCAs #TLS #NodeJS #CertificateAuthorities
🥳 Auto-Encrypt Localhost version 9.0.0 released
Bye bye, Windows.
• Windows is no longer supported as Microsoft is complicit in Israel’s genocide of the Palestinian people¹ and Small Technology Foundation² stands in solidarity with the Boycott, Divestment, and Sanctions (BDS) movement³). Windows is an ad-infested and surveillance-ridden dumpster fire of an operating system and, alongside supporting genocide, you are putting both yourself and others at risk by using it.
Enjoy!
💕
About Auto-Encrypt Localhost:
https://codeberg.org/small-tech/auto-encrypt-localhost#readme
Auto Encrypt Localhost is similar to the Go utility [mkcert](https://github.com/FiloSottile/mkcert/) but with the following important differences:
1. It’s written in pure JavaScript for Node.js.
2. It does not require certutil to be installed.
3. It uses a different technique to install its certificate authority in the system trust store of macOS.
4. It uses enterprise policies on all platforms to get Firefox to include its certificate authority from the system trust store.
5. In addition to its Command-Line Interface, it can be used programmatically to automatically handle local development certificate provisioning while creating your server.
Auto-Encrypt Localhost is licensed under AGPL version 3.0.
#AutoEncryptLocalhost #SmallTech #SmallWeb #localhost #TLS #SSL #certificates #web #security #dev #FOSS #israel #microsoft #BigTech #genocide #Palestine #StopIsrael #FreePalestine
¹ https://www.bdsmovement.net/microsoft
² https://small-tech.org/
³ https://www.bdsmovement.net/
We've enabled SASL2 and XEP-0474: SASL SCRAM Downgrade Protection on http://XMPP.is via https://github.com/unredacted/xmpp.is/commit/ed656a71d112b3a8eb3b54427c164f483cce4b54
This solves one of the most important issues mentioned in our blog post https://unredacted.org/blog/2023/11/what-were-doing-in-response-to-the-jabber-ru-mitm-attack/
Andrew Nesbitt
boosted
This week on #OpenSourceSecurity I chat with @djc and @ctz about #Rustls. A lot has happened with Rustls in the last few years (and there's a lot more to come). Writing a TLS implementation is incredibly complicated, even when you don't have to worry about memory safety
https://opensourcesecurity.io/2025/2025-12-rustls-dirkjan-joe/
This week on #OpenSourceSecurity I chat with @djc and @ctz about #Rustls. A lot has happened with Rustls in the last few years (and there's a lot more to come). Writing a TLS implementation is incredibly complicated, even when you don't have to worry about memory safety
https://opensourcesecurity.io/2025/2025-12-rustls-dirkjan-joe/
Just updated Node Pebble to support latest release version of Let’s Encrypt’s Pebble testing server.
https://codeberg.org/small-tech/node-pebble
Enjoy!
💕
#LetsEncrypt #Pebble #testing #tls #ssl #security #NodeJS #JavaScript
Esther Payne :bisexual_flag:
boosted
ICYMI:
**Globalsign certs issued on Monday 1st Dec 2025 will not be trusted on some clients because they incorrectly use 2027 CT logs.**
You can simply reissue them to resolve the problem.
ICYMI:
**Globalsign certs issued on Monday 1st Dec 2025 will not be trusted on some clients because they incorrectly use 2027 CT logs.**
You can simply reissue them to resolve the problem.
Michael Dexter
boosted
Looking at the fragility of the internet, there is one pillar that doesn't appear to be on anyone's radar. That is #letsencrypt .
Lets Encrypt just works so is clearly not front and center lately but with certificate lifecycle being reduce further and further over the coming years, it is probably not wise to bank on a single provider where an over-run of renewals could DDoS them into oblivion.
What other options are out there? #tlscertificate #tls
Looking at the fragility of the internet, there is one pillar that doesn't appear to be on anyone's radar. That is #letsencrypt .
Lets Encrypt just works so is clearly not front and center lately but with certificate lifecycle being reduce further and further over the coming years, it is probably not wise to bank on a single provider where an over-run of renewals could DDoS them into oblivion.
What other options are out there? #tlscertificate #tls
Well @chrysn@chaos.social, I really appreciate your good intentions and will to fight for users' #privacy.
But I was not talking about you or the few independent developers who still volunteer at #IETF these days.
I was talking about IETF effects on the Internet standards as a whole.
I'm afraid the impact of a few independent engineers is not going to balance the power of organized and well funded #BigTech lobbyists.
As an example, let's stay on topic and look at RFC 9001, "Using #TLS to Secure #QUIC".
All that is said about the impoved ability of the server to identify (and thus track) the user are in two lines about session resumption (emphasys mine):
Session resumption allows servers to link activity on the original connection with the resumed connection, which might be a privacy issue for clients. Clients can choose not to enable resumption to avoid creating this correlation.Now please notice the #hypocrisy: the wording is set up as if clients should opt-in, but it's pretty unlikely that users will be given a choice between a personal data leak at protocol level and an imperceptible increase in connection time, in particular with 0-RTT where " Endpoints cannot selectively disregard information that might alter the sending or processing of 0-RTT".
So while I'm pretty curious about @bagder@mastodon.social's perspective, I see that #Google managed to get a protocol designed to thwart user privacy and reduce its own server costs (even just the energy consumed during TLS hadshakes, amount to thousands dollars each day).
This way, if EU would decide to forbid tracking cookies at all, Google would get a competitive advantage over all other #AdsTech companies.
Now a properly working IETF would have rejected such shit, knowing that it would have been leveraged against people (and democracies) though #Chrome browsers and #Android defaults.
CC: @daniel@gultsch.social @lorenzo@snac.bobadin.icu
Stefano Marinelli
boosted
LibreSSL 4.1.2 and 4.2.1 released https://www.undeadly.org/cgi?action=article;sid=20251102090208 #openbsd #libressl #tls #ssl #security #networking #cryptography #crypto #realcrypto #libresoftware #freesoftware
LibreSSL 4.1.2 and 4.2.1 released https://www.undeadly.org/cgi?action=article;sid=20251102090208 #openbsd #libressl #tls #ssl #security #networking #cryptography #crypto #realcrypto #libresoftware #freesoftware
Stefano Marinelli
boosted
LibreSSL 4.1.1 and 4.0.1 released https://www.undeadly.org/cgi?action=article;sid=20251002054519 #openbsd #libressl #tls #https #cryptography #security #newrelease #development #freesoftware #libresoftware
LibreSSL 4.1.1 and 4.0.1 released https://www.undeadly.org/cgi?action=article;sid=20251002054519 #openbsd #libressl #tls #https #cryptography #security #newrelease #development #freesoftware #libresoftware