#Tag
LibreSSL 4.1.1 and 4.0.1 released https://www.undeadly.org/cgi?action=article;sid=20251002054519 #openbsd #libressl #tls #https #cryptography #security #newrelease #development #freesoftware #libresoftware
LibreSSL 4.1.1 and 4.0.1 released https://www.undeadly.org/cgi?action=article;sid=20251002054519 #openbsd #libressl #tls #https #cryptography #security #newrelease #development #freesoftware #libresoftware
Yesterday, 10 years ago, Let's Encrypt issued their first #TLS #certificate to the domain name helloworld.letsencrypt.org. Since then, they issued 7 billion certificates.
To quote Borat: "Great success!"
Congrats!
Yesterday, 10 years ago, Let's Encrypt issued their first #TLS #certificate to the domain name helloworld.letsencrypt.org. Since then, they issued 7 billion certificates.
To quote Borat: "Great success!"
Congrats!
Deux questions #TLS
J'ai créé une nouvelle PKI pour mon client mais Edge ne parvient pas à décoder le certificat Root ni l'intermédiaire alors que Firefox n'a aucun problème...
Error: unable to decode certificate
Des idées ?
Deux questions #TLS
J'ai créé une nouvelle PKI pour mon client mais Edge ne parvient pas à décoder le certificat Root ni l'intermédiaire alors que Firefox n'a aucun problème...
Error: unable to decode certificate
Des idées ?
https://github.com/nginx/nginx/pull/840
If you want to see ECH in nginx sooner rather than later, please jump in and review, give feedback, thumbs up, etc.
https://github.com/nginx/nginx/pull/840
If you want to see ECH in nginx sooner rather than later, please jump in and review, give feedback, thumbs up, etc.
Am I really the only one who uses 24hrs long living certificates which get automatically renewed and signed by an own CA via ACME?
#ssl #tls #dane #acme #certificate #certificateauthority #ca
Am I really the only one who uses 24hrs long living certificates which get automatically renewed and signed by an own CA via ACME?
#ssl #tls #dane #acme #certificate #certificateauthority #ca
People are more likely, not less, to smell something fishy if they see a random string of digits when they expect the name of a site they trust.
If this is the only argument against certificates for IP addresses, I think we’re good.
Experienced users like you and I know to hover over links, check certificate info, or inspect the address bar. But many users don’t do that — or worse, they click links without verifying anything. According to the Verizon DBIR and other phishing studies, this is still one of the top attack vectors today.
Also, I don’t think the article was arguing against IP certs outright — just highlighting that, like with any new capability, there's potential for abuse that the broader public (and infosec community) should be aware of.
Introducing Web Numbers
Domains? Where we’re going, we don’t need domains!
Get ready for an exciting new (old?) way to address (small) web sites in 2026.
https://ar.al/2025/06/25/web-numbers/
💕
(Thanks to @letsencrypt.)
#WebNumbers #SmallWeb#domainNames #IPAddresses#TLS#HTTPS#LetsEncrypt #web #decentralisation#SmallTech
Introducing Web Numbers
Domains? Where we’re going, we don’t need domains!
Get ready for an exciting new (old?) way to address (small) web sites in 2026.
https://ar.al/2025/06/25/web-numbers/
💕
(Thanks to @letsencrypt.)
#WebNumbers #SmallWeb#domainNames #IPAddresses#TLS#HTTPS#LetsEncrypt #web #decentralisation#SmallTech
For two days straight, I just can't reproduce #swad #crashing with *anything* in place (#clang #sanitizer instrumentation, attached #debugger like #lldb) that could give me the slightest hint what's going wrong. 😡
But it *does* crash when "unobserved". And it looks like this is happening a lot sooner (or, more often?) when using #LibreSSL ... but I also suspect this could be a red herring in the end.
Situation reminds me of my physics teacher back at school, who used to say something in german I just can't ever forget:
"Wer misst, misst Mist."
Feeble attempt in english would be "the one who measures measures crap", it was his humorous way to bring one consequence of #Heisenberg's indeterminacy principle to the point. And indeed, #debugging computer programs always suffers from similar problems...
Oh boy, I have a lead! And it's NOT related to #TLS. I finally noticed another pattern: #swad only #crashed when running as a #daemon. The daemonizing wasn't the problem, but the default logging configuration attached to it: "fake async", by letting a #threadpool job do the logging.
Forcing THAT even when running in foreground, I can finally reproduce a crash. And I wouldn't be surprised if that was actually the reason for crashing "pretty quickly" with #LibreSSL (and only rarely with #OpenSSL), I mean, something going rogue in your address space can have the weirdest effects.
A recent research has exposed more than 40 * 10³ IoT cameras happily showing their feed and location to anyone who can browse and use search engines specialized in the indexing of the misconfigured devices.
More than 14 * 10³ are localised in the USA.
Read more here.
Note:
I know that there are more than a million of these cameras world wide misconfigured an open on just port 80 http not even TLS 443, with admin / admin as credentials 🪪
https://www.theregister.com/2025/06/10/40000_iot_cameras_exposed/
#Infosec #nightmare #not #news#IoT #cameras #security #misconfigured #streaming#TLS#HTTP
A space for Bonfire maintainers and contributors to communicate
