Stefano Marinelli
boosted
LibreSSL 4.1.1 and 4.0.1 released https://www.undeadly.org/cgi?action=article;sid=20251002054519 #openbsd #libressl #tls #https #cryptography #security #newrelease #development #freesoftware #libresoftware
LibreSSL 4.1.1 and 4.0.1 released https://www.undeadly.org/cgi?action=article;sid=20251002054519 #openbsd #libressl #tls #https #cryptography #security #newrelease #development #freesoftware #libresoftware
Alan Zimmerman
and 3 others
boosted
Yesterday, 10 years ago, Let's Encrypt issued their first #TLS #certificate to the domain name helloworld.letsencrypt.org. Since then, they issued 7 billion certificates.
To quote Borat: "Great success!"
Congrats!
Yesterday, 10 years ago, Let's Encrypt issued their first #TLS #certificate to the domain name helloworld.letsencrypt.org. Since then, they issued 7 billion certificates.
To quote Borat: "Great success!"
Congrats!
Joachim
boosted
Deux questions #TLS
J'ai créé une nouvelle PKI pour mon client mais Edge ne parvient pas à décoder le certificat Root ni l'intermédiaire alors que Firefox n'a aucun problème...
Error: unable to decode certificate
Des idées ?
Deux questions #TLS
J'ai créé une nouvelle PKI pour mon client mais Edge ne parvient pas à décoder le certificat Root ni l'intermédiaire alors que Firefox n'a aucun problème...
Error: unable to decode certificate
Des idées ?
F-Droid
boosted
#DEfO has completed #ECH implementation for #nginx and there is a pull request:
https://github.com/nginx/nginx/pull/840
If you want to see ECH in nginx sooner rather than later, please jump in and review, give feedback, thumbs up, etc.
#DEfO has completed #ECH implementation for #nginx and there is a pull request:
https://github.com/nginx/nginx/pull/840
If you want to see ECH in nginx sooner rather than later, please jump in and review, give feedback, thumbs up, etc.
Stefano Marinelli
boosted
Am I really the only one who uses 24hrs long living certificates which get automatically renewed and signed by an own CA via ACME?
#ssl #tls #dane #acme #certificate #certificateauthority #ca
Am I really the only one who uses 24hrs long living certificates which get automatically renewed and signed by an own CA via ACME?
#ssl #tls #dane #acme #certificate #certificateauthority #ca
@beardedtechguy So “people would notice a link to mybank.com going to hahapwned.com but not to 89.72.4.2?”
People are more likely, not less, to smell something fishy if they see a random string of digits when they expect the name of a site they trust.
If this is the only argument against certificates for IP addresses, I think we’re good.
@aral Great point — and I agree that most users would be suspicious if they saw an IP address like 89.72.4.2 instead of a familiar domain like mybank.com. The concern raised in the article, though, was more about scenarios where users don’t see the link clearly — such as in emails, PDFs, or messaging apps where URLs may be masked behind anchor text or shortened links. For example, a phishing email might show a link that says “View Invoice” but actually points to https://203.0.113.10/login.
Experienced users like you and I know to hover over links, check certificate info, or inspect the address bar. But many users don’t do that — or worse, they click links without verifying anything. According to the Verizon DBIR and other phishing studies, this is still one of the top attack vectors today.
Also, I don’t think the article was arguing against IP certs outright — just highlighting that, like with any new capability, there's potential for abuse that the broader public (and infosec community) should be aware of.
Your spooky 'net denizen
and 2 others
boosted
Introducing Web Numbers
Domains? Where we’re going, we don’t need domains!
Get ready for an exciting new (old?) way to address (small) web sites in 2026.
https://ar.al/2025/06/25/web-numbers/
💕
(Thanks to @letsencrypt.)
#WebNumbers #SmallWeb#domainNames #IPAddresses#TLS#HTTPS#LetsEncrypt #web #decentralisation#SmallTech
Introducing Web Numbers
Domains? Where we’re going, we don’t need domains!
Get ready for an exciting new (old?) way to address (small) web sites in 2026.
https://ar.al/2025/06/25/web-numbers/
💕
(Thanks to @letsencrypt.)
#WebNumbers #SmallWeb#domainNames #IPAddresses#TLS#HTTPS#LetsEncrypt #web #decentralisation#SmallTech
For two days straight, I just can't reproduce #swad #crashing with *anything* in place (#clang #sanitizer instrumentation, attached #debugger like #lldb) that could give me the slightest hint what's going wrong. 😡
But it *does* crash when "unobserved". And it looks like this is happening a lot sooner (or, more often?) when using #LibreSSL ... but I also suspect this could be a red herring in the end.
Situation reminds me of my physics teacher back at school, who used to say something in german I just can't ever forget:
"Wer misst, misst Mist."
Feeble attempt in english would be "the one who measures measures crap", it was his humorous way to bring one consequence of #Heisenberg's indeterminacy principle to the point. And indeed, #debugging computer programs always suffers from similar problems...
Oh boy, I have a lead! And it's NOT related to #TLS. I finally noticed another pattern: #swad only #crashed when running as a #daemon. The daemonizing wasn't the problem, but the default logging configuration attached to it: "fake async", by letting a #threadpool job do the logging.
Forcing THAT even when running in foreground, I can finally reproduce a crash. And I wouldn't be surprised if that was actually the reason for crashing "pretty quickly" with #LibreSSL (and only rarely with #OpenSSL), I mean, something going rogue in your address space can have the weirdest effects.