STUpidity and other STUff
After updating to PHP 7.4.10, I’m getting the dreaded “pear.php.net is using a unsupported protocol – This should never happen. upgrade failed.” error message when running pecl upgrade. After a bit of searching, I found a post that suggests the command pear update would help. When I tried this, I got, “pear/pear dependency package “pear/Archive_Tar” … Read more
As often happens, when I bitch and whine about something, I’m bloody wrong! I was wrong about being unable to use Let’s Encrypt. No, the folks at EFF didn’t fix anything. It turns out that my hosting provider, A2Hosting took care of it for me, before I asked!! Yay A2Hosting! I took another look through … Read more
I’m still fighting with Let’s Encrypt. Like a Mac, it’s so easy to use, I can’t figure it out! UPDATE: A2 Hosting had the answer the entire time! Oops! Here’s an outline of my latest failure: README.md says: python sign_csr.py –public-key user.pub domain.csr > signed.crt I used: python ~/tmp/test/letsencrypt-nosudo-master/sign_csr.py –file-based –public-key domain-redacted.pub domain-redacted.csr > domain-redacted.crt … Read more
About a year ago, the Internet Security Research Group (ISRG) launched an effort now called Let’s Encrypt to provide free (no cost) SSL certificates for web servers. The EFF (and perhaps others) have launched a set of tools known as certbot that aim to make getting and installing SSL certificates painless. My experience getting and … Read more
It seems Google has declared SHA-1 encryption insecure. Chrome now complains about sites using this protocol for secure (https) connections. From what I understand, certificates and servers should be upgraded before 2016 in order to be viewable by Chrome users. Once again, I turned to Qualys SSL Labs for help. Their SSL Server Test is … Read more
Yes, yet another Frank Zappa reference for an SSL issue! Woohoo! I really don’t see that the recently disclosed FREAK bug is easily expoitable. It seems to me that a man-in-the-middle attack would be rather difficult to execute. My thought is that the attacker would need to control either DNS or routing, or be on … Read more
Just yesterday, my supervisor forwarded me an email about the SSLv3 POODLE attack, and asked me if our servers were secured against this issue. I was forced to admit that I had never heard of POODLE, but that I’d do some research and get back to her. I Googled around a bit and found a … Read more