STUpidity and other STUff
As often happens, when I bitch and whine about something, I’m bloody wrong! I was wrong about being unable to use Let’s Encrypt. No, the folks at EFF didn’t fix anything. It turns out that my hosting provider, A2Hosting took care of it for me, before I asked!! Yay A2Hosting! I took another look through … Read moreI Was Wrong (again): Let’s Encrypt Works For Me, Thanks to A2Hosting!
I’m still fighting with Let’s Encrypt. Like a Mac, it’s so easy to use, I can’t figure it out! UPDATE: A2 Hosting had the answer the entire time! Oops! Here’s an outline of my latest failure: README.md says: python sign_csr.py –public-key user.pub domain.csr > signed.crt I used: python ~/tmp/test/letsencrypt-nosudo-master/sign_csr.py –file-based –public-key domain-redacted.pub domain-redacted.csr > domain-redacted.crt … Read moreStill Fighting (and Failing) with Let’s Encrypt
About a year ago, the Internet Security Research Group (ISRG) launched an effort now called Let’s Encrypt to provide free (no cost) SSL certificates for web servers. The EFF (and perhaps others) have launched a set of tools known as certbot that aim to make getting and installing SSL certificates painless. My experience getting and … Read moreLet’s Encrypt Sounds Good, But I Found its Easier Way to be Impossible
It seems Google has declared SHA-1 encryption insecure. Chrome now complains about sites using this protocol for secure (https) connections. From what I understand, certificates and servers should be upgraded before 2016 in order to be viewable by Chrome users. Once again, I turned to Qualys SSL Labs for help. Their SSL Server Test is … Read moreGetting Ready for 2016: SHA-2 (SHA256) Certificates and Apache
Yes, yet another Frank Zappa reference for an SSL issue! Woohoo! I really don’t see that the recently disclosed FREAK bug is easily expoitable. It seems to me that a man-in-the-middle attack would be rather difficult to execute. My thought is that the attacker would need to control either DNS or routing, or be on … Read moreDon’t FREAK OUT!
Just yesterday, my supervisor forwarded me an email about the SSLv3 POODLE attack, and asked me if our servers were secured against this issue. I was forced to admit that I had never heard of POODLE, but that I’d do some research and get back to her. I Googled around a bit and found a … Read moreThe POODLE bytes: Taming the Dog