View TLS peerchain in Python 3
A quick hack based mainly on someone else’s work:https://github.com/jamespo/commandmisc/blob/master/scripts/peerchain
Archive of posts tagged ssl
Improving Apache Clustered Performance
Use Apache 2.4 (so if you use Centos / RHEL, use v7). This has lower memory requirements, stable Event MPM (see below) and far more functionality. If you terminate SSL at Apache, use a clustered cache to keep track of SSL sessions. Otherwise the SSL session establishment will have to be renegotiated every time you …
Openssl / gnutls & Emacs on Windows
If you want this to work (for example for https elisp repositories) I strongly recommend you use the version of Emacs that is bundled with Cygwin.
Cipherli.st – Strong Ciphers for Apache, nginx and Lighttpd
Cipherli.st – Strong Ciphers for Apache, nginx and Lighttpd.
Warn your clients before disabling SSLv3 on Apache for POODLE
With POODLE, everyone is hurrying to disable SSLv3 on their webservers. However some sites still have clients that for whatever reason have not updated from XP / IE6 (it’s only been out 13 years, what’s the rush?) Instead of immediately locking them out you might like to give them a few days warning with some …
Continue reading ‘Warn your clients before disabling SSLv3 on Apache for POODLE’ »
SHAAAAAAAAAAAAA | Do you have the latest SHA???
SHAAAAAAAAAAAAA | Do you have the latest SHA???. A great article on some reconfiguration you may need to do on your SSL certificates – have just resubmitted my certificate request and now have a SHA-256 hashed cert.
Move WordPress login page with Apache config
Here’s a way to move your wordpress login page from wp-login.php to (in this case) /blog/secret-login-page with Apache rules. Note this is akin to moving ssh from port 22, you should set up strong authentication, rename your admin user and possibly consider one of the wordpress security plugins before using this. # move WordPress login …
Continue reading ‘Move WordPress login page with Apache config’ »
Check your SSL certificate
Check your SSL certificate with the Qualys SSL Checker. Then fix the config with these hardening tips.
Fix “Internet Explorer cannot display the webpage” for Oracle Enterprise Manager
If you cannot view Oracle Enterprise Manager in IE, but can in other browsers, chances are you’ve hit the MS IE ssl keysize patch. A patch does exist for this (the problem is due to OEM using a 512 bit cert) but if you like you can frontend EM with Apache. Put this inside the …
Check webserver SSL key size
To check if an SSL certificate passes the MS 1024 bit minimum key length requirement (1024 bits), run this command: echo blah | openssl s_client -showcerts -connect amazon.co.uk:443 2> /dev/null | grep “Server public key”