tls   5886

« earlier    

The Problem with OCSP Stapling and Must Staple and why Certificate Revocation is still broken - Hanno's blog
Certificates can be revoked. That means that for some reason the certificate should no longer be used. A typical scenario is when a certificate owner learns that his servers have been hacked and his private keys stolen. In this case it’s good to avoid that the stolen keys and their corresponding certificates can still be used. Therefore a TLS client like a browser should check that a certificate provided by a server is not revoked.

That’s the theory at least. However the history of ...
CRL  OCSP  let's-encrypt  TLS  https  vulnerability  author:Hanno_Böck 
3 days ago by Psook
Using TLS to protect data
How to configure the services that must be able to receive incoming connections from unknown clients or services.


refrr:https://www.ncsc.gov.uk/guidance/approaching-enterprise-technology-cyber-security-mind
How to configure the services that must be able to receive incoming connections from unknown clients or services.


refrr:https://www.ncsc.gov.uk/guidance/approaching-enterprise-technology-cyber-security-mind
security  bestpractices  styleguide  devops  tls  https 
4 days ago by michaelfox
Display Certificate Stores
"If you are an administrator and want to add non-Microsoft CA certificates to [Trusted Root Certification Authorities] for all computers in an Active Directory domain, you can use Group Policy to distribute trusted root certificates to your organization."
pki  windows  security  tls  work  sysadmin  microsoft  reference 
5 days ago by kr4d
List of Client Implementations
Here's an incomplete list of ACME clients and libraries we're aware of. We will edit this list periodically to link to others as we learn of them. Recommended Client Let's Encrypt recommends the certbot client. Othe…


refrr:https://community.letsencrypt.org/t/aws-announces-certificate-manager-similar-to-le/9289/15
Here's an incomplete list of ACME clients and libraries we're aware of. We will edit this list periodically to link to others as we learn of them. Recommended Client Let's Encrypt recommends the certbot client. Othe…


refrr:https://community.letsencrypt.org/t/aws-announces-certificate-manager-similar-to-le/9289/15
devops  letsencrypt  ssl  tls  https  encryption  cli  shell  tools  automation  cert 
8 days ago by michaelfox
Legacy TLS cipher support in Firefox - PacketLife.net
If you're not able to work around this restriction by using plain HTTP or by connecting via an alternate interface (e.g. SSH), Firefox does allow you to manually enter an exception to cipher validation. Open a new tab and navigate to about:config. (Acknowledge the warning if one is presented.) Search for "security.tls" and double-click the setting named security.tls.insecure_fallback_hosts.
Firefox  SSL  TLS  cipher  certificate  security 
13 days ago by coffeebucket

« earlier    

related tags

1974  2000  2017  adv  advice  akamai  algorithms  apache  apple  argument  arp  art  authentication  author:hanno_böck  automation  aws  belgium  best-practices  bestpractices  book  book_reviews  bootstrap  browser  browsers  ca  caa  cbk4  cdn  cert  certbot  certificate  certificate_transparency  certificates  checker  cipher-suite  cipher  ciphersuites  cissp  civil_service  cli  cloudflare  cname  config  configuration  crl  crypto  cryptography  customer  data  deployment  development  devops  diffie-hellman  digitalocean  dns  docker  dzone  ebook  edge  eid  elb  emacs  encryption  exhibition  express  fastspring  filetype:pdf  firefox  free  gay  generator  github  github_gist  golang  google  haproxy  hpkp  hsts  http  http2  https  iis  infosec  int  interceptor  interrupt  interview  interviews  ios  key  kubernetes  leak  let's-encrypt  lets-encrypt  lets_encrypt  letsencrypt  lissu  list  loadbalancing  logging  ma.ttias.be  magufuli  makonda  mattiasgeniar  metrics  michelangelo  microsoft  mozilla  must-staple  national_gallery  networking  nginx  node.js  npm  ocsp  okhttp  openssl  operations  oxford  painting  paper  pentest  performance  pki  politics  postgresql  privacy  programming  proxy  question  questions  read  reason  reference  resume  review  rfc  scanner  scripting  sculpture  se  search  sebastiano_del_piombo  security  selfsigned  server  session  sha-1  shell  shoes  shops  skype-for-business  so  solution  ssh  ssl  stack  stackoverflow  stats  styleguide  sysadmin  tanzania  tate  tate_britain  test-suite  testing  ticket  tls1.3  todo  tomcat  tool  tools  turorial  ubuntu  venice  vpn  vulnerability  vulnerability_testing  web  web_security  webdev  why  windows  work  x509 

Copy this bookmark:



description:


tags: