Collaborate Disseminate
My nginx backend server supports the following ciphers:
ssl_ciphers "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-… Continue reading Automatically check if a certificate matches specific ciphers
Basically, as the title says.
Neither keytool nor openssl allow that.
EDIT: apparently, pkcs12 doesn’t support that. So, use JKS, which you can easily create with keytool.
I am not a security expert, so please forgive me if the question is too obvious. We have been working with Blowfish to encrypt some of our files. We recently updated our very old OpenSSL version from 1.1.1 to 3.0.12 and we found out that B… Continue reading Why is Blowfish Cipher considered now "legacy" algorithm in OpenSSL?
My environment consists of 2 docker containers, one running Logstash and another running Elasticsearch on the SAME host & SAME docker network.
I am trying to setup SSL between the 2 of them (this is because Elasticsearch needs SSL and … Continue reading Connecting Logstash To Elasticsearch via SSL (Docker Container)
I was trying to encrypt and sign MIME data using openssl smime command.
I have below MIME data –
From:"=?ISO-8859-1?B?3M0SEg=?=" <abc@dcc.final>
Subject:=?ISO-8859-1?B?yNA==?=
=?ISO-8859-1?B?3IDE4?=
=?ISO-8859-1?B?OjE0?=
… Continue reading How to add MIME headers in encrypt and sign SMIME data using openssl smime command
It is not clear to me how the Common Name affects a certificate authority and the certificates that are ultimately created. For example, I have this simple script that creates some files for a certificate authority auto-generated/ca.* and… Continue reading Criteria for Common Name of Certificate Authority and how it affects SSL certificates
Let’s say I made a platform called the HelloWorld Platform. The HelloWorld Platform consists of one RaspberryPi that hosts PHP based REST API and one RaspberryPi that has temperature sensor that relays data to a self-hosted bash script w… Continue reading Creating SSL certificates that can work on any local area network?
I’ve been trying to read more about self-signed SSL certificates versus creating my own certificate authority to sign SSL certificates. I am still not completely clear on this.
I’ll start by explaining my use case: I have customers that … Continue reading Other benefits of creating my certificate authority aside from the firefox issue and centralized management of certificates?
I download its certificates. To do that, I used the openssl debug output of the command
openssl s_client -connect security.stackexchange.com:443 -servername security.stackexchange.com -showcerts -debug </dev/null 2>&1|tee out
The EU eIDAS Dashboard serves as a repository for trusted "trust providers" in accordance with the eIDAS regulation. The provider’s certificates are listed within the dashboard.
You can find an example here.
To retrieve the certi… Continue reading Help identify the tool generating certificate displays on the EU eIDAS Dashboard