In a world that is now gradually adopting HTTP/3 (which, as you know, is implemented over QUIC), the problem with the missing API for QUIC is still a key problem. There are a number of existing QUIC library implementation now since a few years back, and they are slowly maturing. The QUIC protocol became RFC … Continue reading The QUIC API OpenSSL will not provide →| daniel.haxx.se
OpenSSL 3.6 is now available for public testing with an alpha version adding support for LMS signature verification support and other changes. Here's what to expect! The post OpenSSL 3.6 Promises LMS Signature Verification Support, Alpha Out Now appeared first on 9to5Linux - do not reproduce this article without permission. This RSS feed is intended for readers, not scrapers.| 9to5Linux
curl added support for OpenSSL immediately when it was first released, as they switched away from SSLeay, in the late 1990s. We have since supported it over the decades as both OpenSSL and curl have developed. A while back the OpenSSL project stopped updating their 1.0.x and 1.1.x public branches. This means that unless you … Continue reading Dropping old OpenSSL→| daniel.haxx.se
curl supports getting built with eleven different TLS libraries. Six of these libraries are OpenSSL or forks of OpenSSL. Allow me to give you a glimpse of their differences, similarities and some insights into what it takes to support them all. SSLeay It all started with SSLeay. This was the first SSL library I found … Continue reading A family of forks →| daniel.haxx.se
Today I imported posts I’d written for the Stack Overflow blog onto my blog. Most of them are end-of-year review posts so I’ve been thinking about how that job changed from how it started.1 By the time I left Stack Overflow, it was clear the company had experienced mission creep and “[helping] coders help each other become better coders by sharing their knowledge with one another” was no longer the top priority. In the new year I will start work at OpenSSL, which has a very clear miss...| Jon Quixote
How to query an OCSP responder to check the validity of a certificate?| Relentless Coding
An OpenSSL cheat sheet for creating RSA private keys, public keys, and certificates for use with RSASSA-PKCS1-v1_5 and RSASSA-PSS.| Scott Brady
An OpenSSL cheat sheet for creating EC private keys, public keys, and certificates for use with ECDSA.| Scott Brady
During my first week at OpenSSL, I’ve been learning more about the organizational structure. A question has gnawed at me since I first learned about the job: Why was the Foundation split off from the Corporation? I can read about the decision, but as an outsider I don’t really have the background needed to truly understand how OpenSSL got here.| Jon Quixote
An abbreviated timeline of the last year of my life:| Jon Quixote
The openssl utility can be used to show the details of a certificate, including its ‘Not After’ expiration date in string format. This can be transformed into “how many days till expiration” with a bit of Bash date math. Create test certificate and key Using a line provided by Diego Woitasen for non-interactive self-signed certification ... Bash: calculating number of days till certificate expiration using openssl| Fabian Lee : Software Engineer
I am revamping my XMPP server and I’ve written down notes on how to set up certificates to enable TLS. I will run Debian Jessie with JabberD 2.x, using the recent jabberd2 jessie-backport. The choice of server software is not Continue reading Certificates for XMPP/Jabber→| Simon Josefsson's blog
Escrito por Daniel Olivares Introducción Continuando nuestra serie de artículos para mejorar la seguridad de nuestras PYMES y Hogar, hoy presentamos la quinta parte: “Securizando tu red: Instalació…| FINSIN
| The Grumpy Troll: The Grumpy Troll
| The Grumpy Troll: The Grumpy Troll
| The Grumpy Troll: The Grumpy Troll
ECDSA SSH redux: server key compromise attack may exist| The Grumpy Troll
OpenSSL| Boxes Of Tat
After reading the Wired story last week about Zachary Harris discovering a widespread vulnerability related to the use of weak cryptographic DKIM keys (less than 1024 bits) by companies like Google, eBay, Yahoo, Twitter and PayPal, and the subsequent CERT warning (VU#268267), I decided to write a quick tool to check DKIM TXT records and … Continue reading Verifying a DKIM TXT Record and Key Length The post Verifying a DKIM TXT Record and Key Length appeared first on protodave.| protodave
Post describes additional steps that needs to be taken while generating a self signed certificates for docker private registry.| Random Ramblings
So a while back I read a blog post about using OpenSSL engines on Windows as part of a local privesc exploit against a certain VPN client. This got me thinking. If every time the OpenSSL library is…| Darren Martyn
Security basics with GPG, OpenSSH, OpenSSL and Keybase| www.integralist.co.uk