These are public posts tagged with #tls. You can interact with them if you have an account anywhere in the fediverse.
Берём анализы на болезни TLS у Гемотеста
17 июля я сдал анализы крови в компании Гемотест. Спустя полтора дня мне пришёл email с результатами на адрес, который я указал перед сдачей. К счастью, с анализами было всё хорошо: у меня нет ВИЧ, гепатита B, гепатита C, сифилиса, ура! PDF с анализами было заверено приложенной электронной подписью с инструкцией по проверке. Было внутри даже такое: УВЕДОМЛЕНИЕ О КОНФИДЕНЦИАЛЬНОСТИ: Это электронное сообщение и любые документы, приложенные к нему, содержат конфиденциальную информацию. Настоящим уведомляем Вас о том, что если это сообщение не предназначено Вам, использование, копирование, распространение информации, содержащейся в настоящем сообщении, а также осуществление любых действий на основе этой информации, строго запрещено. Если Вы получили это сообщение по ошибке, пожалуйста, сообщите об этом отправителю по электронной почте и удалите это сообщение. А потом ещё и то же самое на английском. Ну кайф. Вроде всё хорошо, можно не волноваться. Но одна вещь всё-таки лишила меня покоя. Замочек. Красный. Перечёркнутый.
https://habr.com/ru/articles/931246/
#tls #гемотест #шифрование #smtp #персональные_данные #медицина #сертификаты #ssl #почтовый_сервер #email
17 июля я сдал анализы крови в компании Гемотест. Спустя…
ХабрHallo ich bin #neuhier und melde mich, weil etwas teilen möchte.
Als alter ITler möchte ich ein Skript teilen, dass dem (Home-)Admin das Leben erleichert, wenn wieder mal ein "curl" oder "wget" bei der Verifizierung eines Zertifikats (#SSL / #TLS) scheitert.
Das kommt nicht so oft vor, deswegen hatte ich immer vergessen was zu tun ist, wenn es mal wieder so weit war.
Das Script prüft welche Zertifikate fehlen, lädt sie herunter, so dass man sie ggf. in die Liste der CAs (certification authorities) aufnehmen kann. Wie das geht, steht in meiner dazugehörigen Doku.
Vielleicht einfach mal sehen, ob ihr es brauchen könnt.
Natürlich #opensource, beschrieben auf https://github.com/himbeer-toni/UserScripts/blob/main/fetch-missing-ca.md, da wäre dann auch ein Downloadlink.
Würde mich freuen, wenn es jemandem hilft!
#opensource #programming #debian #linux #RasPi #sysAdmin #git #github #selfhost #selfhosted #selfhosting
#opensource #foss #homelab #homeserver #software #raspi #RasPi #sysAdmin #TLS #SSL #certificates
@digitalcourage
@linuxnews
Scripts for Linux user's ~/bin/ directory. Contribute…
GitHubWith the proper documents, any may pass and be trusted. #TLS #LetsEncrypt #Linux #OpenSource https://cromwell-intl.com/open-source/letsencrypt-tls-cert-godaddy.html?s=mc
Learn how to Use Let's Encrypt TLS Certificates on…
Bob's Pages of Travel, Linux, Cybersecurity, and MoreI put up a few #TLS hybrid key exchange post-quantum cryptography (not "Pavement Quality Concrete"!) proofs of concept to let you test X25519MLKEM768 compatibility:
https://www.netmeister.org/blog/pqc-pocs.html
Code here:
https://github.com/jschauma/pqcpoc/
A few quic PQC TLS server implekentations to help you…
www.netmeister.orgBy consulting the proper documents, one may speak a secure and secret tongue. #TLS #LetsEncrypt #OpenSource https://cromwell-intl.com/open-source/google-freebsd-tls/tls-certificate.html?s=mc
Learn how to install and automatically renew Let's…
Bob's Pages of Travel, Linux, Cybersecurity, and MoreLet's Encrypt issues its first IP address certificate
https://www.admin-magazine.com/News/Let-s-Encrypt-Issues-First-IP-Address-Certificate?utm_source=mam
#IPAddress #certificate #LetsEncrypt #certs #TLS
Learn the subtle battle language used in the realm of the clouds. #TLS #FreeBSD #GoogleCloud #OpenSource https://cromwell-intl.com/open-source/google-freebsd-tls/https-headers.html?s=mc
Learn how to configure HTTPS headers for the best TLS…
Bob's Pages of Travel, Linux, Cybersecurity, and MoreAuch #Traktoren sind nur #Computer - schlecht programmierte Computer:
Auf der Blackhat ist es Sicherheitsforschern gelungen, vernetzte Traktoren weltweit zu kompromittieren.
Erschütternd ist, dass es an den absoluten Basics für sichere #Software-Entwicklung fehlt: Über einen schlecht gesicherten Mechanismus für over-the-air-Updates können die aus der #Cloud empfangenen Daten einfach ausgetauscht werden, denn es gibt weder eine #TLS-Verschlüsselung noch #Signaturen:
https://www.darkreading.com/cloud-security/hackers-hay-smart-tractors-vulnerable-takeover
That will be a no.
Which is a shame as I want to use SNI in the back end but also make use of AWS issued certificates and the NLB TLS integration since there is no easy way to get a cert from the AWS Certificate Manager to a EKS Secret
Testing a theory on AWS, does a NLB terminating TLS forward the SNI header if the backend is also TLS?
Will know once AWS has finished pulling my test container.
@drscriptt granted, we all want 203.0.113.1
¹ to have #SSL / #TLS (even if it's just @letsencrypt ) work than not work or have no #encryption.
That is not up for debate!
I just think that this will reward previously standards-violating behaviours when i.e. Xavier Sample Solutions
don't get nudged to use i.e. api.solutions.example
² but can just use their IP addresses.
Feels like companies take pride in copying #ClownFlare's #EgoTrip who put their #DNS & #domain on https://1.1.1.1 …
Three IPv4 unicast address blocks are reserved for…
IETF Datatracker#Apple #Mail.app + #Notes.app still use #STARTTLS #IMAP protocol as a default?
Did a "lsof -i Pn" on my Macbook to learn that Mail used for my providers both port 143 (insecure STARTTLS) + port 993 (#TLS). For sure I didn't explicitly configure this.
The checkbox in Accounts => Advanced and then ~"configure connection preferences automatically" is the culprit. Unchecking that, choose port 993 instead of 143 , restart the Mail.app (and Notes.app) everything is fine.
@ Apple : #wtf ?
Weekend Reads
* PQC for the RPKI https://labs.ripe.net/author/dirk/pqc-for-the-rpki/
* Big tech in Taiwan https://cset.georgetown.edu/publication/big-tech-in-taiwan/
* China's Internet Control https://locknet.chinafile.com/the-locknet/intro/
* Smartwatch security and privacy https://arxiv.org/abs/2507.07210
* App-layer desync attack TLS attack https://opossum-attack.com
Future capabilities of quantum attackers will present…
RIPE LabsBuild a fortress in the realm of the clouds. #FreeBSD #GCP #GoogleCloud #OpenSource #TLS https://cromwell-intl.com/open-source/google-freebsd-tls/?s=mc
Learn how to move a web site to Google Compute Engine,…
Bob's Pages of Travel, Linux, Cybersecurity, and MoreAnybody worked out if it's possible to access AWS Certificate Manager certs in EKS Kubernetes as a TLS Secret? (I need to terminate in the pod not the LoadBalancer to access SNI)
It feels like it should be possible with the Secrets Store CSI driver with the AWS plugin, but it looks it only has access to AWS Secrets Manager. I don't really want to have to export and import every time they need renewing
@farshidhakimy @aral Absolutely — you're right, this isn’t a brand-new concept. Cloudflare's cert on https://1.1.1.1 is a great example of a legitimate use case for IP-based certificates, especially in infrastructure-focused services like public DNS.
And yes, other CAs have issued certs for IP addresses before Let's Encrypt started doing it — so it’s not unprecedented. The shift here is more about accessibility and scale. Let’s Encrypt offering free certs for public IPs means this capability is now much more widely available, even to actors who previously didn’t have the budget or motivation to go through commercial CAs.
That’s where the risk discussion comes in — not that certs for IPs are inherently bad, but that easier issuance could lower the barrier for phishing kits, command-and-control servers, or shady hosts to appear more “legitimate” with a valid HTTPS padlock, especially in contexts where URLs are masked or shortened.
So yeah, not panic-worthy — just something worth watching as it scales.
@aral Great point — and I agree that most users would be suspicious if they saw an IP address like 89.72.4.2 instead of a familiar domain like mybank.com. The concern raised in the article, though, was more about scenarios where users don’t see the link clearly — such as in emails, PDFs, or messaging apps where URLs may be masked behind anchor text or shortened links. For example, a phishing email might show a link that says “View Invoice” but actually points to https: //203.0.113.10/login.
Experienced users like you and I know to hover over links, check certificate info, or inspect the address bar. But many users don’t do that — or worse, they click links without verifying anything. According to the Verizon DBIR and other phishing studies, this is still one of the top attack vectors today.
Also, I don’t think the article was arguing against IP certs outright — just highlighting that, like with any new capability, there's potential for abuse that the broader public (and infosec community) should be aware of.
Big news from Let's Encrypt! Since 2015, there have been requests for certificates for IP addresses—a rare offering among certificate authorities. Today, they've issued their first certificate for an IP address! As announced earlier this year, this feature is now being rolled out gradually to subscribers.
https://letsencrypt.org/2025/07/01/issuing-our-first-ip-address-certificate/
Since Let’s Encrypt started issuing certificates in…
letsencrypt.orgSend your messages with trusted couriers only. #Linux #FreeBSD #OpenSource #TLS https://cromwell-intl.com/open-source/sendmail-ssl.html?s=mc
How to configure Sendmail to use TLS for host authentication…
Bob's Pages of Travel, Linux, Cybersecurity, and More