social.wildeboer.net

1 post1 participant0 posts today

CockpitAre you currently using <a href="https://fosstodon.org/tags/Cockpit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cockpit</a> with the builtin self-signed <a href="https://fosstodon.org/tags/TLS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TLS</a> <a href="https://fosstodon.org/tags/certificate" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#certificate</a> fallback? We would like to deprecate this, but need your input for that. Thank you in advance!<a href="https://github.com/cockpit-project/cockpit/discussions/21695" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://github.com/cockpit-project/cockpit/discussions/21695</a><a href="https://fosstodon.org/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a> <a href="https://fosstodon.org/tags/survey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#survey</a> <a href="https://fosstodon.org/tags/poll" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#poll</a>

Stéphane Bortzmeyer<a href="https://mastodon.gougere.fr/tags/TLS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TLS</a> Tadam ! Bientôt Let's Encypt pourra signer des certificats pour des adresses IP (et pas juste des noms). <a href="https://github.com/letsencrypt/boulder/pull/8020" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://github.com/letsencrypt/boulder/pull/8020</a>

Larvitz :fedora: :redhat:Let's Encrypt soon starts offering TLS certificates with just 6 days of lifetime. It's just an option and the 90 day certs are also still offered but I doubt that this will add a lot of security.<a href="https://letsencrypt.org/2025/01/16/6-day-and-ip-certs/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://letsencrypt.org/2025/01/16/6-day-and-ip-certs/</a>Based on the number of occasions, I already had problems with the 90days renewals in the past (software bugs and human error), I see this the value in this move rather sceptical.<a href="https://burningboard.net/tags/tls" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#tls</a> <a href="https://burningboard.net/tags/letsencrypt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#letsencrypt</a> <a href="https://burningboard.net/tags/certificates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#certificates</a> <a href="https://burningboard.net/tags/pki" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#pki</a>

Root MooseMore supply chain thoughts.Let's Encrypt is based in the United States.<a href="https://root.moose.ca/tags/letsencrypt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#letsencrypt</a> <a href="https://root.moose.ca/tags/supplychain" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#supplychain</a> <a href="https://root.moose.ca/tags/linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#linux</a> <a href="https://root.moose.ca/tags/freebsd" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#freebsd</a> <a href="https://root.moose.ca/tags/web" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#web</a> <a href="https://root.moose.ca/tags/certificate" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#certificate</a> <a href="https://root.moose.ca/tags/ssl" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ssl</a> <a href="https://root.moose.ca/tags/tls" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#tls</a>

Aral BalkanNew releases• Kitten (rolling release) • @small-tech/https version 5.3.2 • Auto Encrypt version 4.1.3OCSP support has been reinstated in the server so existing sites with Let’s Encrypt certificates provisioned prior to the removal of the OCSP stapling requirement will not fail to load in Firefox.Kitten servers in production will automatically update to this version in a few hours. You can also sign in to the Kitten settings page on your server and do a manual update to update Kitten immediately.Thanks to <a href="https://gardenstate.social/@stefan" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@stefan</a> and <a href="https://pataterie.ca/@s1r83r" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@s1r83r</a> for bringing this to my attention. (<a href="https://mastodon.ar.al/@aral/113969540950647873" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://mastodon.ar.al/@aral/113969540950647873</a>)<a href="https://mastodon.ar.al/tags/Kitten" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Kitten</a> <a href="https://mastodon.ar.al/tags/SmallWeb" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SmallWeb</a> <a href="https://mastodon.ar.al/tags/SmallTech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SmallTech</a> <a href="https://mastodon.ar.al/tags/AutoEncrypt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AutoEncrypt</a> <a href="https://mastodon.ar.al/tags/TLS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TLS</a> <a href="https://mastodon.ar.al/tags/SSL" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SSL</a> <a href="https://mastodon.ar.al/tags/HTTPS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#HTTPS</a> <a href="https://mastodon.ar.al/tags/OCSP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OCSP</a> <a href="https://mastodon.ar.al/tags/LetsEncrypt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#LetsEncrypt</a> <a href="https://mastodon.ar.al/tags/web" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#web</a> <a href="https://mastodon.ar.al/tags/dev" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dev</a> <a href="https://mastodon.ar.al/tags/NodeJS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NodeJS</a> <a href="https://mastodon.ar.al/tags/JavaScript" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#JavaScript</a>

Aral BalkanNew Kitten release• Upgrades to version 5.3.1 of @small-tech/https¹ which has version 4.1.2 of Auto Encrypt² that l removes OCSP stapling (because Let’s Encrypt has removed OCSP support).Please upgrade your Kitten as soon as possible or any new Kitten servers you try to set up will fail and any certificate renewals for existing servers will start to fail in May.<a href="https://kitten.small-web.org" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://kitten.small-web.org</a>(To upgrade, run `kitten update`. Your production servers will update automatically.)Enjoy!:kitten:💕¹ <a href="https://www.npmjs.com/package/@small-tech/https" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.npmjs.com/package/@small-tech/https</a> ² <a href="https://www.npmjs.com/package/@small-tech/auto-encrypt" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.npmjs.com/package/@small-tech/auto-encrypt</a><a href="https://mastodon.ar.al/tags/Kitten" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Kitten</a> <a href="https://mastodon.ar.al/tags/SmallWeb" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SmallWeb</a> <a href="https://mastodon.ar.al/tags/SmallTech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SmallTech</a> <a href="https://mastodon.ar.al/tags/web" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#web</a> <a href="https://mastodon.ar.al/tags/dev" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dev</a> <a href="https://mastodon.ar.al/tags/TLS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TLS</a> <a href="https://mastodon.ar.al/tags/HTTPS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#HTTPS</a> <a href="https://mastodon.ar.al/tags/AutoEncrypt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AutoEncrypt</a> <a href="https://mastodon.ar.al/tags/NodeJS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NodeJS</a> <a href="https://mastodon.ar.al/tags/JavaScript" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#JavaScript</a> <a href="https://mastodon.ar.al/tags/OCSP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OCSP</a> <a href="https://mastodon.ar.al/tags/LetsEncrypt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#LetsEncrypt</a>

Aral Balkan@small-tech/https version 5.3.0 released• Uses Auto Encrypt 4.1.1 (removes OCSP stapling support because Let]s Encrypt has removed OCSP support).<a href="https://www.npmjs.com/package/@small-tech/https" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.npmjs.com/package/@small-tech/https</a>This module is a drop in replacement for Node HTTPS module that automatically handles TLS certificate provisioning and renewal both at localhost (via Auto Encrypt Localhost¹) and at hostname (via Auto Encrypt with Let’s Encrypt certificates²).So, this is how you create a HTTPS server in Node.js that uses this module and automatically handles TLS certificate provisioning and renewal for you both at localhost (during development) and at hostname (during production):```js import https from '@small-tech/https'const server = https.createServer((request, response) => { response.end('Hello, world!') })server.listen(443, () => { console.log(' 🎉 Server running at https://localhost.') }) ```(Yes, that’s it! I wrote a metric shit-tonne of meticulously-tested code so you don’t have to.) :)💡 Note that the localhost certificate support via Auto Encrypt Localhost is 100% JavaScript and does NOT rely on an external binary like mkcert or certutil.Needless to say, Kitten³ uses this module under the hood and it’s a big part of why Domain⁴ can deploy servers so easily that don’t require any day-to-day maintenance.In case you’re wondering why I’m spending so much time releasing all these modules, it’s because I believe in sharing every brick of the house I’m building so others can easily build different houses if they want to. I’m not saying that what I’m building with Kitten, Domain, and Place⁵ will be the end all be all of the Small Web⁶ (the peer-to-peer web). And I want others to be able to experiment by building their own tools without having to go through the grueling development process I’ve had to in the past six years to build basic infrastructure.Enjoy!💕¹ <a href="https://codeberg.org/small-tech/auto-encrypt-localhost" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://codeberg.org/small-tech/auto-encrypt-localhost</a> ² <a href="https://codeberg.org/small-tech/auto-encrypt" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://codeberg.org/small-tech/auto-encrypt</a> ³ <a href="https://kitten.small-web.org" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://kitten.small-web.org</a> ⁴ <a href="https://codeberg.org/domain/app" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://codeberg.org/domain/app</a> ⁵ <a href="https://codeberg.org/place/app" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://codeberg.org/place/app</a> ⁶ <a href="https://ar.al/2024/06/24/small-web-computer-science-colloquium-at-university-of-groningen/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://ar.al/2024/06/24/small-web-computer-science-colloquium-at-university-of-groningen/</a><a href="https://mastodon.ar.al/tags/SmallWeb" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SmallWeb</a> <a href="https://mastodon.ar.al/tags/SmallTech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SmallTech</a> <a href="https://mastodon.ar.al/tags/AutoEncrypt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AutoEncrypt</a> <a href="https://mastodon.ar.al/tags/LetsEncrypt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#LetsEncrypt</a> <a href="https://mastodon.ar.al/tags/localhost" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#localhost</a> <a href="https://mastodon.ar.al/tags/TLS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TLS</a> <a href="https://mastodon.ar.al/tags/SSL" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SSL</a> <a href="https://mastodon.ar.al/tags/HTTPS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#HTTPS</a> <a href="https://mastodon.ar.al/tags/Kitten" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Kitten</a> <a href="https://mastodon.ar.al/tags/NodeJS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NodeJS</a> <a href="https://mastodon.ar.al/tags/JavaScript" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#JavaScript</a> <a href="https://mastodon.ar.al/tags/servers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#servers</a> <a href="https://mastodon.ar.al/tags/web" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#web</a> <a href="https://mastodon.ar.al/tags/dev" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dev</a> <a href="https://mastodon.ar.al/tags/FOSS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#FOSS</a>

Aral BalkanAuto Encrypt version 4.1.1 releasedFixed: • User agent string now includes the correct Auto Encrypt version (and the name fragment “auto-encrypt” instead of “acme”). • Tests now send `Connection: close` header so they’re not tripped up by the default `keep-alive` introduced in Node 19.<a href="https://www.npmjs.com/package/@small-tech/auto-encrypt" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.npmjs.com/package/@small-tech/auto-encrypt</a><a href="https://mastodon.ar.al/tags/SmallWeb" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SmallWeb</a> <a href="https://mastodon.ar.al/tags/SmallTech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SmallTech</a> <a href="https://mastodon.ar.al/tags/AutoEncrypt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AutoEncrypt</a> <a href="https://mastodon.ar.al/tags/LetsEncrypt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#LetsEncrypt</a> <a href="https://mastodon.ar.al/tags/TLS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TLS</a> <a href="https://mastodon.ar.al/tags/SSL" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SSL</a> <a href="https://mastodon.ar.al/tags/HTTPS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#HTTPS</a> <a href="https://mastodon.ar.al/tags/NodeJS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NodeJS</a> <a href="https://mastodon.ar.al/tags/JavaScript" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#JavaScript</a> <a href="https://mastodon.ar.al/tags/servers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#servers</a> <a href="https://mastodon.ar.al/tags/web" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#web</a> <a href="https://mastodon.ar.al/tags/dev" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dev</a> <a href="https://mastodon.ar.al/tags/FOSS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#FOSS</a>

Aral BalkanAuto Encrypt version 4.1.0 released• Removes OCSP stapling, as Let’s Encrypt is removing OCSP support.If you’re already using Auto Encrypt upgrade before May or your certificate renewals will start to fail. Upgrade now if you want to get certificates for new domains as new certificate requests are already failing.<a href="https://codeberg.org/small-tech/auto-encrypt#readme" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://codeberg.org/small-tech/auto-encrypt#readme</a>Auto Encrypt automatically provisions and renews Let’s Encrypt TLS certificates on Node.js https servers (including Kitten¹, Polka, Express.js, etc.)Regular Node.js HTTPS server (without Let’s Encrypt certificates):```js import https from 'node:https' const server = https.createServer(…) ```Auto Encrypt https server with automatic Let’s Encrypt certificates:```js import AutoEncrypt from '@small-tech/auto-encrypt' const server = AutoEncrypt.https.createServer(…) ```(Certificates are provisioned on first hit and automatically renewed 30 days before expiry.)¹ <a href="https://kitten.small-web.org" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://kitten.small-web.org</a><a href="https://mastodon.ar.al/tags/AutoEncrypt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AutoEncrypt</a> <a href="https://mastodon.ar.al/tags/LetsEncrypt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#LetsEncrypt</a> <a href="https://mastodon.ar.al/tags/TLS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TLS</a> <a href="https://mastodon.ar.al/tags/SSL" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SSL</a> <a href="https://mastodon.ar.al/tags/HTTPS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#HTTPS</a> <a href="https://mastodon.ar.al/tags/NodeJS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NodeJS</a> <a href="https://mastodon.ar.al/tags/JavaScript" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#JavaScript</a> <a href="https://mastodon.ar.al/tags/servers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#servers</a> <a href="https://mastodon.ar.al/tags/web" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#web</a> <a href="https://mastodon.ar.al/tags/dev" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dev</a> <a href="https://mastodon.ar.al/tags/SmallWeb" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SmallWeb</a> <a href="https://mastodon.ar.al/tags/SmallTech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SmallTech</a> <a href="https://mastodon.ar.al/tags/FOSS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#FOSS</a>

Aral BalkanJust released Node Pebble version 5.1.1• Updated to Pebble version 2.7.0.• Now also supports macOS and arm64 (because Pebble itself does).<a href="https://codeberg.org/small-tech/node-pebble" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://codeberg.org/small-tech/node-pebble</a>Node Pebble is a Node.js wrapper for Let’s Encrypt’s¹ Pebble² that:• Downloads the correct Pebble binary for your platform.• Launches and manages a single Pebble process.• Returns a reference to the same process on future calls (safe to include in multiple unit tests where order of tests is undetermined)• Automatically patches Node.js’s TLS module to accept Pebble server’s test certificate as well as its dynamically-generated root and intermediary CA certificates.¹ <a href="https://letsencrypt.org" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://letsencrypt.org</a>² “A miniature version of Boulder, Pebble is a small RFC 8555 ACME test server not suited for a production certificate authority.” <a href="https://github.com/letsencrypt/pebble" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://github.com/letsencrypt/pebble</a><a href="https://mastodon.ar.al/tags/LetsEncrypt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#LetsEncrypt</a> <a href="https://mastodon.ar.al/tags/TLS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TLS</a> <a href="https://mastodon.ar.al/tags/SSL" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SSL</a> <a href="https://mastodon.ar.al/tags/HTTPS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#HTTPS</a> <a href="https://mastodon.ar.al/tags/NodeJS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NodeJS</a> <a href="https://mastodon.ar.al/tags/npm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#npm</a> <a href="https://mastodon.ar.al/tags/module" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#module</a> <a href="https://mastodon.ar.al/tags/JavaScript" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#JavaScript</a> <a href="https://mastodon.ar.al/tags/NodePebble" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NodePebble</a> <a href="https://mastodon.ar.al/tags/SmallWeb" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SmallWeb</a> <a href="https://mastodon.ar.al/tags/SmallTech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SmallTech</a> <a href="https://mastodon.ar.al/tags/web" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#web</a> <a href="https://mastodon.ar.al/tags/dev" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dev</a>

Aral BalkanSo I guess Let’s Encrypt has decided what I’ll be working on today then…<a href="https://letsencrypt.org/2024/12/05/ending-ocsp/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://letsencrypt.org/2024/12/05/ending-ocsp/</a>(They’re ending OCSP stapling support. I’ll be updating Auto Encrypt¹ to remove OCSP support and then update @small-tech/https, which uses it, along with Auto Encrypt Localhost² to provide seamless TLS support regardless of whether you’re working in development or in production, and then update Site.js³ – deprecated but still used to serve some of our own sites at Small Technology Foundation⁴ – and Kitten⁵, with the latest @small-tech/https.)¹ <a href="https://codeberg.org/small-tech/auto-encrypt" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://codeberg.org/small-tech/auto-encrypt</a> ² <a href="https://codeberg.org/small-tech/auto-encrypt-localhost" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://codeberg.org/small-tech/auto-encrypt-localhost</a> ³ <a href="https://codeberg.org/small-tech/https" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://codeberg.org/small-tech/https</a> ⁴ <a href="https://small-tech.org" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://small-tech.org</a> ⁵ <a href="https://kitten.small-web.org" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://kitten.small-web.org</a><a href="https://mastodon.ar.al/tags/SmallWeb" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SmallWeb</a> <a href="https://mastodon.ar.al/tags/SmallTech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SmallTech</a> <a href="https://mastodon.ar.al/tags/TLS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TLS</a> <a href="https://mastodon.ar.al/tags/SSL" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SSL</a> <a href="https://mastodon.ar.al/tags/HTTPS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#HTTPS</a> <a href="https://mastodon.ar.al/tags/LetsEncrypt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#LetsEncrypt</a> <a href="https://mastodon.ar.al/tags/OCSP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OCSP</a> <a href="https://mastodon.ar.al/tags/AutoEncrypt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AutoEncrypt</a> <a href="https://mastodon.ar.al/tags/AutoEncryptLocalhost" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AutoEncryptLocalhost</a> <a href="https://mastodon.ar.al/tags/SiteJS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SiteJS</a> <a href="https://mastodon.ar.al/tags/Kitten" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Kitten</a>

napiergeIf I would like to use relayd to add security headers and tls to my website hosted via httpd, is there any solution how to specify custom path to keypair to tls?<a href="https://mastodon.bsd.cafe/tags/openbsd" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#openbsd</a> <a href="https://mastodon.bsd.cafe/tags/relayd" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#relayd</a> <a href="https://mastodon.bsd.cafe/tags/httpd" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#httpd</a> <a href="https://mastodon.bsd.cafe/tags/tls" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#tls</a>

GaryH TechNEW VIDEO! - Configuring TLS on A FreeBSD Mail Server <a href="https://mastodon.bsd.cafe/tags/FreeBSD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#FreeBSD</a> <a href="https://mastodon.bsd.cafe/tags/Unix" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Unix</a> <a href="https://mastodon.bsd.cafe/tags/OpenSource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenSource</a> <a href="https://mastodon.bsd.cafe/tags/tls" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#tls</a> <a href="https://mastodon.bsd.cafe/tags/garyhtech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#garyhtech</a><a href="https://youtu.be/bmI6yrVyXaQ?si=V5eICUPuRWXpbYf4" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://youtu.be/bmI6yrVyXaQ?si=V5eICUPuRWXpbYf4</a> via @YouTube

BillLet's Encrypt is now offering 6 day certificates.<a href="https://letsencrypt.org/2024/12/11/eoy-letter-2024/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://letsencrypt.org/2024/12/11/eoy-letter-2024/</a><a href="https://infosec.exchange/tags/tls" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#tls</a> <a href="https://infosec.exchange/tags/devops" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#devops</a>

Jan SchaumannLooks like Russia is now blocking Cloudflare's Encrypted Client Hello traffic if: - SNI is cloudflare-ech.com - TLS ClientHelloOuter contains the "encrypted_client_hello" extension<a href="https://github.com/net4people/bbs/issues/417" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://github.com/net4people/bbs/issues/417</a>Russia officially recommends "owners of information resources disable the TLS ECH extension or, more correctly, use domestic CDN services".<a href="https://cmu.gov.ru/ru/news/2024/11/07/рекомендуем-отказаться-от-cdn-сервиса-cloudflare/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://cmu.gov.ru/ru/news/2024/11/07/рекомендуем-отказаться-от-cdn-сервиса-cloudflare/</a>With increased ECH use, I expect certain other actors to follow suit.<a href="https://mstdn.social/tags/tls" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#tls</a> <a href="https://mstdn.social/tags/ech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ech</a>

ティージェーグレェNice! <a href="https://chaos.social/users/neverpanic" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@neverpanic@chaos.social</a> just merged a Pull Request (specifically <a href="https://github.com/macports/macports-ports/pull/26827" rel="nofollow noopener noreferrer" target="_blank">https://github.com/macports/macports-ports/pull/26827)</a> that supposedly fixes building LibreSSL on some older versions of OS X? Since my car was broken into and two laptops were stolen in August earlier this year, I no longer have the 2012 MacBook Pro I was using to test on older OS X versions. Here's hoping the Port Health for LibreSSL improves! (screenshot of the current Port Health for future reference attached) <a href="https://snac.bsd.cafe?t=macports" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MacPorts</a> <a href="https://snac.bsd.cafe?t=libressl" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#LibreSSL</a> <a href="https://snac.bsd.cafe?t=tls" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TLS</a> <a href="https://snac.bsd.cafe?t=macos" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#macOS</a> <a href="https://snac.bsd.cafe?t=osx" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OSX</a> <a href="https://snac.bsd.cafe?t=openssl" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenSSL</a> <a href="https://snac.bsd.cafe?t=opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenSource</a>

erstwhile... Well done BoM .. as a Federal Australian Govt. funded service, it's only taken you 15 years to achieve what is the standard for 99% of legitimate internet facing webpages, (even then, just a "Beta" web site) that are capable of delivering weather information to Australians, that use .. *gasp!* ... transport layer security ... * Slow Clap * and a belated welcome to the rest of the internet... My private suspicion is that that cyber.gov.au finally beat them over the head with the "Essential 8" stick ... as opposed to just showing them it exists.<a href="https://theblower.au/tags/BOM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BOM</a> <a href="https://theblower.au/tags/BureauOfMeteorology" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BureauOfMeteorology</a> <a href="https://theblower.au/tags/Weather" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Weather</a> <a href="https://theblower.au/tags/Australia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Australia</a> <a href="https://theblower.au/tags/Essential8" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Essential8</a> <a href="https://theblower.au/tags/SSL" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SSL</a> <a href="https://theblower.au/tags/TLS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TLS</a>

Pixelcode 🇺🇦<a href="https://social.tchncs.de/tags/DNSSEC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DNSSEC</a> and <a href="https://social.tchncs.de/tags/DANE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DANE</a> should not replace the established <a href="https://social.tchncs.de/tags/TLS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TLS</a> certificate authority system, because it would undermine end-to-end encryption between client and server, but I do believe that DNSSEC/DANE serve a legitimate role: preventing <a href="https://social.tchncs.de/tags/DNS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DNS</a> spoofing by third parties, i.e. proving that a DNS record really comes from the correct name server.And in order to keep DNS requests private, DoH/DoT/DoQ should be the default.

Pixelcode 🇺🇦I don't fully understand <a href="https://social.tchncs.de/tags/DNSSEC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DNSSEC</a> criticism yet: A major argument against it is that it's a “government-controlled PKI” and that, for example, “Gaddafi would have controlled bit.ly’s TLS keys if it had been deployed earlier”.But isn't that a strawman? If a bad actor controls DNSSEC, they control all the other <a href="https://social.tchncs.de/tags/DNS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DNS</a> records too, i.e. the government can always point domains wherever they like and obtain valid <a href="https://social.tchncs.de/tags/TLS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TLS</a> certificates. The Taliban closed down queer.af completely without DNSSEC.

Kim Crawley (she/her) 😷🍉"Your certificates and encryption are only as good as your public key infrastructure (PKI). I could have the strongest mechanical lock on my front door. But if I leave my key where burglars can find it, it won’t be good at all. So it’s absolutely crucial that you deploy, implement, and configure your PKI the right way, and avoid these very costly yet common mistakes."This is new to my personal blog, even if it's not actually new. Please share. ❤<a href="https://hachyderm.io/tags/tls" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#tls</a> <a href="https://hachyderm.io/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a><a href="https://medium.com/@kim_crawley/8-ways-youre-doing-pki-wrong-b631d42e8645" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://medium.com/@kim_crawley/8-ways-youre-doing-pki-wrong-b631d42e8645</a>

Recent searches

Search options

Administered by:

Server stats:

#tls