Tumblelog by Soup.io
Newer posts are loading.
You are at the newest post.
Click here to check if anything new just came in.

August 07 2013

citrix netscaler – ssl

Certificate with key size greater than RSA512 or DES512 bits not supported

Beste Sicherheit die man für Geld kaufen kann… Anstatt mitzuteilen, dass erst eine Lizenz eingespielt werden muss…

The post citrix netscaler – ssl appeared first on nur Bahnhof.

flattr this!

September 09 2011

Integrated Performance Primitives from Intel - Intel® Software Network

Performance
IThe functions of the Intel IPP performance product are designed to deliver performance beyond what optimized compilers alone can offer by matching the function algorithms to low-level optimizations based on the processor's available features such as Streaming SIMD Extensions (SSE) and other optimized instruction sets.

August 30 2011

August 17 2011

August 05 2011

Convergence | Beta

Convergence is a secure replacement for the Certificate Authority System. Rather than employing a traditionally hard-coded list of immutable CAs, Convergence allows you to configure a dynamic set of Notaries which use network perspective to validate your communication.
Tags: ssl firefox

July 25 2011

June 21 2011

finkregh

Maintenance

Due to a security breach that occurred at the 15th of June, issuance of digital certificates and related services has been suspended. Our services will remain offline until further notice.

Subscribers and holders of valid certificates are not affected in any form.

Visitors to web sites and other parties relying on valid certificates are not affected.

StartSSL™ Certificates & Public Key Infrastructure

// yeah, sure...
Tags: ssl fail

January 28 2011

August 24 2010

finkregh
The Extended Validation (EV) SSL Certificate standard is intended to provide an improved level of authentication of entities that request digital certificates for securing transactions on their Web sites. The next generation of Internet browsers will display EV SSL-secured Web sites in a way that allows visitors to instantly ascertain that a given site is indeed secure and can be trusted.


// a page advertising EV not having EV... thats something...
Tags: ssl fail security
Reposted byit-fail it-fail
finkregh

Visitors to your website will see the green bar displaying your business name and country, as well as the name of the company that issued your SSL certificate.

green address bar

The green browser bar takes advantage of the latest type of SSL certificates. These offer visitors to your website immediate, obvious reassurance and certainty that you are who you claim to be.

SSL certificates | 123-reg | Activates green browser bar

// visiting an http-domain makes my browser show a green bar... yeah.
Tags: ssl fail security
Reposted byit-fail it-fail
finkregh
BUY EV SSL Certificates Now From only PRICE per Year!
Visual Authentication EV SSL Certificate from Comodo

// would you look at that! only PRICE!
Reposted byit-fail it-fail

July 22 2010

ImperialViolet - Overclocking SSL

In January this year (2010), Gmail switched to using HTTPS for everything by default. Previously it had been introduced as an option, but now all of our users use HTTPS to secure their email between their browsers and Google, all the time. In order to do this we had to deploy no additional machines and no special hardware. On our production frontend machines, SSL/TLS accounts for less than 1% of the CPU load, less than 10KB of memory per connection and less than 2% of network overhead. Many people believe that SSL takes a lot of CPU time and we hope the above numbers (public for the first time) will help to dispel that.

ImperialViolet - Overclocking SSL

In January this year (2010), Gmail switched to using HTTPS for everything by default. Previously it had been introduced as an option, but now all of our users use HTTPS to secure their email between their browsers and Google, all the time. In order to do this we had to deploy no additional machines and no special hardware. On our production frontend machines, SSL/TLS accounts for less than 1% of the CPU load, less than 10KB of memory per connection and less than 2% of network overhead. Many people believe that SSL takes a lot of CPU time and we hope the above numbers (public for the first time) will help to dispel that.
Reposted byn0g n0g

April 06 2010

finkregh
I haven't bought certificates for some time now, but the days where you had to provide official (governmental) documents to establish the identity of your business/domain and verify domain ownership and all had to be consistent seem to be gone. To me it looks like CA business has turned in to a crappy "make money fast" system without any reasonable checks. RapidSSL even seems to not be one of the worst of them. At least they kinda publicly document what they do. And then the "bug" is not really with RapidSSL, but with the entity behind the Equifax CA for not monitoring the validation procedures of their resellers, but signing the CSRs nevertheless. I have learned that SSL isn't worth anything currently wrg identity and trust (except for my own private CA of course :-) Even the SSL Cert for this website is from Equifax (the same CA that RapidSSL uses, too) Talking about "reasonable measures" in Mozilla CA Certificate Policy (Version 1.2) without exactly defining them in detail is IMHO blurry and not really a useful method to establish trust. From today on I will see any "trust icons" in every browser gui with totally different eyes and work through all dialogs about unsecure Certs with an ironic smile on my face.
Bug 477783 – Equifax not conforming to Mozilla CA Certificate Policy (7)
Tags: mozilla ssl fail
Reposted byit-fail it-fail
finkregh
As you can see from the above URL RapidSSL verifies domain holders simply by submitting PINs via automated phone calls and then sending a verification to a more or less random email address within the domain. With that procedure everyone with a clever account like keyman@ or sslmanager@ (aka something that *sounds* plausible) can order "trusted" SSL keys from RapidSSL. IMHO this is not in conformance to the Mozilla CA Certificate Policy (paragraph 7). In case of e.g. a (not so well known) Mail Service Provider this may have severe security implications when combined with pharming attacks. In combination with phishing attacks this may lead to widespread serious problems. The Root CA signing RapidSSL Certs is Issuer: C=US, O=Equifax Secure Inc., CN=Equifax Secure Global eBusiness CA-1 (see http://www.rapidssl.com/cps/rapidssl_01.cer) I hereby request either demanding that RapidSSL signs their Certs with another Issuer than the above or to have the above Issuer removed from the list of builtin trusted CAs.
Bug 477783 – Equifax not conforming to Mozilla CA Certificate Policy (7)
Tags: mozilla ssl fail
Reposted byit-fail it-fail

September 28 2009

June 11 2009

Moserware: The First Few Milliseconds of an HTTPS Connection

Convinced from spending hours reading rave reviews, Bob eagerly clicked "Proceed to Checkout" for his gallon of Tuscan Whole Milk and... Whoa! What just happened? In the 220 milliseconds that flew by, a lot of interesting stuff happened to make Firefox change the address bar color and put a lock in the lower right corner. With the help of Wireshark, my favorite network tool, and a slightly modified debug build of Firefox, we can see exactly what's going on. By agreement of RFC 2818, Firefox knew that "https" meant it should connect to port 443 at Amazon.com:

May 17 2009

ssl/ssh multiplexer

There is a funny little hack out there called sslh, which lets one accept both https and ssh connection on the same, one port. It lets me connect from inside my corporate proxy, which allows outbound connections on port 443, using Putty, while still being able to serve Web pages over https. There are two problems with sslh: * It's in Perl. That means it's pretty RAM hungry, and probably not very fast. * It doesn't manage privilege dropping, which is rather questionnable. The obvious solution to both problems was to re-implement it in C, because that's what geeks do.
Older posts are this way If this message doesn't go away, click anywhere on the page to continue loading posts.
Could not load more posts
Maybe Soup is currently being updated? I'll try again automatically in a few seconds...
Just a second, loading more posts...
You've reached the end.

Don't be the product, buy the product!

Schweinderl