689 entries in 1.014s
decimation: asciilifeform: I assume you saw the sudden freakout over hilariously weak crypto implemented by spec in
SSL?
adlai: asciilifeform: the convenience of pgp with all the trustlessness of
ssl!
assbot: Logged on 03-03-2015 19:48:15; NewLiberty:
SSL won't stop WCCP intermediaries or anyone with #enable (or better) in your path, but it keeps the lesser evils at bay.
NewLiberty:
SSL won't stop WCCP intermediaries or anyone with #enable (or better) in your path, but it keeps the lesser evils at bay.
☟︎ BingoBoingo: NewLiberty: Even if it wasn't hard to count on
SSL for actual security.
mike_c: he's done some cool stuff in the past. most famous (at least to me) for some
ssl mitm stuff he built.
lobbes: So getting ZNC configured to use
SSL ended up being a great 'introduction project' for learning some of the basics of linux. I would recommend to all the other n00bs out there
herbijudlestoids: so far: squid, ldap, kerberos, djbdns, postfix, and today i finished setting up nginx and getting "A" score on the qualys
ssl test
ben_vulpes: punkman: asciilifeform proposed snipping the crypto routines out of
ssl and dropping them wholesale into the bitcoind
ben_vulpes: mod6, asciilifeform: forgive my naivte, but what's the recommended approach to efficiently toggling between versions of libs for compiling cturds? in particular,
ssl for bitcoind.
phillipsjk: A careful reading of the logs shows that mod6 was careful to use the pre-f revision of debian
SSL.
mod6: so far. it's really weird still though, because i wasn't having this problem before. and we've always been using an old
ssl.
ben_vulpes: what was the story with a certain version of
ssl breaking some kinds of btc signatures?
adlai: right. so this error means that somebody in the middle tried to downgrade our connection, and my
ssl lib took a shit instead of complying?
Naphex: TLS 1.2Yes / TLS 1.1Yes / TLS 1.0Yes /
SSL 3No /
SSL 2No
adlai: thank you btce! error:140943FC:
SSL routines:SSL3_READ_BYTES:sslv3 alert bad record mac
jurov: it's just all lost cause. self-signed certs yes, but only after
ssl/tls is ditched.
davout: fluffypony: nice comment on the "blockchain onion gets an
ssl cert" derpage
Naphex: mircea_popescu: BTCXchange offered
SSL Authenticated with GlobalSign.EU, the registration certificate was posted. And all due dilligance info posted
dignork: punkman: yes, but in theory signed
ssl cert provides some identity validation. Although the same can be achieved by gpg signed .onion address.
punkman: "Creation of X.509 certificates has been improved. It is now also possible to export them directly in PKCS#8 and PEM format for use on TLS servers." << anyone here tried to generate
ssl certs with GPG yet?
ben_vulpes: terminate
ssl for me for 20 dollars a month" button than to...terminate it themselves. on a box they control.
Naphex: this is how entropy use from /dev/random looks like on a
SSL gateway (reasonable amount of connections/handshakes)
Naphex: if you're doing cryptography work (
ssl, keys using randoms) and this value is below 200. you have a problem to fix, fast.
mike_c: yes, that i agree with. i thought it might be nice to have some wallet software available to the lower tier that doesn't phone home every time you open it and lose your coin everytime
SSL gets probed.
mircea_popescu: asciilifeform: ben_vulpes: so far i got qt and
ssl snipped. mega-triumph! lol << weren't you supposed to work for nsa anyway!!1
ben_vulpes: all of a sudden i want to rip
SSL out as well
mircea_popescu: devthedev: Bitcointalk: "Due to a recently-discovered flaw in the TLS and
SSL protocols, you may want to change your password, especially if you accessed the forum using Tor." <<< what, tor isn't safe ? incredibru.
devthedev: Bitcointalk: "Due to a recently-discovered flaw in the TLS and
SSL protocols, you may want to change your password, especially if you accessed the forum using Tor."
mircea_popescu: 1.0.1 server implementations for both
SSL/TLS and DTLS regardless of
assbot: Google Online Security Blog: This POODLE bites: exploiting the
SSL 3.0 fallback
mike_c: so this is it,
SSL is dead now. crazy.
assbot: Free POODLE
SSL Security Vulnerability Check | Tinfoil Security
assbot: Google Online Security Blog: This POODLE bites: exploiting the
SSL 3.0 fallback
assbot: Google Online Security Blog: This POODLE bites: exploiting the
SSL 3.0 fallback
rithm: twitter bootstrap, godaddy
ssl, c++ backend
Apocalyptic: the
ssl cert provided seems to be for *.battlequest.com
cazalla: i didn't reg an
ssl cert, the domain was dropped by qntra.com at some point i believe
Apocalyptic: <Adlai> qntra.net seems to have some
ssl issue? // just got the error
kakobrekla: also is there a point in
ssl if its optional
Adlai: qntra.net seems to have some
ssl issue?
jborkl: ok, thank you I have been busy fixing all the
ssl crap and forgot about everything else
jborkl: I moved everything to
ssl and it should all be green. You guys mind giving it a test and tell me if it all seems good
mircea_popescu: "Who is sending 1000 BTC to a site with no
SSL? Any why would anyone trust this site anyways? People are stupid or it's fake."
decimation: yeah it's pretty much the same way that people think that
ssl websites are the best practice in 'secure' data transfer
fluffypony: where they got nailed for old nginx + broken
SSL et.
benkay: some of these sites have busted
ssl configurations
benkay: i guess ssl_verify might help...
dignork: mircea_popescu: well, they are actually lying, for this to work, they either have to
ssl-strip, or plant corporate CA in all their system
mircea_popescu: "Now you can have visibility into all the encrypted
SSL traffic on your network—at extremely high performance—so you can inspect it, identify potentially nefarious activities, and feed the intelligence to an ecosystem of security application vendors—all through Blue Coat."
assbot: Blue Coat – Whats Your
SSL Traffic Trying to Hide?
assbot: Blue Coat – Whats Your
SSL Traffic Trying to Hide?