tmsr - Search: ssl

mp_en_viaje: nicoleci, that shit dun work, "curl: (35) error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version"

asciilifeform specifically omitted discussion of adjustments that would require 'world rebuilds', it would catastrophically delay diana_coman et al. but eventually will have to be discussed, in re: e.g. ssl removal.

asciilifeform: err, -ssl

mp_en_viaje: http://logs.ossasepia.com/log/trilema/2019-10-13#1945145 << you can install curl without ssh/ssl ; and use it without also (curl --k)

asciilifeform: for this, the biggest afaik hole in what is known, is how the idjit ssl-guts crypto stack operates.

asciilifeform: fallen is phuctor. (it was gonna get fatter disks, in resupply crate, so can actually go through those ssl dumps , to date has been doing 'random sample' of'em erry wk )

mp_en_viaje: http://logs.ossasepia.com/log/trilema/2019-10-04#1940148 << not afaik the case, mircea_popescu never used ssl. though that may be a grandfathering thing, dunno

trinque: asciilifeform: not even just here; I wrote some production services elsewhere in sbcl, used cl+ssl as dep, same wedging

asciilifeform: trinque: it is interesting that the ssl thing gets wedged. if i had free hand might even try to find where -- could be a 0day in there, potentially

trinque: asciilifeform: will find time this weekend to do the minimal duct tape to keep the thing connected, probably amounts to simply lopping off ssl

snsabot: Logged on 2019-08-17 06:08:08 mp_en_viaje: http://logs.nosuchlabs.com/log/trilema/2019-08-16#1929260 << you hafta register a new name to de-ssl or what's the idea ?

snsabot: Logged on 2019-08-16 20:58:12 trinque: if we are content with that deedbot may come back under a different name (as if freenode is the canonical repository of anything) I'll remove the SSL cruft.

snsabot: Logged on 2019-08-16 20:56:57 trinque: http://logs.nosuchlabs.com/log/trilema/2019-08-11#1927727 << precisely right. what wedges, from my investigation here and elsewhere, is the seam between cl+ssl and openssl.

asciilifeform: http://logs.nosuchlabs.com/log/trilema/2019-08-16#1929258 << hrm i cannot resist to ask : what's ssl doing in there ?

trinque: if we are content with that deedbot may come back under a different name (as if freenode is the canonical repository of anything) I'll remove the SSL cruft.

trinque: http://logs.nosuchlabs.com/log/trilema/2019-08-11#1927727 << precisely right. what wedges, from my investigation here and elsewhere, is the seam between cl+ssl and openssl.

BingoBoingo: girlattorney: It's been a while since I looked into it, but I believe if the version string on a peer is greater than X, they insist on SSL'ing

girlattorney: BingoBoingo can you rephrase about tunneling? Do you mean they use ssl to connect?

spyked: re ffi, in that older research I've tried to avoid fast-running code in favour of fits-in-head, but I'll make sure to double-check in this iteration. the only www-related cffi dependency I recall was in cl+ssl, which I will remove on sight before genesis

asciilifeform: for all i know, the heathens have moved 100% to hearn's 'pay to ip via ssl' or similar horror

nicoleci: in other lolz-- * Looking up chaostal.hackint.org * Connecting to chaostal.hackint.org (217.69.77.134) port 6667... * *** Notice -- You need to use SSL/TLS to use this server

BingoBoingo: The anglophone press is saying sophisticated SSL fuckery is involved in the block rather than the usual DNS shennanigans

a111: Logged on 2019-01-05 14:22 mircea_popescu: finally, asciilifeform is working on rsa-based ssl-ism replacement (notwithstanding he ~seems to be~ working on any and all wank on the "side" during spare time he doesn't have and all that), which we want so we can finally move bitcoin off sheer cretinity and into cuntoo (and which is principally why we want sane db also, but as i said -- yet immature).

mircea_popescu: finally, asciilifeform is working on rsa-based ssl-ism replacement (notwithstanding he ~seems to be~ working on any and all wank on the "side" during spare time he doesn't have and all that), which we want so we can finally move bitcoin off sheer cretinity and into cuntoo (and which is principally why we want sane db also, but as i said -- yet immature). ☟︎

asciilifeform: ( the punchline is that koch, ssl, etc are ~in this set~ )

trinque: I've noticed some problems with tls connections on openbsd using sbcl and cl+ssl, here and elsewhere actually.

asciilifeform: mircea_popescu: trb dun use any 'wwwism' from ssl, only the ecc numerics, so i expect just about any extant version will link and run. the rub is how it'd behave in unexplored corner cases, as in the der sig affair

mircea_popescu: but yes, as far as trb work is concerned, a) taking off the bulidroot process because b) move it to cuntoo and also c) replace ssl dependency with one file, <1k loc are the priorities.

mircea_popescu: http://btcbase.org/log/2018-11-27#1875133 << it's not clear to me why we have ssl AT ALL. the idea is to replace that whole pile with straight rsa, much like we're taking out dns (and touched upon in same piece) ☝︎

asciilifeform: trinque: now that i think about it -- what was the logic for including the alt-ssl in cuntoo, vs trb's frozen thing ?

asciilifeform: ( ftr asciilifeform does not have a stable of slaves, like rms, or knuth, or mircea_popescu , to whom can order 'go fetch this from www for me' so that i can pretend i'm not using dns , email, ssl, etc. while still using when want )

asciilifeform: ( i dun have a corps of janissaries to fetch letters from hitler containing the ssl magic of-the-day )

asciilifeform: i actually bothered to peek in the logs on that box, it gets confronted with ssl crapola handshakes from the receiver's end and evidently doesn't spit out the hitler-approved answer

asciilifeform: ssl-certified nonfaek news!1111

asciilifeform: ( tho znc does dance the fleanode-demanded ssl crapola dance )

mats: sorry for the confusion, i got similar complaints for doing the ipv4 ssh/http/https/ssl scans

asciilifeform: http://btcbase.org/log/2018-08-30#1845843 << iirc 100% of the remaining fleanode boxen insist on the ssl liquishit ☝︎

asciilifeform: re the ssl keyz, mats gave me a 1.1TB massive raw shitball of the whole shebang, potentially can reindex later.

asciilifeform: ( and there was nobody to collect all of ipv4's ssl etc )

asciilifeform: mircea_popescu: they're in order of submission, so the top MB or so is ssl certolade, the rest -- sks

asciilifeform: trinque: mats snarfed up ~all of ipv4 ssh/ssl keys, with annotations, and it's all going in. i'ma churn it in 8GB parcels.

deedbot: asciilifeform updated rating of mats from 2 to 3 << dug up 100GB of ssh/ssl phuctor fodder

asciilifeform: !!rate mats 3 dug up 100GB of ssh/ssl phuctor fodder

mircea_popescu: asciilifeform anyway, if anyone explains the difference between a) "an strong independent women" (hey, at least she omitted the s plural, inexplicably) ; b) "ssl is good for you and openssh bla bla bla tor bla bla hurr" ; c) http://qntra.net/2018/06/australia-ramps-up-flight-security-theater-with-powder-restrictions/ http://qntra.net/2018/06/british-court-places-rappers-under-musical-court-supervision-for-3-years/ etc etc, i'

asciilifeform: phf: i dun think anybody will cry if we lose ssl. uniturds is tricker matter, e.g. asciilifeform routinely edits proggies with uniturds in'em , in ru, cn, etc, and they gotta at least display ( i'd be ok to swear off ~input~ of uniturds ) . socket of some form is prolly a must, to have either slime or anything like a replacement for it

phf: 19 is '98 technology, missing unicode, definitely missing ssl, i'm not sure how much networking code is there, etc. etc.

a111: Logged on 2018-06-11 23:36 danielpbarron: i once triggered a guy to the point of thinking he might have his first fist fight, over anti-ssl, till his friend dragged him away

asciilifeform: http://btcbase.org/log/2018-06-11#1823338 << they have a 'seekoority is what comes in ssl bottle, it's how we seekoore our tor darkmarketrons' idiocy stack baked into their hindbrains ☝︎

mircea_popescu: really, replace it with nothing. ssl is a braindead answer to a malformed question nobody asked.

danielpbarron: guy says "and replace it with what??" to which I said "idk, libreSSL, but i'm not really a fan of ssl in general"

danielpbarron: i once triggered a guy to the point of thinking he might have his first fist fight, over anti-ssl, till his friend dragged him away ☟︎

asciilifeform: we don't pki, and we don't ssl.

asciilifeform: ssh useragent; ssl cert comment; if www host -- title of pg; if dns reverse lookupable - it also.

a111: Logged on 2018-05-04 03:13 mircea_popescu: tell you what : do trinque's thing ; then do the ssh/ssl thing ; then we can talk about you running this thing exactly like pizarro is run, why the hell not.

douchebag: Installing security software that intercepts all traffic (even ssl traffic) on a windows server 2003 install made me cringe

asciilifeform: ssl crapola scan is useful also to distinguish the brokenssh boxes from one another ( as i did since the orig scan, e.g. mikrotik )

mircea_popescu: anyway, re hunt, i can't imagine why one'd just do either ssl or ssh. gotta do both really at the same time, why not.

asciilifeform: then time for new Framedragger-style hunt. or ssl hunt.

mircea_popescu: tell you what : do trinque's thing ; then do the ssh/ssl thing ; then we can talk about you running this thing exactly like pizarro is run, why the hell not. ☟︎

douchebag: We also push out self-signed or subordinate SSL certs to also intercept ssl traffic

mircea_popescu: (basically, attempt to connect to every box routable, write down the ssh pubkey and the ssl pubkey it answers with)

asciilifeform: and, the cherry on the cake, will be the box where you put ip (e.g. own) and it probes ssh/ssl/vpn/etc ports and makes key submission that user can bookmark

asciilifeform: mircea_popescu: and think, we never even touched ssl

asciilifeform: zx2c4: granted, but it would appear that the orig spec of 'noise' permits null-ciphering, just like the nsa-authored ssl/tls.

asciilifeform: trinque, phf : phunphakt, without clock set, cannot emerge even gnu screen, it fetches, yes!, from git, and 'ssl certificate not yet valid' didjaknow.

trinque: -ssl hits some, other ebuilds (and this happens more by the day, on various) don't implement the use flag. "what, of course you want that!"

mimisbrunnr: Logged on 2018-03-26 01:41 mircea_popescu: incidentally, "every shop must have a website (with ssl everywhere!!!)" and "every customer must have a loyalty card" trends of useless nonsense somehow haven't converged to the most basic sanity of, "give us your rsa pubkey, then download your data from our website whenever you want to, just go to shop.com/yourname"

mircea_popescu: incidentally, "every shop must have a website (with ssl everywhere!!!)" and "every customer must have a loyalty card" trends of useless nonsense somehow haven't converged to the most basic sanity of, "give us your rsa pubkey, then download your data from our website whenever you want to, just go to shop.com/yourname"

ben_vulpes: douchebag: until you wrap your head around what goes on here, you're going to be fighting this negative impression where you insist that you're smart and educated etc, just...not in any topics that anyone here cares about eg trb as a basis for murdering the megastate and all barnacles like ecommerce/ssl/securitycircus hanging off the side

asciilifeform: the very notion of 'production http server' that exists now, is retarded, in its baked-in conceptual support for warcrimes like ssl

mircea_popescu: the ~type~ of problem that cropped up with the xor assignment (whereby -- careful at context X might shoot self in foot) is ~exactly~ and with no remainder the type of problem we are fighting, whereby "oh, this ssl totally works for rsa, except... when it does not"

asciilifeform: ( prolly still are today, somewhere in ssl liquishit )

asciilifeform: the ssl derps i'll leave without comment. but the other great hero : 'Over the last 20+ years, Hugo contributed to Internet standards from the early days of IPsec and IKE to the current work on revamping the security of TLS for its "next generation" version, TLS 1.3. He is also a co-designer of HMAC, the widely used message authentication and pseudo-random function. More recently, he designed HKDF, an HMAC-based key derivation functi

mircea_popescu: in the first place, what fucking browser, they're multiple, and closed turd vendor crap pushed by utter pantsuit like mozilla, a sort of http://btcbase.org/log/2018-01-13#1770138 samovar. in the second place, the interface is TERRIBLE, and i don't just mean "what javascript" but also "what ssl, what pki, what dns, what the fuck". and then "what html soup, why did it crash, holy hell why does it leak secret data" and on and ON ☝︎

shinohai: http://archive.is/GXIw1 <<< " Instead of a password the user generates a specific SSL certificate for each device. "

asciilifeform: btw what does trb's ssl do with crafted der-encoded derpery ?

phf: speaking of ssl everywhere, discovered this lulzy wontfix today, https://bugzilla.mozilla.org/show_bug.cgi?id=436200