tmsr - Search: ssl

689 entries in 0.776s

trinque: and they start using their SSL chewing boxes, or what have you

copypaste: Or, the derps (sorry to steal your word) in charge still have ignored me and haven't added SSL support

williamdunne: 19:22:10 - davout: williamdunne: you scared me with that SSL shit << it was stupidity at its finest, pretty sure they only implemented GPG for another buzzword

davout: williamdunne: you scared me with that SSL shit

williamdunne: That depends on the function you are going for. SSL doesn't serve as a way to verify each party and obviously has some contentious things going on with cert authorities.

williamdunne: >PGP over HTTP is not necessary when using SSL (HTTPS).

danielpbarron: williamdunne, ^, ssl is a suitable alternative for GPG !?

williamdunne: thestringpuller: PGP over HTTP is not necessary when using SSL (HTTPS). Signing and encrypting with PGP is a nice way to bypass using authorization tokens, though, but it is not usable in a modern exchange interface. Trades on MPEx are very slow as a result.

asciilifeform: mike_c: be so kind as to load https://keyserver.mattrude.com/dump/current/ and describe the ssl cert you see

mircea_popescu: because why not, ssl lv3 is a standard-as-implementred thing.

mircea_popescu: asciilifeform "OpenSSL: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure" ☟︎

mircea_popescu: currently for instance, cpanel forums require ssl, and so i'm not visiting them. i don't generally visit sites that don't have a http version.

mircea_popescu: redefining "everywhere" != succeeding at ssl everywhere.

jurov: i expect at least one round of redoing all the world if the derps succeed enforcing SSL everywhere

decimation: in theory it is still possible to sniff ssl traffic, but it's quite complex

decimation: not only does ssl enable the fucktarded certificate crypto, it enables nefarious 'customized' behavior

assbot: SSL revisited — Varnish version trunk documentation ... ( http://bit.ly/1Em2hcB )

decimation: https://www.varnish-cache.org/docs/trunk/phk/ssl_again.html < against 'ssl everywhere' < "With SSL Everywhere, these actors get much more privacy to invade the privacy of every human being with an internet connection, because it takes a lot more skill to look into a SSL connection than a plaintext HTTP connection."

assbot: Logged on 28-04-2015 23:25:12; mircea_popescu: http://log.bitcoin-assets.com/?date=28-04-2015#1114179 << ssh being, of course, openssl. you read the earlier link re "why no ssl" ?

mircea_popescu: http://log.bitcoin-assets.com/?date=28-04-2015#1114179 << ssh being, of course, openssl. you read the earlier link re "why no ssl" ? ☝︎☟︎

ascii_field: and then comes the use of central server, and of ssl

assbot: Why no SSL ? — Varnish version trunk documentation ... ( http://bit.ly/1DxwIZu )

mircea_popescu: https://www.varnish-cache.org/docs/trunk/phk/ssl.html lawl

assbot: SSL Server Test: openalias.org (Powered by Qualys SSL Labs) ... ( http://bit.ly/1DMRIvZ )

mircea_popescu: what the hell ssl be you using

mircea_popescu: curl: (35) error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure

asciilifeform: the ssl key was the only way for the schmucks/users to know that they are connecting to levison's box and getting the js they thought they were getting

mircea_popescu: seems kinda contorted, the ssl key is used to "secure" pgp'd info ?

asciilifeform: well yeah, the ssl cert

asciilifeform: mircea_popescu: the subpoena concerned their ssl signing key

jurov: no it uses stratum/ssl but that's a tech detail

mircea_popescu: from the notbad.jpg department https://flpics1.a.ssl.fastly.net/3012/3012469/00050ed8-dec0-dc1e-5847-c7d97a41c51b_720.jpg

ben_vulpes: no but nominally this is one of their users: https://flpics0.a.ssl.fastly.net/14/14983/0004e179-595f-1664-2fb6-b4b4faec6217_958.jpg

ben_vulpes: https://flpics2.a.ssl.fastly.net/14/14983/0004e1a2-e8e6-5c37-8c6a-36342ed018a4_720.jpg

assbot: DEFCON 17: More Tricks For Defeating SSL - YouTube ... ( http://bit.ly/1Cwp4hQ )

asciilifeform: <nubbins`> http://pastebin.com/raw.php?i=xEsMZtmE << this is actually -correct- behaviour - barfs instead of pulling in system's ssl headers

asciilifeform: because it was given the local ssl as a search path, yes

asciilifeform: <nubbins`> "canot find -lssl, -lcrypto" << note! it finds the system's headers, like a moron, and builds with them, then notices no local ssl was built (it wasn't)

asciilifeform: the attempted ssl was the one included with auto.sh (release)

asciilifeform: as decimation helpfully pointed out ~1hr ago, ssl didn't build

mircea_popescu: the only reasonable way to go forward at this point would be a) edit the source of the ssl we intend to use to include a magic string ; b) make ; c) strings on the binary.

mod6: root@debian-test:~/release-test/bitcoin-v0_5_3_1/bitcoin/src# readelf -a bitcoind | grep -i SSL

mod6: yeah i get nothing from these: root@debian-test:~/release-test/bitcoin-v0_5_3_1/bitcoin/src# readelf -a bitcoind | grep -i ssl

asciilifeform: readelf -a bitcoind | grep -i ssl

mod6: asciilifeform: is there a definitive way to check the binary for which SSL is linked in?

ben_vulpes: mod6: how does that dpaste indicate the system ssl?

BingoBoingo: <thestringpuller> well only OpenSSL had heartbleed << The other big SSL implementations had their own flaws unveiled in the following months that essentially accomplished the same insecurity.

mircea_popescu: http://log1.bitcoin-assets.com/?date=29-03-2015#1078823 << there's no math behind either ssl or pki, or the usg for that matter. they are political arrangements, "sets of procedures and people" and whatnot.

assbot: Logged on 29-03-2015 16:49:24; Chillum: most protocols have had a vulnerability at some point. Heartbleed was a bug in openssl, not a bug in ssl

Chillum: a lot of routers don't even use SSL

Chillum: okay, ssl sucks

jurov: ssl spec is too complicated, hence inevitably buggy implementations

Chillum: most protocols have had a vulnerability at some point. Heartbleed was a bug in openssl, not a bug in ssl

asciilifeform: <Chillum> Routers are a sad state of affair. Something like 70% of consumer wifi routers in the wild are vulnerable to heartbleed << and a fella who knows this, is still fond of ssl ? amazing

mircea_popescu: i hope it has ssl. you know, for the api.

Chillum: May I suggest that you describe your best practices so that people running this SSL free code will know how to not do it wrong?

Chillum: So if I understand correctly SSL was removed because if I need SSL I am doing it wrong?

funkenstein_: then you are using ssl

mircea_popescu: Chillum the problem is we know ssl to be intentionally misimplemented. as you say, on layers.

Chillum: you can control the keys in ssl. You don't have to use existing authority chains you can make your own

mircea_popescu: funkenstein_ ssl is for any application where security theatre is +ev and security itself doesn't matter.

chetty: ssl is for fools

Chillum: but ssh uses... ssl

funkenstein_: i thought ssl was for websites

asciilifeform: Chillum: if you are presently living in a one-bit universe where the only two choices for hotwallet control are ssl and plaintext - first you have to consider moving out of that universe and into a neighbouring one, where there are other choices

Chillum: if you were not using a wallet then I agree SSL is pointless

ben_vulpes: <Chillum> [14:55] In my opinion SSL is not a turd to be ripped out << dude this is a something like 4 month long project going on here

Chillum: asciilifeform: nobody is disputing that SSL has issues, but plaintext is not a better alternative

funkenstein_: but when and why would bitcoind use ssl?

Chillum: I certainly did not mean to offend anyone by saying SSL is not a turd, if this is a controversial statement I will keep it to myself

funkenstein_: sslsniff is a tool you can use to capture ssl data

Chillum: It is clear I have stumbled into a religious debate. I have no more interest in changing your mind about SSL than I do with you changing my mind. I will run SSL on my bitcoind API if you don't mind.

funkenstein_: nokia was caught capturing all ssl traffic through their networks at one point

mircea_popescu: "ssl will stop all but the actual attacks you will encounter"

Chillum: SSL will stop all but the most advanced of attackers

Chillum: so because ssl has had problems it is better to use plain text?

asciilifeform: Chillum: did you also sleep through, e.g., 'stuxnet' having a perfectly legal ssl cert ?

Chillum: I think it should come with a big "NO SSL" warning next to the download so people are not caught unaware

asciilifeform: Chillum: i am the one who cut the ssl idiocy from therealbitcoin's bitcoind. and i did it for reasons which had nothing to do with memory footprint (we did not have an embedded device project yet)

Chillum: I have worked in computer security for 15 years. While many implementations of SSL host checking are flawed and the hierarchial trust model is a joke the underlying encryption is solid until some learns to find prime factors of large numbers easily.

asciilifeform: Chillum: you may live on a planet where plaintext is the only alternative to ssl, but here on the third rock from sol there are other cryptosystems

Chillum: how is using plaintext instead of SSL better?

mircea_popescu: ssl != fucking in this simile

Chillum: most ssl vulnerabilities come from poor cert checking

pete_dushenski: ssl provides much security theatre and little apparent security

assbot: 240 results for 'ssl' : http://s.b-a.link/?q=ssl

pete_dushenski: !s ssl

assbot: Logged on 28-03-2015 14:56:34; Chillum: In my opinion SSL is not a turd to be ripped out

Chillum: the bandwidth that goes through the API is so small that the SSL module would be using a negligible amount of resources

Chillum: In my opinion SSL is not a turd to be ripped out ☟︎

Chillum: really SSL is not using that much horse power compared to the other stuff the client does

pete_dushenski: unless one of those bakes in ssl everyfuckingwhere

trinque: pete_dushenski: got the "ssl everywhere" extension?

danielpbarron: only ourlibs/ssl/man

danielpbarron: i thought this is supposed to download a specific version of ssl and use a local copy

mod6: x32 OpenSSL built: requires adding -m32 flag to ./Configure & setting: SSL_ARCH_TYPE=linux-generic32

nubbins`: sum total of changes: modify SSL_ARCH_TYPE to Darwin64-x86_64-cc

ascii_modem: ssl vuln << yes; check log

mircea_popescu: ahaha epic. no fucking wonder bitcoin-proto works on open-ssl

mircea_popescu: STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)