Nume MacAroon Ⓥ @nm

**LaF0rge** @LaF0rge@chaos.social · 4h

In case you haven't seen it yet, check out the analysis of the devastating state of [mostly] modern #OpenSSL by members of haproxy at https://www.haproxy.com/blog/state-of-ssl-stacks - hard to imagine such massive performance regressions getting into mainline linux distributions unnoticed by the distributors. #linux #ssl

HAProxy TechnologiesThe State of SSL StacksThe SSL landscape has shifted dramatically. In this paper, we examine OpenSSL 3.x, BoringSSL, LibreSSL, WolfSSL, and AWS-LC with HAProxy.

**GripNews** @GripNews@mastodon.social · 2d

GripNews @GripNews@mastodon.social

SSL 堆疊現狀
➤ OpenSSL 3.0 帶來的挑戰與解決方案
✤ https://www.haproxy.com/blog/state-of-ssl-stacks
本文探討了 SSL (Secure Sockets Layer) 技術的最新發展及其對網路效能和安全性的影響。隨著 OpenSSL 3.0 版本的推出，雖然增強了安全性與模組化，但也帶來了效能下降和 API 相容性問題。文章分析了 OpenSSL 3.0 的缺點，並評估了替代方案，如 BoringSSL、LibreSSL、WolfSSL 和 AWS-LC，旨在幫助開發者和組織做出更明智的 SSL 策略選擇，以確保網路應用程式的效能、安全性和可維護性。HAProxy 也在持續適應這些變化，以提供最佳的使用者體驗。
+ 這篇文章點出了 SSL 發展的關鍵問題，對於維護高流量網站的工程師來說非常有幫助，讓他們可以評估升級成本。
+ 瞭解 SSL 效能問題對網路安全至關重要，這篇文章提供了很好的分析和實用資訊。
#資訊安全 #網路效能 #SSL/TLS

HAProxy TechnologiesThe State of SSL StacksThe SSL landscape has shifted dramatically. In this paper, we examine OpenSSL 3.x, BoringSSL, LibreSSL, WolfSSL, and AWS-LC with HAProxy.

**Matthew Malthouse** @calmeilles@mstdn.social · 4d

Matthew Malthouse @calmeilles@mstdn.social

Has someone somewhere got a CDN/SSL/proxy issue on the net?

Neither Feltife nor Bdsmlr are reachable, giveing ERR_SSL_PROTOCOL_ERROR

#tech #internet #ssl

**Tormod** @airwhale@beige.party · 5d

Tormod @airwhale@beige.party

Tech vocablurary question:

Are you seeing people still referring to "SSL” as the most natural thing, or have we finally moved on to calling TLS simply "TLS”?

TLS was introduced more than 25 years ago as a SSL replacement. SSL v3 was deprecated 10 years ago. Isn't it time we also deprecate the use of the term SSL?

My opinion is that we're looking less professional by continuing to deadname TLS.

Thankful for any input and observations from your part of the IT / networking fields.

#ssl #tls #networking

**Neustradamus :xmpp: :linux:** @neustradamus@mastodon.social · Apr 30

Apr 30

Neustradamus :xmpp: :linux: @neustradamus@mastodon.social

#LibreSSL 4.1.0 has been released (#SSL / #TLS / #OpenSSL / #OpenBSD) https://libressl.org/

libressl.orgLibreSSLthe main LibreSSL page

**paulsorensen** @paulsorensen@hachyderm.io · Apr 30

Apr 30

paulsorensen @paulsorensen@hachyderm.io

I couldn’t find a good free tool to monitor SSL certificate expiry, so I wrote a simple Bash script.
Open source and easy to use - your data stays local.
https://paulsorensen.io/cert-expiry-bot-script/
#devops #sysadmin #opensource #tls #ssl #privacy

paulsorensen.io · Apr 9Cert Expiry Bot Script - paulsorensen.ioCert Expiry Bot is a Bash script that monitors SSL certificates for multiple domains and sends Telegram alerts if they are expiring soon.

**Peter N. M. Hansteen** @pitrh@mastodon.social · Apr 30

Apr 30

Peter N. M. Hansteen @pitrh@mastodon.social

LibreSSL 4.1.0 released https://www.undeadly.org/cgi?action=article;sid=20250430112153 #openbsd #libressl #ssl #tls #security #openssl #networking #privacy #crypto #cryptography

www.undeadly.orgLibreSSL 4.1.0 released

**Joaquim Homrighausen** @joho@mastodon.online · Apr 29

Apr 29

Joaquim Homrighausen @joho@mastodon.online

Does anyone have experience with LetsEncrypt (certbot) and DNSSEC?

I have an issue with a hostname in a domain (that I do not have admin access to). The domain has a DS record, and certbot complains about invalid CAA this or that.

I found this, but can't really figure out if this points me to the issue at hand:

https://community.letsencrypt.org/t/no-caa-dnssec-nonexistence-proof-issuance-failure/99049

Let's Encrypt Community Support · Aug 3, 2019No CAA + DNSSEC - nonexistence proof = issuance failureI suspect this is working as intended, but I’d like to verify. We attempted to have a certificate issued for a domain that had no blocking CAA record, had DNSSEC enabled, and the authoritative NS did not provide a non-existence proof for the CAA type (making the lack of CAA record invalid). Is this a necessary security feature, or a potential oversight? It seems to me DV with DNSSEC would necessarily require crypto proofs for the A/AAAA/TXT records which are used to prove ownership, not the C...

#certbot #letsencrypt #dnssec

**A.J. Armstrong** @techygeekshome@techhub.social · Apr 23

Apr 23

A.J. Armstrong @techygeekshome@techhub.social

How to Easily Secure A Website | https://techygeekshome.info/how-to-easily-secure-a-website/?fsp_sid=19364 | #Certificates #security #SSL
https://techygeekshome.info/how-to-easily-secure-a-website/?fsp_sid=19364

#certificates

**Anthony Powell** @ajguides@mastodon.social · Apr 23

Apr 23

Anthony Powell @ajguides@mastodon.social

How to Easily Secure A Website | https://techygeekshome.info/how-to-easily-secure-a-website/?fsp_sid=19363 | #Certificates #security #SSL
https://techygeekshome.info/how-to-easily-secure-a-website/?fsp_sid=19363

#certificates

**Probesys** @probesys@mastodon.scop.coop · Apr 22

Apr 22

Probesys @probesys@mastodon.scop.coop

La durée de validité des certificats SSL/TLS va être drastiquement réduite dans les années à venir :

- Actuellement, la durée maximale est de 398 jours
- À partir de mars 2026, elle passera à 200 jours
- À partir de mars 2027 : 100 jours
- À partir de mars 2029 : 47 jours

#SSL #TLS #Sysadmin

**David Bombal** @davidbombal@infosec.exchange · Apr 20

Apr 20

David Bombal @davidbombal@infosec.exchange

How TCP really works: Top 3 things you need to know!

YouTube video with the amazing Chris Greer: https://youtu.be/Auwn3RWapRE

YouTubeHow TCP really works: Top 3 things you need to know!By David Bombal

#wireshark #tcp #ip

**DeadSwitch @ T0m's 1T C4fe** @TomsITCafe@mastodon.social · Apr 18

Apr 18

DeadSwitch @ T0m's 1T C4fe @TomsITCafe@mastodon.social

DeadSwitch Technical Dispatch // Fortify the Flow: Proxy Frontlines & The Truth in Certificates #NGINX #ReverseProxy #CyberSecurity #SSL #X509 #LinuxAdmin #OpSec #WebSecurity #HTTPS #LetsEncrypt #DigitalCertificates #DeadSwitch #TomITCafe #EncryptEverything #TLS13 #BackendSecurity #ProxyPower #Infosec #FullStackSecurity #TechnicalWriting

http://tomsitcafe.com/2025/04/18/%f0%9f%a7%8a-deadswitch-technical-dispatch-fortify-the-flow-proxy-frontlines-the-truth-in-certificates/

**Quixoticgeek** @quixoticgeek@v.st · Apr 17

Apr 17

Quixoticgeek @quixoticgeek@v.st

Does anyone know how this new SSL cert expiry date thing is going to affect things like user authentication with SSL certs, i.e. for openvpn.

If we're running our own CA, can I get safari, chrome et al to accept longer cert expiry?

#Linux #SSL #OpenVPN

**Fern** @fern@mindly.social · Apr 17

Apr 17

Fern @fern@mindly.social

I've developed a new unofficial metric for #burnout: what percentage of the images you've downloaded or created recently would qualify as shitposting.

Here are some of mine from the last month:

A visibly shook Matthew McConaughey smoking a ciggie, his face photoshopped over what looks like White Jesus' head

A slightly smiling face with one eye twitching

Donald Trump's duckface photoshopped onto the "No Ragrets" tattoo guy's body

A farmer standing in the field of security certs that his family has tended to for generations

#ShookJesus #TwitchySmiley #DonaldTrump

**Verfassungklage@troet.cafe** @Verfassungklage@troet.cafe · Apr 16

Apr 16

Verfassungklage@troet.cafe @Verfassungklage@troet.cafe

Nur noch 47 Tage:

#Gültigkeit von #TLS - #Zertifikaten wird drastisch verkürzt

Ab 2029 dürfen #TLS-Zertifikate statt 398 nur noch höchstens 47 Tage lang gültig sein. Der von #Apple eingereichte Vorschlag hat breite Zustimmung erhalten.

Das #CA / #Browser #Forum hat beschlossen, die maximale Gültigkeitsdauer digitaler Zertifikate für den verschlüsselten Datenaustausch via #SSL / #TLS von aktuell 398 auf deutlich geringere 47 Tage zu reduzieren.

https://www.golem.de/news/nur-noch-47-tage-gueltigkeit-von-tls-zertifikaten-wird-drastisch-verkuerzt-2504-195416.html

Golem.de · Apr 16Nur noch 47 Tage: Gültigkeit von TLS-Zertifikaten wird drastisch verkürzt - Golem.deBy Marc Stöckel