« April 2013 | Main | June 2013 »

5 posts from May 2013

05/22/2013

New Doc: How To Enable SSLv2 and TLSv1.2 in OpenSSL 1.0.1c on Ubuntu 13.04

A new HOWTO article detailing changes one needs to make in order to compile SSLv2 and TLSv1.2 client support into an Ubuntu 13.04 installation running OpenSSL 1.0.1c has been posted to the Techstacks HOW TO site: How To Enable SSLv2 and TLSv1.2 in OpenSSL 1.0.1c on Ubuntu 13.04

05/21/2013

New Doc: How To Enable SSLv2 Methods in Net::SSLeay

I recently discovered that getting reliable results running cryptonark scans on an Ubuntu 13.04 box running OpenSSL 1.0.1c and Net::SSLeay 1.54 required quite a bit of manual intervention on my part but it did result in a couple of additional How To posts. The first of these posts have been published over on the Techstacks How To site: How To Enable SSLv2 Methods in Net::SSLeay.

New How To Grade Java 6 Encryption Ciphers Doc Available

I posted Grade Encryption Ciphers in Java 6 on the How To site the other day and after posting it, I couldn't help but hope that something in it was incorrect. Let me know what you think but with the current state that SSL and TLS are in, things are pretty depressing. While writing it, I kept remembering a point Ivan Ristic had made over on the SSLLabs blog a few weeks ago in the post RC4 in TLS is broken: Now what?/p>

...for public web sites that need to support a wide user base, there is practically nothing 100% secure they can use to replace RC4. We now have no choice but to accept that, no matter what settings we use, some segment of the user base will be at risk.