#TLS
Flight: #BEL9CZ
Registration: OO-SSJ
ICAO code: #44CE6A
Callsign: #BEELINE
Operator: Brussels Airlines
Type: AIRBUS A319-111
Country: 🇧🇪
From: #TLS to #BRU
Speed: 539 kmh
Altitude: 2088 m
Distance: 6.4 km
Angle ∆: 18.0°
Direction ->: ENE
Track:
http://globe.adsbexchange.com/?icao=44CE6A&lat=50.983&lon=4.447&zoom=10.5&showTrace=2023-09-30
http://globe.adsb.fi/?icao=44CE6A&lat=50.983&lon=4.447&zoom=10.5&showTrace=2023-09-30
History:
https://www.radarbox.com/data/mode-s/44CE6A
https://www.flightradar24.com/data/aircraft/OO-SSJ
Photos:
https://jetphotos.com/photo/keyword/OO-SSJ
Seen: 129x
#Landing #BrusselsAirport #Belgium
http://bit.ly/gift-for-radar-mechelen
Oh hey, repressive regimes worldwide! Here's how to cut off all TLS connections attempting to connect via ECH, it's quite easy! Just block TLS extension 0xfd00, 0xfe0d and 0xffee, then you're good to go.
Don't hesitate, help impair the current ECH spec so it can become better!
Flight: #BEL76T
Registration: OO-SSN
ICAO code: #44CE6E
Callsign: #BEELINE
Operator: Brussels Airlines
Type: AIRBUS A319-112
Country: 🇧🇪
From: #TLS to #BRU
Speed: 530 kmh
Altitude: 1745 m
Distance: 1.8 km
Angle ∆: 44.6°
Direction ->: ENE
Track:
http://globe.adsbexchange.com/?icao=44CE6E&lat=50.983&lon=4.447&zoom=10.5&showTrace=2023-09-30
http://globe.adsb.fi/?icao=44CE6E&lat=50.983&lon=4.447&zoom=10.5&showTrace=2023-09-30
History:
https://www.radarbox.com/data/mode-s/44CE6E
https://www.flightradar24.com/data/aircraft/OO-SSN
Photos:
https://jetphotos.com/photo/keyword/OO-SSN
Seen: 110x
#Landing #BrusselsAirport #Belgium
http://bit.ly/gift-for-radar-mechelen
Flight: #BEL87E
Registration: OO-SSR
ICAO code: #44CE72
Callsign: #BEELINE
Operator: Brussels Airlines
Type: AIRBUS A319-112
Country: 🇧🇪
From: #TLS to #BRU
Speed: 528 kmh
Altitude: 1958 m
Distance: 1.6 km
Angle ∆: 50.6°
Direction ->: ENE
Track:
http://globe.adsbexchange.com/?icao=44CE72&lat=50.983&lon=4.447&zoom=10.5&showTrace=2023-09-29
http://globe.adsb.fi/?icao=44CE72&lat=50.983&lon=4.447&zoom=10.5&showTrace=2023-09-29
History:
https://www.radarbox.com/data/mode-s/44CE72
https://www.flightradar24.com/data/aircraft/OO-SSR
Photos:
https://jetphotos.com/photo/keyword/OO-SSR
Seen: 115x
#Landing #BrusselsAirport #Belgium
http://bit.ly/gift-for-radar-mechelen
Flight: #BEL9CZ
Registration: OO-SSJ
ICAO code: #44CE6A
Callsign: #BEELINE
Operator: Brussels Airlines
Type: AIRBUS A319-111
Country: 🇧🇪
From: #TLS to #BRU
Speed: 556 kmh
Altitude: 1760 m
Distance: 2.3 km
Angle ∆: 38.0°
Direction ->: E
Track:
http://globe.adsbexchange.com/?icao=44CE6A&lat=50.983&lon=4.447&zoom=10.5&showTrace=2023-09-29
http://globe.adsb.fi/?icao=44CE6A&lat=50.983&lon=4.447&zoom=10.5&showTrace=2023-09-29
History:
https://www.radarbox.com/data/mode-s/44CE6A
https://www.flightradar24.com/data/aircraft/OO-SSJ
Photos:
https://jetphotos.com/photo/keyword/OO-SSJ
Seen: 128x
#Landing #BrusselsAirport #Belgium
http://bit.ly/gift-for-radar-mechelen
Flight: #BEL76T
Registration: OO-SSX
ICAO code: #44CE78
Callsign: #BEELINE
Operator: Brussels Airlines
Type: AIRBUS A319-111
Country: 🇧🇪
From: #TLS to #BRU
Speed: 552 kmh
Altitude: 2347 m
Distance: 3.5 km
Angle ∆: 33.5°
Direction ->: ENE
Track:
http://globe.adsbexchange.com/?icao=44CE78&lat=50.983&lon=4.447&zoom=10.5&showTrace=2023-09-29
http://globe.adsb.fi/?icao=44CE78&lat=50.983&lon=4.447&zoom=10.5&showTrace=2023-09-29
History:
https://www.radarbox.com/data/mode-s/44CE78
https://www.flightradar24.com/data/aircraft/OO-SSX
Photos:
https://jetphotos.com/photo/keyword/OO-SSX
Seen: 106x
#Landing #BrusselsAirport #Belgium
http://bit.ly/gift-for-radar-mechelen
Flight: #BCS5AY
Registration: D-ALEQ
ICAO code: #3C70B1
Callsign: #EUROTRANS
Operator: European Air Transport Leipzig
Type: BOEING 757-2Q8
Country: 🇩🇪
From: #TLS to #BRU
Speed: 592 kmh
Altitude: 2438 m
Distance: 4.2 km
Angle ∆: 30.2°
Direction ->: ENE
Track:
http://globe.adsbexchange.com/?icao=3C70B1&lat=50.983&lon=4.447&zoom=10.5&showTrace=2023-09-28
http://globe.adsb.fi/?icao=3C70B1&lat=50.983&lon=4.447&zoom=10.5&showTrace=2023-09-28
History:
https://www.radarbox.com/data/mode-s/3C70B1
https://www.flightradar24.com/data/aircraft/D-ALEQ
Photos:
https://jetphotos.com/photo/keyword/D-ALEQ
Seen: 28x
#Landing #BrusselsAirport #Belgium
http://bit.ly/gift-for-radar-mechelen
Flight: #BEL87E
ICAO code: #44CE79
Callsign: #BEELINE
Operator: Brussels Airlines
Country: 🇧🇪
From: #TLS to #BRU
Speed: 599 kmh
Altitude: 1974 m
Distance: 1.8 km
Angle ∆: 48.1°
Direction ->: ENE
Track:
http://globe.adsbexchange.com/?icao=44CE79&lat=50.983&lon=4.447&zoom=10.5&showTrace=2023-09-28
http://globe.adsb.fi/?icao=44CE79&lat=50.983&lon=4.447&zoom=10.5&showTrace=2023-09-28
History:
https://www.radarbox.com/data/mode-s/44CE79
Seen: 92x
#Landing #BrusselsAirport #Belgium
http://bit.ly/gift-for-radar-mechelen
Flight: #BEL9CZ
Registration: OO-SSV
ICAO code: #44CE76
Callsign: #BEELINE
Operator: Brussels Airlines
Type: AIRBUS A319-111
Country: 🇧🇪
From: #TLS to #BRU
Speed: 598 kmh
Altitude: 1737 m
Distance: 5.3 km
Angle ∆: 18.1°
Direction ->: ENE
Track:
http://globe.adsbexchange.com/?icao=44CE76&lat=50.983&lon=4.447&zoom=10.5&showTrace=2023-09-28
http://globe.adsb.fi/?icao=44CE76&lat=50.983&lon=4.447&zoom=10.5&showTrace=2023-09-28
History:
https://www.radarbox.com/data/mode-s/44CE76
https://www.flightradar24.com/data/aircraft/OO-SSV
Photos:
https://jetphotos.com/photo/keyword/OO-SSV
Seen: 112x
#Landing #BrusselsAirport #Belgium
http://bit.ly/gift-for-radar-mechelen
Flight: #BEL76T
Registration: OO-SSV
ICAO code: #44CE76
Callsign: #BEELINE
Operator: Brussels Airlines
Type: AIRBUS A319-111
Country: 🇧🇪
From: #TLS to #BRU
Speed: 535 kmh
Altitude: 2888 m
Distance: 1.8 km
Angle ∆: 58.5°
Direction ->: ENE
Track:
http://globe.adsbexchange.com/?icao=44CE76&lat=50.983&lon=4.447&zoom=10.5&showTrace=2023-09-28
http://globe.adsb.fi/?icao=44CE76&lat=50.983&lon=4.447&zoom=10.5&showTrace=2023-09-28
History:
https://www.radarbox.com/data/mode-s/44CE76
https://www.flightradar24.com/data/aircraft/OO-SSV
Photos:
https://jetphotos.com/photo/keyword/OO-SSV
Seen: 111x
#Landing #BrusselsAirport #Belgium
http://bit.ly/gift-for-radar-mechelen
Flight: #BCS5AY
Registration: D-ALES
ICAO code: #3C70B3
Callsign: #EUROTRANS
Operator: European Air Transport Leipzig
Type: BOEING 757-2Q8
Country: 🇩🇪
From: #TLS to #BRU
Speed: 567 kmh
Altitude: 2019 m
Distance: 2.7 km
Angle ∆: 36.4°
Direction ->: ENE
Track:
http://globe.adsbexchange.com/?icao=3C70B3&lat=50.983&lon=4.447&zoom=10.5&showTrace=2023-09-27
http://globe.adsb.fi/?icao=3C70B3&lat=50.983&lon=4.447&zoom=10.5&showTrace=2023-09-27
History:
https://www.radarbox.com/data/mode-s/3C70B3
https://www.flightradar24.com/data/aircraft/D-ALES
Photos:
https://jetphotos.com/photo/keyword/D-ALES
Seen: 15x
#Landing #BrusselsAirport #Belgium
http://bit.ly/gift-for-radar-mechelen
@brokenix Heads-up to all: The IETF has proposed implicit TLS (Port 465) as preferred over STARTTLS solutions. The previous confusion around Port 465 was cleared.
https://www.rfc-editor.org/rfc/rfc8314.html#section-3.3
Wherever possible I use Port 465 over 587. Only one mail server I use doesn't offer implicit TLS, I have to contact them soon 😀
Yaaaaay, we have a new (old) branded #TLS vulnerability, name, logo and all: "The Marvin Attack"
"In this paper we show that Bleichenbacher-style attacks on RSA decryption are not only still possible, but also that vulnerable implementations are common. We have successfully attacked multiple implementations using only timing of decryption operation and shown that many others are vulnerable."
#MariaDB devs came up with a clever idea: client and server can use the user/database password as a shared secret for the client to verify the server (self-signed) #TLS #certificate.
Server sends `SHA256("password hash", scramble, "certificate fingerprint")` to the client, which computes the same and if it recieved the correct certificate from the server and knows the correct password, both hashes must match.
Adventures in Reverse-Proxy Land: I've just migrated all my containers from Traefik to Nginx. Configuring auto-renewable Let's Encrypt certificates (including support for wildcard certs) was tricky. OCSP stapling? Even trickier. If anyone needs a recipe, here you go: https://gist.github.com/aaccioly/409205f5b87228cae7a69aafa31a0924
Was it worth it? Definitely! Everything is now running with higher throughput, lower latency, and slightly lower CPU usage.
The first public version of the Mozilla Firefox web browser was released OTD in 2002, it was called "Phoenix 0.1" https://cromwell-intl.com/open-source/letsencrypt-tls-cert-godaddy.html?s=mb #HTML5 #TLS
Any recommendations for a long expiry date wildcard asterisk compatible certificate for asterisk / TLS / SSL ? I've been using StartSSL/LetsEncrypt for webish things so long I am not familiar with the other providers/methods. Considered abusing "acme.sh" monthly, but would like a cert that lasts a year or more for deploying to many systems that may not get updates. Self-Signed Cert is working well, but requires SIP clients to accept/trust it. #Asterisk #TLS #Certificate
The first public version of the Mozilla Firefox web browser was released OTD in 2002, it was called "Phoenix 0.1" https://cromwell-intl.com/open-source/nginx-tls-1.3/?s=mb #HTML5 #TLS
Whenever someone insists that their website doesn't need TLS / HTTPS, send them this.
https://mastodon.social/@jsrailton/111111278356432225
See the "visited certain websites not using HTTPS" part?
Unencrypted websites are an essential part of some exploitation chains, due to an attack method called "network injection". If the attacker can get between your website and a vulnerable visitor ... game over.
If your site is worth visiting ... aren't its visitors worth protecting?
Full original article:
https://citizenlab.ca/2023/09/predator-in-the-wires-ahmed-eltantawy-targeted-with-predator-spyware-after-announcing-presidential-ambitions/
Edit: I'm also looking at you, package management frameworks that still use HTTP "because signing":
https://gist.github.com/roycewilliams/cf7fce5777d47a8b22265515dba8d004
Running one's own root Certificate Authority in 2023
#tls #ssl #ca #certificate #rootcertificate
https://wejn.org/2023/09/running-ones-own-root-certificate-authority-in-2023/
Gestern erreichte mich eine E-Mail von einem ehemaligen Kollegen. Dieser wollte mir unter anderem mitteilen, dass mein TLS/SSL-Kochbuch von 2016 immer noch hoch geschätzt und gelobt wird. Darüber habe ich mich sehr gefreut. 😀
Artikel zum TLS/SSL-Kochbuch: https://www.my-it-brain.de/wordpress/mein-tls-kochbuch/
Ich habe eine HTTPs Webseite, die über den Browser einwandfrei funktioniert. Wenn ich die Seite mit curl abfrage, dann bekomme ich unregelmäßig aber häufig folgende Fehlermeldung:
curl: (56) Recv failure: Die Verbindung wurde vom Kommunikationspartner zurückgesetzt.
Woran könnte es liegen?
McKenzie River Topobathymetric Lidar Validation - USGS Field Survey Data
--
https://www.sciencebase.gov/catalog/item/62cc41bcd34eeb1417bb24fb <-- shared technical article
--
#GIS #spatial #mapping #remotesensing #hydrospatial #earthobservation #USA #opendata #Oregon #McKenzieRiver #3dep #elevation #LiDAR #topobathmetry #topobathy #USGS #GNSS #NGTOC #greenlightlidar #engineeringgeology #ecosystem #water #hydrology #fisheries #inland #geomorphology #geomorphometry #changedetection #geoscience #TLS #surveying
@USGS
Flight: #BCS5AY
Registration: OE-LNO
ICAO code: #440BC9
Callsign: #EUROTRANS
Operator: European Air Transport Leipzig
Type: BOEING 757-223
Country: 🇩🇪
From: #TLS to #BRU
Speed: 576 kmh
Altitude: 2476 m
Distance: 3.2 km
Angle ∆: 37.6°
Direction ->: ENE
Track:
http://globe.adsbexchange.com/?icao=440BC9&lat=50.983&lon=4.447&zoom=10.5&showTrace=2023-09-18
http://globe.adsb.fi/?icao=440BC9&lat=50.983&lon=4.447&zoom=10.5&showTrace=2023-09-18
History:
https://www.radarbox.com/data/mode-s/440BC9
https://www.flightradar24.com/data/aircraft/OE-LNO
Photos:
https://jetphotos.com/photo/keyword/OE-LNO
Seen: 12x
#Landing #BrusselsAirport #Belgium
http://bit.ly/gift-for-radar-mechelen
Flight: #BEL87E
Registration: OO-SSB
ICAO code: #44CE62
Callsign: #BEELINE
Operator: Brussels Airlines
Type: AIRBUS A319-111
Country: 🇧🇪
From: #TLS to #BRU
Speed: 697 kmh
Altitude: 2141 m
Distance: 0.5 km
Angle ∆: 77.3°
Direction ->: ENE
Track:
http://globe.adsbexchange.com/?icao=44CE62&lat=50.983&lon=4.447&zoom=10.5&showTrace=2023-09-18
http://globe.adsb.fi/?icao=44CE62&lat=50.983&lon=4.447&zoom=10.5&showTrace=2023-09-18
History:
https://www.radarbox.com/data/mode-s/44CE62
https://www.flightradar24.com/data/aircraft/OO-SSB
Photos:
https://jetphotos.com/photo/keyword/OO-SSB
Seen: 130x
#Landing #BrusselsAirport #Belgium
http://bit.ly/gift-for-radar-mechelen
Flight: #VOE7347
Registration: EC-MUX
ICAO code: #345699
Callsign: #VOLOTEA
Operator: Volotea
Type: AIRBUS A319-111
Country: 🇪🇸
From: #XFW to #TLS
Speed: 751 kmh
Altitude: 11895 m
Distance: 1.1 km
Angle ∆: 84.6°
Direction ->: SSW
Track:
http://globe.adsbexchange.com/?icao=345699&lat=50.983&lon=4.447&zoom=10.5&showTrace=2023-09-18
http://globe.adsb.fi/?icao=345699&lat=50.983&lon=4.447&zoom=10.5&showTrace=2023-09-18
History:
https://www.radarbox.com/data/mode-s/345699
https://www.flightradar24.com/data/aircraft/EC-MUX
Photos:
https://jetphotos.com/photo/keyword/EC-MUX
Seen: 1st x
http://bit.ly/gift-for-radar-mechelen
Flight: #BEL9CZ
Registration: OO-SSL
ICAO code: #44CE6C
Callsign: #BEELINE
Operator: Brussels Airlines
Type: AIRBUS A319-111
Country: 🇧🇪
From: #TLS to #BRU
Speed: 564 kmh
Altitude: 1966 m
Distance: 4.8 km
Angle ∆: 22.2°
Direction ->: ENE
Track:
http://globe.adsbexchange.com/?icao=44CE6C&lat=50.983&lon=4.447&zoom=10.5&showTrace=2023-09-18
http://globe.adsb.fi/?icao=44CE6C&lat=50.983&lon=4.447&zoom=10.5&showTrace=2023-09-18
History:
https://www.radarbox.com/data/mode-s/44CE6C
https://www.flightradar24.com/data/aircraft/OO-SSL
Photos:
https://jetphotos.com/photo/keyword/OO-SSL
Seen: 122x
#Landing #BrusselsAirport #Belgium
http://bit.ly/gift-for-radar-mechelen
Reading through RFC 8446 and want to try to read a referenced PDF (Limits on Authenticated Encryption Use in TLS).
Original site broken due to misconfigured MySQL. Cannot find any mirrors aside from a scribd upload.
*sigh*
One of our CDNs told us they want to remove support for a few TLS ciphersuites. Just spent ~30 mins collating our current supported ciphers & comparing that (using a CLI I wrote) to the same but minus the proposed removals...documented it all nicely.
tl;dr: It'll make zero difference AFAICS.
Nice to be able to simulate these sorts of changes without having to go configure a web server and run tests.
I should OSS the CLI app really. Saves a lot of time.
#InfoSec #WebDev #CDN #TLS
Flight: #BEL76T
Registration: OO-SSL
ICAO code: #44CE6C
Callsign: #BEELINE
Operator: Brussels Airlines
Type: AIRBUS A319-111
Country: 🇧🇪
From: #TLS to #BRU
Speed: 583 kmh
Altitude: 2629 m
Distance: 1.4 km
Angle ∆: 61.1°
Direction ->: ENE
Track:
http://globe.adsbexchange.com/?icao=44CE6C&lat=50.983&lon=4.447&zoom=10.5&showTrace=2023-09-18
http://globe.adsb.fi/?icao=44CE6C&lat=50.983&lon=4.447&zoom=10.5&showTrace=2023-09-18
History:
https://www.radarbox.com/data/mode-s/44CE6C
https://www.flightradar24.com/data/aircraft/OO-SSL
Photos:
https://jetphotos.com/photo/keyword/OO-SSL
Seen: 121x
#Landing #BrusselsAirport #Belgium
http://bit.ly/gift-for-radar-mechelen
The comment systems for all communities are back. Everything is now working over Cactus + Matrix. Due to popular demand, Discourse content topics are still being created, but Discourse replies will not be reflected in comments, nor vice-versa. I've also disabled plain HTTP access on all servers, enabled HSTS, and introduced 4096-bit DH parameters. This means that all servers are now scoring between A and A+ on SSL Labs server tests.
Enjoy!
Flight: #BEL87E
Registration: OO-SSU
ICAO code: #44CE75
Callsign: #BEELINE
Operator: Brussels Airlines
Type: AIRBUS A319-111
Country: 🇧🇪
From: #TLS to #BRU
Speed: 541 kmh
Altitude: 1806 m
Distance: 1.1 km
Angle ∆: 58.0°
Direction ->: ENE
Track:
http://globe.adsbexchange.com/?icao=44CE75&lat=50.983&lon=4.447&zoom=10.5&showTrace=2023-09-17
http://globe.adsb.fi/?icao=44CE75&lat=50.983&lon=4.447&zoom=10.5&showTrace=2023-09-17
History:
https://www.radarbox.com/data/mode-s/44CE75
https://www.flightradar24.com/data/aircraft/OO-SSU
Photos:
https://jetphotos.com/photo/keyword/OO-SSU
Seen: 110x
#Landing #BrusselsAirport #Belgium
http://bit.ly/gift-for-radar-mechelen
Cool DEF CON 31 talk about automatic testing of TLS certificate validation: https://www.youtube.com/watch?v=w_l2q_Gyqfo Software: https://github.com/aapooksman/certmitm #pentest #tls #mitm
Flight: #BEL76T
Registration: OO-SSJ
ICAO code: #44CE6A
Callsign: #BEELINE
Operator: Brussels Airlines
Type: AIRBUS A319-111
Country: 🇧🇪
From: #TLS to #BRU
Speed: 552 kmh
Altitude: 2675 m
Distance: 5.6 km
Angle ∆: 25.4°
Direction ->: NE
Track:
http://globe.adsbexchange.com/?icao=44CE6A&lat=50.983&lon=4.447&zoom=10.5&showTrace=2023-09-16
http://globe.adsb.fi/?icao=44CE6A&lat=50.983&lon=4.447&zoom=10.5&showTrace=2023-09-16
History:
https://www.radarbox.com/data/mode-s/44CE6A
https://www.flightradar24.com/data/aircraft/OO-SSJ
Photos:
https://jetphotos.com/photo/keyword/OO-SSJ
Seen: 124x
#Landing #BrusselsAirport #Belgium
http://bit.ly/gift-for-radar-mechelen
With the proper documents, any may pass and be trusted. #TLS #LetsEncrypt #Linux #OpenSource https://cromwell-intl.com/open-source/letsencrypt-tls-cert-godaddy.html?s=mc
Flight: #BEL9CZ
Registration: OO-SSQ
ICAO code: #44CE71
Callsign: #BEELINE
Operator: Brussels Airlines
Type: AIRBUS A319-112
Country: 🇧🇪
From: #TLS to #BRU
Speed: 515 kmh
Altitude: 2004 m
Distance: 0.8 km
Angle ∆: 68.1°
Direction ->: ENE
Track:
http://globe.adsbexchange.com/?icao=44CE71&lat=50.983&lon=4.447&zoom=10.5&showTrace=2023-09-15
http://globe.adsb.fi/?icao=44CE71&lat=50.983&lon=4.447&zoom=10.5&showTrace=2023-09-15
History:
https://www.radarbox.com/data/mode-s/44CE71
https://www.flightradar24.com/data/aircraft/OO-SSQ
Photos:
https://jetphotos.com/photo/keyword/OO-SSQ
Seen: 130x
#Landing #BrusselsAirport #Belgium
http://bit.ly/gift-for-radar-mechelen
Flight: #BEL76T
Registration: OO-SSS
ICAO code: #44CE73
Callsign: #BEELINE
Operator: Brussels Airlines
Type: AIRBUS A319-111
Country: 🇧🇪
From: #TLS to #BRU
Speed: 546 kmh
Altitude: 2842 m
Distance: 1.3 km
Angle ∆: 65.6°
Direction ->: ENE
Track:
http://globe.adsbexchange.com/?icao=44CE73&lat=50.983&lon=4.447&zoom=10.5&showTrace=2023-09-15
http://globe.adsb.fi/?icao=44CE73&lat=50.983&lon=4.447&zoom=10.5&showTrace=2023-09-15
History:
https://www.radarbox.com/data/mode-s/44CE73
https://www.flightradar24.com/data/aircraft/OO-SSS
Photos:
https://jetphotos.com/photo/keyword/OO-SSS
Seen: 128x
#Landing #BrusselsAirport #Belgium
http://bit.ly/gift-for-radar-mechelen
Flight: #BCS5AY
Registration: D-ALEP
ICAO code: #3C70B0
Callsign: #EUROTRANS
Operator: European Air Transport Leipzig
Type: BOEING 757-2Q8
Country: 🇩🇪
From: #TLS to #BRU
Speed: 504 kmh
Altitude: 1875 m
Distance: 0.5 km
Angle ∆: 75.6°
Direction ->: ENE
Track:
http://globe.adsbexchange.com/?icao=3C70B0&lat=50.983&lon=4.447&zoom=10.5&showTrace=2023-09-14
http://globe.adsb.fi/?icao=3C70B0&lat=50.983&lon=4.447&zoom=10.5&showTrace=2023-09-14
History:
https://www.radarbox.com/data/mode-s/3C70B0
https://www.flightradar24.com/data/aircraft/D-ALEP
Photos:
https://jetphotos.com/photo/keyword/D-ALEP
Seen: 21x
#Landing #BrusselsAirport #Belgium
http://bit.ly/gift-for-radar-mechelen
Flight: #BEL87E
Registration: OO-SSX
ICAO code: #44CE78
Callsign: #BEELINE
Operator: Brussels Airlines
Type: AIRBUS A319-111
Country: 🇧🇪
From: #TLS to #BRU
Speed: 568 kmh
Altitude: 1791 m
Distance: 1.1 km
Angle ∆: 57.8°
Direction ->: ENE
Track:
http://globe.adsbexchange.com/?icao=44CE78&lat=50.983&lon=4.447&zoom=10.5&showTrace=2023-09-14
http://globe.adsb.fi/?icao=44CE78&lat=50.983&lon=4.447&zoom=10.5&showTrace=2023-09-14
History:
https://www.radarbox.com/data/mode-s/44CE78
https://www.flightradar24.com/data/aircraft/OO-SSX
Photos:
https://jetphotos.com/photo/keyword/OO-SSX
Seen: 104x
#Landing #BrusselsAirport #Belgium
http://bit.ly/gift-for-radar-mechelen
Flight: #BEL9CZ
Registration: OO-SSQ
ICAO code: #44CE71
Callsign: #BEELINE
Operator: Brussels Airlines
Type: AIRBUS A319-112
Country: 🇧🇪
From: #TLS to #BRU
Speed: 528 kmh
Altitude: 1814 m
Distance: 1.4 km
Angle ∆: 51.4°
Direction ->: E
Track:
http://globe.adsbexchange.com/?icao=44CE71&lat=50.983&lon=4.447&zoom=10.5&showTrace=2023-09-14
http://globe.adsb.fi/?icao=44CE71&lat=50.983&lon=4.447&zoom=10.5&showTrace=2023-09-14
History:
https://www.radarbox.com/data/mode-s/44CE71
https://www.flightradar24.com/data/aircraft/OO-SSQ
Photos:
https://jetphotos.com/photo/keyword/OO-SSQ
Seen: 129x
#Landing #BrusselsAirport #Belgium
http://bit.ly/gift-for-radar-mechelen
Flight: #BEL76T
Registration: OO-SSQ
ICAO code: #44CE71
Callsign: #BEELINE
Operator: Brussels Airlines
Type: AIRBUS A319-112
Country: 🇧🇪
From: #TLS to #BRU
Speed: 491 kmh
Altitude: 2339 m
Distance: 5.0 km
Angle ∆: 25.1°
Direction ->: ENE
Track:
http://globe.adsbexchange.com/?icao=44CE71&lat=50.983&lon=4.447&zoom=10.5&showTrace=2023-09-14
http://globe.adsb.fi/?icao=44CE71&lat=50.983&lon=4.447&zoom=10.5&showTrace=2023-09-14
History:
https://www.radarbox.com/data/mode-s/44CE71
https://www.flightradar24.com/data/aircraft/OO-SSQ
Photos:
https://jetphotos.com/photo/keyword/OO-SSQ
Seen: 128x
#Landing #BrusselsAirport #Belgium
http://bit.ly/gift-for-radar-mechelen
Flight: #BCS5AY
Registration: D-ALEQ
ICAO code: #3C70B1
Callsign: #EUROTRANS
Operator: European Air Transport Leipzig
Type: BOEING 757-2Q8
Country: 🇩🇪
From: #TLS to #BRU
Speed: 529 kmh
Altitude: 1821 m
Distance: 0.2 km
Angle ∆: 84.9°
Direction ->: ENE
Track:
http://globe.adsbexchange.com/?icao=3C70B1&lat=50.983&lon=4.447&zoom=10.5&showTrace=2023-09-13
http://globe.adsb.fi/?icao=3C70B1&lat=50.983&lon=4.447&zoom=10.5&showTrace=2023-09-13
History:
https://www.radarbox.com/data/mode-s/3C70B1
https://www.flightradar24.com/data/aircraft/D-ALEQ
Photos:
https://jetphotos.com/photo/keyword/D-ALEQ
Seen: 26x
#Landing #BrusselsAirport #Belgium
http://bit.ly/gift-for-radar-mechelen
#curl 8.3.0 has been released (#libcurl / #Haxx / #DICT / #FILE / #FTP / #FTPS / #Gopher / #HTTP / #HTTPS / #IMAP / #IMAPS / #LDAP / #LDAPS / #MQTT / #POP3 / #POP3S / #RTMP / #RTMPS / #RTSP / #SCP / #SFTP / #SMB / #SMBS / #SMTP / #SMTPS / #Telnet / #TFTP / #WebSocket / #SOCKS4 / #SOCKS5 / #SCRAM / #TLS / #HTTP2 / #HTTP3) https://curl.se/
Labeling systems like #SELinux require that proper labels are placed on volume content mounted into a container. Without a label, the security system might prevent the processes running inside the container from using the content. By default, #Podman does not change the labels set by the OS.
By default #TLS verification is turned on when communicating to registries from Podman. If the registry does not require encryption the Podman commands such as build, commit, pull and push will fail unless TLS verification is turned off using the --tls-verify option. NOTE: It is not at all recommended to communicate with a registry and not use TLS verification.
rootless containers cannot #ping hosts
Since the administrator of the system set up your home directory to be noexec, you will not be allowed to execute containers from storage in your home directory. It is possible to work around this by manually specifying a container storage path that is not on a noexec mount. Simply copy the file /etc/containers/storage.conf to ~/.config/containers/ (creating the directory if necessary). Specify a graphroot directory which is not on a #noexec mount point and to which you have read/write privileges.
https://github.com/containers/podman/blob/main/troubleshooting.md#34-passed-in-devices-or-files-cant-be-accessed-in-rootless-container-uidgid-mapping-problem
Flight: #BEL76T
Registration: OO-SSO
ICAO code: #44CE6F
Callsign: #BEELINE
Operator: Brussels Airlines
Type: AIRBUS A319-111
Country: 🇧🇪
From: #TLS to #BRU
Speed: 549 kmh
Altitude: 2896 m
Distance: 1.3 km
Angle ∆: 66.0°
Direction ->: ENE
Track:
http://globe.adsbexchange.com/?icao=44CE6F&lat=50.983&lon=4.447&zoom=10.5&showTrace=2023-09-13
http://globe.adsb.fi/?icao=44CE6F&lat=50.983&lon=4.447&zoom=10.5&showTrace=2023-09-13
History:
https://www.radarbox.com/data/mode-s/44CE6F
https://www.flightradar24.com/data/aircraft/OO-SSO
Photos:
https://jetphotos.com/photo/keyword/OO-SSO
Seen: 100x
#Landing #BrusselsAirport #Belgium
http://bit.ly/gift-for-radar-mechelen
Merely saying 'We speak a secret tongue' is not enough. One's wizards must speak the appropriate tongue, and speak it only in a most cautious fashion. #cybersecurity #TLS https://cromwell-intl.com/cybersecurity/ssl-tls.html?s=mc
Flight: #BCS5AY
Registration: D-ALET
ICAO code: #3C70B4
Callsign: #EUROTRANS
Operator: European Air Transport Leipzig
Type: BOEING 757-28A
Country: 🇩🇪
From: #TLS to #BRU
Speed: 517 kmh
Altitude: 2126 m
Distance: 1.1 km
Angle ∆: 62.1°
Direction ->: ENE
Track:
http://globe.adsbexchange.com/?icao=3C70B4&lat=50.983&lon=4.447&zoom=10.5&showTrace=2023-09-12
http://globe.adsb.fi/?icao=3C70B4&lat=50.983&lon=4.447&zoom=10.5&showTrace=2023-09-12
History:
https://www.radarbox.com/data/mode-s/3C70B4
https://www.flightradar24.com/data/aircraft/D-ALET
Photos:
https://jetphotos.com/photo/keyword/D-ALET
Seen: 17x
#Landing #BrusselsAirport #Belgium
http://bit.ly/gift-for-radar-mechelen
Meanwhile, on DR Tech, our own Robert Lemos writes up the latest Microsoft and Google moves on TLS and what companies need to do to move forward: https://www.darkreading.com/dr-tech/microsoft-google-take-on-obsolete-tls-protocols #DarkReading #TLS #Certificates
By consulting the proper documents, one may speak a secure and secret tongue. #TLS #LetsEncrypt #OpenSource https://cromwell-intl.com/open-source/google-freebsd-tls/tls-certificate.html?s=mc
@thurrott #Microsoft is on a roll with the housekeeping this month: #WordPad #Printer drivers #TLS #Troubleshooters Is this all in preparation for #Windows12
One of the big problems for the established Church: why did Christ give news of his resurrection to a mere woman, and not to an apostle, to a man?
Time to read the #TLS, and then off to bed with "Palatine: an Alternative History of the Caesars" by Peter Stothard.
I don't usually read two books about the same era one after the other, but that's the way the cookie crumbles this week.
New books ordered: expectations high.
Learn the subtle battle language used in the realm of the clouds. #TLS #FreeBSD #GoogleCloud #OpenSource https://cromwell-intl.com/open-source/google-freebsd-tls/https-headers.html?s=mc
#Microsoft deaktiviert #TLS 1.0 und 1.1 in künftigen #Windows-Versionen | Security https://www.heise.de/news/Microsoft-deaktiviert-TLS-1-0-und-1-1-in-kuenftigen-Windows-Versionen-9293694.html
Android 14 blocks all modification of system certificates, even as root
https://httptoolkit.com/blog/android-14-breaks-system-certificate-installation/
https://www.howtogeek.com/windows-11-tls-deprecation/
Microsoft is FINALLY going to disable TLS 1.0 & TLS 1.1
it's been a long time coming, as TLS 1.2 has been around since 2008, and TLS 1.3 came out in 2018. Sadly older versions of MS office, Safari, and Turbotax may stil lbe using the outdated protocol and will not function properly after Microsoft disables it.
Microsoft is alerting users and system administrators that Windows will soon phase out support for older TLS specifications. TLS 1.0 and TLS 1.1 will be disabled in upcoming Windows releases. https://tchlp.com/44GpruE #microsoft #windows #tls
Learn how to prepare for Google's proposal to shorten TLS certificate lifespans to 90 days https://www.admin-magazine.com/News/Preparing-for-90-Day-TLS-Certificate-Expiration #TLS #Google #certificate #security #governance #policy #automation
#Microsoft wird nun auch in Windows 11 die Unterstützung der veralteten Transport Layer Security (#TLS)-Versionen 1.0 und 1.1 abschalten. Jetzt warnt der Konzern Nutzer vor den bevorstehenden Änderungen. https://winfuture.de/news,138299.html?utm_source=Mastodon&utm_medium=ManualStatus&utm_campaign=SocialMedia
Existing versions of Windows 11, 22H2, 21H2, and Windows 10 will continue to support legacy TLS protocols until the 23H2 update and the release of Windows 12 next year.
https://cybersec84.wordpress.com/2023/09/05/microsoft-updates-security-protocol-to-tls-1-2-and-1-3/
Microsoft deprecates #tls 1.0 and 1.1 in major products including SQL Server.
My takeaway from the #sha1 deprecation was that we only see global change on rolled out #cryptography when the likes of #microsoft and #google turn a security #threat into an availability issue.
I predict we’ll see the same here.
https://www.theregister.com/2023/09/04/tls_windows_deprecation/
#Microsoft reminds users #Windows will disable insecure #TLS soon
Build a fortress in the realm of the clouds. #FreeBSD #GCP #GoogleCloud #OpenSource #TLS https://cromwell-intl.com/open-source/google-freebsd-tls/?s=mc
Who Writes OpenSSL? https://www.openssl.org/blog/blog/2023/07/17/who-writes-openssl
#openssl #Security #tls
Sadly, #toybox doesn't like to build it's #wget with #SSL / #TLS due to a missing header file...
https://github.com/OS-1337/OS1337/issues/1
We are pleased to announce that Whonix and Kicksecure are utilizing website TLS with the highest available security options:
https://forums.whonix.org/t/tls-with-its-highest-available-security-options/17098
@Perl A tip from @philsplace for those having trouble connecting to #MariaDB using #Perl #DBI and an #SSL / #TLS connection: https://mastodon.sdf.org/@philsplace/110906522769129740
I will admit, it has been a few years since I have used the term "idempotent". #tls
Chrome: Google schützt TLS-Verbindungen schon jetzt vor Quantencomputern https://www.computerbase.de/2023-08/chrome-google-schuetzt-tls-verbindungen-schon-jetzt-vor-quantencomputern/ #Quantencomputer #Google #Chrome #TLS
Curious what everyone's take is on TLS decryption for increased network visibility. If you're a security professional working with a corporate network in 2023, how necessary (to you) is TLS decryption for traffic destined to the internet?
Do visibility gains outweigh management complexity? Or is it a relic of the past that has been replaced with better solutions?
#cybersecurity #tls #network #networking #decryption #monitoring #logging
I find #govulncheck really useful, but it's hard to build into production CI flows when it demands fixes only available in release candidates.
I mean, we upgrade pretty often, but now I'm going to have to turn it off until 1.21 is released. This doesn't seem like a great security practice.
Why isn't there already a Get-WebCertificate or something, for fetching the TLS certificate being used by a web server?
Well, my old version doesn't work in PowerShell 7, so I had to put this together for someone this week:
https://gist.github.com/Jaykul/74508c0c8425e6d5d300caa84c8f873f
#PowerShell #SSL #TLS #Certificate #PS7 #ServerCertificateValidation
That's this code: https://github.com/mailpile/Mailpile/blob/master/mailpile/conn_brokers.py
The connection broker uses with-block to selectively monkey patch the socket library, so third party code would make outgoing #TLS and/or #Tor connections according to a configurable security policy.
Pretty cool! I have yet to port this to #moggie, but I will for sure.
The security researcher just grepped and skimmed, they missed the fact that not only did I solve the problem, I knocked that one out of the park.
I politely told them so. ;-) (3/3)
My usual amount of #openssl hate :blobcat_amused:
Few weeks ago I had spam wave on my mail from my Zabbix, about high #cpu load. Firstly I shrugged it off as it is low resources VPS with too many services, I kind of expected this. One day I checked it for curiosity and found it was mainly openssl #ocsp process eating my resources. I restarted service, everything looked good.
Some time passed, yesterday I was doing random things on my server. Checked #htop without any particular reason and saw it again. This time I was more irritated and disabled service completely. I didn't use it on "production" anyway.
I am not sure if it was normal. Maybe openssl docs tell the truth and it is not a good way to run it long-term?
BTW what the hell am I doing with my life?!
Some agenda highlights from the upcoming SharkFest'23 EUROPE conference:
- #ChatGPT in #Wireshark (Megumi Takeshita)
- Real-world post-quantum #TLS (Peter Wu)
- Multicast & Broadcast Reconnaissance (Betty DuBois)
- It's Always #dns (Johannes Weber)
Join us in Brussels this fall, only one more week of early bird pricing!
Earlier we were talking about DDOS & a colleague asked what TLS versions are used by the botnets these days...So I checked the most recent big-ish one we had :
**TLS Protocol Percentage**
TLSv1.3 55.77%
TLSv1.2 44.23%
TLSv1 0.00%
This was over something like 115M total requests.
So the answer is that the botnets have better TLS libs than our overall audience. Fun times.
#infoSec #webDev #TLS #DDOS
I ran the numbers for yesterday on how many HTTPS requests to www.bbc.co.uk & www.bbc.com did *not* include a TLS SNI header - by country. Highlights:
- Jordan is an outlier at > 17% non-SNI (3x any other)
- 90% (219) of countries have < 1% non-SNI
- 36% (88) of countries have 0 requests with no SNI
- H/T to Dominican Republic with ~800K requests, 100% of which *include* SNI
- DPRK (N. Korea) also had 0 non-SNI (but only 9 requests)
- UK has 0.06% non SNI (296M requests)
#TLS #webStats #infoSec
fosdem-2012-talk-kaie.pdf
https://kuix.de/fosdem2012/fosdem-2012-talk-kaie.pdf
Several years ago everyone agreed that unencrypted data flow is dangerous and #internet as a whole should avoid it. #TLS spreaded everywhere. Now it is default and unencrypted traffic is marked as not secure.
(Sometimes I have to agree to 3-4 warning popups to log into some development service in internal network via http :blobcat_amused: )
I wonder when we finally agree the same about #MessagingApps and when we would understand #e2ee should be a standard. And messaging apps without #encryption should also have big red scary warnings to discourage people from using these. People should know before they send something what would be used against them in the future.
Certificate Transparency Logs —What you need to know
~~~
ACM.247 Be aware of data exposed in Certificate Transparency Logs
~~
by Teri Radichel | July 12, 2023
#cloud #security #dns #certificate #tls #aws #transparency #logs
https://medium.com/cloud-security/certificate-transparency-logs-what-you-need-to-know-c7d20738eaa9
Tailscale has a feature called Tailscale Funnel that kind of does the opposite of everything else Tailscale does? It exposes nodes directly to the Internet. And all the hostnames are published in CT, so I scanned it #appsec #nmap #tls #tailscale
https://tprynn.github.io/2023/07/10/tailscale-funnel-scanning.html
By the way, if you want to test your TLS configuration for potential security issues and you don’t want to use a web site like SSL Labs, you can do so locally with a free and open cross-platform bash-based tool called testssl.sh.
Small Web places made with Kitten will only support TLS 1.3 once I merge my current branch into main.
This increases the security of TLS and reduces the cipher suites to just three. Since all major modern browsers have supported TLS 1.3 for years now, there is no down side.
(Ironically, this does lower the SSL Labs rating of Small Web places made with Kitten from A+ to A but that’s because of a known issue in their test¹.)
FML, something that’s changed between Node 12.16.2 and 18.16.0 has made the OCSP stapling library I’m using¹ 1,000× slower (~4ms vs ~4s per request).
At least I know where the issue is… Tomorrow, I dig into the library to try and narrow it down further.
(The network graph in Firefox was useful as it showed that the problem was with the TLS Setup. And 0x² and its flame graphs helped me narrow it down further.)
¹ https://github.com/indutny/ocsp#ocsp-apis-for-nodejs-
² https://github.com/davidmarkclements/0x#readme
@fosstodon @kev @mike: I don't know if you are aware of this already or not, but the #Fosstodon servers all get a B rating from #Qualys #SSLLabs SSL Test here: https://www.ssllabs.com/ssltest/analyze.html?d=fosstodon.org Most other Mastodon servers I have checked get an A+ or at least an A. It looks like you should consider disabling #TLS 1.0 and 1.1 protocols to get a better rating. #InfoSec #Security
Das BSI Testwerkzeug zur Durchführung von TLS-Konformitätstests ist als »TLS Checklist Inspector« online verfügbar. (Hosting/Betrieb achelos) 👇
Since Google has announced the intention to reduce the maximum validation time for TLS-certificates frrom 398 days to 90 - I have spent the entire day testing out acme2certifier - basically a self-hosted ACME-server that can be used to act as a middleware/proxy against Lets Encrypt, ZeroSSL, Digicert and more - or even your own CA.
Turns out that it is well documented and quite easy to configure and set up :)
Hoy fue día de mejorar seguridad y rendimiento para la infraestructura de @impulsait incluyendo mastodon.cr
✅ #DNSSEC y conectividad #IPv6 para los servidores de nombre y dominio mastodon.cr
✅ Mejoras en conexiones seguras TLS/SSL: Registro CAA, OCSP stapling, HSTS Preloading
✅ Actualización de proxy web que sirve mastodon.cr a Debian 12
Resultados:
💪 Hall of Fame @internet_nl https://en.internet.nl/site/mastodon.cr/2156533/
🎉 A+ en #SSL Server Test:
https://www.ssllabs.com/ssltest/analyze.html?d=mastodon.cr&s=2803%3a6900%3a602%3acafe%3a0%3a0%3a0%3a80
"Accept the risk and continue" would be a good band name. #tls #devsecops
#Development #Demos
TLS byte by byte · Watch a web page performing a live, annotated https request for itself https://ilo.im/12unm4
_____
#Security #Cryptography #Protocol #WebDevelopment #WebDev #HTTPS #SSL #TLS
Yesterday I added a graph to track TLS ciphersuite usage over time & immediately spotted an anomaly.
In mid-Feb, on our commercial CDN, CHACHA usage dropped from ~10-12% to ~0.5% & stayed there. The same did *not* happen on our own CDN so it seemed unlikely to be client behaviour.
Raised it with the CDN vendor & they tied it to a release which accidentally changed the behaviour to pref CHACHA for clients for whom CHACHA is top pref.
Having good data is 💯
#TLS #CDN #Grafana #webStats
Since I couldn't find it in the Certbot docs, I did a bit of experimentation and it turns out that you can list multiple DNS TXT records for `_acme-challenge.<domain>` and issuance will succeed if at least one of those TXT records is the correct token (I ended up with 5 in total).
Our potential use case for this is issuing multiple certs for the same domain/hostname from different CAs (or CA accounts).
Hopefully that'll help someone at some point.
#ACME #CertBot #TLS #infoSec #webDev
A colleague just reminded me that OpenSSL 1.1.1 is going to be End of Life'd in Sept 2023, less than 6 months from now!
If you need to upgrade systems to v3 (or away from OpenSSL - always an option if you feel like it) then best crank that handle and get it done!
Having a first look at Fastly's "Certainly" Certificate Authority today. Might save someone a job: You can choose from 2 trust chains, Fastly's own whose root is very modern (2021) but offers ECDSA all the way (or RSA) or a via a GoDaddy cross-signed inter & chain whose root is 2009 but whose root cert is RSA (prob doesn't matter). Confusingly, AWS now hosts the GoDaddy root (did they buy GoDaddy?).
#TLS #CA #CDN #infoSec #webDev
GoDaddy root: https://good.sca0a.amazontrust.com/
Right, well, first the good news: It doesn’t look like anything has changed in how Chrom(ium) handles certificates installed in the system trust store.
Now the bad news: I have no idea why the certificate authority that was previously trusted on my main development machine is now showing up as untrusted. Could a Fedora Silverblue update have broken it? Will keep looking into it.
🤔
#Kitten #AutoEncryptLocalhost #SmallWeb #Chrome #Chromium #tls #web #dev
Great, it looks like whatever they changed in Chrome no longer trusts Kitten’s¹ local certificate authority (installed and trusted by the system trust store, as you’d do in a *spit* enterprise).
Applies to previously trusted and working certificates too.
(The directly related module is Auto Encrypt Localhost²)
Going to look into it today and see if I can’t find a workaround.
FFS…
¹ https://codeberg.org/kitten/app
² https://codeberg.org/small-tech/auto-encrypt-localhost
Hey there -- we're Let's Encrypt, the free and open certificate authority serving over 300 million websites worldwide. We're new to Mastodon and are excited to get to know the infosec community in this new space!
Google möchte Laufzeiten für TLS-Zertifikate verkürzen
Zertifikate für Web-Server sollen statt wie bisher ein Jahr nur noch maximal 90 Tage gültig sein, fordert Google – das hätte heftige Konsequenzen.
Is there no-one on the Chromium team who knows about #OCSP stapling? Or does Google not like having to keep OCSP responses for stapling in their servers? https://www.chromium.org/Home/chromium-security/root-ca-policy/moving-forward-together/
They say they want to reduce #TLS certificate lifetimes because there's no good revocation mechanism, and all the problems they mention could be solved by strictly requiring stapling with the TLS feature extension in certificates (using RFC 7633). Stapling doesn't place a huge burden on CAs (because only the server using a certificate has to update its cached response now and then), it doesn't expose client behavior to CAs (because clients only need to talk to servers they want to talk to), and if stapling is required by the certificate it fails closed in case of revocation as soon as the last positive response expires (currently CAs usually issue responses with a lifetime of about a week, but that could be reduced easily).
Shorter certificate lifetimes aren't necessarily a bad thing, but the reasoning doesn't make sense.
DNSTAP over #TLS in our authoritative nameserver NSD. #DNS #OpenSource https://github.com/NLnetLabs/nsd/commit/d40e6147a26ed39cf494dc03ed846fbfa8707938
We've added much more detailed information on cellular-based A-GNSS (Assisted Global Navigation Satellite System) to our FAQ:
https://grapheneos.org/faq#other-connections
It explains the difference between control plane vs. user plane A-GNSS, differences between the devices and what we improve.
#grapheneos #privacy #security #geolocation #gnss #agnss #supl #qualcomm #snapdragon #broadcom #tls
Just released Auto Encrypt Localhost¹ version 8.3.2 & @small-tech/https² version 5.1.1.
These releases fix an issue where the local Certificate Authority (CA) wasn’t being added to Node’s trust store on every run.
¹ Automatically creates locally-trusted TLS certs in 100% JavaScript (does not require certutil; has CLI). https://codeberg.org/small-tech/auto-encrypt-localhost#auto-encrypt-localhost
² @small-tech/https is a batteries-included version of the #NodeJS #https module (auto Let’s Encrypt + local #TLS certs). https://codeberg.org/small-tech/https#small-tech-https
Just released syswide-cas version 6.0.1:
https://www.npmjs.com/package/@small-tech/syswide-cas
syswide-cas enables node to use system-wide Certificate Authorities (CAs) in conjunction with the bundled root CAs.
Note that the package this is a fork of (https://www.npmjs.com/package/syswide-cas) is by a defunct startup, 404s on its source link, and is no longer maintained. I’ll be maintaining this fork for the foreseeable future.
The repository has also just moved to @Codeberg:
https://codeberg.org/small-tech/syswide-cas
I'm a bit surprised there's no BigQuery public dataset for Certificate Transparency Logs.
#bigquery #ctlogs #tls #security #googlecloud
@lofh @foone Ugh. Well I guess that's just how we have to make certs now.
I'd love to know the rationale behind requiring the same information in the SAN that's in the CN field. AFAIK it's not signed or protected any differently. It seems more like a bureaucratic requirement than a technology one.
#TLS #Security #Encryption #Google
Just released version 5.0.0 of @small-tech/https: A batteries-included version of the standard Node.js https module.
https://www.npmjs.com/package/@small-tech/https
Replace https with @small-tech/https to get:
- Automatically-provisioned trusted local development TLS certificates.
- Automatically-provisioned Let’s Encrypt TLS certificates.
- Automatic HTTP to HTTPS forwarding.
Version 5 includes this week’s new Auto Encrypt Localhost version 8 and is 100% JavaScript.
Just released version 8.2.0 of Auto-Encrypt Localhost
All status changes are now communicated via events instead of console messages.
Think I’m pretty much done with v8 now.
Next: update https (https://codeberg.org/small-tech/https) to use it and then update Kitten (https://codeberg.org/kitten/app) to use the updated https. (Which should make Kitten cross-platform, including on ARM.)
https://www.npmjs.com/package/@small-tech/auto-encrypt-localhost
#SmallWeb #SmallTech #AutoEncryptLocalhost #cli #TLS #SSL #https #localhost #NodeJS #web #dev
Auto-Encrypt Localhost version 8.1.0 released
Now with 100% more Command-Line Interface (CLI).
To create your local development certificates using the CLI:
npm install --global @small-tech/auto-encrypt-localhost
auto-encrypt-localhost
That’s it!
Enjoy :awesome:
https://www.npmjs.com/package/@small-tech/auto-encrypt-localhost
#SmallWeb #SmallTech #AutoEncryptLocalhost #cli #TLS #SSL #https #localhost #NodeJS #web #dev
Auto-Encrypt Localhost v.8 released (complete rewrite)
There’s now a 100% JavaScript (no native dependencies) Node.js tool for creating locally-trusted development certificates on Linux, macOS, and Windows.
Heck, it’ll even create your https server for you, if you like, and serve the CA certificate at <your ip>/.ca and even forward HTTP traffic to HTTPS.
(I’m going to whip up a separate command-line client next.)
Enjoy!
https://www.npmjs.com/package/@small-tech/auto-encrypt-localhost