One of the teams I support had run into some issues. Spending a lot of time investigating code and possible configuration problems. What they later suspected to be a policy issue, possibly a firewall, network issues turned out to be something entirely different. Lets start with the symptoms: Service request to a secured site stopped functioning, […]
Tag: OpenSSL
Sometimes I generate a CSR to acquire an SSL cert from a public CA. Normally where I work I do this from a windows server. For my personal knowledge I decided to refresh myself on how to do this with OpenSSL. What’s OpenSSL? OpenSSL is an open-source implementation of the SSL and TLS protocols. To generate […]
First thing that came to my mind when reading about POODLE was how can I test, followed by what to do to patch/fix this. So the first thing is to test for the vulnerability. And from all I have read so far is that you are vulnerable if your servers support SSLv3. I am confident that […]
From Wikipedia “Heartbleed is a security bug in the open-source OpenSSL cryptography library, widely used to implement the Internet’s Transport Layer Security (TLS) protocol. This vulnerability is due to a missing bounds check in the handling of the Transport Layer Security (TLS) heartbeat extension” So what can I do to protect myself? First thing to […]