Recently, an institution I have to deal with sent me a couple of things on email that were full of my personal information.
I was quite angry. I had always understood that email was as safe as a postcard. Even with SSL and such, there was every chance that one of those guys in a hoodie was sitting in a basement, copying it all for themselves. (Threat model = criminals; don't care about 3 letter agencies here).
I have made a formal complaint to the institution. But I did some reading and further looking and I am wondering, did I get that wrong? Some of their mail uses 1.3, but some of it 1.2.
TLSv1.3 seems - currently - to be really safe. So, that's more like an envelope with a wax seal.
TLSv1.2 - its not clear to me. There are lots of attacks, but I am not sure how much of them reflect email vulnerabilities (vs. websites).
I know my email service will accept up to 1.3 (in fact, I've just used their options to make it obligatory), but other people's emails might not. This is a vulnerable population, so not necessarily great hardware, regular updates, etc.
Its possible for the institution to send something out with the intention of using TLSv1.3, but then get busted down to lower protection by the recipient's email service? So the letter gets ripped open to a postcard again?
Hello I have compiled the last version of apache(httpd 2.4.46) and the installed the rpm generated in order to use TLSv1.3, but when I set the protocol in the virtual host the error is "invalid protocol", so I checked the a prerequisite of TLSv1.3 is openssl 1.1.1. The mod_ssl rpm was generated together with the httpd rpm, mod_ssl-2.4.46, and when I install it the file mod_ssl.so appears inside /etc/httpd/modules, but wthat I found is:
root@domain$ strings mod_ssl.so | egrep '^mod_ssl\/|^OpenSSL '
OpenSSL configuration command
OpenSSL 1.0.2k 26 Jan 2017
mod_ssl/2.4.46
OpenSSL 1.0.2k 26 Jan 2017
The openssl is not 1.1.1
On my machine:
[root@domain]# openssl version
OpenSSL 1.1.1c 28 May 2019
How can I fix? Thanks
Dear Developers/ Administrators,
Hello and I hope that you are doing well. I have not written you in a while and in the interim I have been enjoying your excellent pfSense 2.5.0 RC. Now - I have a question / request for you. I run Stubby ( DNS OVER TLS ) along with Unbound. pfSense 2.5.0 has OpenSSL 1.1.1 and since OpenSSL 1.1.1 there is included support for TLSv1.3 - with that being said - Is it possible to configure pfSense 2.5.0 so that TLSv1.3 is enabled in the kernel or whatever needs to be done to put TLSv1.3 in effect. See here : https://www.openssl.org/blog/blog/2017/05/04/tlsv1.3/ 1 and here : https://wiki.openssl.org/index.php/TLS1.3 - no rush or pressure - it is just that I am trying to be as safe and secure as possible.
Stubby supports TLSv1.3 as do many of the DNS PRIVACY SERVERS.
The most salient point from these articles is this point of reference
" In order to compile OpenSSL with TLSv1.3 support
you must use the βenable-tls1_3β option to βconfigβ or βConfigureβ
Anyway - thanks for all you do for all of us in what I fondly refer to as " The Community "
Peace and I am OUT !
Just thought I'd share since it took me a bit to get my nginx config where I wanted it. This config should allow even Windows XP SP3 to connect if they are using Firefox or Chrome. I also generated 2048-bit DH params. This config is inside the server {} stanza.
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'DHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA';
add_header Strict-Transport-Security "max-age=31536000; " always;
ssl_dhparam /etc/nginx/ssl/dhparams.pem
Hi all.
I have been trying to contact A-PDF for a couple of months since their software stopped working for us. We use Office365 and as TLSv1.0 has been deprecated, Automail can no longer connect to the server to send emails (we get a message saying "SSL is not available on this server").
Does anyone have any ideas of a workaround?
If we have to get different software, I'm fine with that, but it would need to be able to take a folder of PDFs, read the contents, to find who the PDF should be sent to, lookup this reference in a CSV file to obtain an email address and password, password protect the PDF and then connect to O365 to send the email. The Email should be configurable to allow HTML and also allow mail merge so that we can put in [fields] to merge with names etc. I can find software that does part of this, but nothing that can do it all.
I'd be grateful of any help. We have tried sending them through outlook (the other option) but it force-creates the emails in plain text which then means the PDF attachment corrupts, and so we are currently having to manually change every email to HTML format before sending!!
Thanks in advance
Check your libraries and software versions, as this may break anything not using TLSv1.2 to connect to GitHub over SSL like it did for me today with a build server running an older version of Ruby. https://githubengineering.com/crypto-removal-notice/
Looking for some info/assistance. My fortigate is listing a lot of trffic as "TLSv1.2" or "TLSv1.3" but the ports are totally different everytime.
I can't seem to find any concrete info on what ports these should be operating over. I'm looking to lock down all my outbound ports, but if this is legit traffic the random ports will make this next to impossible.
It's logging the "Application name" as TLSv1.2.
Sample from logs:
Application Control Sensor default Application Name SSL_TLSv1.2 ID 41540 Category Network.Service Risk Control Action detected Protocol 6 Service tcp/5447
Application Control Sensor default Application Name SSL_TLSv1.2 ID 41540 Category Network.Service Risk Control Action detected Protocol 6 Service tcp/22790
Any info/links/assistance appreciated!
If i just lock down these ports and only allow 443/80 outbound, will this traffic just default back over 443?
Hello!
I'm a relatively new Rustacean (and also relatively new to Reddit; this account is old but I have barely used it at all), and I noticed that there was no easy to use library for setting up SSL/TLS encrypted connections, so I decided to write one.
It abstracts over a TCPListener and provides a drop-in* interface replacement with TLSv1.2 layered on top of the connection.
I'd appreciate any feedback on my code, and would super appreciate it if anybody would be willing to review the library to check that I've configured things right.
I'm loving Rust so far! :)
repo: https://github.com/Postage/caesar
* Some very small changes are required.
Do your worst!
For context I'm a Refuse Driver (Garbage man) & today I was on food waste. After I'd tipped I was checking the wagon for any defects when I spotted a lone pea balanced on the lifts.
I said "hey look, an escaPEA"
No one near me but it didn't half make me laugh for a good hour or so!
Edit: I can't believe how much this has blown up. Thank you everyone I've had a blast reading through the replies π
It really does, I swear!
Theyβre on standbi
Pilot on me!!
Dad jokes are supposed to be jokes you can tell a kid and they will understand it and find it funny.
This sub is mostly just NSFW puns now.
If it needs a NSFW tag it's not a dad joke. There should just be a NSFW puns subreddit for that.
Edit* I'm not replying any longer and turning off notifications but to all those that say "no one cares", there sure are a lot of you arguing about it. Maybe I'm wrong but you people don't need to be rude about it. If you really don't care, don't comment.
When I got home, they were still there.
What did 0 say to 8 ?
" Nice Belt "
So What did 3 say to 8 ?
" Hey, you two stop making out "
Buenosdillas
I won't be doing that today!
Hello I have compiled the last version of apache(httpd 2.4.46) and the installed the rpm generated in order to use TLSv1.3, but when I set the protocol in the virtual host the error is "invalid protocol", so I checked the a prerequisite of TLSv1.3 is openssl 1.1.1. The mod_ssl rpm was generated together with the httpd rpm, mod_ssl-2.4.46, and when I install it the file mod_ssl.so appears inside /etc/httpd/modules, but wthat I found is:
root@domain$ strings mod_ssl.so | egrep '^mod_ssl\/|^OpenSSL '
OpenSSL configuration command
OpenSSL 1.0.2k 26 Jan 2017
mod_ssl/2.4.46
OpenSSL 1.0.2k 26 Jan 2017
The openssl is not 1.1.1
On my machine:
[root@domain]# openssl version
OpenSSL 1.1.1c 28 May 2019
How can I fix? Thanks
