The list of TLS ciphers is changing quite rapidly, old ciphers are considered insecure, and new ciphers are added. When you configure a virtual server on an F5 you can add a TLS client profile, which means F5 is doing TLS to the client. I think this is a bit misleading because with “SSL client profile” […]
Configure F5 TLS (SSL) Cipher String Read More »
Browsers started to warn users about certificates with Sha1 signature. Sha256 is needed now a days. So it’s time to renew certificates from Thawte, Godaddy, etc You can generate a new Certificate Signing Request with openssl with this command: openssl req -nodes -newkey rsa:2048 -keyout servername.key -out servername.csr -sha256 “servername.csr” is an ascii file you can send
Generate CSR using openssl Read More »
Problem: wget has an option to configure the timeout for dns, connect, and read or a combined timeout option “-T”. This option usually works, but it does not work during SSL handshake. You can test it with these commands: in one terminal start a dummy tcp service: nc -l 7777 and then try to connect to
Wget Ignores its Timeout Read More »
For SSH, HTTPS, TLS SMTP,POPS, IMAPS you need a RSA key pair. Most Linux package installers produce this pairs automatically, but if you like, you can generate them yourself. The quickest method I found is: openssl req -x509 -nodes -newkey rsa:2048 -keyout servername.key -out servername.crt -days 1024 This command asks you some questions. The most
Howto generate an SSL key and self signed cert with openssl Read More »