Tag Archives: ssl

dehydrated 0.4.0 的新要求

dehydrated 出 0.4.0 了,剛剛把 PPA for dehydrated 更新了,已經安裝過的使用者可以直接升級使用。 這次主要的改變在於建立帳號時必須先同意 Let's Encrypt 的使用條款: dehydrated now asks you to read and accept the CAs terms of service before creating an account 這邊可以用 dehydrated --register --accept-terms 表示同意並且建立帳號。

Posted in Computer, Murmuring, Network, Security, Software, WWW | Tagged , , , , , , , , , | Leave a comment

Etsy 如何用 Let's Encrypt 的 SSL certificate 做生意...

Etsy 的「How Etsy Manages HTTPS and SSL Certificates for Custom Domains on Pattern」這篇文章講了如何用 Let's Encrypt 實作 Custom Domain。 主要是因為 Let's Encrypt 在設計時就考慮到的 auto-renew 機制,可以全自動處理後續的動作。這使得接 Let's Encrypt 比起接其他家來得容易 (而且省掉許多費用與合約上要處理的問題)。 文章後半段則是討論另外一個問題:當你有上千把 private key (& certificate) 時要怎麼管理,以確保這些 private key 都夠安全。其中有提到未來打算要引入 HSM: One of … Continue reading

Posted in Computer, Hardware, Murmuring, Network, Programming, Security, Software, WWW | Tagged , , , , , , , , , , , , , , , , | Leave a comment

Let's Encrypt 的 2016 年總結

算是 2015 正式被信任 (透過 IdenTrust) 後第一個完整的一年 (2016 整年):「Let’s Encrypt 2016 In Review」。 可以看到好幾波大型成長: 接下來的目標應該是 ECDSA Intermediates (「Upcoming Features」),不知道後續還會有什麼計畫...

Posted in Computer, Murmuring, Network, Security, WWW | Tagged , , , , , , | Leave a comment

奇怪的 Wildcard SSL 取得方式...

在「VMBox.co – 2GB OVZ w/ 2 Free Wildcare SSL @ $5/m」這邊看到的,租 VPS 送兩個 wildcard SSL certificate: Up to 2 free wildcard SSL available per VPS order in Phoenix or Amsterdam. SSL only to be used on Singlehop network. 點進去看之後可以看到說明: WildCard … Continue reading

Posted in Computer, Murmuring, Network, Security, WWW | Tagged , , , , , | Leave a comment

微軟預定在 2017 年的西洋情人節淘汰 SHA-1 certificate

經過多次改動後,微軟這次宣佈 SHA-1 certificate 將在明年淘汰:「SHA-1 deprecation countdown」。 影響的範圍包括 Internet Explorer 11 與 Microsoft Edge,在 2017 年 2 月 14 日之後不信任 SHA-1 certificate: Starting on February 14th, 2017, Microsoft Edge and Internet Explorer 11 will prevent sites that are protected with a … Continue reading

Posted in Browser, Computer, IE, Murmuring, Network, Security, Software, WWW | Tagged , , , , , , , , , , , , , | Leave a comment

Google 測試 CECPQ1 的一些資料...

七月的時候提到「Google Chrome 引入 CECPQ1,開始測試 Post-Quantum Cryptography」,剛剛看到 Adam Langley 寫了一些數據出來:「CECPQ1 results」。 目前看起來對於網路速度不快的使用者會影響比較大,最慢的 5% 使用者大約慢了 20ms,最慢的 1% 使用者會慢 150ms: Although the median connection latency only increased by a millisecond, the latency for the slowest 5% increased by 20ms and, for the slowest … Continue reading

Posted in Browser, Computer, GoogleChrome, Murmuring, Network, Software, WWW | Tagged , , , , , , , , , , , , , , | Leave a comment

Mozilla 也在考慮對 Certificate Transparency 的掌握度

由於 Firefox 要支援 Certificate Transparency 的緣故,在「Mozilla CT Policy」這邊 Mozilla 在討論要建立自己的 CT policy 以及自己的架構: CT is coming to Firefox. As part of that, Mozilla needs to have a set of CT policies surrounding how that will work. Like our root inclusion … Continue reading

Posted in Browser, Computer, Firefox, Murmuring, Network, Security, Software, WWW | Tagged , , , , , , , , , , , , , | Leave a comment

Google Chrome 將在 2017 的 56 版停止支援 SHA-1 SSL Certificate

在明年一月的 Google Chrome 56 將會停止支援 SHA-1 SSL Certificate:「SHA-1 Certificates in Chrome」,唯一的例外是自己建立的 CA,主要是給企業內部用的: Starting with Chrome 54 we provide the EnableSha1ForLocalAnchors policy that allows certificates which chain to a locally installed trust anchor to be used after support has otherwise been … Continue reading

Posted in Browser, Computer, GoogleChrome, Murmuring, Network, Security, Software, WWW | Tagged , , , , , , , , , | Leave a comment

Google Chrome 也宣佈不信任 WoSign + StartCom 的計畫

Google Chrome 也公開了對 WoSign + StartCom 的計畫:「Distrusting WoSign and StartCom Certificates」。 由於大家遇到的技術問題都一樣 (之前發出的量太大,無法窮舉表列出來),所以處理的方法也類似於 Mozilla 的作法,只信任 2016/10/21 前發出的 certificate: Beginning with Chrome 56, certificates issued by WoSign and StartCom after October 21, 2016 00:00:00 UTC will not be trusted. Google Chrome … Continue reading

Posted in Browser, Computer, GoogleChrome, Murmuring, Network, Security, Software, WWW | Tagged , , , , , , , , , , , , | 1 Comment

Let's Encrypt 支援 IDN

Let's Encrypt 宣佈支援 IDN:「Introducing Internationalized Domain Name (IDN) Support」,這代表可以申請的範圍變得更廣了: This means that our users around the world can now get free Let’s Encrypt certificates for domains containing characters outside of the ASCII set, which is built primarily for the English … Continue reading

Posted in Computer, DNS, Murmuring, Network, Security, WWW | Tagged , , , , , , , , , , , , | Leave a comment