Syndicate content

SSL

Secure Socket Layer, this is a protocol used to transmit secure data between two computers. Both computers will first agree on an encryption secret code, then all the data sent back and forth will be encoded using that code. In order to make it secure, you generate two set of numbers (called keys) one that is public and one that is private. The public key sole purpose is to encrypt the data. The private key sole purpose is to decrypt the data.

SSL_ERROR_RX_UNEXPECTED_NEW_SESSION_TICKET and ssl3_get_message:unexpected message

Today we had a problem with a combo of website that we never tried to run together.

Looking into it, it was definitely a problem with SSL. However, Apache2 would tell us absolutely nothing about it. No error or access logs. I think this is because it would happen at the time Apache and the client negotiate the SSL connection and Apache does not report such problems (at least by default, it might in case you turn on some debug mode?)

We had two different settings for two websites using the snakeoil certificate (As we test on VM machines, we use the snakeoil certificate as an easy way to check ...

List ciphers currently used by Apache2

If you are using Apache and e-Commerce, you probably want to know all the details of the ciphers used by the Apache SSL module.

So listing Apache supported ciphers is done using nmap as follow:

nmap --script ssl-cert,ssl-enum-ciphers -p 443 secure.m2osw.com

This call gives you a complete list of all the ciphers currently accepted by your running version of Apache. For example, the list may look like this:

| ssl-enum-ciphers:
|   SSLv3:
|     ciphers:
|       TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA - strong
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA - strong
|       ...

Restore Firefox warnings when viewing non-secure data on a secure page

One thing that I quickly do on my browsers is turn off warnings about non-secure data when browsing secure pages (with HTTPS .)

It's rarely a problem and with all those features you like to have (Facebook, Twitter, AddThis, ShareThis, Google Plus, and othe fun widgets...) it's hard to avoid. Actually, many times the problem lies in one of these scripts and thus you cannot just fix your website. Without that 3rd party script owner fixing their code, it just won't work at all.

Now, once in a while I work on a customer website and they really want to have a 100% clean slate. Thus,

Setting up Postfix/Courier with a GoDaddy SSL certificate

In order to have TLS support for Postfix you need to setup several files.

First of all, you create a certificate and get it signed by GoDaddy. They have instructions for that purpose. At this time, it looks something like this:

openssl req -new -newkey rsa:2048 -nodes -keyout domain.key -out domain.csr

The names "domain.key/csr" should match your domain name. If you are signing a specific sub-domain, you may want to include that sub-domain in the filename (i.e. mail.domain.key.)

When GoDaddy returns to you, they will give you a zip file with two files:


Squirrel Mail: a web based tool

Ubuntu Installation

In the last few days, I've been testing SquirrelMail. It's neat. Really ugly, but neat as it is very small and still quite functional.

To install on Ubuntu, just use apt-get install as in:

apt-get install squirrelmail

The available plugins as of Ubuntu 10.04:

  squirrelmail-compatibility - SquirrelMail plugin: Let other plugins work with older/newer SM versions
  squirrelmail-decode - SquirrelMail support for decoding exotic character sets
  squirrelmail-locales - Translations for the SquirrelMail Webmail package
  squirrelmail-lockout - SquirrelMail plugin:

Upgrade from Ubuntu 9.10 to 10.04

Today I did an upgrade of a server from 9.10 to 10.04. We were on a server version before upgrading to 9.10 but we could not directly upgrade to 10.04 (working upgrade paths are very specific; see a list here: https://help.ubuntu.com/community/UpgradeNotes )

The most surprising part was the python script at the end.

  /usr/bin/python /tmp/unique-folder/lucid --mode=server --frontend=DistUpgradeViewText

The command line itself is not specifically strange. However, the behavior at the end of the script is a bit strange, mainly because I hadn't see it before. Last time the upgrade was

[info] Subsequent (No.7) HTTPS request received for child 0 (server secure.m2osw.com:443)

The other day I was looking for an error in Apache error logs and I noticed an error that was repeated over and over again:

[info] Initial (No.1) HTTPS request received for child 5 (server secure.m2osw.com:443)
[info] Initial (No.1) HTTPS request received for child 0 (server secure.m2osw.com:443)
[info] Initial (No.1) HTTPS request received for child 7 (server secure.m2osw.com:443)
[info] Initial (No.1) HTTPS request received for child 2 (server secure.m2osw.com:443)
[info] Initial (No.1) HTTPS request received for child 4 (server secure.m2osw.com:443)

Notice the pattern? Only one

POSTing multiple files over HTTPS

I've been trying to send a POST to Apache 2.x using cURL. In itself, that's very easy to do. However, I run modsecurity and when cURL sends a POST that's too large, it actually decides to break the transfer down using an Expect: 100-continue header. That in itself sound good.

Some people said that you could override the Expect by adding the curl option to add a header like this:

  curl_setopt($ch, CURLOPT_HTTPHEADER, array('Expect:'));

This sounds all nice, however, it only removes the header from the request, it does not prevent the errors with modsecurity. Not only that, the curl header

imap_open() troubles

I have been trying to get my imap_open() function to connect to my mail server.

The mail server works just fine since I can use it over and over again to receive emails in Thunderbird.

So...

wput, a really bad tool?

The other day, I setup a small script to send file on an FTP. That was a long time since I had done anything like that and was not really thrilled, but I'm working for a client.

The FTP worked pretty well. The upload was going for a while. According to wput, if the connection is lost, it automatically retries and continues the transfer. It got stuck 3 times on me. For hours. No retry. Zilch.

Now, I updated my files on my end and then started the transfer again. Had to wait forever, although that is not the direct fault of wput, when it gets stuck mid-way, it's bad.

Syndicate content Syndicate content

Diverse Realty

Diverse Realty Team

Want a New Home?
Want to Sell Your House?

Call Alex at
+1 (916)
220 6482

Alexis Wilke, Realtor
Salesperson
Lic. # 02024063

Cory Marcus, Broker
Lic. # 01079165

     

Terms of Site Index

Find the page/content you are looking for with our index.

  • Fawn
  • SSL

    Secure Socket Layer, this is a protocol used to transmit secure data between two computers. Both computers will first agree on an encryption secret code, then all the data sent back and forth will be encoded using that code. In order to make it secure, you generate two set of numbers (called keys) one that is public and one that is private. The public key sole purpose is to encrypt the data. The private key sole purpose is to decrypt the data.

  • default
  • icon
  • tripwire