Hacker News with Generative AI: TLS

Practical HTTPS Interception: 20 Years of SSL/TLS Interception (thc.org)
TL;DR: An attacker can trick Let's Encrypt (LE) to issue new TLS certificates for any domain that the attacker intercepts traffic for. The attacker can then decrypt the TLS traffic. This one thing that TLS is supposed to prevent from happening. The fault is that LE uses cleartext HTTP to verify the ACME-challenge (which the attacker can intercept).

Security, HTTPS, TLS, Certificates, Hacking

4 points by ementally 58 days ago | 0 comments

Major authentication providers still doesn't support TLS 1.3 (okta.com)

Security, TLS, Authentication

4 points by Alcatros552 75 days ago | 1 comments

Ask HN: TLS 1.3 and Post-Quantum Encryption for HN? (ycombinator.com)
Could HN benefit from a TLS upgrade, as it's currently at TLS v1.2, (not e.g.: v1.3) (for me, at least)? Also could it benefit from being a leader in implementing post-quantum cryptography?

Security, Cryptography, Hacker News, TLS, Post-Quantum Cryptography

15 points by Azerty9999 92 days ago | 12 comments

Using Kernel TLS (kTLS) (2023) (delthas.fr)
Traditionally, the data path for sending HTTPS traffic is:

Security, Networking, TLS, Cryptography

25 points by 1vuio0pswjnm7 95 days ago | 5 comments

We have an unusual concern when we use Let's Encrypt (utoronto.ca)
One of the bits of recent TLS news is that Let's Encrypt is going to start offering 6-day TLS certificates.

TLS, Security, Let's Encrypt

13 points by speckx 105 days ago | 3 comments

TLS certificates were almost never particularly well verified (utoronto.ca)
Recently there was a little commotion in the TLS world, as discussed in We Spent $20 To Achieve RCE And Accidentally Became The Admins Of .MOBI.

Security, Cryptography, TLS

3 points by valyala 136 days ago | 0 comments

How to inspect TLS encrypted traffic (apnic.net)
Do you want to analyse decrypted TLS traffic in Wireshark or let an Intrusion Detection System (IDS), like Suricata, Snort or Zeek, inspect the application layer data of potentially malicious TLS encrypted traffic?

Network Security, TLS, Traffic Analysis, Intrusion Detection

14 points by belter 152 days ago | 0 comments

Rustls Outperforms OpenSSL and BoringSSL (memorysafety.org)
ISRG has been investing heavily in the Rustls TLS library over the past few years. Our goal is to create a library that is both memory safe and a leader in performance.

Rust, TLS, Performance, Security

154 points by jaas 162 days ago | 44 comments

Just want simple TLS for your .internal network? (github.com/nh2)
Safely shareable TLS root CA for .internal networks using Name Constraints

Security, .NET, Networks, TLS, Certificates

245 points by nh2 166 days ago | 141 comments

WebPKI – Introduce Schedule of Reducing Validity (Of TLS Server Certificates) (github.com/cabforum)
Subscriber Certificates issued on or after 1 September 2020 SHOULD NOT have a Validity Period greater than 397 days and MUST NOT have a Validity Period greater than 398 days.

Security, Web Certificates, TLS, Cryptography, Internet

7 points by nickf 173 days ago | 2 comments

Google calls for halting use of WHOIS for TLS domain verifications (arstechnica.com)
Certificate authorities and browser makers are planning to end the use of WHOIS data verifying domain ownership following a report that demonstrated how threat actors could abuse the process to obtain fraudulently issued TLS certificates.

Security, Cybersecurity, Domain Verification, TLS, Internet

12 points by pseudolus 193 days ago | 3 comments

Show HN: Pyrtls, rustls-based modern TLS for Python (github.com/djc)
pyrtls provides bindings to rustls, a modern Rust-based TLS implementation with an API that is intended to be easy to use to replace the ssl module (but not entirely compatible with it).

Python, TLS, Security, Rust, Open Source

22 points by dochtman 201 days ago | 1 comments

Telekom Security: Revocation delay for TLS certificates (mozilla.org)

Security, TLS, Certificates

54 points by MaKey 257 days ago | 15 comments

Telekom Security: Revocation delay for TLS certificates (mozilla.org)

Security, TLS, Certificates

7 points by asimops 257 days ago | 0 comments

Inspect TLS encrypted traffic using mitmproxy and Wireshark (koyeb.com)

Network Security, TLS, Debugging, Security Tools

39 points by wofo 267 days ago | 5 comments