Hacker News with Generative AI: TLS

TLS certificates were almost never particularly well verified (utoronto.ca)
Recently there was a little commotion in the TLS world, as discussed in We Spent $20 To Achieve RCE And Accidentally Became The Admins Of .MOBI.

Security, Cryptography, TLS

3 points by valyala 4 days ago | 0 comments

How to inspect TLS encrypted traffic (apnic.net)
Do you want to analyse decrypted TLS traffic in Wireshark or let an Intrusion Detection System (IDS), like Suricata, Snort or Zeek, inspect the application layer data of potentially malicious TLS encrypted traffic?

Network Security, TLS, Traffic Analysis, Intrusion Detection

14 points by belter 20 days ago | 0 comments

Rustls Outperforms OpenSSL and BoringSSL (memorysafety.org)
ISRG has been investing heavily in the Rustls TLS library over the past few years. Our goal is to create a library that is both memory safe and a leader in performance.

Rust, TLS, Performance, Security

154 points by jaas 30 days ago | 44 comments

Just want simple TLS for your .internal network? (github.com/nh2)
Safely shareable TLS root CA for .internal networks using Name Constraints

Security, .NET, Networks, TLS, Certificates

245 points by nh2 34 days ago | 141 comments

WebPKI – Introduce Schedule of Reducing Validity (Of TLS Server Certificates) (github.com/cabforum)
Subscriber Certificates issued on or after 1 September 2020 SHOULD NOT have a Validity Period greater than 397 days and MUST NOT have a Validity Period greater than 398 days.

Security, Web Certificates, TLS, Cryptography, Internet

7 points by nickf 42 days ago | 2 comments

Google calls for halting use of WHOIS for TLS domain verifications (arstechnica.com)
Certificate authorities and browser makers are planning to end the use of WHOIS data verifying domain ownership following a report that demonstrated how threat actors could abuse the process to obtain fraudulently issued TLS certificates.

Security, Cybersecurity, Domain Verification, TLS, Internet

12 points by pseudolus 61 days ago | 3 comments

Show HN: Pyrtls, rustls-based modern TLS for Python (github.com/djc)
pyrtls provides bindings to rustls, a modern Rust-based TLS implementation with an API that is intended to be easy to use to replace the ssl module (but not entirely compatible with it).

Python, TLS, Security, Rust, Open Source

22 points by dochtman 69 days ago | 1 comments

Telekom Security: Revocation delay for TLS certificates (mozilla.org)

Security, TLS, Certificates

54 points by MaKey 125 days ago | 15 comments

Telekom Security: Revocation delay for TLS certificates (mozilla.org)

Security, TLS, Certificates

7 points by asimops 125 days ago | 0 comments

Inspect TLS encrypted traffic using mitmproxy and Wireshark (koyeb.com)

Network Security, TLS, Debugging, Security Tools

39 points by wofo 136 days ago | 5 comments