eupolicy.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
This Mastodon server is a friendly and respectful discussion space for people working in areas related to EU policy. When you request to create an account, please tell us something about you.

Server stats:

214
active users

#ssl

1 post1 participant0 posts today
🇪🇺 EUropean 🇪🇺 🇺🇦<p>Hello Fedizens,</p><p>One way to fulfill <a href="https://friendica.world/search?tag=unplugtrump" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>unplugtrump</span></a> is to setup own timeserver in the local network.</p><p>Some people had questions, when you have VPN to your local network which has no public websites and platforms.</p><p>Is it necessary to enable SSL on local network?</p><p>If yes, are there tutorials to enable SSL with IP addresses or servernames? We aware that administration requires experts and skills on a special grade of complexity, but this is something beginners could handle.</p><p>Some Apps like smart homes, local clouds, Multi apps like ferdium deny self signed certificates.</p><p><a href="https://friendica.world/search?tag=fedipower" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fedipower</span></a> <a href="https://friendica.world/search?tag=homeserver" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>homeserver</span></a> <a href="https://friendica.world/search?tag=SSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SSL</span></a></p>
Douglas<p>Nice. I got all of the DNS records for one of my domains shifted away from my web host's DNS server to Cloudflare and everything including SSL is working now.</p><p>The key was I had to turn off proxy for individual DNS records on <a href="https://mastodon.social/tags/cloudflare" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cloudflare</span></a> and then deleted and re add <a href="https://mastodon.social/tags/letsEncrypt" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>letsEncrypt</span></a> <a href="https://mastodon.social/tags/SSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SSL</span></a> certificates. Then turn back on the proxy setting on the DNS records and everything is good! </p><p>This should allow me to get an SSL certificate to add to my <a href="https://mastodon.social/tags/ubiquiti" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ubiquiti</span></a> router via Cloudflare.</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://oldbytes.space/@drscriptt" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>drscriptt</span></a></span> granted, we all want <code>203.0.113.1</code>¹ to have <a href="https://infosec.space/tags/SSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SSL</span></a> / <a href="https://infosec.space/tags/TLS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TLS</span></a> (even if it's just <span class="h-card" translate="no"><a href="https://infosec.exchange/@letsencrypt" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>letsencrypt</span></a></span> ) work than not work or have no <a href="https://infosec.space/tags/encryption" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>encryption</span></a>.</p><ul><li>That is not up for debate!</li></ul><p>I just think that this will <em>reward previously standards-violating behaviours</em> when i.e. <code>Xavier Sample Solutions</code> don't get nudged to use i.e. <code>api.solutions.example</code>² but can just use their IP addresses.</p><ul><li>Feels like companies take pride in copying <a href="https://infosec.space/tags/ClownFlare" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ClownFlare</span></a>'s <a href="https://infosec.space/tags/EgoTrip" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EgoTrip</span></a> who put their <a href="https://infosec.space/tags/DNS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DNS</span></a> &amp; <a href="https://infosec.space/tags/domain" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>domain</span></a> on <a href="https://1.1.1.1" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">1.1.1.1</span><span class="invisible"></span></a> …</li></ul><p>¹ Example as per <a href="https://datatracker.ietf.org/doc/rfc5737/" rel="nofollow noopener" target="_blank">RFC5737</a> <br>² Example as per <a href="https://www.rfc-editor.org/rfc/rfc2606" rel="nofollow noopener" target="_blank">RFC2606</a></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://ipv6.social/@miyuru" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>miyuru</span></a></span> I think putting <a href="https://infosec.space/tags/SSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SSL</span></a> on IPs is a feature regression.</p><ul><li>People who can't setup <a href="https://infosec.space/tags/DNS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DNS</span></a> properly shouldn't handle <a href="https://infosec.space/tags/SSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SSL</span></a> anyway.</li></ul>
Clockwork ☃️✒️<p><span class="h-card" translate="no"><a href="https://livellosegreto.it/@novilunio" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>novilunio</span></a></span> </p><p>💾 English version on my blog:</p><p>Since <span class="h-card" translate="no"><a href="https://writing.exchange/@alxd" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>alxd</span></a></span> introduced me to the concept, I scoured the <a href="https://sociale.network/tags/SSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SSL</span></a> <a href="https://sociale.network/tags/SolarpunkSeedLibrary" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SolarpunkSeedLibrary</span></a> to explore which <a href="https://sociale.network/tags/hieroglyphs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hieroglyphs</span></a> were most common and which were absent.</p><p>Here's some analysis and ideas for other fellow solarpunks!</p><p><a href="https://noblogo.org/clockwork/solarpunk-hieroglyphs" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">noblogo.org/clockwork/solarpun</span><span class="invisible">k-hieroglyphs</span></a></p>
jbz<p>🔐 Let’s Encrypt Begins Supporting IP Address Certificates • Linuxiac</p><p><a href="https://linuxiac.com/lets-encrypt-begins-supporting-ip-address-certificates/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">linuxiac.com/lets-encrypt-begi</span><span class="invisible">ns-supporting-ip-address-certificates/</span></a></p><p><a href="https://indieweb.social/tags/letsencrypt" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>letsencrypt</span></a> <a href="https://indieweb.social/tags/selfhosting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>selfhosting</span></a> <a href="https://indieweb.social/tags/ssl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ssl</span></a></p>
Suhail<p>Just spent hours debugging what looked like an OpenTelemetry context detach error in my ADK + MCP setup. Went down rabbit holes trying to fix async redherring, cancel scopes, and tracing configs.</p><p>Plot twist: It was just a self-signed SSL cert on our staging server 🤦‍♂️</p><p>The real issue was buried 50 lines deep in the logs. Sometimes the loudest error isn't the root cause - it's just a symptom.</p><p><a href="https://fosstodon.org/tags/debugging" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>debugging</span></a> <a href="https://fosstodon.org/tags/python" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>python</span></a> <a href="https://fosstodon.org/tags/ssl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ssl</span></a> <a href="https://fosstodon.org/tags/troubleshooting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>troubleshooting</span></a> <a href="https://fosstodon.org/tags/redherring" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>redherring</span></a></p>
PrivacyDigest<p>Let's <a href="https://mas.to/tags/Encrypt" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Encrypt</span></a> rolls out free IP address <a href="https://mas.to/tags/certificates" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>certificates</span></a> • The Register</p><p>Let's Encrypt, a <a href="https://mas.to/tags/CertificateAuthority" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CertificateAuthority</span></a> (CA) known for its free TLS/SSL certificates, has begun issuing digital certificates for IP addresses. </p><p>It's not the first CA to do so. <a href="https://mas.to/tags/PositiveSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PositiveSSL</span></a> , <a href="https://mas.to/tags/Sectigo" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Sectigo</span></a>, and <a href="https://mas.to/tags/GeoTrust" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GeoTrust</span></a> all offer TLS/SSL certificates for use with IP addresses, at prices ranging from $40 to $90 or so annually. But Let's Encrypt does so at no cost.<br><a href="https://mas.to/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://mas.to/tags/tls" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tls</span></a> <a href="https://mas.to/tags/ssl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ssl</span></a> <a href="https://mas.to/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>privacy</span></a></p><p><a href="https://www.theregister.com/2025/07/03/lets_encrypt_rolls_out_free/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">theregister.com/2025/07/03/let</span><span class="invisible">s_encrypt_rolls_out_free/</span></a></p>
Inautilo<p><a href="https://mastodon.social/tags/Development" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Development</span></a> <a href="https://mastodon.social/tags/Announcements" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Announcements</span></a><br>Our first IP address certificate · Let’s Encrypt starts rolling out the new option <a href="https://ilo.im/16530s" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">ilo.im/16530s</span><span class="invisible"></span></a></p><p>_____<br><a href="https://mastodon.social/tags/LetsEncrypt" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LetsEncrypt</span></a> <a href="https://mastodon.social/tags/CA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CA</span></a> <a href="https://mastodon.social/tags/IpAddress" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IpAddress</span></a> <a href="https://mastodon.social/tags/Certificate" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Certificate</span></a> <a href="https://mastodon.social/tags/SSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SSL</span></a> <a href="https://mastodon.social/tags/TLS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TLS</span></a> <a href="https://mastodon.social/tags/HTTPS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HTTPS</span></a> <a href="https://mastodon.social/tags/WebDev" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WebDev</span></a> <a href="https://mastodon.social/tags/Frontend" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Frontend</span></a> <a href="https://mastodon.social/tags/Backend" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Backend</span></a></p>
Clockwork ☃️✒️<p>🍝 Parlando di cose migliori: ho contribuito al progetto della <a href="https://sociale.network/tags/Biblioteca" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Biblioteca</span></a> dei Semi Narrativi di <span class="h-card" translate="no"><a href="https://writing.exchange/@alxd" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>alxd</span></a></span> : ora potete consultare tutte le voci anche in italiano!</p><p><a href="https://storyseedlibrary.org/it" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">storyseedlibrary.org/it</span><span class="invisible"></span></a></p><p>Se avete bisogno di <a href="https://sociale.network/tags/illustrazioni" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>illustrazioni</span></a> <a href="https://sociale.network/tags/solarpunk" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>solarpunk</span></a> per i vostri progetti, la <a href="https://sociale.network/tags/SSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SSL</span></a> è piena di opere fantastiche, tutte copyleft! Pescatene a piene mani e, se conoscete qualche altra lingua, fatevi avanti e traducete! È questione di qualche pomeriggio 😄</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@cR0w" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>cR0w</span></a></span> too many.</p><ul><li>Jist like there are way too many applications suceptible to the <a href="https://infosec.space/tags/CryptoAPI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CryptoAPI</span></a> <a href="https://infosec.space/tags/backdoor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>backdoor</span></a> of <a href="https://infosec.space/tags/Windows" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Windows</span></a>.</li></ul><p><a href="http://github.com/kkarhan/windows-ca-backdoor-fix" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">http://</span><span class="ellipsis">github.com/kkarhan/windows-ca-</span><span class="invisible">backdoor-fix</span></a></p><p>So far testing by <span class="h-card" translate="no"><a href="https://social.heise.de/@ct_Magazin" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>ct_Magazin</span></a></span> / <span class="h-card" translate="no"><a href="https://social.heise.de/@heiseonline" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>heiseonline</span></a></span> (and myseof later on) revealed only few <a href="https://infosec.space/tags/Apps" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Apps</span></a> not vulnerable to this specifics <a href="https://infosec.space/tags/Govware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Govware</span></a>:</p><ul><li><a href="https://infosec.space/tags/Firefox" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Firefox</span></a> (uses <span class="h-card" translate="no"><a href="https://mastodon.cc/@Mozilla" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>Mozilla</span></a></span> / <span class="h-card" translate="no"><a href="https://mastodon.social/@mozilla_support" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>mozilla_support</span></a></span> / <a href="https://infosec.space/tags/Mozilla" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Mozilla</span></a> <a href="https://infosec.space/tags/NSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NSS</span></a> &amp; has it's own <a href="https://infosec.space/tags/SSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SSL</span></a> certificate storage)</li><li><span class="h-card" translate="no"><a href="https://mastodon.online/@thunderbird" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>thunderbird</span></a></span> (Mozilla NSS)</li><li><span class="h-card" translate="no"><a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>torproject</span></a></span> / <a href="https://infosec.space/tags/TorBrowser" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TorBrowser</span></a> (Mozilla NSS; custom certificates)</li><li><a href="https://infosec.space/tags/curl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>curl</span></a> (uses <span class="h-card" translate="no"><a href="https://mastodon.social/@bagder" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>bagder</span></a></span> <a href="https://infosec.space/tags/WolfSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WolfSSL</span></a> and manages it's own certs)</li></ul><p>Anything else that uses the CryptoAPI is, espechally *all <a href="https://infosec.space/tags/Chromium" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Chromium</span></a>-Forks (aka. All Browsers except Firefox, Tor Browser, <a href="https://infosec.space/tags/dillo" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dillo</span></a>, <a href="https://infosec.space/tags/LynxBrowser" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LynxBrowser</span></a>…)</p>
Wireshark<p>The final day of SharkFest’25 US pre-conference classes are well underway! <span class="h-card" translate="no"><a href="https://infosec.exchange/@packetjay" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>packetjay</span></a></span> and Sake Blok are teaching classes about <a href="https://ioc.exchange/tags/TCP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TCP</span></a> and <a href="https://ioc.exchange/tags/SSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SSL</span></a>/TLS troubleshooting.</p>
Joost van Baal-Ilić<p>"From a sysadmin and operations perspective: What a stupid change. In the perfect cloud native, fully automated fantasy land, this might work and not even generate that much overhead work. In the real world, this will generate lots of manual work. At least, until folks replace their legacy hardware and manufacturers patch their shit." <a href="https://www.theregister.com/2025/04/14/ssl_tls_certificates/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">theregister.com/2025/04/14/ssl</span><span class="invisible">_tls_certificates/</span></a> <a href="https://mastodon.green/tags/certbot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>certbot</span></a> <a href="https://mastodon.green/tags/acme" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>acme</span></a> <a href="https://mastodon.green/tags/ssl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ssl</span></a></p>
ASX Mkt. Sensitive<p>Sietel ( <a href="https://mastodon-grafa.social/tags/SSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SSL</span></a> ) has released " Half Yearly Reports and Accounts " on Fri 23 May at 09:55 AEST <a href="https://mastodon-grafa.social/tags/tax" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tax</span></a> <a href="https://mastodon-grafa.social/tags/government" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>government</span></a> <a href="https://mastodon-grafa.social/tags/trading" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>trading</span></a> <a href="https://mastodon-grafa.social/tags/Mining" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Mining</span></a> <a href="https://mastodon-grafa.social/tags/Australia" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Australia</span></a> <br><a href="https://grafa.com/asset/sietel-ltd-4451-ssl.asx?utm_source=asxmktsensitive&amp;utm_medium=mastodon&amp;utm_campaign=ssl.asx" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">grafa.com/asset/sietel-ltd-445</span><span class="invisible">1-ssl.asx?utm_source=asxmktsensitive&amp;utm_medium=mastodon&amp;utm_campaign=ssl.asx</span></a></p>
mirabilos<p><span class="h-card"><a href="https://polymaths.social/@rl_dane" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>rl_dane</span></a></span> <span class="h-card"><a href="https://mastodon.social/@ShinjiLE" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>ShinjiLE</span></a></span> if you or someone else wants to help argue, the thread is at <a href="https://community.letsencrypt.org/t/do-not-remove-tls-client-auth-eku/237427" rel="nofollow noopener" target="_blank">https://community.letsencrypt.org/t/do-not-remove-tls-client-auth-eku/237427</a> (Discourse, so JS webbrowser), I’m exhausted.</p><p><a href="https://toot.mirbsd.org/tags/letsencrypt" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LetsEncrypt</span></a> <a href="https://toot.mirbsd.org/tags/ssl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SSL</span></a> <a href="https://toot.mirbsd.org/tags/tls" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TLS</span></a> <a href="https://toot.mirbsd.org/tags/certificates" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>certificates</span></a> <a href="https://toot.mirbsd.org/tags/x509" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>X509</span></a> <a href="https://toot.mirbsd.org/tags/x509v3" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>X509v3</span></a> <a href="https://toot.mirbsd.org/tags/sendmail" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sendmail</span></a> <a href="https://toot.mirbsd.org/tags/smtp" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SMTP</span></a> <a href="https://toot.mirbsd.org/tags/xmpp" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>XMPP</span></a> <a href="https://toot.mirbsd.org/tags/jabber" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Jabber</span></a></p>
Lars Marowsky-Brée 😷<p>Firefox *finally* supports mTLS / SSL client certificates on Android! 🥳 </p><p>It only took a dozen years, but who is counting. (Me. I was counting.)</p><p>That was a blocker in some of my use cases still forcing Chrome, so ... 🎉</p><p><a href="https://bugzilla.mozilla.org/show_bug.cgi?id=868370" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">bugzilla.mozilla.org/show_bug.</span><span class="invisible">cgi?id=868370</span></a></p><p><a href="https://mastodon.online/tags/mTLS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>mTLS</span></a> <a href="https://mastodon.online/tags/SSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SSL</span></a> <a href="https://mastodon.online/tags/Firefox" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Firefox</span></a> <a href="https://mastodon.online/tags/Mozilla" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Mozilla</span></a> <a href="https://mastodon.online/tags/MozillaFirefox" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MozillaFirefox</span></a> <a href="https://mastodon.online/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSource</span></a> <a href="https://mastodon.online/tags/Android" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Android</span></a> <a href="https://mastodon.online/tags/Chrome" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Chrome</span></a></p>
LaF0rge<p>In case you haven't seen it yet, check out the analysis of the devastating state of [mostly] modern <a href="https://chaos.social/tags/OpenSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSSL</span></a> by members of haproxy at <a href="https://www.haproxy.com/blog/state-of-ssl-stacks" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">haproxy.com/blog/state-of-ssl-</span><span class="invisible">stacks</span></a> - hard to imagine such massive performance regressions getting into mainline linux distributions unnoticed by the distributors. <a href="https://chaos.social/tags/linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linux</span></a> <a href="https://chaos.social/tags/ssl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ssl</span></a></p>
Peter N. M. Hansteen<p>LibreSSL 4.1.0 released <a href="https://www.undeadly.org/cgi?action=article;sid=20250430112153" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">undeadly.org/cgi?action=articl</span><span class="invisible">e;sid=20250430112153</span></a> <a href="https://mastodon.social/tags/openbsd" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>openbsd</span></a> <a href="https://mastodon.social/tags/libressl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>libressl</span></a> <a href="https://mastodon.social/tags/ssl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ssl</span></a> <a href="https://mastodon.social/tags/tls" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tls</span></a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://mastodon.social/tags/openssl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>openssl</span></a> <a href="https://mastodon.social/tags/networking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>networking</span></a> <a href="https://mastodon.social/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>privacy</span></a> <a href="https://mastodon.social/tags/crypto" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>crypto</span></a> <a href="https://mastodon.social/tags/cryptography" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cryptography</span></a></p>
Joaquim Homrighausen<p>Does anyone have experience with LetsEncrypt (certbot) and DNSSEC? 🤔 </p><p>I have an issue with a hostname in a domain (that I do not have admin access to). The domain has a DS record, and certbot complains about invalid CAA this or that.</p><p>I found this, but can't really figure out if this points me to the issue at hand:</p><p><a href="https://community.letsencrypt.org/t/no-caa-dnssec-nonexistence-proof-issuance-failure/99049" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">community.letsencrypt.org/t/no</span><span class="invisible">-caa-dnssec-nonexistence-proof-issuance-failure/99049</span></a></p><p><a href="https://mastodon.online/tags/certbot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>certbot</span></a> <a href="https://mastodon.online/tags/letsencrypt" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>letsencrypt</span></a> <a href="https://mastodon.online/tags/dnssec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dnssec</span></a> <a href="https://mastodon.online/tags/caa" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>caa</span></a> <a href="https://mastodon.online/tags/devops" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>devops</span></a> <a href="https://mastodon.online/tags/sysadmin" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sysadmin</span></a> <a href="https://mastodon.online/tags/ssl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ssl</span></a> <a href="https://mastodon.online/tags/sslcertificate" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sslcertificate</span></a></p>
Valère<p><a href="https://www.digicert.com/blog/tls-certificate-lifetimes-will-officially-reduce-to-47-days" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">digicert.com/blog/tls-certific</span><span class="invisible">ate-lifetimes-will-officially-reduce-to-47-days</span></a> </p><p>The CA/Browser Forum has officially voted to amend the TLS Baseline Requirements to set a schedule for shortening both the lifetime of TLS certificates.</p><p> The maximum certificate lifetime is going down:</p><p>- As of March 15, 2026, the maximum lifetime for a TLS certificate will be 200 days.<br>- As of March 15, 2027, the maximum lifetime for a TLS certificate will be 100 days.<br>- As of March 15, 2029, the maximum lifetime for a TLS certificate will be 47 days. </p><p><a href="https://hostux.social/tags/TLS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TLS</span></a> <a href="https://hostux.social/tags/SSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SSL</span></a></p>