Tag: ssl

  • Postfix & Courier & Letsencrypt

    First of all, create your certificates (the regular way). I created one with multiple domains: webmail.rootspirit.com, mail.rootspirit.com, smtp.rootspirit.com. In my case, as the mailserver and webserver are behind a proxy (postfix, imap, Roundcube Webmail), I create the certificate on the proxy (nginx) and scp the cert to the mail server. All this is automated with…

  • Gmail & Postfix: unencrypted emails?

    If you’re running Postfix, add this line to main.cf: smtp_tls_security_level = may Restart Postfix, and retry. PS: You can set encrypt instead of may — but this can cause issues with Amavis and/or SpamAssassin.

  • Belgian banks & SSL — part 5

    Minor end of year update. No big SSL exploits have been released since (bar DH, see below). Once again, this is testing the public websites I can access. There might be other gateways, APIs, etc that are not (as) secure. It’s worthy to note that some banks are serious about security and fixing their SSL.…

  • Belgian bank & SSL slashdot effect

    Belgian bank & SSL slashdot effect

    Quick wrap up of the slashdot effect 10 days ago. A peak of 12k views on Monday 16/02, with a small buildup on Sunday (15/02). The top pages were Part 3, Part 1, Part 4 and Part 2 respectively. De Redactie is the highest referrer, surpassing De Morgen (first to publish in printed media, front page)…

  • Belgian banks & SSL — part 4

    Because of the mediastorm it’s time for an update. The previous (1, 2, 3) blog posts are outdated! I’ll do my usual slashdot-effect post in a couple of days (it’s already at 10k views today). Banks that changed rank since last post (all for the better): 16/02/2015: Keytrade: B to A Hello Bank!: C to A ING:…

  • Belgian banks & SSL — part 3

    EDIT: ING is now A- (not reflected in this blog post). EDIT 2: Keytrade & Hello Bank also went to A. I’ll post a new blog post later tonight. EDIT 3: Updated post here. Part three, or how I single-handedly “fixed” SSL at the Belgian banks. 😉 Part one and two are available here. Not related…

  • Belgian banks & SSL — part 2

    I previously wrote about Belgian banks & SSL. Updated version (15/02/2015) here. Going through my Google Analytics I noticed some noteworthy network domains, which Google discribes as “The fully qualified domain names of your visitors’ Internet service providers (ISPs)”. There are a few more (Belgian) government institutions and universities, and the top in the list are “(not…

  • Belgian banks & SSL

    Tested using SSL Labs on 20/01/2015. Updated version 01/02/2015 here and 15/02/2015 here. Only providing the weak points. Once there is one SHA1 key in the chain, I will report everything as weak. Check SSL Labs for a full report, including what they actually did good (if anything). Grade A Rabobank (A+): no known issues. Support for HTTP…

  • blog over ssl

    Starting a SSL test on this domain as of today. Free cert by StartSSL. SSL is clearly the new hype, and this time I won’t be last to join it! 😉 Just going to check how much (if any) SSL slows down my site. Every http requests gets automatically rewritten to https.