Tag: ssl

Postfix & Courier & Letsencrypt

First of all, create your certificates (the regular way). I created one with multiple domains: webmail.rootspirit.com, mail.rootspirit.com, smtp.rootspirit.com. In my case, as the mailserver and webserver are behind a proxy (postfix, imap, Roundcube Webmail), I create the certificate on the proxy (nginx) and scp the cert to the mail server. All this is automated with…

Sunday, June 12, 2016
Gmail & Postfix: unencrypted emails?

If you’re running Postfix, add this line to main.cf: smtp_tls_security_level = may Restart Postfix, and retry. PS: You can set encrypt instead of may — but this can cause issues with Amavis and/or SpamAssassin.

Monday, March 7, 2016
Belgian banks & SSL — part 5

Minor end of year update. No big SSL exploits have been released since (bar DH, see below). Once again, this is testing the public websites I can access. There might be other gateways, APIs, etc that are not (as) secure. It’s worthy to note that some banks are serious about security and fixing their SSL.…

Friday, December 18, 2015
Belgian bank & SSL slashdot effect

Quick wrap up of the slashdot effect 10 days ago. A peak of 12k views on Monday 16/02, with a small buildup on Sunday (15/02). The top pages were Part 3, Part 1, Part 4 and Part 2 respectively. De Redactie is the highest referrer, surpassing De Morgen (first to publish in printed media, front page)…

Saturday, February 28, 2015
Belgian banks & SSL — part 4

Because of the mediastorm it’s time for an update. The previous (1, 2, 3) blog posts are outdated! I’ll do my usual slashdot-effect post in a couple of days (it’s already at 10k views today). Banks that changed rank since last post (all for the better): 16/02/2015: Keytrade: B to A Hello Bank!: C to A ING:…

Monday, February 16, 2015
Belgian banks & SSL — part 3

EDIT: ING is now A- (not reflected in this blog post). EDIT 2: Keytrade & Hello Bank also went to A. I’ll post a new blog post later tonight. EDIT 3: Updated post here. Part three, or how I single-handedly “fixed” SSL at the Belgian banks. 😉 Part one and two are available here. Not related…

Sunday, February 15, 2015
Belgian banks & SSL — part 2

I previously wrote about Belgian banks & SSL. Updated version (15/02/2015) here. Going through my Google Analytics I noticed some noteworthy network domains, which Google discribes as “The fully qualified domain names of your visitors’ Internet service providers (ISPs)”. There are a few more (Belgian) government institutions and universities, and the top in the list are “(not…

Sunday, February 1, 2015
Belgian banks & SSL

Tested using SSL Labs on 20/01/2015. Updated version 01/02/2015 here and 15/02/2015 here. Only providing the weak points. Once there is one SHA1 key in the chain, I will report everything as weak. Check SSL Labs for a full report, including what they actually did good (if anything). Grade A Rabobank (A+): no known issues. Support for HTTP…

Tuesday, January 20, 2015
blog over ssl

Starting a SSL test on this domain as of today. Free cert by StartSSL. SSL is clearly the new hype, and this time I won’t be last to join it! 😉 Just going to check how much (if any) SSL slows down my site. Every http requests gets automatically rewritten to https.

Friday, February 18, 2011