Profile cover photo
Profile photo
Pier Carlo Chiodi
69 followers -
System and Network engineer - Blogger
System and Network engineer - Blogger

69 followers
About
Pier Carlo's posts

Post has attachment
Enabled #DNSSEC? Enable IPv6!

Expect #NAT64/#DNS64 failures otherwise.

by Jen Linkova, Google

Post has attachment

Post has attachment

Post has attachment
Private keys at risk.
Set “UseRoaming no“ in /etc/ssh/ssh_config to disable vulnerable code.
Details: https://www.qualys.com/2016/01/14/cve-2016-0777-cve-2016-0778/openssh-cve-2016-0777-cve-2016-0778.txt

Post has attachment
Finally, I managed to enable HTTPS on my own blog!
I opted for a quick-and-dirty solution based on a self-compiled version of HAProxy in front of WordPress, statically linked to OpenSSL 1.0.2, in order to serve Certificate Transparency information during the TLS setup.

Post has attachment
I released a new version of my web application RIPE Atlas Tracepath: v0.3.0. It reads results from RIPE Atlas traceroute measurements and shows Autonomous Systems that probes go through to reach the target.

Post has attachment
The recent OpenSSL 1.0.2 version added support for Certificate Transparency (CT) RFC6962 by implementing one of the methods that allow TLS clients to receive and verify Signed Certificate Timestamp during the TLS handshake, that is the OCSP response extension. My goal here is to show how to use another method, the signed_certificate_timestamp TLS extension, to gain the same result.

Post has attachment
Problems with mixed SHA-1/SHA-2 intermediate CA: SHA-2 signed chains are treated as insecure by Chrome if a SHA-1 intermediate is cached in the Windows' trust-store.

Post has attachment
Problems with mixed SHA-1/SHA-2 intermediate CA: SHA-2 signed chains are treated as insecure by Chrome if a SHA-1 intermediate is cached in the Windows' trust-store.

Post has attachment
On my blog I had a look at #STARTTLS support among Italian institutional domains MX mail servers.
Wait while more posts are being loaded