Profile cover photo
Profile photo
Nikos Mavrogiannopoulos
246 followers
246 followers
About
Posts

Post has attachment
GnuTLS and TLS 1.3
GnuTLS already contains support for the latest TLS 1.3 draft (draft-ietf-tls-tls13-26) on its master git branch. TLS 1.3 will be included and enabled by default in the upcoming 3.6.3 release, once the final version of TLS 1.3 protocol is published. One of o...
Add a comment...

Post has attachment
An overview of GnuTLS 3.6.0
The new 3.6.0 GnuTLS release contains several new features, back-end changes and clean ups. This is a release which re-spins the so-called 'stable-next' branch, meaning that once considered stable enough, this branch will replace the current stable branch. ...
Add a comment...

Post has attachment
The mess with internationalized domain names
While internationalized domain names (DNS names) are not common in the English speaking world, they exist and their use was standardized by IETF's IDNA standards. I first found out the existence of that possibility while reading the IETF's best practices fo...
Add a comment...

Post has attachment
Improving by simplifying the GnuTLS PRNG
One of the most unwanted baggages for crypto implementations written prior to this decade is the (pseudo-)random generator, or simply PRNG. Speaking for GnuTLS, the random generator was written at a time where devices like /dev/urandom did not come by defau...
Add a comment...

Post has attachment
Using the Nitrokey HSM with GnuTLS applications
The Nitrokey HSM is an open hardware security module, in the form of a smart card token, which is used to isolate a server's private key from the application. That is, if you have an HTTPS server, such a hardware security module will prevent an attacker whi...
Add a comment...

Post has attachment
A brief look at the Linux-kernel random generator interfaces
Most modern operating systems provide a cryptographic pseudo-random number generator (CPRNG), as part of their OS kernel, intended to be used by applications involving cryptographic operations. Linux is no exception in that, and in fact it was the first ope...
Add a comment...

Post has attachment
Restricting the scope of CA certificates
The granting of an intermediate CA certificate to a surveillance firm generated quite some fuss . Setting theories aside, the main reason behind that outcry, is the fact that any intermediate CA certificate trusted by the browsers has unlimited powers to ce...
Add a comment...

Post has attachment
An overview of the new features in GnuTLS 3.5.0
Few minutes ago I've released GnuTLS 3.5.0. This is the stable-next branch of GnuTLS which will replace the stable GnuTLS 3.4.x branch within a year. It is fully backwards compatible and comes with several new features, the most prominent I'll summarize lat...
Add a comment...

Post has attachment
Why do we need SSL VPNs today?
One question that has been bothering me for quite a while, is why do we need SSL VPNs? There is an IETF standardized VPN type, IPSec, and given that, why do SSL VPNs still get deployed? Why not just switch everything to IPSec? Moreover, another important qu...
Add a comment...

Post has attachment
Wait while more posts are being loaded