Tagssl

CRIME Attack

SSL is now vulnerable to session hijacking in some circumstances. If your site runs SSL/TLS, the compression needs to be off.

 

http://threatpost.com/en_us/blogs/crime-attack-uses-compression-ratio-tls-requests-side-channel-hijack-secure-sessions-091312

http://security.stackexchange.com/questions/19911/crime-how-to-beat-the-beast-successor/19914#19914

 

Haproxy SSL support

Finally. Haproxy added native SSL support. You could always use stunnel which made for a pretty ugly configuration, though I tended to prefer Nginx, which does a pretty effective job at SSL termination.

In any case, assuming the performance is on par, this is a key new feature in a product which is already a rock solid load balancer and is as good at core functions as any commercial product.

http://blog.exceliance.fr/2012/09/04/howto-ssl-native-in-haproxy/

 

 

SSL decryption

This is a useful technique. The need to decrypt SSL traffic from packet dumps comes up pretty frequently.

http://www.imperialviolet.org/2012/06/25/wireshark.html

 

© 2017 Mind End

Theme by Anders NorenUp ↑