Tag Archives: OpenSSL

TLS 1.3 Released: Most secure Web based communication protocol – Now Available

Just saw the tweet… IETF finally released the long-awaited TLS 1.3 version of the secure Web communication, considered to be the most secure protocol specification that assures high-degree of security, privacy and also faster performance compared to its predecessor TLS 1.2. The most compelling features of TLS 1.3 : More secure, removed out-dated algorithms previously had known vulnerabilities from TLS cipher… Read more »

Post-quantum Cryptography: Impacts, Algorithms, and Hybrid Approaches!

After a week-long dose of non-stop security adventure, I am back from RSA Conference….and here is my quick dump on PQC!  “Post-quantum Cryptography (PQC) and strategies that resist quantum computer attacks on Public Key Cryptography” was one of the hottest topics discussed in Cryptographer’s panel and almost all cryptography panels and sessions – Not surprised at all!  While we do… Read more »

TLS 1.3 Approved – Let’s get ready for much faster and secure HTTPS connections !

It’s been few years now, the IETF’s TLS 1.3 standardization effort always looked like a never-ending story. Glad to note the wait is over. After 28 drafts for review, last week IETF finally ratified TLS 1.3 as an approved standard.  Indeed, TLS 1.3 promises significantly faster SSL/TLS performance and a much secure communication protocol standard ever before!  It also brings a radical change… Read more »

Encryption and Key Management in AWS – Comparing KMS vs. CloudHSM

A secure data protection using encryption depends more on secure key management processes than the encryption itself. Although enabling encryption looks quite trivial, managing the underlying Key management lifecycle processes and handling the associated cryptographic operations always been a daunting challenge! The challenges are too many till we really know..beginning from key generation and issuance, key ownership, key usage, privileged… Read more »

Unleashing SSL Acceleration and Reverse-Proxying with Kernel SSL (KSSL)

Last few weeks, I have been pulled into an interesting gig for demonstrating security for _____  SOA/XML Web Services and Java EE applications…. so I had a chance to play with some untold security features of Solaris 10. KSSL is one of the unsung yet powerful security features of Solaris 10.  As the name identifies, KSSL is a Solaris Kernel Module that… Read more »

Encrypted ZFS Automatic Snapshots to Amazon S3 Cloud

 Are you test driving Amazon S3 cloud as your backup storage and worried about your data security ?  Now, Amazon S3 users can have a compelling encrypted backup solution by adopting to OpenSolaris and ZFS.  Few months ago, I had my first experience with ZFS Automatic Snapshots which allows to backup and preserve the filesystem at timed intervals.  Last week I noted from Glenn Brunette that… Read more »

Demystifying MySQL Security for Web 2.0: Part 2

Access control exploits, user credential exposures and related security compromises are becoming increasingly common in Web 2.0 world ! Most of these issues pertain to broken or insufficient authentication controls and flawed credential management that allows attackers to compromise vulnerable applications by stealing or manipulating credentials such as passwords, keys, session cookies and/or impersonating another user through forged or guessed credentials.  Any such access control… Read more »

Demystifying MySQL Security for Web 2.0: Part 1

Web 2.0 applications are proliferating and it has become widely popular for delivering dynamic user-generated content, information collaboration, data mashups, social networking and Web services. Building security for Web 2.0 applications pose several daunting challenges to Web 2.0 developers as these applications are publicly accessible and it blindly opens door to several intentional/unintentional abuses and malicious practices including data interception and manipulation by… Read more »

OpenSSL as Certificate Authority/SSL Test Kit: Quick Cheatsheet

I always had a love and hate interest with using OpenSSL ! But I should agree that it did help me many times…whenever I wanted to quickly test-drive my craziest ideas with PKI certificates. Couple of things I like about OpenSSL is its tools/utilities for testing as equivalent to a commerecial-grade CA and its FIPS-140 compliance. Also, I always get… Read more »