Today's Question:  What's your opinion about Alibaba mooncake incident?        GIVE A SHOUT

SEARCH KEYWORD -- SSL



  SSL in PHP for WAMP


Sometimes when we need to use email service provided by WAMP, we need to use some remote mail server such as Gmail. In Gmail, if we want to use the SMTP server to send email and want to use port 465, then the SSL connection should be setup. But by default in WAMP, the ssl is not usable. So to allow use SSL, what we should do is go to system tray and click PHP->PHP Extensions->php_openssl. Then now you can use Gmail to send email easily....

   Email,Php,Gmail,SSL,WAMP,SMTP     2011-03-24 11:56:37


  Severe SSL 3.0 vulnerability to be released


According to The Register, another severe security vulnerability has been found in the widely used SSL v3 protocol. Until now, it's still in patch phase and the details of this vulnerability is expected to be released today. There are a few widely impacted security vulnerabilities revealed this year and they bring people's attention to the long existing security concerns. Previously, we have seen the HeartBleed issue and also the recently ShellShock issue. Both of them occur in popular libraries...

   SSL,Security vulnerability, The Register     2014-10-14 22:22:39


  A new SSL 3.0 vulnerability named POODLE is released


Today a new SSL v3 security vulnerability is released by Google and it affects all products which is using SSL v3 protocol as this vulnerability is introduced by a design flaw. Google revealed details of the design flaw on Tuesday, and dubbed it POODLE – short for Padding Oracle On Downgraded Legacy Encryption. It is a blunder within the blueprints of SSL 3.0 rather than a software bug, so it affects any product following the protocol – from Google Chrome and Mozilla Firefox to Micro...

   SSL v3, vulnerability, Google, POODLE     2014-10-15 04:48:59


  Resolving SVN error "Error validating server certificate for..."


When using SVN to connect secure server, the server needs to send its certificate to the client for verification. In some cases, the certificate sent by the server is not a trusted certificate, the client may choose to trust the certificate if the server is target server for sure.  But users may get "Error validating server certificate for 'https://...'" the next time when they try to connect to the same secure server even if they specified "p" the first time when they are prompted to accep...

   SSL,SVN,SVN.SSL.SERVER     2016-06-27 07:36:49


  HeartBleed: OpenBSD now starts to clean up OpenSSL


Since the disclosure of HeartBleed bug in OpenSSL, some arguments emerge around the safety of OpenSSL, the largest open source SSL/TLS library used by large number of servers, applications. Some people are even starting to create their own version of SSL library. This includes OpenBSD, a famous Unix like open source operating system. Just a few days after the HeartBleed bug, OpenBSD forked a new branch of OpenSSL and started to clean up the forked branch and plans to merge it to its own cod...

   HeartBleed,OpenBSD     2014-04-15 04:21:26


  Resolving error "SSL certificate problem: self signed certificate in certificate chain"


In a PHP application, cURL is frequently used to make connection to remote server to request some resource. It can be used to transfer data with different protocols such as HTTP, HTTPS, FTP etc. While using cURL in PHP, someone may get an error with message similar to "SSL certificate problem: self signed certificate in certificate chain". This may happen when cURL tries to make a SSL connection server and the server returns a server certificate which is self-signed and it's not trusted by the c...

   PHP,SSL,CURL,TWILIO     2016-06-26 07:17:23


  A HTTPS client and HTTPS server demo in Java


In this post, I will create a HTTPS server and HTTPS client demo which can establish HTTPS communication between a server and a client using Java. This should be very useful when we want to test our understanding about SSL communication. We will use both a detailed SSL client and a simple HttpsURLConnection as the HTTPS client. Before creating the actual HTTPS server and HTTPS client, we first need to generate the keystore and truststore to be used by the server and client. To generate the keyst...

   SSL,HTTPS,JAVA,DEMO     2015-10-23 09:04:36


  HeartBleed: Should C be blamed for the HeartBleed bug?


There is a discussion about the security of applications written in C on Hacker News recently after the report of HeartBleed bug in OpenSSL. In this discussion, some people are saying that the applications written in C are unsafe. It seems all or most of the faults should be laid on C. I think this is biased. The language itself should not be blamed.Safety is a relative term for programming languages. No language is absolutely safe. We claim some languages like Java and C# are safer than C/C++ b...

   C,HeartBleed,Analysis,Code review     2014-04-14 03:52:55


  Introduction to DTLS(Datagram Transport Layer Security)


Secure communication has become a vital requirement on the Internet. Lots of information transferred through the Internet are sensitive data such as financial transactions, medical information, media streaming etc. To ensure security of data transferred on the Internet, a few secure protocols have been designed including SSL/TLS and IPsec. Many large websites in the world have adopted TLS. Apart from SSL/TLS, there is some other protocol designed to be used in special cases. One of them is ...

   JAVA 9,DTLS,TLS,SECURITY     2016-04-02 05:55:36


  Three Simple Ways to Improve the Security of Your Web App


It seems like web app security has entered the public conscious recently, probably as a result of the press covering the activities of groups like Anonymous and incidents like security breaches at several CAs. Here are a couple of quick security tips to improve the security of your web apps. Think of these as low-hanging fruit, not as a substitute for thorough analysis of your app’s security. If there’s interest in this topic we can do more posts, too - let us know in the comments! Pro...

   Web app,Security,X-FRAME-OPTIONS,SSL     2011-12-08 10:10:20