…Banned/whitelist IP checking breaksclients
The following items are the set of security fixes that have been applied since Enterprise Chef 11.0.2:
[ CVE-2013-6393 ] - ml_parser_scan_tag_uri function in scanner.c performs incorrect cast
[ CVE-2013-4353 ] - allows remote TLS servers to cause a denial of service
[ CVE-2013-1900 ] - when using OpenSSL, generates insufficiently random numbers, which might allow remote authenticated users to have an unspecified impact via vectors related to the "contrib/pgcrypto functions"
[ CVE-2013-1901 ] - does not properly check REPLICATION privileges, which allows remote authenticated users to bypass intended backup restrictions by calling the (1) pg_start_backup or (2) pg_stop_backup functions
[ CVE-2013-1902 ] - generates insecure …
…enable NPN on the server, which in practice means that we need to rebuild nginx against OpenSSL 1.0.1a or higher — nothing more, nothing less. Let's do just that and see what happens...
We started with a ~1800ms overhead for our TLS connection (nearly 5 extra RTTs); eliminated the extra certificate roundtrip after a nginx upgrade; cut another RTT by forcing a smaller record size; dropped an extra RTT from the TLS handshake thanks to TLS False Start. With all said and done, …
…binaries are now statically linked with regard to Galera library which still depends on OpenSSL library.
Product suffix has been added to the # 1255616 .XtraDB Cluster rpm packages, which means that packages have been renamed from Percona-XtraDB-Cluster-server to Percona-XtraDB-Cluster-server-55 . Bug fixed
Fixed the dependency issue which caused Percona XtraDB Cluster 5.5 installation to fail on12.04. Bug fixed # 1247861…
Let Your Ruby Shine with - 6.0! released version of this .
Lookback - /face/gesture tracking for users of your iOS application.
Ruby 2 SSL Verification Failed? - What to do if you get OpenSSL errors after upgrading.
…for authentication, and encryption with 256-bit AES (in CBC mode, according to the OpenSSL docs). Although perhaps not immediately obvious, this same cipher suite is pretty easy to emulate with OpenSSH. The SSH version 2 protocol uses DHE/RSA/SHA1 by default, so then all we need to do is explicitly specify the AES256-CBC cipher when we're setting up our tunnel, and we should be, for all intents and purposes, comparing encrypted apples to encrypted apples. For the sake of curiosity, …
Step 1: Encrypt with OpenSSL
I have a short shell script, encrypt.sh , that lives in my ~/.bin directory: #!/bin/sh
openssl aes-256-cbc -a -salt -pass "pass:$2" -in $ 1 -out $1.enc
echo "openssl aes-256-cbc -d -a -pass \"pass:XXX\" -in $1.enc -out $ 1"
This script takes two arguments: the file you want to encrypt and a password (or, preferably, a passphrase ). To encrypt the certificate, I'd run: encrypt.sh production.pem \ "I …
…My Awesome CA Cert.pem in the directory and expect it to be picked up automatically. However, OpenSSL ships with a utility called c_rehash which you can invoke on a directory to have all certificates indexed with appropriately named symlinks. If you have multiple OpenSSL versions installed (on OS X, you likely will), beware: the hashing algorithm changed between OpenSSL 0.9.8 and 1.0.1, so you'd want to use c_rehash distributed by the version which is actually going to use those …
Fix OpenSSL certificate errors on - A somewhat dangerous way around a new security issue. 2.0
Rails 3.2.x is now compatible with Ruby 2.0.0 - Thanks to a bunch of backports from master. I guess we can expect a 3.2 release soon.
Programming Ruby 1.9 & 2.0 - The guys have updated the standard book on the subject too.
# - …
…CAST5 , to encrypt/decrypt the file. OpenSSL was chosen in particular as it worked out-of-the-box on both and machines.) that the user can run to encrypt and decrypt the file. This script uses OpenSSL, and specifically
OpenSSL reads in the appropriate files (depending upon if you're encrypting or decrypting) then will prompt you for a password to encrypt/decrypt the file. (You're free to use any encryption scheme that OpenSSL supports, of course.) …