Recently I purchased a Samsung 840 Pro SSD for my frayed old notebook (a Thinkpad X200s). It’s a self-encrypting drive where data is always stored with AES-256 encryption. But first, to benefit from the encryption, I needed to encrypt the underlying encryption keys. One way of doing that is to set an ATA user password for the drive, which is supported by the BIOS of most notebooks.
But there is a problem.
BoringSSL is a Google fork of OpenSSL. It includes various interesting patches, including an implementation of the ChaCha20 cipher. In addition, BoringSSL allows you to group cipher suites of equal preference:
In this article I show you how you can tweak your nginx configuration to take advantage of this feature.
Update: Meanwhile you could also switch to the BoringSSL fork.
D. J. Bernstein’s ChaCha20-Poly1305 has not been merged into the OpenSSL master branch yet (ETA, anyone?). If you are curious to test it with nginx or any other application relying on the OpenSSL libraries with support for TLS 1.2, you can check it out via the 1.0.2-aead branch:
$ git clone https://github.com/openssl/openssl.git
$ cd openssl
$ git checkout 1.0.2-aead
Then follow the usual instruction from the INSTALL file on how to compile OpenSSL.
Perfect Forward Secrecy (PFS) has garnered widespread publicity in recent months thanks to Snowden and the NSA. As a result, an increasing number of websites and email service providers have been pushing for PFS to provide better security to their users.
PFS protects previous key exchanges even if the current one is compromised.
Unfortunately the same cannot be said about current popular IPSec VPN clients. Neither of the ones I tested – all of them from recent distributions including Windows and OS X – offered PFS out of the box, meaning previous IPSec key exchanges could be decrypted by an attacker if the current one is compromised.
Note: [04/14/14] Today I was contacted by GlobalSign representative Gregory who stumbled over this blog post, and he was so kind to revoke the affected certs free of charge. He also added, in response to my summary below, that there is an option in the Chrome settings to enable revocation checking, and that beginning April 1, 2015, GlobalSign will restrict the maximum validity of then-issued certs to 39 months.
So the Heartbleed bug (CVE-2014-0160) is out, and every administrator using SSL to protect his infrastructure has been wondering the same thing: should I absolutely, positively, without a doubt, replace all certificates and associates keys?
The only reasonable answer is: yes – if you used certificates on a vulnerable machine. Even those in disbelief were quickly proven wrong.
The first thing I did was to patch all impacted OpenSSL instances and restart the services that depend on the OpenSSL library (that includes not only HTTP but also MTA and IMAP, among others). That was the easy part.
What followed was a major pain with my certificate authority and one of its partners.
Did you follow the guide how to install strongSwan 5 on Debian Wheezy? You may have noticed that strongSwan doesn’t automatically start when you reboot the server (tested with 5.1.0-3~bpo70+1). The fix requires a small modification to
Today I ran into a problem with IPsec Xauth PSK and the built-in Android VPN client (Android 4.1.2), resulting in some sites (such as www.yahoo.com) not loading through the VPN tunnel. Turns out I was dealing with MTU issues. When the Android VPN is started, it sets the MTU to 1500 on the tun0 interface:
Update 04/20/2014: Adjusted to take into account the modular configuration layout introduced in strongSwan 5.1.2. Tweaked cipher settings to provide perfect forward secrecy if supported by the client.
This article is a step by step guide on how to prepare strongSwan 5 to run your own private VPN, allowing you to stop snoopers from spying on your online activities, to bypass geo-restrictions, and to circumvent overzealous firewalls.