Posted by Paul Kehrer on March 30, 2009
If you’re a Mac user who utilizes Terminal.app with any regularity you have probably run into some Linux servers where the Mac Delete key behaves as forward delete instead of backspace (Ubuntu, Debian, and a few other distributions have this issue). This is a really obnoxious problem, but fortunately there is an easy global fix. [...]
Posted by Paul Kehrer on March 28, 2009
Recently I needed to do some performance testing of an SSL instance on a VM. I considered using JMeter, but decided to use OpenSSL to get a rudimentary picture instead. To obtain a basic result, we connect to the server and pull the /index.php file. You can specify whatever file you’d like to download, or [...]
Posted by Paul Kehrer on March 21, 2009
OpenSSL provides several tools that allow you to RSA encrypt/sign arbitrary data files. Of course, directly RSA encrypting large volumes of data is impractical because the encrypted/signed data cannot exceed the size of the key material. This is one of the reasons why SSL connections typically handshake and then pass an AES (or RC4, et [...]
Posted by Paul Kehrer on March 20, 2009
Continuing the howto nature of this blog (and its peculiar obsession with OpenSSL), here’s a primer on packaging an arbitrary number of certificates into a single PKCS7 container. These files are quite useful for installing multiple certificates on Windows servers. They differ from PKCS12 (PFX) files in that they can’t store private keys. If you [...]
Posted by Paul Kehrer on March 15, 2009
As promised, Fidgetr 1.0 has been released. Here are the improvements since the last time I posted about it: Incremented version to 1.0 to catch users stuck at versions earlier than 0.6.1. Welcome back to the cutting edge! Reworked the crossfade theme JS to fix some bugs and dramatically simplify the code. Photoset support! Display [...]
Posted by Paul Kehrer on March 14, 2009
If you deal with SSL/TLS long enough you will run into situations where you need to examine what certificates are being presented by a server to the client. The best way to examine the raw output is via (what else but) OpenSSL.1 First let’s do a standard webserver connection (-showcerts dumps the PEM encoded certificates [...]