Posted by Paul Kehrer on June 8, 2010
iOS 4.0 supports SNI, which makes it the first mobile OS to support the server_name TLS extension. Hopefully Android, WebOS, WM7, et al follow suit! (Oh, and I’m not dead. WP 3.0 comes out shortly so expect a major CDN Tools update as well as a brand new plugin!)
Posted by Paul Kehrer on February 24, 2010
As of r39934 Chromium now supports the server_name TLS extension (server name indication) in OS X (latest build). This support requires OS X 10.5.7 or later. Hopefully it’ll make its way into a dev/beta/stable release of Google Chrome itself soon. For those who are more curious than they ought to be about how I wrote [...]
Posted by Paul Kehrer on November 3, 2009
Server Name Indication (SNI), an extension to TLS, allows browsers that support it to connect to SSL hosts that do not have dedicated IPs (much like standard http virtual hosting has worked for years). This extension, however, must be supported on both the server and client side. Microsoft has not yet chosen to support it [...]
Posted by Paul Kehrer on April 12, 2009
If you’re running a Microsoft CA and you want to be able to accept enrollment requests from clients supporting keygen (Firefox, Safari, Opera, et cetera) you’ve probably found that the /certsrv/ page allows enrollment, but the requests fail when you attempt to issue the certificate. This is because the server is not parsing the subject [...]
Posted by Paul Kehrer on March 28, 2009
Recently I needed to do some performance testing of an SSL instance on a VM. I considered using JMeter, but decided to use OpenSSL to get a rudimentary picture instead. To obtain a basic result, we connect to the server and pull the /index.php file. You can specify whatever file you’d like to download, or [...]
Posted by Paul Kehrer on March 21, 2009
OpenSSL provides several tools that allow you to RSA encrypt/sign arbitrary data files. Of course, directly RSA encrypting large volumes of data is impractical because the encrypted/signed data cannot exceed the size of the key material. This is one of the reasons why SSL connections typically handshake and then pass an AES (or RC4, et [...]