CyberKeeda In Social Media
Showing posts with label SSL. Show all posts
Showing posts with label SSL. Show all posts

Understand Basic Cryptography

 

 All About Cryptography



Follow Complete Playlist of  "10 Basic Cryptography"

Playlist Name : Basic Cryptography
Channel Name : Sunny Classroom

This playlist has below contents.
  • Private Key Encryption ( Symmetric Encryption )
  • Public Key Encryption ( Asymmetric Encryption )
  • How Hash Function Work.
  • Tricks to hack hashed passwords.
  • Dictionary attacks.
  • Bruteforce attacks.
  • Authentication protocols.
  • How to salt and pepper passwords.




Read more ...

OpenSSL : Convert .pem into .crt

 



From .pem to .crt using openssl command.

Syntax Template

# openssl x509 -outform der -in your-cert.pem -out your-cert.crt

Read more ...

Docker SSL Error x509: certificate signed by unknown authority

 

x509: certificate signed by unknown authority

Above error is all about SSL/TLS handshake errors which is due to mismatch of root certificates, i have encountered this issue while running kubeadm command and later i found, issue exists with CURL and Docker Pull command too.

Thing to note : I'm using a PROXY server ( Zscaler ) , thus it's certificate must be imported within my linux base OS and thus into docker certificates too.

Curl Issue.

x509: certificate signed by unknown authority.

Fix :

Retrieve your own proxy certificate, mine is for zscaler hence using the below command and then refresh the trusts.

Syntax Template

# cp zscalar_root.crt /etc/pki/ca-trust/source/anchors/ && update-ca-trust

Docker Pull Issue.

x509: certificate signed by unknown authority.

Fix :

Retrieve your own proxy certificate, mine is for zscaler hence using the below command and then refresh the trusts

Syntax Template

# cp zscalar_root.crt /etc/docker/certs.d/tls/ && update-ca-trust


Now restart docker to reflect the changes within docker.

Restart docker
# systemctl restart docker



Read more ...

How to fix : OpenSSL Sweet 32 Birthday attack Vulnerability






Sweet32 Birthday attack, which affects the triple-DES cipher. OpenSSL has rated the triple-DES vulnerability as low, they stated “triple-DES should now be considered as ‘bad’ as RC4.”

The Sweet32 Birthday attack does not affect SSL Certificates; certificates do not need to be renewed, reissued, or reinstalled.


Fix :

Verify the CIPHER status from below commands.

One can use openssl ciphers  command to see a list of available ciphers for OpenSSL




openssl ciphers

To check the status of DES and 3DES cipher below commands will help.

 openssl s_client -connect yourserverIP:443 -cipher 'DES:3DES' -ssl2
 openssl s_client -connect yourserverIP:443 -cipher 'DES:3DES' -ssl3 
 openssl s_client -connect yourserverIP:443 -cipher 'DES:3DES' -tls1 
 openssl s_client -connect yourserverIP:443 -cipher 'DES:3DES' -tls1_1 
 openssl s_client -connect yourserverIP:443 -cipher 'DES:3DES' -tls1_2



Find your Open SSL  config file ( openssl.conf )   and locate     SSLCipherSuite

You might find a lot of ciphers written parallel along with SSLCipherSuite.

Just Add  ! before DES and 3DES to disable CIPHER successive with :

 ! -- It states don't use
 : -- It states a begining of CIPHER
It should look like below

SSLCipherSuite !3DES:!DES 

Save and close ssl config file and restart apache to reflect changes.

On Ubuntu/Debian

systemctl restart apache2

On RHEL/CentOS

systemctl restart httpd
Read more ...
Designed By Jackuna