Johan Empa @JohanEmpa

1 post1 participant0 posts today

**David Bombal** @davidbombal@infosec.exchange · 4d

David Bombal @davidbombal@infosec.exchange

How TCP really works: Top 3 things you need to know!

YouTube video with the amazing Chris Greer: https://youtu.be/Auwn3RWapRE

youtu.be- YouTubeEnjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.

#wireshark #tcp #ip

**Valère** @valere@hostux.social · 6d *

6d *

Valère @valere@hostux.social

https://www.digicert.com/blog/tls-certificate-lifetimes-will-officially-reduce-to-47-days

The CA/Browser Forum has officially voted to amend the TLS Baseline Requirements to set a schedule for shortening both the lifetime of TLS certificates.

The maximum certificate lifetime is going down:

- As of March 15, 2026, the maximum lifetime for a TLS certificate will be 200 days.
- As of March 15, 2027, the maximum lifetime for a TLS certificate will be 100 days.
- As of March 15, 2029, the maximum lifetime for a TLS certificate will be 47 days.

www.digicert.comTLS Certificate Lifetimes Will Officially Reduce to 47 DaysThe CA/Browser Forum has officially voted to amend the TLS Baseline Requirements to set a schedule for shortening both the lifetime of TLS certificates.

#TLS #SSL

**Quixoticgeek** @quixoticgeek@v.st · Apr 17

Apr 17

Quixoticgeek @quixoticgeek@v.st

Does anyone know how this new SSL cert expiry date thing is going to affect things like user authentication with SSL certs, i.e. for openvpn.

If we're running our own CA, can I get safari, chrome et al to accept longer cert expiry?

#Linux #SSL #OpenVPN

**Fern** @fern@mindly.social · Apr 17

Apr 17

Fern @fern@mindly.social

I've developed a new unofficial metric for #burnout: what percentage of the images you've downloaded or created recently would qualify as shitposting.

Here are some of mine from the last month:

A visibly shook Matthew McConaughey smoking a ciggie, his face photoshopped over what looks like White Jesus' head

A slightly smiling face with one eye twitching

Donald Trump's duckface photoshopped onto the "No Ragrets" tattoo guy's body

A farmer standing in the field of security certs that his family has tended to for generations

#ShookJesus #TwitchySmiley #DonaldTrump

**Verfassungklage@troet.cafe** @Verfassungklage@troet.cafe · Apr 16

Apr 16

Verfassungklage@troet.cafe @Verfassungklage@troet.cafe

Nur noch 47 Tage:

#Gültigkeit von #TLS - #Zertifikaten wird drastisch verkürzt

Ab 2029 dürfen #TLS-Zertifikate statt 398 nur noch höchstens 47 Tage lang gültig sein. Der von #Apple eingereichte Vorschlag hat breite Zustimmung erhalten.

Das #CA / #Browser #Forum hat beschlossen, die maximale Gültigkeitsdauer digitaler Zertifikate für den verschlüsselten Datenaustausch via #SSL / #TLS von aktuell 398 auf deutlich geringere 47 Tage zu reduzieren.

https://www.golem.de/news/nur-noch-47-tage-gueltigkeit-von-tls-zertifikaten-wird-drastisch-verkuerzt-2504-195416.html

Golem.de · Apr 16Nur noch 47 Tage: Gültigkeit von TLS-Zertifikaten wird drastisch verkürzt - Golem.deBy Marc Stöckel

Continued thread

**Cassander** @drsbaitso@infosec.exchange · Apr 15 *

Apr 15 *

Cassander @drsbaitso@infosec.exchange

Specific schedule:

March 15, 2026 - Cert validity (and Domain Control Validation) limited to 200 days.
March 15, 2027 - Cert validity (and Domain Control Validation) limited to 100 days.
March 15, 2029 - Cert validity limited to 47 days and Domain Control Validation limited to 10 days.

There's gonna be a lot of complaints about this in change control meetings over the next ~~year~~200 days.

#Certificate #Certificate_Management #CABForum

**Cassander** @drsbaitso@infosec.exchange · Apr 15 *

Apr 15 *

Cassander @drsbaitso@infosec.exchange

Buckle up, kids. Automate your certificate rotations or die trying. WebPKI certificate validity period will be 47 days by 2029. https://www.bleepingcomputer.com/news/security/ssl-tls-certificate-lifespans-reduced-to-47-days-by-2029/

#Certificate #Certificate_Management #CABForum

**The New Oil** @thenewoil@mastodon.thenewoil.org · Apr 15

Apr 15

The New Oil @thenewoil@mastodon.thenewoil.org

#SSL/#TLS certificate lifespans reduced to 47 days by 2029

https://www.bleepingcomputer.com/news/security/ssl-tls-certificate-lifespans-reduced-to-47-days-by-2029/

#cybersecurity

**Pyrzout** @jos1264@social.skynetcloud.site · Apr 15

Apr 15

Pyrzout @jos1264@social.skynetcloud.site

Why shorter SSL/TLS certificate lifespans matter https://www.helpnetsecurity.com/2025/04/15/certificate-shorter-lifespans/ #Expertanalysis #cybersecurity #Expertcorner #certificates #Don'tmiss #Hotstuff #opinion #Sectigo #SSL/TLS #News

Help Net Security · Apr 15Why shorter SSL/TLS certificate lifespans matter - Help Net SecurityShorter certificate lifespans reduce attack windows, boost agility, and push organizations to reassess their cybersecurity operations.

**LavX News** @lavxnews@mastodon.cloud · Apr 14

Apr 14

LavX News @lavxnews@mastodon.cloud

SSL/TLS Certificate Lifespans Slashed to 47 Days: A New Era of Security Management

The CA/Browser Forum's decision to reduce SSL/TLS certificate lifespans to just 47 days by 2029 marks a pivotal shift in cybersecurity practices. This change aims to enhance security by minimizing ris...

https://news.lavx.hu/article/ssl-tls-certificate-lifespans-slashed-to-47-days-a-new-era-of-security-management

#news #tech #SSL

**Eric Mächler** @emaechler@masto.maechler.cloud · Apr 13

Apr 13

Eric Mächler @emaechler@masto.maechler.cloud

ups #ssl abgelaufen... warum wrude das nicht automatisch verlängert.... grrr

**Eric Mächler** @emaechler@masto.maechler.cloud · Apr 12

Apr 12

Eric Mächler @emaechler@masto.maechler.cloud

#ssl läuft immer noch nicht grrrrrrrr

**Eric Mächler** @emaechler@masto.maechler.cloud · Apr 12

Apr 12

Eric Mächler @emaechler@masto.maechler.cloud

ach #hostpoint macht wieder wochenende - das #ssl aktivieren dauert bereits über 1h....

warum immer bei meinen kunden? grrr langsam glaub ich dahinter steckt absicht

**heise online English** @heiseonlineenglish@social.heise.de · Apr 8

Apr 8

heise online English @heiseonlineenglish@social.heise.de

OpenSSL 3.5.0 now contains post-quantum procedures

With the new LTS version 3.5.0, OpenSSL adds the post-quantum methods ML-KEM, ML-DSA and SLH-DSA to its library.

https://www.heise.de/en/news/OpenSSL-3-5-0-now-contains-post-quantum-procedures-10345305.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

heise online · Apr 8OpenSSL 3.5.0 now contains post-quantum proceduresBy Wilhelm Drehling

#IT #Verschlüsselung #OpenSSL

**heise Security** @heisec@social.heise.de · Apr 8

Apr 8

heise Security @heisec@social.heise.de

OpenSSL 3.5.0 enthält nun Post-Quanten-Verfahren

OpenSSL fügt mit der neuen LTS-Version 3.5.0 seiner Bibliothek die Post-Quanten-Verfahren ML-KEM, ML-DSA und SLH-DSA hinzu.

https://www.heise.de/news/OpenSSL-3-5-0-enthaelt-nun-Post-Quanten-Verfahren-10345122.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

heise online · Apr 8OpenSSL 3.5.0 enthält nun Post-Quanten-VerfahrenBy Wilhelm Drehling

#IT #Verschlüsselung #OpenSSL

**John Wilson** @crazybutable@mastodon.social · Apr 2 *

Apr 2 *

John Wilson @crazybutable@mastodon.social

Hello #fediverse, I am looking for some #cybersecurity help about #safari on #iOS

[Edit: got an answer! Safari removed the lock icon in iOS 18.4 in favor of a full screen warning for non SSL connections. Paraphrased original question below]

I told my mom to always look for the #SSL lock in the URL bar before typing anything into a website (and check URLs for validity and so on).

Now, she never gets the SSL lock in Safari for any website. Ever. I tried to google why and am stumped. Any ideas?

**Wireshark** @wireshark@ioc.exchange · Mar 31

Mar 31

Wireshark @wireshark@ioc.exchange

Join Sake Blok for his pre-conference class at SharkFest'25 US on June 16th:

"SSL/TLS Troubleshooting with Wireshark"

This hands-on session will take your troubleshooting skills to the next level, helping you diagnose complex network issues like a pro.

Secure your spot: https://sharkfest.wireshark.org/sfus

#Wireshark #TLS #SSL

**Marcos Dione** @mdione@en.osm.town · Mar 31 *

Mar 31 *

Marcos Dione @mdione@en.osm.town

They mean this people and service: https://www.buypass.com/products/tls-ssl-certificates/read-more-go-ssl-acme

https://mrrp.chimmie.k.vu/notes/a5wxn6z1094p003p

Does @letsencrypt have any canary page? I would like to keep supporting them because they are the trailblazers of this, but the fear of those in power in the US is real.

Buypass.com · Nov 15, 2021Buypass Go SSL - Free, easy, based on the ACME standardWhat is ACME? ACME (Automated Certificate Management Environment) is an extensible framework for automating the issuance and domain validation procedures, thereby allowing servers and infrastructural software to obtain certificates without user interaction. ACME is used to obtain Domain Validated (DV) certificates where the CA verifies that the requester has effective control of the Web server and/or DNS server for the domain. This is as opposed to Organisation Validated (OV) and Extended Validation (EV) certificates, where the process is intended to also verify the real-world identity of the requester. ACME defines a protocol that a certificate authority (CA) and an applicant (using an ACME Client) can use to automate the process of verification and certificate issuance. The protocol also provides facilities for other certificate management functions, such as certificate revocation. The two main entities in ACME are the ACME client and the ACME server. The client uses the protocol to request certificate management actions, such as issuance or revocation. A client may run on any server that requires trusted SSL certificates. The server runs at a certificate authority, and responds to client requests, performing the requested actions if the client is authorised. The communication between the client and the server are based on JSON messages over HTTPS. An ACME client is represented by an account key pair. It uses the private key of this key pair to sign all messages sent to the server. The server uses the public key to verify the authenticity and integrity of messages from the client. Many ACME-client implementations are available, however the preferred client is the EFF’s Certbot client. Get Started ACME defines a protocol that a certificate authority (CA) and an applicant (using an ACME Client) can use to automate the process of verification and certificate issuance. To start using the ACME protocol you need an ACME Client and we recommend you to use the EFF’s Certbot Client. You may also use other ACME Client software available, or you may develop your own client implementing the ACME protocol towards Buypass ACME API endpoints according to the ACME specifications. Certbot. We recommend to use Certbot because it’s easy and work on most OS or servers. Download Certbot here. You will need to configure Certbot to use Buypass ACME API. Buypass Go SSL Buypass Go SSL is the name of the SSL certificate you will obtain from Buypass CA using the Buypass ACME API. This is a Domain Validated (DV) certificate. Advantages free certificate automatic issuance and renewal of certificates - no user action required certificate lifetime is 180 days certificate from a Norwegian publicly trusted CA trusted by all major browser vendors Technical information If you need more technical specification and information please take a look at Buypass Community.

#SSL