Introduction Quite often I find that I need to serve some files for viewing in a web browser. Most recently, I needed to do this with an in progress OpenAPI document as rendered by ReDoc. All I needed was something that can serve static files. I really didn’t want to take the time to setup and configure something like Apache or Nginx. These are overkill for static files on a developer machine....
Introduction Sometimes I need to write a simple network server to emulate an application I’m integrating with. Typically, this is ends up being a throw away Python script that allows me to easily inspect at a request and returns a basic response. It’s handy to verify what I’m sending isn’t malformed. Also, it helps to ensure my response parser is at least somewhat sane. The software I work on requires a TLS secured connection to all remote end points....
Introduction If it’s not obvious I use WordPress for my (this) blog. It is a Multi-Site setup so I can use the same installation for other blogs (wife) and sites (personal/professional) I host. I also use the WordPress MU Domain Mapping plugin to assign specific domains to certain sites that are separate from the nachtimwald blogs. For the longest time I’ve used a self signed SSL certificate to protect logins. The cert wasn’t specifically tied to a particular domain and has been expired for years....
Building on Server Side Session Cache in OpenSSL we need to deal with the Client side. The OpenSSL documentation for SSL_CTX_set_session_cache_mode has an option for client caching. However, it states that, “the application must select the session to be reused by using the SSL_set_session(3) function.” It also states that the client cache is not enabled by default. Due to the listed limitations of the internal client cache it’s a better idea to maintain the cache externally from OpenSSL....
At work (information posed with permission from my employer) we’ve been looking into session caching with OpenSSL. We started this by looking at the server and found that by default OpenSSL will enable and use a session cache when acting as the server. However, there are two major things we found in how it works. Sessions will only be cached server side upon SSL_Shutdown. Meaning SSL_Shutdown (or similar) must be called otherwise the session will never be cached....
Recently at work we were looking into Forward Secrecy (FS). We were using Qualys SSL Server Test and noticed that Forward Secrecy was showing as NO. We decided to look into this because we want to use the most robust security we can. What we found was none of the supported cipher suites showed Diffie–Hellman (DH) or Elliptic curve Diffie–Hellman (ECDH) which is required for FS. We had a proper cipher suite in place and we were asking for ciphers that support FS....