tls

Hello there! I'm going to place OpenVPN Server and TLS CA Server for internal domains in two FreeBSD Jails on the same server and use encrypted partitions to make this system more secure. Is it good enough practice? How could I measure load on every single service?

A client has a number of devices that email a report at the end of the day. Several years ago (2021?) they stopped receiving the emails so, as a favor (they've been a good client), I built a spare FreeBSD server in my office to act as a mail server. It receives the automated messages from their...

For those interested in encrypted NFS ( found on SVNews ): https://svnweb.freebsd.org/base?view=revision&revision=364475

I am trying to setup openldap to use TLS with openssl. After following the instructions at https://www.freebsd.org/doc/handbook/network-ldap.html and fixing the permissions issues, I ran into this: TLS: could not use certificate `/usr/local/etc/openldap/certs/cert.csr'. TLS: error:0909006C: PEM...

Hi guys, i am wondering if i can setup my unbound to serve as dns over tls. It will serve as full recursive mode. The reason why i wanna do that so i can use unbound outside my local network, eg: on the road mobile. I am aware that i can setup unbound to forward queries to 3rd party dns server...

In /etc/make.conf, I would like to set openssl, security/libressl or security/nss over security/gnutls, and know whether security/libressl can coexist with Openssl. In make.conf, this is what I have in mind OPTIONS_SET=OPENSSL OPTIONS_SET+=NSS Libressl has a reputation for being better than...

Hello, I'm running a bunch of FreeBSD 10.3-RELEASE servers (MX servers, Web servers…). All of them are bound to an LDAP server for user authentication/access. I can ssh to those server with my LDAP account, I can use id, ldapsearch and so on without any problem. The LDAP server is queried over...

Note: this post is amended because the updated port security/acme.sh is now using its own convention home directory /var/db/acme with dedicated user/group acme:acme The idea is to limit the use of elevated privileges as much as possible. ================ - What is this about? security/acme.sh...

Hello, I have tried installing percona56-server from the ports with the OpenSSL option checked ( as it is by default ) and I have completed the SSL setup and get everything to work properly except that I am stuck with TLSv1. mysql> \s; -------------- mysql Ver 14.14 Distrib 5.6.33-79.0...

Hi everyone, Actually I have a rule who do SMTP relay and work nice for one account : accept from source { localhost 192.168.120.0/24 192.168.14.0/24 } for any relay via tls+auth://label@mySMTP:587 auth <secrets> the account is stored on a secret.db file like that : label user:login I...

Attempting to retrieve email via qpopper with TLS/SSL (pop3s on port 995, plain text password) enabled using the SeaMonkey and Apple Mail mail clients fails with the qpopper log showing the same failure mode: Apr 11 22:47:24 shadow qpopper[56980]: OpenSSL error during handshake Apr 11 22:47:24...

There were so many discussions regarding similar issues. I've read them, but still cannot figure out what's happened recently that I cannot access Forums from my home network using various browsers. I've rebooted my modem to get a new IP. Also checked both old and new IPs with...