OpenSSL
acme.sh
Our great sponsors
OpenSSL | acme.sh | |
---|---|---|
147 | 276 | |
23,945 | 36,065 | |
1.5% | 2.5% | |
9.9 | 8.8 | |
7 days ago | 1 day ago | |
C | Shell | |
Apache License 2.0 | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
OpenSSL
-
Encrypted Client Hello – the last puzzle piece to privacy
If I'm understanding the draft correctly, I think the webserver you're hosting your sites on would need it implemented as it requires private keys and ECH configuration. In the example of nginx since it uses openssl, openssl would need to implement it. I found an issue on their Github but it's still open: https://github.com/openssl/openssl/issues/7482
- eBPF Practical Tutorial: Capturing SSL/TLS Plain Text Data Using uprobe
- I am looking for a troubled/bad open source codebase
-
What is the process of applying an AES Layer to file, like a text file?
Source code: https://github.com/openssl/openssl/blob/master/crypto/aes/aes_core.c
-
OpenSSL 1.1.1 End of Life Approaching
Ah, I see, OpenSSL is licensed under apache[1], so they can distribute patches under non-OSS licenses. I thought it was GPL for some reason.
-
How to clone the stable version of OpenSSL 3.1?
thanks, and what is the reason git clone -b openssl-3.1 https://github.com/openssl/openssl cloned the 3.1.0-dev and not just 3.1.0? Because that's just how they named the branch - 3.1, and not 3.1.0?
-
Can't install powershell on my mac 10.13
==> Downloading https://github.com/openssl/openssl/commit/96f1dbea67247b79b1e7b3
-
Rusted
I understand that it looks that way, especially since I just noticed you're a C++ developer who's been trying to learn it recently. But really, when on one hand you have a critical CVE caused by one wrong byte of C source code and on the other hand you have net zero memory-related CVEs in ~1.5 million lines of Rust code compared to 1 CVE per 1k SLOC in their C++ codebase, there's no denial that Rust simply does have the safety advantage for that kind of low level development. Heck, as I always say, memory safety is not a new concept at all, garbage-collected languages have had it for several decades now. But garbage-collected languages weren't fit for projects like the Linux kernel or drivers (at least I assume that is the case), which is why such a thing is exciting and good news in the first place.
-
Instagram Is Disabling Its NFT Features
Here's OpenSSL calling cryptography crypto since 1998: https://github.com/openssl/openssl/commits/master?after=9313...
And libgcrypt in 2000: https://github.com/gpg/libgcrypt/commit/bf2fc9201cfa96cd70ef...
Totally normal and not cringy at all.
acme.sh
-
Why Certificate Lifecycle Automation Matters
Huh, the environment variable thing was specifically aimed at acme.sh which rather arbitrarily changed the config value from ACMEDNS_UPDATE_URL to ACMEDNS_BASE_URL, never acknowledged this in a changelog and then silently failed after an automatic upgrade as recommended by the default install:
https://github.com/acmesh-official/acme.sh/commit/2ce145f359...
It's also cleared out my .account.conf files when run on the suggested cron.
I've started using updown which also monitors my TLS certs simply because I no longer trust the process to work as documented.
-
The Bureau of Meteorology website does not support connections via HTTPS
It depends on your provider though. I can tell from experience that with OVH and their API, it's been easy to set up the automatic renewal via DNS verification. Apparently, the official client has support for the DNS API of 159 providers: https://github.com/acmesh-official/acme.sh/wiki/dnsapi
-
I made a tool for automatically updating the current and next (rollover) TLSA DNS records with acme.sh and the Cloudflare API
For the few people here that happen to run a self-hosted email server with acme.sh for TLS key/cert generation and Cloudflare for DNS management, I have made a tool that i personally use to get a perfect 100% score on Internet.nl's email test.
-
IT Pro Tuesday #276 - Cert Automation, Packet Analysis, Vim Cheatsheet & More
acme.sh is a lightweight Unix shell script for automatic issuance and renewal of free certificates in a Unix environment. It's compatible with Bash, dash, and sh; Docker/IPv6 ready; requires no external dependencies; and can issue, renew, and install certificates without the need for root or sudoer access. Thanks for this recommendation go to blitznogger.
-
Cannot install with mack-a's v2ray-agent script
Error troubleshooting: 1.Failed to obtain Github files, please wait for Github to recover and try, the recovery progress can be viewed at [https://www.githubstatus.com/] There is a bug in the 2.acme.sh script, see [https://github.com/acmesh-official/acme.sh] issues
My vps is located in Japan so there shouldn't be any trouble grabbing files from github and such but it obviously timed out every time the script tried to grab acme.sh's repository. Has anyone tried this script lately with success?
-
HAProxy is not affected by the HTTP/2 Rapid Reset Attack (CVE-2023-44487)
you may wish to use certbot instead:
-
Caddy is the first and only web server to use HTTPS automatically and by default
like https://github.com/acmesh-official/acme.sh/wiki/Stateless-Mo...
If DNS-01 is not an option or to complicated, this saves you from exposing a host to the internet for no good reason.
-
Where do you get/setup certificates from for your https/ssl?
Caddy where possible, and acme.sh or lego where not.
-
Internal Server Error when proxy host directs to router
The SSL certificate for my wildcard domain is currently managed by the acme.sh script running as a Docker container until the issue with NPM and Azure DNS certificate management is resolved.
What are some alternatives?
GnuTLS - GnuTLS
Crypto++ - free C++ class library of cryptographic schemes
mbedTLS - An open source, portable, easy to use, readable and flexible TLS library, and reference implementation of the PSA Cryptography API. Releases are on a varying cadence, typically around 3 - 6 months between releases.
libsodium - A modern, portable, easy to use crypto library.
LibreSSL - LibreSSL Portable itself. This includes the build scaffold and compatibility layer that builds portable LibreSSL from the OpenBSD source code. Pull requests or patches sent to [email protected] are welcome.
cfssl - CFSSL: Cloudflare's PKI and TLS toolkit
Botan - Cryptography Toolkit
easy-rsa - easy-rsa - Simple shell based CA utility
letsencrypt - Certbot is EFF's tool to obtain certs from Let's Encrypt and (optionally) auto-enable HTTPS on your server. It can also act as a client for any other CA that uses the ACME protocol.
LibTomCrypt - LibTomCrypt is a fairly comprehensive, modular and portable cryptographic toolkit that provides developers with a vast array of well known published block ciphers, one-way hash functions, chaining modes, pseudo-random number generators, public key cryptography and a plethora of other routines.
Bcrypt - Modern(-ish) password hashing for your software and your servers
Nginx Proxy Manager - Docker container for managing Nginx proxy hosts with a simple, powerful interface