SMTP mail relays exposed to the internet typically use a combination of SSL and authenticated SMTP to avoid abuse by malicious actors.
This is an excellent choice from a security perspective, but makes smoke testing a bit more complex than just opening telnet.
Continue reading “Ubuntu: Testing authenticated SMTP over TLS/SSL”
HAProxy is a high performance TCP/HTTP (Level 4 and Level 7) load balancer and reverse proxy. A common pattern is allowing HAProxy to be the fronting SSL-termination point, and then HAProxy determines which pooled backend server serves the request.
Continue reading “HAProxy: Using HAProxy for SSL termination on Ubuntu”
Nginx is a popular reverse proxy and load balancer that focuses on level 7 (application) traffic. A common pattern is allowing Nginx to be the fronting SSL-termination point, and then Nginx determines which pooled backend server is best available to serve the request.
Continue reading “Nginx: Using Nginx for SSL termination on Ubuntu”
While enabling HTTPS is a important step in securing your web application, it is critical that you also take steps to disable legacy protocols and low strength ciphers that can circumvent the very security you are attempting to implement.
As long as you have the latest version of openssl then you should be able to use a bash script like below (credit for this script goes here) to enumerate every matching protocol and cipher that a server is exposing:
Continue reading “OpenSSL: Using OpenSSL to enumerate protocols and ciphers in use by web applications”