Select Page

OpenSSL


How to prevent ‘Certificate for FILE “(CN: domain.com)” has expired!’ errors in your server

Earlier, only businesses that dealt with confidential information such as credit card or online transactions, were bothered about their website security.

But with most advanced browsers now making HTTPS mandatory, and even Google considering it as a parameter for website ranking, every website is now getting an SSL certificate. (more…)

SWEET32 Birthday attack : How to fix TLS vulnerability (CVE-2016-2183) in OpenSSL, Apache, Nginx and IIS in RedHat, CentOS, Ubuntu, Debian, OpenSUSE  and Windows

SWEET32 Birthday attack : How to fix TLS vulnerability (CVE-2016-2183) in OpenSSL, Apache, Nginx and IIS in RedHat, CentOS, Ubuntu, Debian, OpenSUSE and Windows

Over 80% websites in the internet are vulnerable to hacks and attacks. In our role as hosting support engineers for web hosts, we perform periodic security scans and updates in servers to protect them from hacks.

A recent bug that affects the servers is the SWEET32 vulnerability. By exploiting a weak cipher ‘3DES-CBC’ in TLS encryption, this bug has caused many server owners to panic about their data security.

If you see that your website is failing security scans with this message, that means your server is vulnerable to SWEET32 attacks.

“SSL/TLS server supports short block sizes (SWEET32 attack)”

(more…)

OpenSSL update for PCI Compliance on cPanel

Of the various support requests I have received recently, a few have been from customers wanting to upgrade OpenSSL on a cPanel server. The reason being the latest PCI compliance tests are reporting a vulnerability in the version of OpenSSL installed on their server. Well, depending on your setup, this may be a false positive.

(more…)