Jeremy Felt

Open source student.

Posts

For things with titles.

Follow via RSS

Links for PFS, DH, DHE, and ECDHE and SSL in general

So many acronyms. I have many tabs open right now that I’m about to close and I’m not great at bookmarks. Here are some of the things I’ve been reading while trying to figure out PFS in SSL. SSL/TLS & Perfect Forward Secrecy Can someone explain a little better what exactly is accomplished by generation […]

Figuring out how to serve many SSL certificates, part 2.

I’ve been pretty happy over the last couple days with our A+ score at SSL Labs. I almost got discouraged this morning when it was discovered that LinkedIn wasn’t able to pull in the data from our HTTPS links properly when sharing articles. Their bot, `LinkedInBot/1.0 (compatible; Mozilla/5.0; Jakarta Commons-HttpClient/3.1 +http://www.linkedin.com)`, uses an end of […]

Figuring out how to serve many SSL certificates, part 1.

In the process of figuring out how to configure SSL certificates for hundreds (maybe thousands) of domains in a single nginx configuration without a wildcard certificate, I decided it would be cool to use `server_name` as a variable in the nginx configuration: `ssl_certificate /etc/nginx/ssl/$server_name.crt;` Unfortunately, per this aptly named request on Server Fault—nginx use $server_name on […]

Jeremy's profile photo: a selfie taken while walking through Berlin.

Jeremy Felt wrote this and published it on the internet.

Unless otherwise expressly stated, the content above is licensed under a CC BY-SA 4.0 International License.