Tag Archives: SSL

Roundcube

Roundcube Installation Guide

Roundcube is an email webclient which is easy and intuitive to use. I am using it for my private mails, connecting via IMAP and SMTP to my hoster. One of the great advantages is the “flag” option which is synchronized via IMAP to my Apple devices.

Following is a step-by-step installation guide for Roundcube plus an update scenario. It is a kind of “memo for myself”, but hopefully, others can use it as well.

Continue reading Roundcube Installation Guide

ownCloud2

Yet another ownCloud Installation Guide

If you want to use you own ownCloud installation, you can find several documentation on the Internet on how to set up this server, e.g. the official ownCloud documentation, or installation guides such as this or that or here. But none of these page alone provided enough information for installing a secure server completely from the beginning.

So here comes my step-by-step guide which surely won’t be complete, too. 😉 However, hopefully it will help other people while searching for their way to install ownCloud. Additionally I am showing how to upgrade an ownCloud server.

Continue reading Yet another ownCloud Installation Guide

F to A-

Palo Alto PANOS 6.1.2: No more SSLv3/POODLE

Another fixed issue in the just released PANOS version 6.1.2 from Palo Alto Networks is bug ID 71321: “Removed support for SSL 3.0 from the GlobalProtect gateway, GlobalProtect portal, and Captive Portal due to CVE-2014-3566 (POODLE).” I scanned my lab unit before (6.1.1) and after the OS upgrade (6.1.2) and here are the results.

Continue reading Palo Alto PANOS 6.1.2: No more SSLv3/POODLE

Apache SSL Cipher Suites

Apache SSL Cipher Suites: Perfect Forward Secrecy

I was interested to tune my https sites with Apache to support only cipher suites that use the ephemeral Diffie-Hellman key exchange = perfect forward secrecy. But after searching a while through the Internet, only SSLCipherSuite with a few concrete algorithms were presented, while I wanted to use a more generic option such as known from “!MD5”. Here it is:

Continue reading Apache SSL Cipher Suites: Perfect Forward Secrecy

Remote Users Previous - iPhone featured image

Palo Alto Remote Access VPN for iPhone

I tested the Palo Alto GlobalProtect app on my iPhone, but also the native IPsec Cisco VPN-Client on iOS which connects to the GlobalProtect Gateway on a Palo Alto firewall, too. Since this variant needs no further licenses from Palo Alto, it is a cheap alternative for a basic VPN connection.

Though not that much exciting, there are a few differences in the logs on the firewall which I will show here on the basis of a few screenshots.

Continue reading Palo Alto Remote Access VPN for iPhone

PFS Featured Image

At a Glance: Perfect Forward Secrecy (PFS)

During the last few months the concept of Perfect Forward Secrecy (PFS) was presented on many newspapers and guidelines. This concept is related to the session key generation for SSL/TLS as well as for IPsec tunnels. And even though many of these articles describe the benefit of PFS, I was still missing a picture that shows the main difference between the classical key exchange via RSA and the exchange via Diffie-Hellman with PFS. So, here comes my poster. 😉

Continue reading At a Glance: Perfect Forward Secrecy (PFS)