Tag Archives: TLS

Apache SSL Cipher Suites: Perfect Forward Secrecy

I was interested to tune my https sites with Apache to support only cipher suites that use the ephemeral Diffie-Hellman key exchange = perfect forward secrecy. But after searching a while through the Internet, only SSLCipherSuite with a few concrete algorithms were presented, while I wanted to use a more generic option such as known from “!MD5”. Here it is:

Continue reading Apache SSL Cipher Suites: Perfect Forward Secrecy

Palo Alto Remote Access VPN for iPhone

I tested the Palo Alto GlobalProtect app on my iPhone, but also the native IPsec Cisco VPN-Client on iOS which connects to the GlobalProtect Gateway on a Palo Alto firewall, too. Since this variant needs no further licenses from Palo Alto, it is a cheap alternative for a basic VPN connection.

Though not that much exciting, there are a few differences in the logs on the firewall which I will show here on the basis of a few screenshots.

Continue reading Palo Alto Remote Access VPN for iPhone

At a Glance: Perfect Forward Secrecy (PFS)

During the last few months, the concept of Perfect Forward Secrecy (PFS) was presented in many newspapers and guidelines. This concept is related to the session key generation for SSL/TLS as well as for IPsec tunnels. And even though many of these articles describe the benefit of PFS, I was still missing a picture that shows the main difference between the classical key exchange via RSA and the exchange via Diffie-Hellman with PFS. So, here comes my poster. ;)

Continue reading At a Glance: Perfect Forward Secrecy (PFS)

E-Mail Übertragung verschlüsseln

Zur Zeit wird viel über Abhörmaßnahmen im Internet und speziell über das generelle Mitschneiden von Traffic normaler User geredet. Und während große Firmen gezielt Verschlüsselungstechniken einsetzen können hat der Otto Normalverbraucher kaum das Wissen, um ernsthaft etwas gegen das Mitschneiden seiner Daten zu tun. Dabei ist es gar nicht so schwer, zumindest die Übertragung der eigenen E-Mails hin zu seinem Provider über entsprechende Maßnahmen abzusichern. Ob man damit die internationalen Geheimdienste aussperrt bleibt fraglich, aber zumindest schränkt man das Mitlesen der privaten E-Mails durch Unbefugte im Internet deutlich ein! Hier kommt also eine Erklärung inkl. einiger Screenshots der gängigen E-Mail Programme und Smartphones, um die eigenen E-Mails über einen verschlüsselten Kanal zu übertragen. Continue reading E-Mail Übertragung verschlüsseln