In WordPress (v3.3), FORCE_SSL_LOGIN will transmit login credentials over SSL, however, the login page itself may be accessed over HTTP (as opposed to HTTPS). If the login page is accessed via HTTP, the user has no (easy) way of verifying … Continue reading
Tag Archives: ssl
Verify that SSL caching is working
To verify that SSL caching is on, check the Session-ID across multiple sessions (i.e. resume/reconnect) – they should be the same: openssl s_client -host HOSTNAME -port 443 -reconnect | grep ‘Session-ID:’ The equivalent, using gnutls-cli should be: gnutls-cli -V -r … Continue reading
Using Wireshark to Debug FTPES through vsFTP
Using Wireshark to Debug FTPES through vsFTP While vsFTP is lightweight and has a relatively good track record, the verbosity of its logs is lacking. Without having an error logged, it can be considerably more difficult to find and resolve … Continue reading
Configuring vsFTPd to use TLS
A typical FTP session, will send login information unencrypted. It is a fairly simple matter to configure vsftpd to use SSL/TLS and encrypt connections. You can either create a self-signed certificate for this purpose, or use an existing third-party issued … Continue reading
Setting up SSL Login on WordPress
I decided that I wanted the login for this site to be over SSL/TLS, instead of unencrypted – at this time, I decided against having the admin area also running under SSL. This article describes how to accomplish the following: … Continue reading