In WordPress (v3.3), FORCE_SSL_LOGIN will transmit login credentials over SSL, however, the login page itself may be accessed over HTTP (as opposed to HTTPS). If the login page is accessed via HTTP, the user has no (easy) way of verifying … Continue reading
To verify that SSL caching is on, check the Session-ID across multiple sessions (i.e. resume/reconnect) – they should be the same: openssl s_client -host HOSTNAME -port 443 -reconnect | grep ‘Session-ID:’ The equivalent, using gnutls-cli should be: gnutls-cli -V -r … Continue reading
Using Wireshark to Debug FTPES through vsFTP While vsFTP is lightweight and has a relatively good track record, the verbosity of its logs is lacking. Without having an error logged, it can be considerably more difficult to find and resolve … Continue reading
A typical FTP session, will send login information unencrypted. It is a fairly simple matter to configure vsftpd to use SSL/TLS and encrypt connections. You can either create a self-signed certificate for this purpose, or use an existing third-party issued … Continue reading
I decided that I wanted the login for this site to be over SSL/TLS, instead of unencrypted – at this time, I decided against having the admin area also running under SSL. This article describes how to accomplish the following: … Continue reading