madargon , 27 days ago to random

RE: https://mastodon.social/@nixCraft/115906354891838530

So... it's here, right? After I waited almost 7 years... And it hopefully wouldn't turn into other "after 9 months pay us 10$/month" scam like ZeroSSL...

And... I will finally have federation in my Matrix server I guess :blobcatjoy:

It was funny to try to set it up. I don't understand how these automation scripts work - all I know was how to do things manually with simple bash scripts and openssl config files.
Last night it finally worked with acme.sh, so maybe it would just keep working itself from now...

#letsencrypt #tls

aral , 30 days ago to random

🥳 Multiple major releases today

• @small-tech/auto-encrypt v5.0.0 (https://codeberg.org/small-tech/auto-encrypt#readme)
• @small-tech/auto-encrypt-localhost v10.0.0 (https://codeberg.org/small-tech/auto-encrypt-localhost/#readme)
• @small-tech/https v6.0.0 (https://codeberg.org/small-tech/https/#readme)

These releases bring short-lived certificates, IP Address (IPv4 and IPv6) support, and ACME Renewal Information (ARI) support to Auto Encrypt and @small-tech/https, implement a consistent asynchronous API across all three packages, and include loads of little fixes and code quality improvements.

This brings us very close to getting Web Numbers¹ support implemented natively in Kitten².

OCSP support is removed from Auto Encrypt and Windows support is dropped from all three packages as Microsoft is complicit in Israel’s genocide of the Palestinian people³ and Small Technology Foundation⁴ stands in solidarity with the Boycott, Divestment, and Sanctions (BDS) movement. Furthermore, Windows is an ad-infested and surveillance-ridden dumpster fire of an operating system and, alongside supporting genocide, you are putting both yourself and others at risk by using it.

Enjoy!

💕

🇵🇸 To support families facing genocide in Gaza, consider donating to them via Gaza Verified: https://gaza-verified.org/donate/

¹ https://ar.al/2025/06/25/web-numbers/
² https://kitten.small-web.org/
³ https://www.bdsmovement.net/microsoft
⁴ https://small-tech.org/

#SmallWeb #SmallTech #AutoEncrypt #AutoEncryptLocalhost #https #TLS #NodeJS #web #dev #ACME #LetsEncrypt #WebNumbers #Kitten #BDS #Palestine #Gaza #FreePalestine

aral , 1 month ago to random

🥳 @small-tech/auto-encrypt-localhost version 9.0.1 released

Automatically provisions and installs locally-trusted TLS certificates for Node.js https servers (including Polka, Express.js, etc.) Unlike mkcert, 100% written in JavaScript with no external/binary dependencies. As used in Kitten¹

https://codeberg.org/small-tech/auto-encrypt-localhost#readme

This is a housekeeping release:

• Add TypeScript type definitions.
• Improve code quality; fix all type warnings.
• Update dependencies and remove all npm vulnerability warnings.

Full change log: https://codeberg.org/small-tech/auto-encrypt-localhost/src/branch/main/CHANGELOG.md

Enjoy! 💕

¹ https://kitten.small-web.org

#SmallTech #SmallWeb #AutoEncryptLocalhost #TLS #web #dev #NodeJS #JavaScript #SmallTechnologyFoundation

aral , 1 month ago to random

🥳 @small-tech/syswide-cas v7.0.2 released

Enables Node.js to use custom Certificate Authorities (CAs) alongside the bundled root CAs.

https://codeberg.org/small-tech/syswide-cas#readme

• Drops legacy Node support
• Is now ESM
• Improved code quality
• Added TypeScript type information

Full change log: https://codeberg.org/small-tech/syswide-cas/src/branch/main/CHANGELOG.md

Enjoy!

💕

#SmallTech #releases #syswideCAs #TLS #NodeJS #CertificateAuthorities

aral , 1 month ago to random

🥳 Auto-Encrypt Localhost version 9.0.0 released

Bye bye, Windows.

• Windows is no longer supported as Microsoft is complicit in Israel’s genocide of the Palestinian people¹ and Small Technology Foundation² stands in solidarity with the Boycott, Divestment, and Sanctions (BDS) movement³. Windows is an ad-infested and surveillance-ridden dumpster fire of an operating system and, alongside supporting genocide, you are putting both yourself and others at risk by using it.

Enjoy!

💕

About Auto-Encrypt Localhost:

https://codeberg.org/small-tech/auto-encrypt-localhost#readme

Auto Encrypt Localhost is similar to the Go utility mkcert but with the following important differences:

1. It’s written in pure JavaScript for Node.js.

2. It does not require certutil to be installed.

3. It uses a different technique to install its certificate authority in the system trust store of macOS.

4. It uses enterprise policies on all platforms to get Firefox to include its certificate authority from the system trust store.

5. In addition to its Command-Line Interface, it can be used programmatically to automatically handle local development certificate provisioning while creating your server.

Auto-Encrypt Localhost is licensed under AGPL version 3.0.

#AutoEncryptLocalhost #SmallTech #SmallWeb #localhost #TLS #SSL #certificates #web #security #dev #FOSS #israel #microsoft #BigTech #genocide #Palestine #StopIsrael #FreePalestine

¹ https://www.bdsmovement.net/microsoft
² https://small-tech.org/
³ https://www.bdsmovement.net/

blainsmith , 1 month ago to random

Caddy's on_demand_tls is very cool. Going to be making heavy use of that on an upcoming project.

#CaddyServer #TLS

aral , 2 months ago to Testing

Just updated Node Pebble to support latest release version of Let’s Encrypt’s Pebble testing server.

https://codeberg.org/small-tech/node-pebble

Enjoy!

💕

#LetsEncrypt #Pebble #testing #tls #ssl #security #NodeJS #JavaScript

resingm , 2 months ago to random

Reaching out to anyone who configured their DNS transport protocol. If you intentionally configured your home router's or your devices DNS service, what did you pick, and why?

Please retoot for reach.

#DNS #Survey #AskMastodon #AskFedi #AskInfosec #DoT #DoH #DoQ #TLS #QUIC #TCP #UDP #HTTPS

h4ckernews Bot , 2 months ago to random

Stop Breaking TLS

https://www.markround.com/blog/2025/12/09/stop-breaking-tls/

#HackerNews #StopBreakingTLS #TLS #Security #CyberSecurity #InternetPrivacy #TechNews

ben , 3 months ago to random

Given the push by the Browser's (OK, mainly Google and Apple iirc) to vastly reduce the life time of server certificates (down to 47 days)

That's ~8 certificate changes a year.

What is this going to 5 9s uptime? That's 5m 30 seconds of down town a year that needs to now cover that many restarts before anything else.

(Yeah, I know some things will reload certs on HUP and you can do rolling restarts of clusters)

#TLS #Certificates

chrysn , 4 months ago to random

While I do maintain that "it's coming from the LAN" is not a good #security boundary, there are services where it is practical (eg. media center volume control), but also fault prone (oups my phone just switched to LTE for power saving – a generally justified thing).

Before I start formalizing how "a device can retain permissions it gets from being local for a few days" could work with EST/#TLS/#EDHOC: Does this model have a name, and/or have you ever seen it discussed or deployed anywhere?

piwo , 5 months ago to random Polish

🎬 SSL/TLS i walidacja certyfikatów, what could possibly go wrong?

Błażej Orzechowski opowiada o znaczeniu szyfrowania w internecie, wyjaśnia rolę HTTPS, SSL/TLS i certyfikatów w ochronie danych.

👉 PeerTube: https://tube.pol.social/w/uqcqPCEEq8dU2odbb4dA7J
👉 YouTube: https://youtu.be/DB_boLriKwA?feature=shared

#PIWO #PIWO2025 #poznań #ssl #https #tls #szyfrowanie #security

guardianproject , 5 months ago to random

#DEfO has completed #ECH implementation for #nginx and there is a pull request:

https://github.com/nginx/nginx/pull/840

If you want to see ECH in nginx sooner rather than later, please jump in and review, give feedback, thumbs up, etc.

#EncryptedClientHello #TLS #OpenSSL

h4ckernews Bot , 5 months ago to random

Buypass Discontinues Issuance of TLS/SSL Certificates

https://www.buypass.com/products/tls-ssl-certificates/discontinues-issuance-of-tls-ssl-certificates

#HackerNews #Buypass #TLS #SSL #Certificates #Discontinuation #Cybersecurity #News

h4ckernews Bot , 7 months ago to random

You Should Run a Certificate Transparency Log

https://words.filippo.io/run-sunlight/

#HackerNews #CertificateTransparency #CertificateLog #Cybersecurity #WebSecurity #TLS

beardedtechguy , 7 months ago to random

This could pose a problem! Be vigilant guys and gals.

Free certificates for IP addresses: security problem or solution? https://www.malwarebytes.com/blog/news/2025/07/free-certificates-for-ip-addresses-security-problem-or-solution

#cybersecurity #infosec

aral , 7 months ago to random

Introducing Web Numbers

Domains? Where we’re going, we don’t need domains!

Get ready for an exciting new (old?) way to address (small) web sites in 2026.

https://ar.al/2025/06/25/web-numbers/

💕

(Thanks to @letsencrypt .)

#WebNumbers #SmallWeb #domainNames #IPAddresses #TLS #HTTPS #LetsEncrypt #web #decentralisation #SmallTech

patpro , 8 months ago to random

Hello, I’m hosting a #Vaultwarden server behind #Caddy 2.10 and made the following test:

Tuning Caddy to allow only #PQC curves:

	tls {
		curves x25519mlkem768
	}

Trying to connect with #Firefox Mac -> OK
Trying to connect with #Bitwarden #android client -> Fail

Without the #TLS tuning, the Bitwarden Android client will happily connect to the server.

Is it a problem with the Bitwarden Android client or with Android, or both?

h4ckernews Bot , 8 months ago to random

Why SSL was renamed to TLS in late 90s (2014)

https://tim.dierks.org/2014/05/security-standards-and-name-changes-in.html

#HackerNews #SSL #TLS #security #history #cybersecurity #standards

screwlisp , 8 months ago to random

#commonLisp #emacs #smallweb #kitten https://screwlisp.small-web.org/kitten/clkitten-parenscript-kitten-2/ #webdev

Eev (and lisp secret alien technology) made it /really/ easy and convenient to generate a kitten matching @aral 's Tutorial 2: dynamic pages, https://kitten.small-web.org/tutorials/dynamic-pages/ serve it and visit it inside emacs (just press F8 over and over again and it happens on its own).

I guess you can do it too...? What do you think? How much of a Hurkle itch is this giving you Aral ;p. It seems /really/ easy to get a fancy! #tls site up like this.

ALT

aral , 8 months ago to random

🔒 Auto Encrypt – heads up!

In the next minor version release of Auto Encrypt¹, we’ll be moving from a hard-coded date-based certificate renewal check to using ACME Renewal Information (ARI)².

The change³ should be seamless.

If you have any concerns, now is the time to raise them :)

#AutoEncrypt #TLS #LetsEncrypt #SmallTech #SmallWeb

¹ Drop-in Node.js https server replacement that automatically provisions and renews Let’s Encrypt certificates for you. (https://codeberg.org/small-tech/auto-encrypt#auto-encrypt)
² https://datatracker.ietf.org/doc/draft-ietf-acme-ari/
³ https://codeberg.org/small-tech/auto-encrypt/src/branch/main/CHANGELOG.md#4-4-0-2025

aral , 8 months ago (edited 8 months ago) to random

👋🤓 Goodbye Site.js, Hello Kitten!

I started working on creating a Small Web¹ server (a peer-to-peer Web server) six years ago² with Site.js.

Building Site.js was my first attempt. And it resulted in:

• Auto Encrypt (automatic Let’s Encrypt certificates): https://codeberg.org/small-tech/auto-encrypt

• Auto Encrypt Localhost (automatic localhost TLS certificates): https://codeberg.org/small-tech/auto-encrypt-localhost

• @small-tech/https (drop-in Node.js https module replacement with automatic TLS certs everywhere): https://codeberg.org/small-tech/https

• JSDB: In-process, in-memory JavaScript database that persists to append-only JavaScript logs: https://codeberg.org/small-tech/jsdb

As Site.js reached an evolutionary dead-end, and as I learned from my experiements with replicated data types that replicated data types are not a prerequisite for a decentralised web (actual topological decentralisation and ease of use are), I started writing a new server/platform called Kitten from scratch while still making use of the tried and tested modules listed above.

Last week, I switched over our last site using Site.js to Kitten and, with that, today I’ve sunset³ Site.js:

https://sitejs.org

For its successor, please see Kitten:

https://kitten.small-web.org

If you want to support our work at the Small Technology Foundation, please consider becoming a patron:

https://small-tech.org/fund-us

:kitten:💕

¹ https://ar.al/2024/06/24/small-web-computer-science-colloquium-at-university-of-groningen/
² https://ar.al/2019/08/26/introducing-small-technology-foundation/
³ Using our instance of Look Over There!: https://look-over-there.small-web.org

#SiteJS #SmallWeb #SmallTech #peerToPeerWeb #SmallTechnologyFoundation #AutoEncrypt #AutoEncryptLocalhost #JSDB #JavaScriptDatabase #https #TLS

ALT

Daojoan , 9 months ago to random

Email is the cockroach of the internet - it outlives every wave trying to kill it. Forget Slack, forget Discord, forget chat apps. Email is universal, decentralized, and asynchronous. It's not sexy, but it's the ultimate survivor.

mirabilos , 9 months ago to random

What the actual fuck, #LetsEncrypt‽

Let’s Encrypt will no longer include the “TLS Client Authentication” Extended Key Usage (EKU) in our certificates beginning in 2026.

That makes them unusable for SMTP servers. Gah!

Anyone got a usable alternative that doesn’t ruin financially?

Update: I’m in communication with them, let’s hope they recognise the usefulness.

Update 2: turns out it’s Google forcing this down the throat of all CAs that want to be recognised by Chrome as valid. I’m sure Google only accidentally decided on a new policy that breaks some SMTP and probably all XMPP use cases… 🤬