Submit Search
Upload
Poodle sha2 open mic
•
0 likes
•
787 views
Rahul Kumar
Follow
Open Mic presentation conducted on 25-Feb-2015 - for POODLE/SHA-2 - Secure your environment
Read less
Read more
Education
Slideshow view
Report
Share
Slideshow view
Report
Share
1 of 36
Download now
Download to read offline
Recommended
Eyeball Server Management User and Administration Guide The Eyeball Server Management (ESM) system is used for the administration and monitoring of the server products from Eyeball Networks, such as AnyFirewall™ Servers, SIP Proxy Servers and XMPP Servers. There are three different components of the ESM: presence-box User Administration: add, modify, remove or disable user accounts and set per- user parameters for a server stats Server Statistics: service usage statistics for servers bandwidth-box Server Monitoring: real- time state and load information about your company’s servers In order to restrict access to the different components, ESM implements a role- based access control model with two roles: ‘administrator’ (full access) and ‘monitoring’ (access to server monitoring only). The ESM system utilizes a single grouping of users regardless of whether or not a particular user has access to an Eyeball Server or not. For example an account can be created and assigned monitor status within ESM but has no other privileges on an Eyeball Network AnyFirewall, SIP Proxy or XMPP server.
Eyeball Server Management User and Administration Guide
Eyeball Server Management User and Administration Guide
Eyeball Networks
Eyeball Networks XMPP Server is a carrier-grade presence and instant messaging server, based on XMPP which supports deployments of up to 50 million + subscribers with 100% service uptime. In addition to XMPP, IM Server also supports federated presence and instant messaging with AIM, Google Talk, MSN, Yahoo!, and others. XMPP Server can be deployed alone or with Eyeball Networks SIP Server and AnyFirewall Server to provide infrastructure for consumer and enterprise voice, video conferencing, and unified communications services.
Eyeball XMPP Server Administrator Guide
Eyeball XMPP Server Administrator Guide
Eyeball Networks
Acs 52 rn
Acs 52 rn
elgraini
CCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLI
CCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLI
Hoàng Hải Nguyễn
This is a Power Point Presentation document describing about the basic knowledge of how PROXY(in transparent mode) Server and ACL works together. The case study here is the model case of ICT Unit of Municipal Council of Kinondoni, which is one of municipal offices existed in DSM in Tanzania.
Implementing transparent proxy server with acl
Implementing transparent proxy server with acl
Takahiro Arai
Use this VNS3 set up guide to get started in CenturyLink Cloud environments. About VNS3: VNS3 delivers cloud networking and NFV functionality for virtual and cloud environments. The VNS3 virtual network security appliance includes a router, switch, stateful firewall, VPN support (IPsec and SSL), and protocol redistributor, and extensible NFV optimized for all major cloud providers. VNS3 cloud networks are configured and managed through the VNS3 Manager web-based UI or resetful API. VNS3 is available in: Amazon Web Services EC2, Amazon Web Services VPC, Microsoft Azure, CenturyLink Cloud, Google Compute Engine (GCE), Rackspace, IBM SoftLayer, ElasticHosts, Verizon Terremark vCloud Express, InterRoute, Abiquo, Openstack, Flexiant, Eucalyptus, Abiquo, HPE Helion, VMware (all formats), Citrix, Xen, KVM, and more. VNS3 supports most IPsec data center solutions, including: Preferred Most models from Cisco Systems*, Juniper, Watchguard, Dell SONICWALL, Netgear, Fortinet, Barracuda Networks, Check Point*, Zyxel USA, McAfee Retail, Citrix Systems, Hewlett Packard, D-Link, WatchGuard, Palo Alto Networks, OpenSwan, pfSense, Vyatta, and any IPsec device that supports IKE1 or IKE2, AES256 or AES128 or 3DES, SHA1 or MD5, and most importantly NAT-Traversal standards.
Cohesive Networks Support Docs: VNS3 Configuration for CenturyLink Cloud
Cohesive Networks Support Docs: VNS3 Configuration for CenturyLink Cloud
Cohesive Networks
Isa2004 Configuration Guide
Isa2004 Configuration Guide
guest60864fc
Palo Alto Networks Next-Gen Firewall PANOS 5.0 integration guide with Cisco SecureACS 4 using VSA attributes. the second section talks about how to integrate Yubikey with Palo Alto Networks firewall
Palo Alto Networks PANOS 5.0 Radius Authentication OTP using Yubikey
Palo Alto Networks PANOS 5.0 Radius Authentication OTP using Yubikey
Alberto Rivai
Recommended
Eyeball Server Management User and Administration Guide The Eyeball Server Management (ESM) system is used for the administration and monitoring of the server products from Eyeball Networks, such as AnyFirewall™ Servers, SIP Proxy Servers and XMPP Servers. There are three different components of the ESM: presence-box User Administration: add, modify, remove or disable user accounts and set per- user parameters for a server stats Server Statistics: service usage statistics for servers bandwidth-box Server Monitoring: real- time state and load information about your company’s servers In order to restrict access to the different components, ESM implements a role- based access control model with two roles: ‘administrator’ (full access) and ‘monitoring’ (access to server monitoring only). The ESM system utilizes a single grouping of users regardless of whether or not a particular user has access to an Eyeball Server or not. For example an account can be created and assigned monitor status within ESM but has no other privileges on an Eyeball Network AnyFirewall, SIP Proxy or XMPP server.
Eyeball Server Management User and Administration Guide
Eyeball Server Management User and Administration Guide
Eyeball Networks
Eyeball Networks XMPP Server is a carrier-grade presence and instant messaging server, based on XMPP which supports deployments of up to 50 million + subscribers with 100% service uptime. In addition to XMPP, IM Server also supports federated presence and instant messaging with AIM, Google Talk, MSN, Yahoo!, and others. XMPP Server can be deployed alone or with Eyeball Networks SIP Server and AnyFirewall Server to provide infrastructure for consumer and enterprise voice, video conferencing, and unified communications services.
Eyeball XMPP Server Administrator Guide
Eyeball XMPP Server Administrator Guide
Eyeball Networks
Acs 52 rn
Acs 52 rn
elgraini
CCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLI
CCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLI
Hoàng Hải Nguyễn
This is a Power Point Presentation document describing about the basic knowledge of how PROXY(in transparent mode) Server and ACL works together. The case study here is the model case of ICT Unit of Municipal Council of Kinondoni, which is one of municipal offices existed in DSM in Tanzania.
Implementing transparent proxy server with acl
Implementing transparent proxy server with acl
Takahiro Arai
Use this VNS3 set up guide to get started in CenturyLink Cloud environments. About VNS3: VNS3 delivers cloud networking and NFV functionality for virtual and cloud environments. The VNS3 virtual network security appliance includes a router, switch, stateful firewall, VPN support (IPsec and SSL), and protocol redistributor, and extensible NFV optimized for all major cloud providers. VNS3 cloud networks are configured and managed through the VNS3 Manager web-based UI or resetful API. VNS3 is available in: Amazon Web Services EC2, Amazon Web Services VPC, Microsoft Azure, CenturyLink Cloud, Google Compute Engine (GCE), Rackspace, IBM SoftLayer, ElasticHosts, Verizon Terremark vCloud Express, InterRoute, Abiquo, Openstack, Flexiant, Eucalyptus, Abiquo, HPE Helion, VMware (all formats), Citrix, Xen, KVM, and more. VNS3 supports most IPsec data center solutions, including: Preferred Most models from Cisco Systems*, Juniper, Watchguard, Dell SONICWALL, Netgear, Fortinet, Barracuda Networks, Check Point*, Zyxel USA, McAfee Retail, Citrix Systems, Hewlett Packard, D-Link, WatchGuard, Palo Alto Networks, OpenSwan, pfSense, Vyatta, and any IPsec device that supports IKE1 or IKE2, AES256 or AES128 or 3DES, SHA1 or MD5, and most importantly NAT-Traversal standards.
Cohesive Networks Support Docs: VNS3 Configuration for CenturyLink Cloud
Cohesive Networks Support Docs: VNS3 Configuration for CenturyLink Cloud
Cohesive Networks
Isa2004 Configuration Guide
Isa2004 Configuration Guide
guest60864fc
Palo Alto Networks Next-Gen Firewall PANOS 5.0 integration guide with Cisco SecureACS 4 using VSA attributes. the second section talks about how to integrate Yubikey with Palo Alto Networks firewall
Palo Alto Networks PANOS 5.0 Radius Authentication OTP using Yubikey
Palo Alto Networks PANOS 5.0 Radius Authentication OTP using Yubikey
Alberto Rivai
CCNA Security 640-554 By Eng-Ahmed Sultan
CCNA Security 05- securing the management plane
CCNA Security 05- securing the management plane
Ahmed Habib
Aruba ClearPass Guest 6.3 User Guide
Aruba ClearPass Guest 6.3 User Guide
Aruba ClearPass Guest 6.3 User Guide
Aruba, a Hewlett Packard Enterprise company
ESM Installation Guide (ESM v6.9.1c)
ESM Installation Guide (ESM v6.9.1c)
ESM Installation Guide (ESM v6.9.1c)
Protect724tk
SafePeak Installation guide
SafePeak Installation guide
Vladi Vexler
cisco cucm database
3 cucm database
3 cucm database
pasabakac
Chapter 3 overview
Chapter 3 overview
ali raza
Aruba VIA 2.0.1 User Guide Linux Edition
Aruba VIA 2.0.1 User Guide Linux Edition
Aruba VIA 2.0.1 User Guide Linux Edition
Aruba, a Hewlett Packard Enterprise company
CCNA Security 640-554 By Eng-Ahmed Sultan
CCNA Security 06- AAA
CCNA Security 06- AAA
Ahmed Habib
ASA Multiple Context Training
ASA Multiple Context Training
Tariq Bader
FI-WARE testbed: The work carried out from hardware to the Cloud
Fiware testbed from hardware to openstack
Fiware testbed from hardware to openstack
Henar Muñoz Frutos
Aruba OS 7.3 User Guide
Aruba OS 7.3 User Guide
Aruba OS 7.3 User Guide
Aruba, a Hewlett Packard Enterprise company
AnyFirewall Server supports applications on any mobile or fixed device, and supports all NAT types including full cone, address restricted cone, port restricted cone, and symmetric. AnyFirewall Server delivers complete TURN server functionality, relaying media traffic in port blocked Enterprise level NAT traversal scenarios. AnyFirewall Server can be deployed with AnyFirewall Engine and AnyFirewall Gateway for an end-to-end firewall and NAT traversal solution, or can be combined with third-party, standards-based products. NATs and firewalls break end-to-end connectivity for networked applications including voice, video conferencing, file sharing, and online gaming. AnyFirewall Server is a carrier-grade STUN server, providing NAT traversal support through any NAT, firewall, proxy, or UPnP.
Eyeball Networks AnyFirewall Server V10 Administrator Guide
Eyeball Networks AnyFirewall Server V10 Administrator Guide
Eyeball Networks
ClearPass Policy Manager 6.3 User Guide
ClearPass Policy Manager 6.3 User Guide
ClearPass Policy Manager 6.3 User Guide
Aruba, a Hewlett Packard Enterprise company
Chapter 2 overview
Chapter 2 overview
ali raza
Презентация с вебинара, организованного в рамках сообщества Cisco Support Community. Приглашаем Вас на другие мероприятия Cisco Support Community, а также к участию в жизни нашего сообщества технической поддержки Cisco: http://cs.co/CSCRu
Understanding and Troubleshooting ASA NAT
Understanding and Troubleshooting ASA NAT
Cisco Russia
ClearPass 6.3.2 Release Notes
ClearPass 6.3.2 Release Notes
ClearPass 6.3.2 Release Notes
Aruba, a Hewlett Packard Enterprise company
Cisco Contact Center
Cisco contact center
Cisco contact center
Cisco Canada
CCNA Security 210-260 Official CCNA Security 210-260 Official Cert Guide is a best Cisco exam study guide that focuses specifically on the objectives for the CCNA Security Implementing Cisco Network Security (IINS) 210-260 exam.https://www.pass4sureexam.com/210-260.html
Cisco CCNA Security 210-260 Practice Exam
Cisco CCNA Security 210-260 Practice Exam
Jysmeen
Release notes for ClearPass version 6.3.6
ClearPass 6.3.6 Release Notes
ClearPass 6.3.6 Release Notes
Aruba, a Hewlett Packard Enterprise company
How To Configure SSH
Configure ssh cell
Configure ssh cell
Andre Septian
About shell shock vulnerability and poodle attack. how to fix these vulnerabilities
Shellshock & Poodle Attacks, fix
Shellshock & Poodle Attacks, fix
Sasidhar Gogulapati
A virus
Poodle
Poodle
Mukesh Chaudhari
More Related Content
What's hot
CCNA Security 640-554 By Eng-Ahmed Sultan
CCNA Security 05- securing the management plane
CCNA Security 05- securing the management plane
Ahmed Habib
Aruba ClearPass Guest 6.3 User Guide
Aruba ClearPass Guest 6.3 User Guide
Aruba ClearPass Guest 6.3 User Guide
Aruba, a Hewlett Packard Enterprise company
ESM Installation Guide (ESM v6.9.1c)
ESM Installation Guide (ESM v6.9.1c)
ESM Installation Guide (ESM v6.9.1c)
Protect724tk
SafePeak Installation guide
SafePeak Installation guide
Vladi Vexler
cisco cucm database
3 cucm database
3 cucm database
pasabakac
Chapter 3 overview
Chapter 3 overview
ali raza
Aruba VIA 2.0.1 User Guide Linux Edition
Aruba VIA 2.0.1 User Guide Linux Edition
Aruba VIA 2.0.1 User Guide Linux Edition
Aruba, a Hewlett Packard Enterprise company
CCNA Security 640-554 By Eng-Ahmed Sultan
CCNA Security 06- AAA
CCNA Security 06- AAA
Ahmed Habib
ASA Multiple Context Training
ASA Multiple Context Training
Tariq Bader
FI-WARE testbed: The work carried out from hardware to the Cloud
Fiware testbed from hardware to openstack
Fiware testbed from hardware to openstack
Henar Muñoz Frutos
Aruba OS 7.3 User Guide
Aruba OS 7.3 User Guide
Aruba OS 7.3 User Guide
Aruba, a Hewlett Packard Enterprise company
AnyFirewall Server supports applications on any mobile or fixed device, and supports all NAT types including full cone, address restricted cone, port restricted cone, and symmetric. AnyFirewall Server delivers complete TURN server functionality, relaying media traffic in port blocked Enterprise level NAT traversal scenarios. AnyFirewall Server can be deployed with AnyFirewall Engine and AnyFirewall Gateway for an end-to-end firewall and NAT traversal solution, or can be combined with third-party, standards-based products. NATs and firewalls break end-to-end connectivity for networked applications including voice, video conferencing, file sharing, and online gaming. AnyFirewall Server is a carrier-grade STUN server, providing NAT traversal support through any NAT, firewall, proxy, or UPnP.
Eyeball Networks AnyFirewall Server V10 Administrator Guide
Eyeball Networks AnyFirewall Server V10 Administrator Guide
Eyeball Networks
ClearPass Policy Manager 6.3 User Guide
ClearPass Policy Manager 6.3 User Guide
ClearPass Policy Manager 6.3 User Guide
Aruba, a Hewlett Packard Enterprise company
Chapter 2 overview
Chapter 2 overview
ali raza
Презентация с вебинара, организованного в рамках сообщества Cisco Support Community. Приглашаем Вас на другие мероприятия Cisco Support Community, а также к участию в жизни нашего сообщества технической поддержки Cisco: http://cs.co/CSCRu
Understanding and Troubleshooting ASA NAT
Understanding and Troubleshooting ASA NAT
Cisco Russia
ClearPass 6.3.2 Release Notes
ClearPass 6.3.2 Release Notes
ClearPass 6.3.2 Release Notes
Aruba, a Hewlett Packard Enterprise company
Cisco Contact Center
Cisco contact center
Cisco contact center
Cisco Canada
CCNA Security 210-260 Official CCNA Security 210-260 Official Cert Guide is a best Cisco exam study guide that focuses specifically on the objectives for the CCNA Security Implementing Cisco Network Security (IINS) 210-260 exam.https://www.pass4sureexam.com/210-260.html
Cisco CCNA Security 210-260 Practice Exam
Cisco CCNA Security 210-260 Practice Exam
Jysmeen
Release notes for ClearPass version 6.3.6
ClearPass 6.3.6 Release Notes
ClearPass 6.3.6 Release Notes
Aruba, a Hewlett Packard Enterprise company
How To Configure SSH
Configure ssh cell
Configure ssh cell
Andre Septian
What's hot
(20)
CCNA Security 05- securing the management plane
CCNA Security 05- securing the management plane
Aruba ClearPass Guest 6.3 User Guide
Aruba ClearPass Guest 6.3 User Guide
ESM Installation Guide (ESM v6.9.1c)
ESM Installation Guide (ESM v6.9.1c)
SafePeak Installation guide
SafePeak Installation guide
3 cucm database
3 cucm database
Chapter 3 overview
Chapter 3 overview
Aruba VIA 2.0.1 User Guide Linux Edition
Aruba VIA 2.0.1 User Guide Linux Edition
CCNA Security 06- AAA
CCNA Security 06- AAA
ASA Multiple Context Training
ASA Multiple Context Training
Fiware testbed from hardware to openstack
Fiware testbed from hardware to openstack
Aruba OS 7.3 User Guide
Aruba OS 7.3 User Guide
Eyeball Networks AnyFirewall Server V10 Administrator Guide
Eyeball Networks AnyFirewall Server V10 Administrator Guide
ClearPass Policy Manager 6.3 User Guide
ClearPass Policy Manager 6.3 User Guide
Chapter 2 overview
Chapter 2 overview
Understanding and Troubleshooting ASA NAT
Understanding and Troubleshooting ASA NAT
ClearPass 6.3.2 Release Notes
ClearPass 6.3.2 Release Notes
Cisco contact center
Cisco contact center
Cisco CCNA Security 210-260 Practice Exam
Cisco CCNA Security 210-260 Practice Exam
ClearPass 6.3.6 Release Notes
ClearPass 6.3.6 Release Notes
Configure ssh cell
Configure ssh cell
Viewers also liked
About shell shock vulnerability and poodle attack. how to fix these vulnerabilities
Shellshock & Poodle Attacks, fix
Shellshock & Poodle Attacks, fix
Sasidhar Gogulapati
A virus
Poodle
Poodle
Mukesh Chaudhari
ENJOY!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Poodles!!!
Poodles!!!
animallover1
This attack was made possible due to a programming vulnerability in OpenSSL libraries. The attack was discovered in 2014. It can help attackers steal very sensitive data like session Ids, cookies, etc.
The Heartbleed Attack
The Heartbleed Attack
Shreyas Kothari
Poodle stands for Padding Oracle On Downgraded Legacy Encryption is an attack on SSL v3.0 which brings end of SSL. If you have got any doubts with the presentation, feel free to contact me via email.
Poodle
Poodle
Shreyas Kothari
Background on - and testing for - POODLE (the SSLv3 vulnerability). Obviously some details/context missing but the testing side is expanded at http://www.exploresecurity.com/thoughts-on-testing-for-poodle/
SSLv3 and POODLE
SSLv3 and POODLE
Jerome Smith
A quick overview of SSL cipher suites, common vulnerabilities associated with them and how to remediate.
SSL overview
SSL overview
Todd Benson (I.T. SPECIALIST and I.T. SECURITY)
null Mumbai Chapter October 2013 Meet
Ssl attacks
Ssl attacks
n|u - The Open Security Community
Short overview what is POODLE, why that happened and how to fight with this problem:)
SSL/POODLE: History repeats itself
SSL/POODLE: History repeats itself
Yurii Bilyk
SSL is an acronym for Secure Sockets Layer. It is a protocol used for authenticating and encrypting web traffic. For web traffic to be authenticated means that your browser is able to verify the identity of the remote server.
Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)
Asad Ali
Cipher techniques
Cipher techniques
Mohd Arif
Configuring ee (enterprise extender) between two ibm system i systems tech ...
Configuring ee (enterprise extender) between two ibm system i systems tech ...
jbharo
This presentation provides an overview of some of the concepts and functions associated with z/OS Communications Server's exploitation of the System z sysplex capability. This includes topics such as dynamic VIPA, sysplex distributor, and sysplex autonomics.
Sysplex in a Nutshell
Sysplex in a Nutshell
zOSCommserver
Change is Coming: Motivation and Considerations for Migrating from SMTPD/Sendmail to CSSMTP In July of 2015, IBM issued a statement of direction indicating that z/OS V2R2 Communications Server would be the last release to include the SMTPD Mail Gateway and Sendmail mail transports. In this session, we will discuss the reasons for this removal, review CSSMTP-related enhancements in V2R2, and look at considerations when migrating to the CSSMTP mail gateway from SMTPD.
Motivations and Considerations for Migrating from SMTPD/Sendmail to CSSMTP
Motivations and Considerations for Migrating from SMTPD/Sendmail to CSSMTP
zOSCommserver
In this presentation i go through the different security features of IBM MQ and how they can be configured to protect the data on your Queue Managers
3429 How to transform your messaging environment to a secure messaging envi...
3429 How to transform your messaging environment to a secure messaging envi...
Robert Parker
Are you relatively new to the communications area and want a better understanding of the Communications Server component of z/OS? Have you heard of TCP/IP, SNA, VTAM, APPN, OSA, etc. but wondered what relationship these things have to Communications Server? If so, this presentation is for you!
z/OS Communications Server Overview
z/OS Communications Server Overview
zOSCommserver
This presentation discusses the z/OS resolver provided with z/OS Communications Server. Topics discussed include: - Resolver introduction - Resolver address space - Controlling the resolver - Resolver customization - Resolver APIs
z/OS Communications Server: z/OS Resolver
z/OS Communications Server: z/OS Resolver
zOSCommserver
SSLSmart – Smart SSL Cipher Enumeration by Gursev Singh Kalra
nullcon 2011 - SSLSmart – Smart SSL Cipher Enumeration
nullcon 2011 - SSLSmart – Smart SSL Cipher Enumeration
n|u - The Open Security Community
null Hyderabad Chapter - May 2014 Meet
Heartbleed
Heartbleed
n|u - The Open Security Community
Shellshock is a security bug in Bash (Bourne Again SHell) command-line interpreter, mostly known as shell. Linux expert Stéphane Chazelas revealed this bug on 24th September 2014, and it is more severe than Heartbleed bug.
ShellShock (Software BASH Bug)
ShellShock (Software BASH Bug)
ViSolve, Inc.
Viewers also liked
(20)
Shellshock & Poodle Attacks, fix
Shellshock & Poodle Attacks, fix
Poodle
Poodle
Poodles!!!
Poodles!!!
The Heartbleed Attack
The Heartbleed Attack
Poodle
Poodle
SSLv3 and POODLE
SSLv3 and POODLE
SSL overview
SSL overview
Ssl attacks
Ssl attacks
SSL/POODLE: History repeats itself
SSL/POODLE: History repeats itself
Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)
Cipher techniques
Cipher techniques
Configuring ee (enterprise extender) between two ibm system i systems tech ...
Configuring ee (enterprise extender) between two ibm system i systems tech ...
Sysplex in a Nutshell
Sysplex in a Nutshell
Motivations and Considerations for Migrating from SMTPD/Sendmail to CSSMTP
Motivations and Considerations for Migrating from SMTPD/Sendmail to CSSMTP
3429 How to transform your messaging environment to a secure messaging envi...
3429 How to transform your messaging environment to a secure messaging envi...
z/OS Communications Server Overview
z/OS Communications Server Overview
z/OS Communications Server: z/OS Resolver
z/OS Communications Server: z/OS Resolver
nullcon 2011 - SSLSmart – Smart SSL Cipher Enumeration
nullcon 2011 - SSLSmart – Smart SSL Cipher Enumeration
Heartbleed
Heartbleed
ShellShock (Software BASH Bug)
ShellShock (Software BASH Bug)
Similar to Poodle sha2 open mic
Basics of The FreeBSD OS and hardening web server in a FreeBSD operating system using Nginx and other tools
FreeBSD and Hardening Web Server
FreeBSD and Hardening Web Server
Muhammad Moinur Rahman
This is about the HCL Domino V12 Key Security Features Overview
HCL Domino V12 Key Security Features Overview
HCL Domino V12 Key Security Features Overview
hemantnaik
This is supposed to be a complete SSL configuration guide for Connect on-premise installs of version 9.0 and higher.
Adobe Connect on-premise SSL Guide
Adobe Connect on-premise SSL Guide
RapidSSLOnline.com
Simple hybrid voice deployments with Sonus
Simple hybrid voice deployments with Sonus
Simple hybrid voice deployments with Sonus
mscug
Simple hybrid voice deployments with Sonus
Simple hybrid voice deployments with Sonus
Simple hybrid voice deployments with Sonus
Adam Hand
Indianapolis Meetup #2 -- Oneway-Twoway SSL
Indianapolis mule soft_meetup_30_jan_2021 (1)
Indianapolis mule soft_meetup_30_jan_2021 (1)
ikram_ahamed
Secure network
Secure network
shelusharma
open vpn
presentation_4102_1493726768.pdf
presentation_4102_1493726768.pdf
ssuserf0e32f
Project Pt1
Project Pt1
Emmanuel McCain
Office Comunnications Server 2007 R2 Poster
Office Comunnications Server 2007 R2 Poster
Paulo Freitas
Ask the expert session on ibm traveler and new security changes
Ask the expert session on ibm traveler and new security changes
Ask the expert session on ibm traveler and new security changes
jayeshpar2006
BPM
Protocol
Protocol
m_bahba
Turn SSL ON: Your Own Certificate Authority - or simply use "Let's Encrypt". Ovidiu CICAL
[Cluj] Turn SSL ON
[Cluj] Turn SSL ON
OWASP EEE
More and more IoT vulnerabilities are found and showcased at security events. From connected thermostats to power plants! Insecurity became the favorite subject for creating catchy IoT headlines: "Connected killer toaster", "Fridges changed into spamming machines","Privacy concerns around connected home". We will explore the five challenges one has to face when building a secure IoT solution: - hardware security: how to avoid rogue firmwares and keep your security keys safe? - upgrade strategy: you can't secure what you can't update! - secure transport: no security without secure transports. - security credentials distribution: how to distribute security keys to a fleet with millions of devices? - cloud vulnerability mitigation, how to keep your fleet of devices safe from the next Heartbleed? Current enterprise infrastructure provides solutions for handling application security but are they really matching the IoT challenge? Could running a PKI client on a low power wireless sensor node be an option? Despite those difficulties, we will show how a modern IoT device management standard like Lightweight M2M with DTLS is the way for building a secur-first IoT solutions. It provides a solution for upgrading your device, distributing your security keys and comes with a full range of cryptography cipher suites, from PSK algorithm for very constrained devices to high level of security using X.509 certificates. Furthermore for adding security to your solution we will present you ready to use opensource libraries for implementing secure IoT servers and devices. The way for quickly releasing your next catchy connected product.! Ultimately we will showcase Wakaama and Leshan, the Eclipse IoT Lightweight M2M implementation maybe your next best friend in the troubled water of Internet-Of-Things security!
The 5 elements of IoT security
The 5 elements of IoT security
Julien Vermillard
Configuring Domino SSL Certificates and S/MIME Secure Email Messaging
Lotusphere 2011 SHOW104
Lotusphere 2011 SHOW104
WorkFlowStudios
Sp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guide
Hai Nguyen
Secure Your Website with free SSL cert from Let's Encrypt! (for 300 Seconds of Fame at lightning talk at Chicago hackerspace Pumping Station: One)
Let's Encrypt!
Let's Encrypt!
Drew Fustini
Orale SSL wallet configuration
Oralce SSL walelt -TCPS_Troubleshooting_PB.pptx
Oralce SSL walelt -TCPS_Troubleshooting_PB.pptx
ssuser865ecd
Lab08Email
Lab08Email
Robert Klebes
How To Install Windows server 2012? How to create Hyper-V Virtual Machine in Windows? What are Protocols and their types?
Windows 2012 server
Windows 2012 server
Jaffer Haadi
Similar to Poodle sha2 open mic
(20)
FreeBSD and Hardening Web Server
FreeBSD and Hardening Web Server
HCL Domino V12 Key Security Features Overview
HCL Domino V12 Key Security Features Overview
Adobe Connect on-premise SSL Guide
Adobe Connect on-premise SSL Guide
Simple hybrid voice deployments with Sonus
Simple hybrid voice deployments with Sonus
Simple hybrid voice deployments with Sonus
Simple hybrid voice deployments with Sonus
Indianapolis mule soft_meetup_30_jan_2021 (1)
Indianapolis mule soft_meetup_30_jan_2021 (1)
Secure network
Secure network
presentation_4102_1493726768.pdf
presentation_4102_1493726768.pdf
Project Pt1
Project Pt1
Office Comunnications Server 2007 R2 Poster
Office Comunnications Server 2007 R2 Poster
Ask the expert session on ibm traveler and new security changes
Ask the expert session on ibm traveler and new security changes
Protocol
Protocol
[Cluj] Turn SSL ON
[Cluj] Turn SSL ON
The 5 elements of IoT security
The 5 elements of IoT security
Lotusphere 2011 SHOW104
Lotusphere 2011 SHOW104
Sp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guide
Let's Encrypt!
Let's Encrypt!
Oralce SSL walelt -TCPS_Troubleshooting_PB.pptx
Oralce SSL walelt -TCPS_Troubleshooting_PB.pptx
Lab08Email
Lab08Email
Windows 2012 server
Windows 2012 server
Recently uploaded
Cultivation of Grapes - Varieties, Propagation, Training, Pruning, Harvesting etc
Advances in production technology of Grapes.pdf
Advances in production technology of Grapes.pdf
Dr. M. Kumaresan Hort.
College Science, Business and Technology Quiz conducted at Government Engineering College, Thrissur on 4th May 2024
Gyanartha SciBizTech Quiz slideshare.pptx
Gyanartha SciBizTech Quiz slideshare.pptx
Shibin Azad
Title: Maximizing Industrial Training Benefits: A Comprehensive Guide Introduction:- Welcome to our comprehensive guide on industrial training and its myriad benefits. Learn how to optimize your industrial training experience for maximum growth and skill development. Understanding Industrial Training:- Definition: Industrial training refers to a structured program that integrates academic knowledge with practical application in a professional setting. Importance: It bridges the gap between theoretical learning and real-world industry practices. Key Components of Industrial Training:- Practical Experience: Hands-on learning in a real workplace environment. Mentorship: Guidance from experienced professionals in the field. Skill Development: Enhancement of technical, interpersonal, and problem-solving skills. Benefits of Industrial Training Enhanced Skill Set: Gain practical skills relevant to your field of study or career path. Industry Exposure: Acquire firsthand knowledge of industry practices and trends. Networking Opportunities: Connect with professionals and build valuable contacts for future endeavors. Career Advancement: Increase employability and stand out in the job market with relevant experience. Personal Growth: Develop confidence, adaptability, and problem-solving abilities. Resume Enhancement: Strengthen your resume with valuable practical experience. Potential Job Offers: Impress employers and increase your chances of securing job offers post-training. Insight into Work Culture: Understand workplace dynamics and organizational structures. Professional Guidance: Receive mentorship and guidance from seasoned professionals. Test-Drive Careers: Explore different career paths and industries to make informed decisions about your future. Case Studies Highlight successful industrial training experiences and their impact on participants' careers. Showcase testimonials from trainees and employers on the benefits of industrial training. Slide 8: Conclusion Industrial training offers invaluable opportunities for skill development, career advancement, and personal growth. By implementing the strategies outlined in this guide, you can maximize the benefits of your industrial training experience. Embrace every opportunity to learn, grow, and excel in your chosen field. SEO Ranking Tags:- Industrial Training AKTU report AKTU Industrial Training Report
Industrial Training Report- AKTU Industrial Training Report
Industrial Training Report- AKTU Industrial Training Report
Avinash Rai
The map views are useful for providing a geographical representation of data. They allow users to visualize and analyze the data in a more intuitive manner.
How to Create Map Views in the Odoo 17 ERP
How to Create Map Views in the Odoo 17 ERP
Celine George
Solid waste management & Types of Basic civil Engineering notes by DJ Sir Types of SWM Liquid wastes Gaseous wastes Solid wastes. CLASSIFICATION OF SOLID WASTE: Based on their sources of origin Based on physical nature SYSTEMS FOR SOLID WASTE MANAGEMENT: METHODS FOR DISPOSAL OF THE SOLID WASTE: OPEN DUMPS: LANDFILLS: Sanitary landfills COMPOSTING Different stages of composting VERMICOMPOSTING: Vermicomposting process: Encapsulation: Incineration MANAGEMENT OF SOLID WASTE: Refuse Reuse Recycle Reduce FACTORS AFFECTING SOLID WASTE MANAGEMENT:
Solid waste management & Types of Basic civil Engineering notes by DJ Sir.pptx
Solid waste management & Types of Basic civil Engineering notes by DJ Sir.pptx
Denish Jangid
Application of matrices in real life. how matrices dominate our real life? how to relate matrices in real life problem and solve those problems . matrices on engineering sector. some interesting examples are included. this is the presentation slide. department of Electrical and Electronic Engineering , University of Chittagong.
Application of Matrices in real life. Presentation on application of matrices
Application of Matrices in real life. Presentation on application of matrices
Rased Khan
aaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
siemaillard
benefits
Additional Benefits for Employee Website.pdf
Additional Benefits for Employee Website.pdf
joachimlavalley1
NLC-2024-Orientation-for-RO-SDO
NLC-2024-Orientation-for-RO-SDO (1).pptx
NLC-2024-Orientation-for-RO-SDO (1).pptx
ssuserbdd3e8
NYCU Course Presentation
Adversarial Attention Modeling for Multi-dimensional Emotion Regression.pdf
Adversarial Attention Modeling for Multi-dimensional Emotion Regression.pdf
Po-Chuan Chen
Slides from a webinar presented May 23, 2024 by Capitol Technology University and featuring faculty member Dr. Alexander Perry discussing hybrid quantum Machine Learning.
slides CapTechTalks Webinar May 2024 Alexander Perry.pptx
slides CapTechTalks Webinar May 2024 Alexander Perry.pptx
CapitolTechU
Power-sharing Class 10 is a vital aspect of democratic governance. It refers to the distribution of power among different organs of government, levels of government, and social groups. This ensures that no single entity can control all aspects of governance, promoting stability and unity in a diverse society. For more information, visit-www.vavaclasses.com
NCERT Solutions Power Sharing Class 10 Notes pdf
NCERT Solutions Power Sharing Class 10 Notes pdf
Vivekanand Anglo Vedic Academy
The Author of this document is Dr. Abdulfatah A. Salem
Operations Management - Book1.p - Dr. Abdulfatah A. Salem
Operations Management - Book1.p - Dr. Abdulfatah A. Salem
Arab Academy for Science, Technology and Maritime Transport
We all have good and bad thoughts from time to time and situation to situation. We are bombarded daily with spiraling thoughts(both negative and positive) creating all-consuming feel , making us difficult to manage with associated suffering. Good thoughts are like our Mob Signal (Positive thought) amidst noise(negative thought) in the atmosphere. Negative thoughts like noise outweigh positive thoughts. These thoughts often create unwanted confusion, trouble, stress and frustration in our mind as well as chaos in our physical world. Negative thoughts are also known as “distorted thinking”.
How to Break the cycle of negative Thoughts
How to Break the cycle of negative Thoughts
Col Mukteshwar Prasad
Fish and Chips activity for Food unit.
Fish and Chips - have they had their chips
Fish and Chips - have they had their chips
GeoBlogs
UNIT – IV_PCI Complaints: Complaints and evaluation of complaints, Handling of return good, recalling and waste disposal.
UNIT – IV_PCI Complaints: Complaints and evaluation of complaints, Handling o...
UNIT – IV_PCI Complaints: Complaints and evaluation of complaints, Handling o...
Sayali Powar
Andreas Schleicher presents at the OECD webinar ‘Digital devices in schools: detrimental distraction or secret to success?’ on 27 May 2024. The presentation was based on findings from PISA 2022 results and the webinar helped launch the PISA in Focus ‘Managing screen time: How to protect and equip students against distraction’ https://www.oecd-ilibrary.org/education/managing-screen-time_7c225af4-en and the OECD Education Policy Perspective ‘Students, digital devices and success’ can be found here - https://oe.cd/il/5yV
Students, digital devices and success - Andreas Schleicher - 27 May 2024..pptx
Students, digital devices and success - Andreas Schleicher - 27 May 2024..pptx
EduSkills OECD
Incheon National University Capstone Design Final Presentation - Team Password 486 With Seungjun Rye(CSE), Eunbin Lee(BIZ). Jeonggyo Lee(ECON)
INU_CAPSTONEDESIGN_비밀번호486_업로드용 발표자료.pdf
INU_CAPSTONEDESIGN_비밀번호486_업로드용 발표자료.pdf
bu07226
The benefits and challenges of using OER
The Benefits and Challenges of Open Educational Resources
The Benefits and Challenges of Open Educational Resources
aileywriter
Answers to Home assignment on UV-Visible spectroscopy: Calculation of wavelength of UV-Visible absorption
Home assignment II on Spectroscopy 2024 Answers.pdf
Home assignment II on Spectroscopy 2024 Answers.pdf
Tamralipta Mahavidyalaya
Recently uploaded
(20)
Advances in production technology of Grapes.pdf
Advances in production technology of Grapes.pdf
Gyanartha SciBizTech Quiz slideshare.pptx
Gyanartha SciBizTech Quiz slideshare.pptx
Industrial Training Report- AKTU Industrial Training Report
Industrial Training Report- AKTU Industrial Training Report
How to Create Map Views in the Odoo 17 ERP
How to Create Map Views in the Odoo 17 ERP
Solid waste management & Types of Basic civil Engineering notes by DJ Sir.pptx
Solid waste management & Types of Basic civil Engineering notes by DJ Sir.pptx
Application of Matrices in real life. Presentation on application of matrices
Application of Matrices in real life. Presentation on application of matrices
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
Additional Benefits for Employee Website.pdf
Additional Benefits for Employee Website.pdf
NLC-2024-Orientation-for-RO-SDO (1).pptx
NLC-2024-Orientation-for-RO-SDO (1).pptx
Adversarial Attention Modeling for Multi-dimensional Emotion Regression.pdf
Adversarial Attention Modeling for Multi-dimensional Emotion Regression.pdf
slides CapTechTalks Webinar May 2024 Alexander Perry.pptx
slides CapTechTalks Webinar May 2024 Alexander Perry.pptx
NCERT Solutions Power Sharing Class 10 Notes pdf
NCERT Solutions Power Sharing Class 10 Notes pdf
Operations Management - Book1.p - Dr. Abdulfatah A. Salem
Operations Management - Book1.p - Dr. Abdulfatah A. Salem
How to Break the cycle of negative Thoughts
How to Break the cycle of negative Thoughts
Fish and Chips - have they had their chips
Fish and Chips - have they had their chips
UNIT – IV_PCI Complaints: Complaints and evaluation of complaints, Handling o...
UNIT – IV_PCI Complaints: Complaints and evaluation of complaints, Handling o...
Students, digital devices and success - Andreas Schleicher - 27 May 2024..pptx
Students, digital devices and success - Andreas Schleicher - 27 May 2024..pptx
INU_CAPSTONEDESIGN_비밀번호486_업로드용 발표자료.pdf
INU_CAPSTONEDESIGN_비밀번호486_업로드용 발표자료.pdf
The Benefits and Challenges of Open Educational Resources
The Benefits and Challenges of Open Educational Resources
Home assignment II on Spectroscopy 2024 Answers.pdf
Home assignment II on Spectroscopy 2024 Answers.pdf
Poodle sha2 open mic
1.
© 2014 IBM
CorporationPowered by IBM SmartCloud Meetings Poodle & SHA2 Secure your environment Open Mic Rahul Kumar Technical Lead, IBM Domino Server Team IBM Collaboration Solutions
2.
2 © 2014
IBM Corporation About Us Rahul Kumar -Tech Lead -IBM Domino Server Team Hansraj Mali – AP SWAT Team Ranjit Rai – AP SWAT Team J Rajendran – AP SWAT Team Narendra Nesarikar- Senior Manager – Facilitator for AP Open Mics
3.
3 © 2014
IBM Corporation Agenda 1. What is Poodle 2. How Domino is affected by POODLE 3. POODLE Fix for Domino 4. Internet Encryption 5. Implementing Web Server Encryption on Domino 6. SHA-2 Certificates 7. Why to use SHA-2 on Domino 8. KYR Tool 9. SHA-2 Server Certificate Using KYRTool & OpenSSL
4.
4 © 2014
IBM Corporation What is Poodle POODLE stands for Padding Oracle On Downgraded Legacy Encryption. This vulnerability allows a man-in-the-middle attacker to decrypt ciphertext using a padding oracle side-channel attack. POODLE affects older standards of encryption, specifically Secure Socket Layer (SSL) version 3. It does not affect the newer encryption mechanism known as Transport Layer Security (TLS).
5.
5 © 2014
IBM Corporation How Domino is affected by POODLE Newest versions of Chrome, FF, IE, Safari will prevent SSL connections, allowing only TLS over HTTP SMTP, LDAP, POP3, IMAP protocol vendors quickly follow suit moving from SSL to TLS Latest versions of Google Chrome & Firefox browsers,receive the below errors ─ On Chrome A secure connection cannot be established because this site uses an unsupported protocol. Error code: ERR_VERSION_OR_CIPHER_MISMATCH ─ On Firefox Firefox cannot guarantee the safety of your data on x.x.x.x because it uses SSLv3, a broken security protocol Advanced info: ssl_error_no_cypher_overlap
6.
6 © 2014
IBM Corporation Remediation/Fixes IBM has released Domino server Interim Fixes that implement TLS 1.0 with TLS_FALLBACK_SCSV for HTTP to protect against the POODLE attack. Added support for TLS 1.0: ─ Inbound and outbound connections ─ Over all protocols (HTTP, SMTP, LDAP, POP3, IMAP & DIIOP) ─ Prevents both Poodle attacks: CVE-2014-3566 and CVE-2014-8730. Removed support: ─ SSLv2 ─ SSL renegotiation has been disabled ─ All weak (<128 bits) cipher suites have been disabled
7.
7 © 2014
IBM Corporation Remediation/Fixes Domino Release Fix Pack/Interim Fix Download Links 9.0.1 Fix Pack 3 http://www-01.ibm.com/support/docview.wss?id=swg24037141 9.0.1 Fix Pack 2 Interim Fix 3 http://www.ibm.com/support/docview.wss?uid=swg21657963 9.0 Interim Fix 7 http://www.ibm.com/support/docview.wss?uid=swg21653364 8.5.3 Fix Pack 6 Interim Fix 6 http://www.ibm.com/support/docview.wss?uid=swg21663874 8.5.2 Fix Pack 4 Interim Fix 3 http://www.ibm.com/support/docview.wss?uid=swg21589583 8.5.1 Fix Pack 5 Interim Fix 3 http://www.ibm.com/support/docview.wss?uid=swg21595265
8.
8 © 2014
IBM Corporation Remediation/Fixes To disable SSLv3 after applying Poodle Fix For the latest version of Domino (8.5.3 FP6 IF6, Domino 9.0.1 FP2 IF3, or later) DISABLE_SSLV3=1 For earlier versions of Domino that have the POODLE fixes DEBUG_UNSUPPORTED_DISABLE_SSLV3=17
9.
9 © 2014
IBM Corporation Internet Encryption Public Key Cryptography also known as asymmetric cryptography Protects internet communications from being read by un-authorized medium Private keys, certificates, hashes and ciphers
10.
10 © 2014
IBM Corporation Internet Encryption Certificates identify who you are. In order for you certificate to be trusted, a trusted authority stamps your certificate as being trusted by it, and provides it certificate proving it was indeed that authority who stamped it. Certificates usually have a chain of trust. (I don't know who gave you this, but one has provided a certificate of trust from someone I know, so I will trust all of these certificates.)
11.
11 © 2014
IBM Corporation Internet Encryption Public / private keys are used to encrypt conversations. Certificates provide “hashed” data about the key it works with. Hashes used may be SHA-2, SHA-1, or MD5 Internet encryption has standard protocols for communication – SSL and TLS TLS is the successor to SSL, essentially a newer version of the protocol Domino supports TLS 1.0 on Domino 8.5.x and 9.x if poodle fixes are applied SSL/TLS starts with a “handshake” to establish the protocol version to use, and to exchange necessary information on certificates and keys. Once two parties agree to an encrypted session, they use a “cipher” that both have in common. This provides the framework for encrypting the conversation using their keys.
12.
12 © 2014
IBM Corporation Domino's implementation of encryption for web servers Certificates are stored in a keyring Keyring is a pair of files - .KYR file has the certificates, .STH file has the password To create a server certificate for the keyring, Certificate Signing Requests (CSRs ) are created CSRs are encrypted with a private key and sent to a Certificate Authority (CA) Signed CSRs provide the Server Certificate and the Certificates of the CA that signed it. The signed CSR is merged into the keyring. The CA root certificates and the server certificate must all be merged. Requires the encryption of the signed CSRs matches the encryption used when it was created – the private key must match.
13.
13 © 2014
IBM Corporation SHA-1 and SHA-2 Certificates Domino 8.5.x and 9.x have used SHA-1 certificates SHA-1 hashing is no longer recommended, CA's and browser vendors are transitioning to SHA-2 Domino 9.x servers can operate with SHA-2 certificates but with its tool for working with certificates, the Domino Server Certificate Admin database, can not process SHA-1, SHA-2 certificates New tool created to bypass this limitation – KYRTOOL KYRTOOL - used in place of the Domino Server Certificate Admin database when SHA-2 certificates are used Domino 8.5.x can only work with SHA-1 certificates – SHA-2 support is only with Domino 9.x
14.
14 © 2014
IBM Corporation Why SHA-2 Certificates Google Chrome, Opera, Firefox will begin to warn users that Domino web servers built using SHA-1 are insecure. Only SHA-2 will be considered secure. Jan-2016: MS (and others) will stop accepting SHA-1 and SSL (predecessor to TLS) per NIST SP 800-131A. Only TLS and SHA-2 will be accepted. Jan-2016, most 3rd party Certificate Authorities will issue only SHA-2 certs (GoDaddy,VeriSign, Comodo)
15.
15 © 2014
IBM Corporation KYRTOOL Command Line Tool IkeyMan tool will not be required Overcome the limitations of Certificate Admin Database in generating SHA- 1/SHA-2 certificate Easy to use
16.
16 © 2014
IBM Corporation SHA-2 Server Certificate Using KYRTool & OpenSSL Prerequisites Create a Domino keyring Generate CSR (Certificate signing request) Export data from the signed CSR Import certificates using the KYRTool Update server and test Put keyring.kyr and keyring.sth in server's data directory Verify server document settings Connect to server over SSL Troubleshooting / Debug
17.
17 © 2014
IBM Corporation SHA-2 Server Certificate Using KYRTool & OpenSSL Prerequisites KYRTool ─ Download link: http://www-933.ibm.com/support/fixcentral/swg/selectFixes? parent=ibm~Lotus&product=ibm/Lotus/Lotus+Domino&release=9.0.1.2&platform=All&function=fi xId&fixids=KYRTool_9x_ClientServer ─ Place the KYRTool in the Notes program directory, as it relies on .DLLs installed by Notes. OpenSSL ─ Download links for the Windows versions of OpenSSL are available at https://slproweb.com/products/Win32OpenSSL.html ─ The light version of OpenSSL is sufficient for the tasks required for creating a SHA-2 certificate. ─ OpenSSL may need updates to Windows Visual C++ libraries. ─ A configuration file "openssl.cfg" will be extracted by the installer to the bin directory. In order for OpenSSL to read this configuration file, you must set an environment variable by running the following command from a DOS prompt SET OPENSSL_CONF=openssl.cfg e.g. SET OPENSSL_CONF=c:OpenSSL-Win64binopenssl.cfg
18.
18 © 2014
IBM Corporation SHA-2 Server Certificate Using KYRTool & OpenSSL Create a Domino keyring keyring.kyr and keyring.sth file will be created in the Notes data directory
19.
19 © 2014
IBM Corporation SHA-2 Server Certificate Using KYRTool & OpenSSL Generate CSR (Certificate signing request) ─ Create new keypair ─ Create certificate request stamped with private key from keypair
20.
20 © 2014
IBM Corporation SHA-2 Server Certificate Using KYRTool & OpenSSL Generate CSR (Certificate signing request) using OpenSSL ─ Create new keypair Output
21.
21 © 2014
IBM Corporation SHA-2 Server Certificate Using KYRTool & OpenSSL Generate CSR (Certificate signing request) using OpenSSL ─ Create certificate request stamped with private key from keypair OpenSSL> req -new -sha256 -key server.key -out server.csr
22.
22 © 2014
IBM Corporation SHA-2 Server Certificate Using KYRTool & OpenSSL Generate CSR (Certificate signing request) using OpenSSL ─ Create certificate request stamped with private key from keypair OpenSSL>req -new -sha256 -key server.key -out server.csr
23.
23 © 2014
IBM Corporation SHA-2 Server Certificate Using KYRTool & OpenSSL To display private key (type server.key) To display certificate request (type server.csr)
24.
24 © 2014
IBM Corporation SHA-2 Server Certificate Using KYRTool & OpenSSL Acquire an SSL/TLS certificate from a third party CA ─ Generally the certificate request block is copied into a web form and pick what signing algorithm you would like the CA to use ─ Signed CSRs are usually in a .crt file ─ Open .crt files with Microsoft Crypto Extensions in Windows ─ Display certification tab ─ Chain of trust is displayed
25.
25 © 2014
IBM Corporation SHA-2 Server Certificate Using KYRTool & OpenSSL Extracting roots ─ Select the intermediate root certificate ─ View certificat
26.
26 © 2014
IBM Corporation SHA-2 Server Certificate Using KYRTool & OpenSSL Extracting roots ─ Select the intermediate root certificate ─ View certificate ─ Select the “Details” tab of the certificate
27.
27 © 2014
IBM Corporation SHA-2 Server Certificate Using KYRTool & OpenSSL Extracting roots ─ Select the intermediate root certificate ─ View certificate ─ Select the “Details” tab of the certificate ─ Choose “Copy to File”
28.
28 © 2014
IBM Corporation SHA-2 Server Certificate Using KYRTool & OpenSSL Extracting roots ─ Choose “Copy to File” ─ Certificate Export Wizard will open ─ In the certificate export wizard, export to a .cer file in Base- 64 form ─ You can name exported certificate files anything you want, use the .cer or .crt extension in order to be able to view the files using the Windows tool ─ Repeat these steps to export all intermediate certificates and the root certificate to Base 64 (PEM) encoded files
29.
29 © 2014
IBM Corporation SHA-2 Server Certificate Using KYRTool & OpenSSL Concatenate server.key and server.pem into a single file: ─ Input PEM file is used to import private key, server certificate and root certificates. ─ Order is important → server key first, the server's cert next, the intermediate cert next, and the root cert last. ─ Concatenate the private key and the exported certificates together type server.key server.crt intermediate.crt root.crt > server.txt type server.key server.pem>c:notesdataserver.txt Output server.txt is the input file used by the kyrtool for import into Domino keyring
30.
30 © 2014
IBM Corporation SHA-2 Server Certificate Using KYRTool & OpenSSL Verify the Input file kyrtool =<notes.ini path> verify <path of server.txt>
31.
31 © 2014
IBM Corporation SHA-2 Server Certificate Using KYRTool & OpenSSL Import certificates kyrtool.exe =<path of notes.ini> import all -k <path of keyring.kyr> -i <path of server.txt>
32.
32 © 2014
IBM Corporation SHA-2 Server Certificate Using KYRTool & OpenSSL Update Server and test ─ Copy keyring to server's data directory ─ Verify keyring entry in server document is correct ─ Ports – internet ports tab of server document ─ Verify SSL is enabled ─ Restart HTTP ─ Look for errors at HTTP startup
33.
33 © 2014
IBM Corporation SHA-2 Server Certificate Using KYRTool & OpenSSL Verify certificate on server ─ Connect to server over a browser using https ─ Test opening a database, such as names.nsf ─ Use “view certificate” option in browser to verify certificate is in use
34.
34 © 2014
IBM Corporation SHA-2 Server Certificate Using KYRTool & OpenSSL Troubleshooting / Debug ─ Verify if there are keyring errors when HTTP starts ─ Connect from a browser running on the server Takes the network out of the picture ─ Debug_SSL_All=1 Logs all SSL/TLS connections
35.
35 © 2014
IBM Corporation Reference IBM Domino Interim Fixes to support TLS 1.0 which can be used to prevent the POODLE attack http://www.lotus.com/ldd/dominowiki.nsf/dx/IBM_Domino_TLS_1.0 Generating a SHA-2 keyring file http://www.lotus.com/ldd/dominowiki.nsf/dx/Domino_keyring Planned SHA-2 deliveries for IBM Domino 9.x http://www.ibm.com/support/docview.wss?uid=swg21418982 How is IBM Domino impacted by the POODLE attack? http://www.ibm.com/support/docview.wss?uid=swg21687167
36.
36 | ©
2014 IBM Corporation Thank you Q & A Visit our Support Technical Exchange page or our Facebook page for details on future events. To help shape the future of IBM software, take this quality survey and share your opinion of IBM software used within your organization: https://ibm.biz/BdxqB2 IBM Collaboration Solutions Support page http://www.facebook.com/IBMLotusSupport WebSphere Portal http://twitter.com/IBM_ICSSupport
Download now