Tag Archives: OpenSSL

Working With File-Encryptor NodeJS Module – Encrypt and Decrypt your Files OpenSSL


via Working With File-Encryptor Node.js Module – Encrypt and Decrypt your Files OpenSSL ~ i-visionblog.

I love Encryption/Decryption a Lot in Javascript ! And I have Already written article on JavaScript Crypto.JS Library and got many Responses/Doubts.And So recently I have Been working on a Small Node.JS project for File Management System in Cloud , I have Been using this File-Encryptor module for my Use.And i didn’t see Any Successful Blog post guiding for this Encryption/Decryption File Module in Node.js.

Generating OpenSSL certificates to run a NodeJS HTTPS Server


via Generating OpenSSL certificates to run a NodeJS HTTPS Server.

The last few days I’ve had to implement a simple HTTP/HTTPS client wrapper for NodeJS, which returns a Promise for each request call and do some basic management for the common body structure that the APIs, which we’re building, respond.

Nonetheless, I’m not writing this post for the itself implementation because the purpose doesn’t matter to tell about the process to generate the SSL certificates to use for a iojs/NodeJS HTTPS server which you may need, as I needed, to test a HTTPS client.

As you may know and/or think, OpenSSL isn’t the most friendly library, or in this case command line tool, that you’ve ever been used, however I’m not complaining about it, it provides a useful functionality which, you may think the same than me, is not the most funny thing that you would like to implement, for that reason and because it’s Open Source, I much appreciate the people how contribute to it, as many others may do.

After the introduction, let’s go for the interesting part of the post.

Docker busybox


via socketplane/docker-busybox · GitHub.

This is a minmal busybox image that has been baked specifically for running Open vSwitch It contains:

Busybox
OpenSSL
Python 2.7
Kmod (lsmod, insmod, modprobe)

problems upgrading PHP55, CURL, openSSL, PECL-http


problems upgrading PHP55, CURL, openSSL, PECL-http

Yesterday I decided that it is time to upgrade PHP and other libraries to the latest stable tested version.  I go to my dev server, upgrade with pkg upgrade, made sure that everything is correctly upgrading without some weird updates, restart apache, run some tests on the website to make sure that everything still works properly, […]

Jabber / XMPP Instant Messaging platform


Contents

asn1 Do not generate LDAP’s ASN.1 code when compiling ejabberd. a year ago
contrib/extract_translations Provide header with latin-1 encoding in translations to work with Erl… 8 months ago
doc New option: disable_sasl_mechanisms 19 hours ago
examples Update example extauth script with tryregister, removeuser and remove… 4 years ago
include Process XML-RPC requests via p1_xml and ejabberd_http a month ago
m4 Fix version check a year ago
priv/msgs Update Hebrew translation (thanks to Isratine Citizen) 7 months ago
rel Remove “xmlrpc” dependency for “make rel” 29 days ago
sql added privacy_list_data index for mysql database. 7 months ago
src Merge pull request #340 from weiss/disable-mechanisms 10 hours ago
test Fix race in CSI test case 11 days ago
tools Add tests for mod_vcard_xupdate 11 days ago
win32 Switch to rebar build tool a year ago
.gitignore Let Git ignore the “rel/ejabberd” directory a month ago
.travis.yml Add xref test to travis. 10 days ago
COPYING Update FSF address 9 months ago
Makefile.in Fix “make install” without JSON support 4 days ago
Makefile.win32 Switch to rebar build tool a year ago
README Fix LibYAML version in the list of dependencies 5 months ago
README.md Convert README to Markdown 7 months ago
autogen.sh Force regeneration of configure script 7 months ago
configure.ac Get rid of a hyphen in VSN 17 days ago
configure.bat Switch to rebar build tool a year ago
ejabberd.init.template Fix init script: use getent to allow ejabberd user from external auth… 2 months ago
ejabberd.yml.example Remove append_host_config from ejabberd.yml.example 21 days ago
ejabberdctl.cfg.example reflect correct default value un example documentation 4 months ago
ejabberdctl.template ejabberdctl: Omit su(1)’s “-p” flag 4 months ago
inetrc Switch to rebar build tool a year ago
install-sh Switch to rebar build tool a year ago
rebar Update the rebar script a year ago
rebar.config.script Clean up rebar script. 11 days ago
vars.config.in Remove “–enable-http” flag 4 months ago

ejabberd – High-Performance Enterprise Instant Messaging Server

Quickstart guide

0. Requirements

To compile ejabberd you need:

  • GNU Make
  • GCC
  • Libexpat 1.95 or higher
  • Libyaml 0.1.4 or higher
  • Erlang/OTP R15B or higher.
  • OpenSSL 0.9.8 or higher, for STARTTLS, SASL and SSL encryption.
  • Zlib 1.2.3 or higher, for Stream Compression support (XEP-0138). Optional.
  • PAM library. Optional. For Pluggable Authentication Modules (PAM).
  • GNU Iconv 1.8 or higher, for the IRC Transport (mod_irc). Optional. Not needed on systems with GNU Libc.
  • ImageMagick’s Convert program. Optional. For CAPTCHA challenges.

1. Compile and install on *nix systems

To compile ejabberd execute the commands:

./configure
make

To install ejabberd, run this command with system administrator rights (root user):

sudo make install

These commands will:

  • Install the configuration files in /etc/ejabberd/
  • Install ejabberd binary, header and runtime files in /lib/ejabberd/
  • Install the administration script: /sbin/ejabberdctl
  • Install ejabberd documentation in /share/doc/ejabberd/
  • Create a spool directory: /var/lib/ejabberd/
  • Create a directory for log files: /var/log/ejabberd/

2. Start ejabberd

You can use the ejabberdctl command line administration script to start and stop ejabberd. For example:

ejabberdctl start

JEP 219: Datagram Transport Layer Security (DTLS)


JEP 219: Datagram Transport Layer Security (DTLS)

Summary

Define an API for Datagram Transport Layer Security (DTLS) version 1.0 (RFC 4347) and 1.2 (RFC 6347).

Non-Goals

  1. It is not a goal to support transport-specific interfaces (for example, DTLS for DatagramSocket).
  2. It is not a goal to support PMTU discovery.

Success Metrics

The implementation, in both client and server modes, must interoperate successfully with at least two other DTLS implementations.

Motivation

It is important to support DTLS to satisfy secure-transport requirements for the increasing number of datagram-compatible applications. RFC 4347 lists a number of reasons why TLS is not sufficient for these types of applications:

  • “TLS is the most widely deployed protocol for securing network traffic. … However, TLS must run over a reliable transport channel—typically TCP. It therefore cannot be used to secure unreliable datagram traffic.”
  • “… an increasing number of application layer protocols have been designed that use UDP transport. In particular, protocols such as the Session Initiation Protocol (SIP) and electronic gaming protocols are increasingly popular.”
  • “In many cases, the most desirable way to secure client/server applications would be to use TLS; However, the requirement for datagram semantics automatically prohibits use of TLS. Thus, a datagram-compatible variant of TLS is very desirable.”

Protocols that support DTLS include, but are not limited, to:

  • RFC 5238, Datagram Transport Layer Security (DTLS) over the Datagram Congestion Control Protocol (DCCP)
  • RFC 6083, Datagram Transport Layer Security (DTLS) for Stream Control Transmission Protocol (SCTP)
  • RFC 5764, Datagram Transport Layer Security (DTLS) Extension to Establish Keys for the Secure Real-time Transport Protocol (SRTP)
  • RFC 7252, Constrained Application Protocol (CoAP)

Google Chrome and Firefox now support DTLS-SRTP for Web Real-Time Communication (WebRTC). DTLS version 1.0 and 1.2 are supported by the major TLS vendors and implementations including OpenSSL, GnuTLS, and Microsoft SChannel.

Description

We expect the DTLS API and implementation to be fairly small. The new API should be transport-independent and similar to javax.net.ssl.SSLEngine. Further details on the API will be added here as the work progresses. Some initial design considerations are as follows:

  1. The DTLS API and implementation will not manage read timeouts. It will be the responsibility of the application to determine an appropriate timeout value and when and how to trigger the timeout event.
  2. A new API will likely be added to set the maximum application datagram size (PMTU minus the DTLS per-record overhead). If the size is not specified explicitly, however, then the DTLS implementation should adjust the size automatically. If a fragment is lost two or three times, the implementation may reduce the size of the maximum application datagram size until it is small enough.
  3. The DTLS implementation should consume or produce at most one TLS record for each unwrap or wrap operation, so that the record can be delivered in the datagram layer individually or can be reassembled more easily if the delivery is out of order.
  4. It is the application’s responsibility to assemble the out-of-order application data accordingly if necessary. The DTLS API should provide access to the application data in each DTLS message.