 Redis TLS Origination through the sidecarRedis TLS Origination through the sidecar Author: Sam Stoelinga | Twitter: samosx | GitHub: samos123 Based on blog post: https://samos-it.com/posts/securing-redis-istio-tls-origniation-termination Architecture: K8s app using Redis over TLS only app-1 Namespace ms-1 K8s Pod External DB ms-2 K8s Pod ms-3 K8s Pod TLS only ● App with multiple microservices ● external Redis TLS only ● each microservice traffic Istio TLS Origination Architecture: K8s app using Redis over TLS only (TLS origination) app-1 Namespace ms-1 K8s Pod External DB container app container istio-proxy TCP TLS ● app talks0 码力 | 9 页 | 457.76 KB | 1 年前3 Redis TLS Origination through the sidecarRedis TLS Origination through the sidecar Author: Sam Stoelinga | Twitter: samosx | GitHub: samos123 Based on blog post: https://samos-it.com/posts/securing-redis-istio-tls-origniation-termination Architecture: K8s app using Redis over TLS only app-1 Namespace ms-1 K8s Pod External DB ms-2 K8s Pod ms-3 K8s Pod TLS only ● App with multiple microservices ● external Redis TLS only ● each microservice traffic Istio TLS Origination Architecture: K8s app using Redis over TLS only (TLS origination) app-1 Namespace ms-1 K8s Pod External DB container app container istio-proxy TCP TLS ● app talks0 码力 | 9 页 | 457.76 KB | 1 年前3
 Golang to the rescue - Saving DevOps from TLS turmoilGolang to the rescue: Saving DevOps from TLS turmoil GopherCon 2017 Lightning Talk Chris Short Manager of DevOps at Bankrate Introduction Chris Short Manager of DevOps at Bankrate (http://www.bankrate derived from an opensource.com article I wrote in April 2017: Golang to the rescue: Saving DevOps from TLS turmoil (https://opensource.com/article/17/4/testing-certi�cate-chains-34-line-go-program) But Most crypto/tls The Go crypto/tls (https://golang.org/pkg/crypto/tls/) package partially implements TLS 1.2, as speci�ed in RFC 5246 (https://tools.ietf.org/html/rfc5246) Package con�gures usable SSL/TLS versions0 码力 | 20 页 | 6.28 MB | 1 年前3 Golang to the rescue - Saving DevOps from TLS turmoilGolang to the rescue: Saving DevOps from TLS turmoil GopherCon 2017 Lightning Talk Chris Short Manager of DevOps at Bankrate Introduction Chris Short Manager of DevOps at Bankrate (http://www.bankrate derived from an opensource.com article I wrote in April 2017: Golang to the rescue: Saving DevOps from TLS turmoil (https://opensource.com/article/17/4/testing-certi�cate-chains-34-line-go-program) But Most crypto/tls The Go crypto/tls (https://golang.org/pkg/crypto/tls/) package partially implements TLS 1.2, as speci�ed in RFC 5246 (https://tools.ietf.org/html/rfc5246) Package con�gures usable SSL/TLS versions0 码力 | 20 页 | 6.28 MB | 1 年前3
 简谈 Rust 与国密 TLS - 王江桐第三届中国Rust开发者大会 简谈 Rust 与国密 TLS Introduction on Rust and SM TLS Title 王江桐 wangjiangtong@huawei.com 华为 公共开发部 嵌入式软件能力中心 就职于华为,目前正在使用 Rust 开发密码相关模块。 Rustacean 在华为。 Title 简谈 Rust 与国密 TLS Introduction on Rust Rust and Shangmi TLS 王江桐 wangjiangtong@huawei.com 华为 公共开发部 嵌入式软件能力中心 Overview of Shangmi Cryptography #1 国密算法总览 Table of Contents 目录 Use of Rust in Implementing Cryptographic Algorithms and Protocols 境外 不得使用 国密算法与协议介绍 Introduction to Shangmi Algorithms and Protocols Section #2 • 国密套件算法简介 • 国密 TLS 简介 来源:国密算法加密芯片,支持国密全套件等安全算法,http://www.bjlcs- tech.com/article/95.html 国密套件总览 List of Shangmi Cryptography0 码力 | 44 页 | 3.70 MB | 1 年前3 简谈 Rust 与国密 TLS - 王江桐第三届中国Rust开发者大会 简谈 Rust 与国密 TLS Introduction on Rust and SM TLS Title 王江桐 wangjiangtong@huawei.com 华为 公共开发部 嵌入式软件能力中心 就职于华为,目前正在使用 Rust 开发密码相关模块。 Rustacean 在华为。 Title 简谈 Rust 与国密 TLS Introduction on Rust Rust and Shangmi TLS 王江桐 wangjiangtong@huawei.com 华为 公共开发部 嵌入式软件能力中心 Overview of Shangmi Cryptography #1 国密算法总览 Table of Contents 目录 Use of Rust in Implementing Cryptographic Algorithms and Protocols 境外 不得使用 国密算法与协议介绍 Introduction to Shangmi Algorithms and Protocols Section #2 • 国密套件算法简介 • 国密 TLS 简介 来源:国密算法加密芯片,支持国密全套件等安全算法,http://www.bjlcs- tech.com/article/95.html 国密套件总览 List of Shangmi Cryptography0 码力 | 44 页 | 3.70 MB | 1 年前3
 CIS 1.6 Benchmark - Self-Assessment Guide - Rancher v2.5.4and --etcd-keyfile arguments are set as appropriate (Automated) 1.2.30 Ensure that the --tls-cert-file and --tls-private- key-file arguments are set as appropriate (Automated) 1.2.31 Ensure that the --client-ca-file Ensure that the --client-cert-auth argument is set to true (Automated) 2.3 Ensure that the --auto-tls argument is not set to true (Automated) 2.4 Ensure that the --peer-cert-file and --peer-key-file arguments that the --peer-client-cert-auth argument is set to true (Automated) 2.6 Ensure that the --peer-auto-tls argument is not set to true (Automated) 2.7 Ensure that a unique Certificate Authority is used for0 码力 | 132 页 | 1.12 MB | 1 年前3 CIS 1.6 Benchmark - Self-Assessment Guide - Rancher v2.5.4and --etcd-keyfile arguments are set as appropriate (Automated) 1.2.30 Ensure that the --tls-cert-file and --tls-private- key-file arguments are set as appropriate (Automated) 1.2.31 Ensure that the --client-ca-file Ensure that the --client-cert-auth argument is set to true (Automated) 2.3 Ensure that the --auto-tls argument is not set to true (Automated) 2.4 Ensure that the --peer-cert-file and --peer-key-file arguments that the --peer-client-cert-auth argument is set to true (Automated) 2.6 Ensure that the --peer-auto-tls argument is not set to true (Automated) 2.7 Ensure that a unique Certificate Authority is used for0 码力 | 132 页 | 1.12 MB | 1 年前3
 Rancher CIS Kubernetes v.1.4.0 Benchmark Self
Assessmentmatch("--kubelet-client-certificate=.*").string' Returned Value: --kubelet-client-certificate=/etc/kubernetes/ssl/kube-apiserver.pem Audit ( --kubelet-client-key ) docker inspect kube-apiserver | jq -e '.[0].Args[] | match("--kubelet-client-key=.*").string' Returned Value: --kubelet-client-key=/etc/kubernetes/ssl/kube-apiserver-key.pem Result: Pass 1.1.23 Ensure that the --service-account-lookup argument is match("--service-account-key-file=.*").string' Returned Value: --service-account-key-file=/etc/kubernetes/ssl/kube-service-account- token-key.pem Result: Pass 1.1.26 - Ensure that the --etcd-certfile and0 码力 | 47 页 | 302.56 KB | 1 年前3 Rancher CIS Kubernetes v.1.4.0 Benchmark Self
Assessmentmatch("--kubelet-client-certificate=.*").string' Returned Value: --kubelet-client-certificate=/etc/kubernetes/ssl/kube-apiserver.pem Audit ( --kubelet-client-key ) docker inspect kube-apiserver | jq -e '.[0].Args[] | match("--kubelet-client-key=.*").string' Returned Value: --kubelet-client-key=/etc/kubernetes/ssl/kube-apiserver-key.pem Result: Pass 1.1.23 Ensure that the --service-account-lookup argument is match("--service-account-key-file=.*").string' Returned Value: --service-account-key-file=/etc/kubernetes/ssl/kube-service-account- token-key.pem Result: Pass 1.1.26 - Ensure that the --etcd-certfile and0 码力 | 47 页 | 302.56 KB | 1 年前3
 Zabbix 4.0 Manualas the first parame- ter, allowing to specify both HTTP and HTTPS protocols. As a prerequisite of SSL (HTTPS) functionality, the agent should be compiled with cURL support. Previously, only domain name various items and hosts, SNMPv3 authentication and privacy passphrases, passwords for media types; SSL key password and HTTP proxy fields used in web scenarios and HTTP items; usernames, passwords and components (server, proxy, agent, zabbix_sender and zabbix_get utilities) using Transport Layer Security (TLS) protocol. network discovery - automated discovery of network devices. low-level discovery - automated0 码力 | 1365 页 | 16.69 MB | 1 年前3 Zabbix 4.0 Manualas the first parame- ter, allowing to specify both HTTP and HTTPS protocols. As a prerequisite of SSL (HTTPS) functionality, the agent should be compiled with cURL support. Previously, only domain name various items and hosts, SNMPv3 authentication and privacy passphrases, passwords for media types; SSL key password and HTTP proxy fields used in web scenarios and HTTP items; usernames, passwords and components (server, proxy, agent, zabbix_sender and zabbix_get utilities) using Transport Layer Security (TLS) protocol. network discovery - automated discovery of network devices. low-level discovery - automated0 码力 | 1365 页 | 16.69 MB | 1 年前3
 Zabbix 5.0 Manual1429533600 748791234 44 Secure connections to Zabbix database It is now possible to configure secure TLS connections to MySQL and PostgreSQL databases from: • Zabbix frontend • Zabbix server or proxy Restricting that are unavailable in the particular configuration will be disabled. For example, the Database TLS encryption checkbox cannot be checked if using MySQL and Database host is set to localhost. See Secure various items and hosts, SNMPv3 authentication and privacy passphrases, passwords for media types; SSL key password and HTTP proxy fields used in web scenarios and HTTP items; usernames, passwords and0 码力 | 1561 页 | 28.27 MB | 1 年前3 Zabbix 5.0 Manual1429533600 748791234 44 Secure connections to Zabbix database It is now possible to configure secure TLS connections to MySQL and PostgreSQL databases from: • Zabbix frontend • Zabbix server or proxy Restricting that are unavailable in the particular configuration will be disabled. For example, the Database TLS encryption checkbox cannot be checked if using MySQL and Database host is set to localhost. See Secure various items and hosts, SNMPv3 authentication and privacy passphrases, passwords for media types; SSL key password and HTTP proxy fields used in web scenarios and HTTP items; usernames, passwords and0 码力 | 1561 页 | 28.27 MB | 1 年前3
 Zabbix 5.2 Manualvarious items and hosts, SNMPv3 authentication and privacy passphrases, passwords for media types; SSL key password and HTTP proxy fields used in web scenarios and HTTP items; usernames, passwords and components (server, proxy, agent, zabbix_sender and zabbix_get utilities) using Transport Layer Security (TLS) protocol. network discovery - automated discovery of network devices. low-level discovery - automated Setting up SSL for Zabbix frontend On RHEL/Centos, install mod_ssl package: yum install mod_ssl Create directory for SSL keys: mkdir -p /etc/httpd/ssl/private chmod 700 /etc/httpd/ssl/private Create0 码力 | 1738 页 | 18.98 MB | 1 年前3 Zabbix 5.2 Manualvarious items and hosts, SNMPv3 authentication and privacy passphrases, passwords for media types; SSL key password and HTTP proxy fields used in web scenarios and HTTP items; usernames, passwords and components (server, proxy, agent, zabbix_sender and zabbix_get utilities) using Transport Layer Security (TLS) protocol. network discovery - automated discovery of network devices. low-level discovery - automated Setting up SSL for Zabbix frontend On RHEL/Centos, install mod_ssl package: yum install mod_ssl Create directory for SSL keys: mkdir -p /etc/httpd/ssl/private chmod 700 /etc/httpd/ssl/private Create0 码力 | 1738 页 | 18.98 MB | 1 年前3
 Zabbix 4.4 ManualAutoregistration section accessible through the dropdown to the right. It is possible to select no encryption, TLS encryption with PSK authentication or both (so that some hosts may register without encryption while components (server, proxy, agent, zabbix_sender and zabbix_get utilities) using Transport Layer Security (TLS) protocol. network discovery - automated discovery of network devices. low-level discovery - automated XML XPath preprocessing. net-snmp Required for SNMP support. GnuTLS, OpenSSL, LibreSSL or mbed TLS Required when using encryption. Agent Requirement Status Description libpcre Mandatory PCRE library0 码力 | 1393 页 | 16.55 MB | 1 年前3 Zabbix 4.4 ManualAutoregistration section accessible through the dropdown to the right. It is possible to select no encryption, TLS encryption with PSK authentication or both (so that some hosts may register without encryption while components (server, proxy, agent, zabbix_sender and zabbix_get utilities) using Transport Layer Security (TLS) protocol. network discovery - automated discovery of network devices. low-level discovery - automated XML XPath preprocessing. net-snmp Required for SNMP support. GnuTLS, OpenSSL, LibreSSL or mbed TLS Required when using encryption. Agent Requirement Status Description libpcre Mandatory PCRE library0 码力 | 1393 页 | 16.55 MB | 1 年前3
 Zabbix 4.2 Manualas the first param- eter, allowing to specify both HTTP and HTTPS protocols. As a prerequisite of SSL (HTTPS) functionality, the agent should be compiled with cURL support. Previously, only domain name components (server, proxy, agent, zabbix_sender and zabbix_get utilities) using Transport Layer Security (TLS) protocol. network discovery - automated discovery of network devices. low-level discovery - automated Setting up SSL for Zabbix frontend On RHEL/Centos, install mod_ssl package: yum install mod_ssl Create directory for SSL keys: mkdir -p /etc/httpd/ssl/private chmod 700 /etc/httpd/ssl/private Create0 码力 | 1270 页 | 15.64 MB | 1 年前3 Zabbix 4.2 Manualas the first param- eter, allowing to specify both HTTP and HTTPS protocols. As a prerequisite of SSL (HTTPS) functionality, the agent should be compiled with cURL support. Previously, only domain name components (server, proxy, agent, zabbix_sender and zabbix_get utilities) using Transport Layer Security (TLS) protocol. network discovery - automated discovery of network devices. low-level discovery - automated Setting up SSL for Zabbix frontend On RHEL/Centos, install mod_ssl package: yum install mod_ssl Create directory for SSL keys: mkdir -p /etc/httpd/ssl/private chmod 700 /etc/httpd/ssl/private Create0 码力 | 1270 页 | 15.64 MB | 1 年前3
共 1000 条
- 1
- 2
- 3
- 4
- 5
- 6
- 100














 
  
 