# jnsp

Information Security, Software Development and *NIX
  1. Prefer ChaCha20-Poly1305 in TLS 1.3 with nginx

    TLS 1.3 defines a new format for cipher suites that is incompatible with previous versions of the protocol. Unfortunately, many applications today do not allow to specify the order of preference for those new cipher suites which leads to the default set by the underlying TLS library (which often happens to be OpenSSL).

  2. Create ED25519 certificates for TLS with OpenSSL

    Algorithms designed by Daniel J. Bernstein et al. are currenlty quite popular and were implemented by many applications. X25519 is now the most widely used key exchange mechanism in TLS 1.3 and the curve has been adopted by software packages such as OpenSSH, Signal and many more. Although ECC is a currently a thing in X.509 / WebPKI, the list of available curves is mostly limited to NIST's P-256, P-384 and P-521 curves. This is because the CA/Browser Forum, an industry consortium of browser vendors and public trust centers, defines only those curves as permitted in their Baseline Requirements. The Baseline Requirements are a set of rules for public trust centers, it is important for the CAs to follow those rules closely, otherwhise they get kicked out of the major root programms and their certificates would no longer be trusted by major browsers. However, private CAs are not subject to those rules and are free to choose whichever curve they want for their certificates.

  3. Reboot

    This blog has not received much attention in the few years of its existence. Today I decieded to give it a reboot and start over, only keeping the articles that I felt were most interessting. I changed the layout a bit and switched to pelican, a static site generator, to manage this site. The focus of this blog lies on information security, specifically on everything that is related to TLS and the PKI ecosystem. However, there may be traces of software development and unix on this blog.

  4. TLS 1.3

    TLS 1.3 is around the corner, the new protocol is faster and more secure than its predecessors. The protocol only supports authenticated encryption, using either AES-GCM, AES-CCM or CHACHA20-POLY1305. Due to some optimizations during the handshake phase, a TLS 1.3 connection can be established within a single round trip (instead of two). Forward secrecy is now mandatory, which apparently caused problems for banks, who claimed breaking into their own TLS connections is necessary for debugging and security monitoring. Currently, there are not many sites on the web that allow you to test your user agent for TLS 1.3 support. I decided to create a small website that indicates whether you are connected using TLS 1.2 or TLS 1.3 and which cipher suite was negotiated.