Mastodawn

Cải thiện bảo mật với mTLS, quản lý chứng chỉ tự động, mã hóa Kafka và REST. Tối ưu hiệu suất với benchmark #mTLS #BảoMật #ChứngChỉ #MãHóa #HiệuSuất #TLS #AnNinhMạng #CôngNghệ #BảoMậtThôngTin

https://sdcourse.substack.com/p/day-13-implement-tls-encryption-for

Day 13: Implement TLS Encryption for Secure Log Transmission

What You’ll Build Today

Hands On System Design Course - Code Everyday

LΞX/NØVΛ

🇪🇺5d ago

anyone can recommend me a secure way to generate mtls certificate ? for traefik 3 ?

#mtls #certificate #authority #tls #cyber #security #cybersec #cybersecurity #traefik

Show thread

Sass, David Nov 4

@patrickcmiller and still only @Viss recommends putting #ExchangeServer behind #HAProxy with #mTLS

zoug Oct 14

NEW BLOGPOST!

It's been a while! Very happy to share this mTLS in-depth tutorial. Lots of subjects in this one: password managers, TLS, mTLS of course, @traefik, @bitwarden, @vaultwarden_releases, Smallstep's CLI...

https://zoug.fr/mtls-bitwarden-vaultwarden-traefik-smallstep/

Don't hesitate to reply to this post: it'll help me test that the comments section works fine (and I'd greatly appreciate some feedback :))

#mtls #https #tls #passwordmanager #password #bitwarden #vaultwarden #traefik #smallstepca

Mutual TLS (mTLS) in-depth: step-by-step case study feat. Bitwarden, Vaultwarden, Traefik and Smallstep - zoug.fr

Learn how to use `step` to create your own certificate authority, and make your clients authenticate to a reverse proxy (`Traefik`) in order to access a sensitive application (`Vaultwarden` / `Bitwarden`).

zoug.fr

Vitex Oct 3

🏦 **Představuji: RBC Premium API Python Library v1.0.2**

Po dlouhé práci jsem dokončil a vydal kompletní Python client knihovnu pro Premium API Raiffeisenbank České republiky. Tato knihovna významně zjednodušuje integraci s bankovními službami pro české vývojáře a firmy.

🎯 **Co knihovna nabízí:**

**Kompletní API pokrytí:**
• Správa účtů a zůstatků
• Přehledy transakcí (včetně spořicích účtů)
• Import plateb
• Stahování výpisů
• Aktuální FX kurzy
• Batch operace

**Profesionální implementace:**
• Automaticky generováno z OpenAPI 3.0 specifikace
• Plná podpora mTLS autentizace s PKCS#12 certifikáty
• Type hints pro bezpečný vývoj
• Komprehenzivní error handling
• Dodržování rate limitů (10/s, 5000/den)

**Developer Experience:**
• 14 praktických příkladů použití
• Kompletní dokumentace všech endpoints
• Snadná instalace přes pip
• Podpora Python 3.9+

🔧 **Technické detaily:**
Knihovna je postavena na OpenAPI Generator 7.13.0 s vlastními šablonami optimalizovanými pro Python. Řeší běžné problémy s imports, forward references a poskytuje utility pro extrakci certifikátů z P12 souborů.

📈 **Proč je to důležité:**
V době digitalizace bankovnictví potřebují firmy spolehlivé nástroje pro integraci s bankovními API. Tato knihovna odstraňuje technické bariéry a umožňuje vývojářům soustředit se na business logiku místo na low-level HTTP komunikaci. (+ jsem se na tom naučil commandovat copilota na složitějším projektu)

📦 **Jak začít:**
```bash
pip install rbczpremiumapi
```

Více informací, příklady a dokumentace najdete na:
🔗 PyPI: https://pypi.org/project/rbczpremiumapi/
🔗 GitHub: https://github.com/Vitexus/python-rbczpremiumapi

Těším se na vaše zpětné vazby a případné příspěvky k dalšímu rozvoji!

#Python #API #Banking #FinTech #OpenSource #RaiffeisenBank #VitexSoftware #CzechTech #OpenAPI #mTLS #PKCS12

Client Challenge

maschmi Aug 15

Why did I think introducing #mTLS for some hosted services would be a fun idea for this evening? The mTLS part with #nginx inside an #lxc container was actually the easy part.

Troubleshooting the reverse proxy was the bad part. First I forgot one of the servers powers down at a given time. I was wondering why I did not get any connection for like 30 mins... Then I got an error page and hunted that error down for like 90 mins. In the end, I forgot one port... Learned a lot though. #selfhosting

Victor on Software Jul 29

🔐 Still thinking about mTLS vs HTTP Message Signatures?

Breakdown + video:
✅ How they work
⚖️ Tradeoffs
📊 Comparison table
⚠️ Replay attacks, TLS termination, more

📺 Video: https://www.youtube.com/watch?v=aDMdLCzXn1U
#CyberSecurity #ZeroTrust #mTLS #SysAdmin

mTLS vs HTTP signature faceoff: securing your APIs

YouTube

zenthracore Jul 22

🚀 First working Redis with post-quantum mTLS using Falcon (NIST finalist) — running in a hardened Alpine container with OpenSSL 3.3.4 + oqs-provider.
⚙️ Falcon keys + certs generated inside the image, Redis launched via --tls-port, and PONGs confirmed via PQ mTLS.

📦 GitHub: https://github.com/zenthracore/zen.redis
🐳 Docker: https://hub.docker.com/r/zenthracore/zen.redis

💡 This might be the first public Redis instance running on PQ crypto.

#PQC #Falcon #Redis #OpenSSL #ZeroTrust #mTLS #DevSecOps #Docker #PostQuantum #Infosec

Victor on Software Jul 10

🔐 mTLS vs HTTP Message Signatures: which should you use?

We break down the tradeoffs for device enrollment & secure APIs.
✅ How they work
⚖️ Pros & cons
📊 Comparison table
🆕 Why RFC 9421 matters

👉 https://victoronsoftware.com/posts/mtls-vs-http-signature/
#CyberSecurity #mTLS #ZeroTrust #SysAdmin #EndpointSecurity

mTLS vs HTTP signature faceoff: securing your APIs

How mTLS and HTTP signatures work, where they fit best, and how to choose the right one for your architecture

Victor on Software

Marius (windsheep)

Jul 9

#zerotrust adds a heavy amount of complexity to security architectures. For example, the whole #mTLS and #PKI aspect of it.

We don't hear much about these topics at security cons. Maybe you should prepare a talk and explain how mTLS and PKI weaknesses undermine the "zero" in it. ;)