When configuring or programming SSL/TLS servers, at some point a SSL/TLS cipher suite and a list of supported protocols have to be chosen. Unfortunately, not all configuration options are safe. :(

Meet sslsecure.vim! A plugin for the Vim editor, that marks insecure SSL/TLS cipher suites and protocols as errors. See all potentially insecure options right in your editor!

Features #

• Mark insecure SSL ciphers as errors
• Mark insecure SSL protocols as errors
• Works with all configuration files (web servers, mail servers, …)
• Works with all source code (independently on the used programming language)
• Works on top of regular syntax highlighting

I’m editing nginx configuration files. A lot. Naturally, I’ve tried several plugins for my favorite editor vim - but ran around a lot of problems:

• Most of the plugins available are outdated.
• Even syntax highlighting of the current vim plugin distributed with the nginx release has some deficits.
• I’ve been tired of copying around secure ssl_cipher directives, etc.

So, I’ve created a new, super-cool and mega-advanced vim plugin for nginx!

Ladies and gentlemen: Please welcome, chr4/nginx.vim!

Edit: This plugin was integrated into Vim and Neovim upstream!

Features #

The plugin is based on the recent vim plugin distributed with nginx-1.12.0 and additionally features the following syntax improvements:

• Highlight IPv4 and IPv6 addresses
• Mark insecure ssl_protocols as errors
• Inline template syntax highlight for ERB and Jinja
• Inline syntax highlight for LUA
• Improve integer matching
• Syntax highlighting for proxy_next_upstream options
• Syntax highlighting for sticky options
• Syntax highlighting for upstream server options
• More to come!

Furthermore:

• Remove annoying delimiters, resulting in strange word boundaries

I recently wrote pg-check-cert, a small tool to check whether a postgresql server’s SSL certificate is about to expire. It was featured in PostgreSQL Weekly Issue 164.

This script connects to a postgresql instance, checks the certificate and displays the amount of days left before it expires. It’s intended to be used for monitoring your postgresql certificates, using a monitoring tool like Zabbix or Nagios.

By default, the connections between the chef-client and the chef-server are not secured. This is a short post on howto encrypt and verify your connections.

As of chef-11 (unlike chef-10), SSL is enabled by default. But (naturally, as Opscode cannot create trusted certificates for your domain) the certificates are not verified. This essentially means that the connection is not secure at all.

Unless you only use chef in a trusted network, you should invest some time in securing your clients connections.