La durée de validité des certificats SSL/TLS va être drastiquement réduite dans les années à venir :

- Actuellement, la durée maximale est de 398 jours
- À partir de mars 2026, elle passera à 200 jours
- À partir de mars 2027 : 100 jours
- À partir de mars 2029 : 47 jours

"SSL.com: DCV bypass and issue fake certificates for any MX hostname"

https://bugzilla.mozilla.org/show_bug.cgi?id=1961406

ooouuchhh

https://www.digicert.com/blog/tls-certificate-lifetimes-will-officially-reduce-to-47-days

The CA/Browser Forum has officially voted to amend the TLS Baseline Requirements to set a schedule for shortening both the lifetime of TLS certificates.

The maximum certificate lifetime is going down:

- As of March 15, 2026, the maximum lifetime for a TLS certificate will be 200 days.
- As of March 15, 2027, the maximum lifetime for a TLS certificate will be 100 days.
- As of March 15, 2029, the maximum lifetime for a TLS certificate will be 47 days.

Does anyone know how this new SSL cert expiry date thing is going to affect things like user authentication with SSL certs, i.e. for openvpn.

If we're running our own CA, can I get safari, chrome et al to accept longer cert expiry?

Nur noch 47 Tage:

#Gültigkeit von #TLS - #Zertifikaten wird drastisch verkürzt

Ab 2029 dürfen #TLS-Zertifikate statt 398 nur noch höchstens 47 Tage lang gültig sein. Der von #Apple eingereichte Vorschlag hat breite Zustimmung erhalten.

Das #CA / #Browser #Forum hat beschlossen, die maximale Gültigkeitsdauer digitaler Zertifikate für den verschlüsselten Datenaustausch via #SSL / #TLS von aktuell 398 auf deutlich geringere 47 Tage zu reduzieren.

https://www.golem.de/news/nur-noch-47-tage-gueltigkeit-von-tls-zertifikaten-wird-drastisch-verkuerzt-2504-195416.html

#SSL/#TLS certificate lifespans reduced to 47 days by 2029

https://www.bleepingcomputer.com/news/security/ssl-tls-certificate-lifespans-reduced-to-47-days-by-2029/

Certificats SSL/TLS : une durée de vie divisée par 8 d’ici 2029
https://www.blogdumoderateur.com/certificats-ssl-tls-duree-vie-divisee-huit-2029/
#ssl

#mbedTLS 3.6.3 (#LTS) has been released (#TrustedFirmware / #ARM / #mbed / #TLS / #DTLS / #PolarSSL / #SSL / #Security) https://www.trustedfirmware.org/projects/mbed-tls/

#mbedTLS 2.28.10 (old #LTS) has been released (#TrustedFirmware / #ARM / #mbed / #TLS / #DTLS / #PolarSSL / #SSL / #Security) https://www.trustedfirmware.org/projects/mbed-tls/

#OpenSSL 3.5.0 (#LTS) has been released (#SSL / #TLS) https://openssl-library.org/

OpenSSL 3.5.0 enthält nun Post-Quanten-Verfahren

OpenSSL fügt mit der neuen LTS-Version 3.5.0 seiner Bibliothek die Post-Quanten-Verfahren ML-KEM, ML-DSA und SLH-DSA hinzu.

https://www.heise.de/news/OpenSSL-3-5-0-enthaelt-nun-Post-Quanten-Verfahren-10345122.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

Folien vom Dozenten: "Sicherheit: Datenübertragung mit SSL-Protokoll"

Ich will hoffen, dass er TLS und nicht SSL meint

Hello #fediverse, I am looking for some #cybersecurity help about #safari on #iOS

[Edit: got an answer! Safari removed the lock icon in iOS 18.4 in favor of a full screen warning for non SSL connections. Paraphrased original question below]

I told my mom to always look for the #SSL lock in the URL bar before typing anything into a website (and check URLs for validity and so on).

Now, she never gets the SSL lock in Safari for any website. Ever. I tried to google why and am stumped. Any ideas?

Join Sake Blok for his pre-conference class at SharkFest'25 US on June 16th:

"SSL/TLS Troubleshooting with Wireshark"

This hands-on session will take your troubleshooting skills to the next level, helping you diagnose complex network issues like a pro.

Secure your spot: https://sharkfest.wireshark.org/sfus

jaha. Det är nåt fel på mina cert så kan inte köra SSL. Så försöker laga medelst

%> pip install --upgrade certifi --force-reinstall

men det funkar såklart inte... pga

Could not fetch URL https://pypi.org/simple/certifi/: There was a problem confirming the ssl certificate

jamen jag veeeeet .... Argh!!
antar att jag måste lista ut hur jag gör detta manuellt

#HELP

I just received a concerning email from the OTF (@opentechfund.bsky.social) stating that a major source of their funding is in jeopardy.

If you care about open-source, anti-censorship, or the open internet, please consider supporting one of the projects they fund.

#FOSS #OpenSource #TechNews
#USPol #Politics #News #PoliticalNews
#NetNeutrality #EFF
#Wikimedia #Signal #SignalApp
#TOR #TAILs #OpenVPN #VPN #LetsEncrypt #HTTPS #SSL
#Censorship #AntiCensorship

https://www.opentech.fund/projects-we-support/supported-projects/?sc=&filter1=&filter2=&order-by-selector=date-desc&pageno=1

Let’s Encrypt at risk from Trump cuts to OTF: “Let’s Encrypt received around $800,000 in funding from the OTF”

Dear @EUCommission, get your heads out of your arses and let’s find @letsencrypt €1M/year (a rounding error in EU finances) and have them move to the EU.

If Let’s Encrypt is fucked, the web is fucked, and the Small Web is fucked too. So how about we don’t let that happen, yeah?

(In the meanwhile, if the Let’s Encrypt folks want to make a point about how essential they are, it might be an idea to refuse certificates to republican politicians. See how they like their donation systems breaking in real time…)

CC @nlnet @NGIZero@mastodon.xyz

#USA #fascism #OpenTechFund #LetsEncrypt #SSL #TLS #encryption #EU #web #tech #SmallWeb #SmallTech https://mastodon.social/@publictorsten/114223873439053263

Quand le certificat SSL de laradioactivite.com arrive à expiration, c'est qu'il a atteint sa demi-vie