We need to simplify client certificates for IoT and MTLS. One way is to anchor client certs in DNS.
The IETF DANCE working group needs more energy to complete our work. Want to join? Get on the mailing list now and help out!
https://datatracker.ietf.org/group/dance/about/

#PKI #DNSsec #MTLS #IOT

Middleware Manager v4.1.2 giờ hoạt động độc lập với Traefik và hỗ trợ mTLS gốc cho từng tài nguyên/router. Nâng cấp đáng chú ý bao gồm:
- Quản lý dịch vụ/middleware tinh vi, hiệu suất ổn định hơn
- Hỗ trợ plugin nâng cao như mTLS, Bandwidth Limiter
- Giao diện người dùng tối ưu hóa với Dark Mode
- Tích hợp sâu với API Traefik

#Traefik #MiddlewareManager #mTLS #SelfHosting #CôngNghệMới #TraefikPlugin #SecurityTech

https://www.reddit.com/r/selfhosted/comments/1qm8a4c/traefik_middleware

mTLS looks simple until you realize what it doesn’t protect you from.

A trusted client certificate is not the same thing as an allowed client.
If your Java service stops at “the handshake worked,” you’re leaving a gap attackers can walk through.

I wrote up a hands-on Quarkus implementation that shows:
– where TLS ends
– where security should begin
– and how to enforce certificate rules before business logic runs

https://www.the-main-thread.com/p/quarkus-mtls-client-certificate-validation-java

#Java #Quarkus #Security #mTLS #EnterpriseJava

도커로 구축한 랩에서 혼자 실습하며 배우는 네트워크 프로토콜 입문 #5-4 SSL 오프로드

https://hackers.pub/@jasonkim/2026/network-protocol-study-5-4-ssl-offload

Аутентификация клиентов в Angie с помощью TLS-сертификатов

Сегодня TLS используется повсеместно для безопасной передачи данных, и практически любой веб‑сайт работает по протоколу HTTPS. Но, кроме шифрования трафика, TLS позволяет реализовать аутентификацию клиентов по сертификату (mTLS). В этой статье мы настроим этот механизм на примере веб‑сервера Angie.

https://habr.com/ru/articles/981694/

#angie #mtls #ssl #tls #сертификаты #клиенсткие_сертификаты #взаимный_TLS

Securing servers/services without VPN cần giải pháp nào? Dùng Cloudflare Tunnels + Traefik nhưng mTLS gặp vấn đề với app di động, đặc biệt là iOS. Cloudflare Zero Trust & NordVPN cũng bị xung đột. Tìm cách truy cập an toàn, dễ dùng cho client không dùng web browser. #securingServers #mTLS #Cloudflare #ServerSecurity #Android #iOS #Tailscale #NetworkSecurity

https://www.reddit.com/r/selfhosted/comments/1pof1x9/how_should_i_be_securing_my_serverservices_and/

Flux-aio, Kubernetes mTLS и проблема курицы и яйца

Мы тут в Cozystack в очередной раз решаем проблему курицы и яйца: как задеплоить CNI и kube-proxy через Flux, но при этом обеспечить работу самого flux без CNI и kube-proxy. Сам Flux запустить без CNI и kube-proxy можно используя проект flux-aio (от создателя Flux), который запускает единый deployment со всеми контроллерами настроенными на коммуникацию друг с другом через localhost. Специфика Cozystack заключается в том, что на каждый кластер мы деплоим внутри небольшой HTTP-сервер с Helm-чартами и другими ассетами используемыми в платформе. Flux эти чарты читает и устанавливает в систему. Но вот как организовать доступ флюксу к внутреннему HTTP-серверу, запущенному как под внутри того же кластера?

https://habr.com/ru/companies/aenix/articles/975324/

#kubernetes #flux #mtls #talos #fluxaio

If you're deploying linkerd and pods do not run properly due to readiness probes failing with a 403, check if your unmeshed application responds with a redirect (302) to the readiness probe. Apparently linkerd does not follow redirects, unlike EKS, processes the response as an error and then treats this as an authentication issue. #k8s #mtls #devsecops #linkerd #linkerd2 #servicemesh

Cải thiện bảo mật với mTLS, quản lý chứng chỉ tự động, mã hóa Kafka và REST. Tối ưu hiệu suất với benchmark #mTLS #BảoMật #ChứngChỉ #MãHóa #HiệuSuất #TLS #AnNinhMạng #CôngNghệ #BảoMậtThôngTin

https://sdcourse.substack.com/p/day-13-implement-tls-encryption-for

@patrickcmiller and still only @Viss recommends putting #ExchangeServer behind #HAProxy with #mTLS

NEW BLOGPOST!

It's been a while! Very happy to share this mTLS in-depth tutorial. Lots of subjects in this one: password managers, TLS, mTLS of course, @traefik, @bitwarden, @vaultwarden_releases, Smallstep's CLI...

https://zoug.fr/mtls-bitwarden-vaultwarden-traefik-smallstep/

Don't hesitate to reply to this post: it'll help me test that the comments section works fine (and I'd greatly appreciate some feedback :))

#mtls #https #tls #passwordmanager #password #bitwarden #vaultwarden #traefik #smallstepca

🏦 **Představuji: RBC Premium API Python Library v1.0.2**

Po dlouhé práci jsem dokončil a vydal kompletní Python client knihovnu pro Premium API Raiffeisenbank České republiky. Tato knihovna významně zjednodušuje integraci s bankovními službami pro české vývojáře a firmy.

🎯 **Co knihovna nabízí:**

**Kompletní API pokrytí:**
• Správa účtů a zůstatků
• Přehledy transakcí (včetně spořicích účtů)
• Import plateb
• Stahování výpisů
• Aktuální FX kurzy
• Batch operace

**Profesionální implementace:**
• Automaticky generováno z OpenAPI 3.0 specifikace
• Plná podpora mTLS autentizace s PKCS#12 certifikáty
• Type hints pro bezpečný vývoj
• Komprehenzivní error handling
• Dodržování rate limitů (10/s, 5000/den)

**Developer Experience:**
• 14 praktických příkladů použití
• Kompletní dokumentace všech endpoints
• Snadná instalace přes pip
• Podpora Python 3.9+

🔧 **Technické detaily:**
Knihovna je postavena na OpenAPI Generator 7.13.0 s vlastními šablonami optimalizovanými pro Python. Řeší běžné problémy s imports, forward references a poskytuje utility pro extrakci certifikátů z P12 souborů.

📈 **Proč je to důležité:**
V době digitalizace bankovnictví potřebují firmy spolehlivé nástroje pro integraci s bankovními API. Tato knihovna odstraňuje technické bariéry a umožňuje vývojářům soustředit se na business logiku místo na low-level HTTP komunikaci. (+ jsem se na tom naučil commandovat copilota na složitějším projektu)

📦 **Jak začít:**
```bash
pip install rbczpremiumapi
```

Více informací, příklady a dokumentace najdete na:
🔗 PyPI: https://pypi.org/project/rbczpremiumapi/
🔗 GitHub: https://github.com/Vitexus/python-rbczpremiumapi

Těším se na vaše zpětné vazby a případné příspěvky k dalšímu rozvoji!

#Python #API #Banking #FinTech #OpenSource #RaiffeisenBank #VitexSoftware #CzechTech #OpenAPI #mTLS #PKCS12

Why did I think introducing #mTLS for some hosted services would be a fun idea for this evening? The mTLS part with #nginx inside an #lxc container was actually the easy part.

Troubleshooting the reverse proxy was the bad part. First I forgot one of the servers powers down at a given time. I was wondering why I did not get any connection for like 30 mins... Then I got an error page and hunted that error down for like 90 mins. In the end, I forgot one port... Learned a lot though. #selfhosting

🔐 Still thinking about mTLS vs HTTP Message Signatures?

Breakdown + video:
✅ How they work
⚖️ Tradeoffs
📊 Comparison table
⚠️ Replay attacks, TLS termination, more

📺 Video: https://www.youtube.com/watch?v=aDMdLCzXn1U
#CyberSecurity #ZeroTrust #mTLS #SysAdmin

🚀 First working Redis with post-quantum mTLS using Falcon (NIST finalist) — running in a hardened Alpine container with OpenSSL 3.3.4 + oqs-provider.
⚙️ Falcon keys + certs generated inside the image, Redis launched via --tls-port, and PONGs confirmed via PQ mTLS.

📦 GitHub: https://github.com/zenthracore/zen.redis
🐳 Docker: https://hub.docker.com/r/zenthracore/zen.redis

💡 This might be the first public Redis instance running on PQ crypto.

#PQC #Falcon #Redis #OpenSSL #ZeroTrust #mTLS #DevSecOps #Docker #PostQuantum #Infosec

🔐 mTLS vs HTTP Message Signatures: which should you use?

We break down the tradeoffs for device enrollment & secure APIs.
✅ How they work
⚖️ Pros & cons
📊 Comparison table
🆕 Why RFC 9421 matters

👉 https://victoronsoftware.com/posts/mtls-vs-http-signature/
#CyberSecurity #mTLS #ZeroTrust #SysAdmin #EndpointSecurity

Building Trust: Using mTLS for Secure Baby Monitor Connections 📹 👶 by Aline Borges
https://slideslive.com/39043376/building-trust-using-mtls-for-secure-baby-monitor-connections
#mDevCamp #mDevCamp2025 #mTLS #iOS #iot

Exposing #OTelCollector in #Kubernetes with #GatewayAPI & #mTLS

https://opentelemetry.io/blog/2025/expose-otel-collector-gateway-api/

Replaced one of my #cloudflare tunnels with #pangolin, since it needed no additional features.

The second one uses #mtls, so there I need to check how to configure that on my setup.