도커로 구축한 랩에서 혼자 실습하며 배우는 네트워크 프로토콜 입문 #5-4 SSL 오프로드

https://hackers.pub/@jasonkim/2026/network-protocol-study-5-4-ssl-offload

Аутентификация клиентов в Angie с помощью TLS-сертификатов

Сегодня TLS используется повсеместно для безопасной передачи данных, и практически любой веб‑сайт работает по протоколу HTTPS. Но, кроме шифрования трафика, TLS позволяет реализовать аутентификацию клиентов по сертификату (mTLS). В этой статье мы настроим этот механизм на примере веб‑сервера Angie.

https://habr.com/ru/articles/981694/

#angie #mtls #ssl #tls #сертификаты #клиенсткие_сертификаты #взаимный_TLS

Securing servers/services without VPN cần giải pháp nào? Dùng Cloudflare Tunnels + Traefik nhưng mTLS gặp vấn đề với app di động, đặc biệt là iOS. Cloudflare Zero Trust & NordVPN cũng bị xung đột. Tìm cách truy cập an toàn, dễ dùng cho client không dùng web browser. #securingServers #mTLS #Cloudflare #ServerSecurity #Android #iOS #Tailscale #NetworkSecurity

https://www.reddit.com/r/selfhosted/comments/1pof1x9/how_should_i_be_securing_my_serverservices_and/

Flux-aio, Kubernetes mTLS и проблема курицы и яйца

Мы тут в Cozystack в очередной раз решаем проблему курицы и яйца: как задеплоить CNI и kube-proxy через Flux, но при этом обеспечить работу самого flux без CNI и kube-proxy. Сам Flux запустить без CNI и kube-proxy можно используя проект flux-aio (от создателя Flux), который запускает единый deployment со всеми контроллерами настроенными на коммуникацию друг с другом через localhost. Специфика Cozystack заключается в том, что на каждый кластер мы деплоим внутри небольшой HTTP-сервер с Helm-чартами и другими ассетами используемыми в платформе. Flux эти чарты читает и устанавливает в систему. Но вот как организовать доступ флюксу к внутреннему HTTP-серверу, запущенному как под внутри того же кластера?

https://habr.com/ru/companies/aenix/articles/975324/

#kubernetes #flux #mtls #talos #fluxaio

If you're deploying linkerd and pods do not run properly due to readiness probes failing with a 403, check if your unmeshed application responds with a redirect (302) to the readiness probe. Apparently linkerd does not follow redirects, unlike EKS, processes the response as an error and then treats this as an authentication issue. #k8s #mtls #devsecops #linkerd #linkerd2 #servicemesh

Cải thiện bảo mật với mTLS, quản lý chứng chỉ tự động, mã hóa Kafka và REST. Tối ưu hiệu suất với benchmark #mTLS #BảoMật #ChứngChỉ #MãHóa #HiệuSuất #TLS #AnNinhMạng #CôngNghệ #BảoMậtThôngTin

https://sdcourse.substack.com/p/day-13-implement-tls-encryption-for

@patrickcmiller and still only @Viss recommends putting #ExchangeServer behind #HAProxy with #mTLS

NEW BLOGPOST!

It's been a while! Very happy to share this mTLS in-depth tutorial. Lots of subjects in this one: password managers, TLS, mTLS of course, @traefik, @bitwarden, @vaultwarden_releases, Smallstep's CLI...

https://zoug.fr/mtls-bitwarden-vaultwarden-traefik-smallstep/

Don't hesitate to reply to this post: it'll help me test that the comments section works fine (and I'd greatly appreciate some feedback :))

#mtls #https #tls #passwordmanager #password #bitwarden #vaultwarden #traefik #smallstepca

🏦 **Představuji: RBC Premium API Python Library v1.0.2**

Po dlouhé práci jsem dokončil a vydal kompletní Python client knihovnu pro Premium API Raiffeisenbank České republiky. Tato knihovna významně zjednodušuje integraci s bankovními službami pro české vývojáře a firmy.

🎯 **Co knihovna nabízí:**

**Kompletní API pokrytí:**
• Správa účtů a zůstatků
• Přehledy transakcí (včetně spořicích účtů)
• Import plateb
• Stahování výpisů
• Aktuální FX kurzy
• Batch operace

**Profesionální implementace:**
• Automaticky generováno z OpenAPI 3.0 specifikace
• Plná podpora mTLS autentizace s PKCS#12 certifikáty
• Type hints pro bezpečný vývoj
• Komprehenzivní error handling
• Dodržování rate limitů (10/s, 5000/den)

**Developer Experience:**
• 14 praktických příkladů použití
• Kompletní dokumentace všech endpoints
• Snadná instalace přes pip
• Podpora Python 3.9+

🔧 **Technické detaily:**
Knihovna je postavena na OpenAPI Generator 7.13.0 s vlastními šablonami optimalizovanými pro Python. Řeší běžné problémy s imports, forward references a poskytuje utility pro extrakci certifikátů z P12 souborů.

📈 **Proč je to důležité:**
V době digitalizace bankovnictví potřebují firmy spolehlivé nástroje pro integraci s bankovními API. Tato knihovna odstraňuje technické bariéry a umožňuje vývojářům soustředit se na business logiku místo na low-level HTTP komunikaci. (+ jsem se na tom naučil commandovat copilota na složitějším projektu)

📦 **Jak začít:**
```bash
pip install rbczpremiumapi
```

Více informací, příklady a dokumentace najdete na:
🔗 PyPI: https://pypi.org/project/rbczpremiumapi/
🔗 GitHub: https://github.com/Vitexus/python-rbczpremiumapi

Těším se na vaše zpětné vazby a případné příspěvky k dalšímu rozvoji!

#Python #API #Banking #FinTech #OpenSource #RaiffeisenBank #VitexSoftware #CzechTech #OpenAPI #mTLS #PKCS12

Why did I think introducing #mTLS for some hosted services would be a fun idea for this evening? The mTLS part with #nginx inside an #lxc container was actually the easy part.

Troubleshooting the reverse proxy was the bad part. First I forgot one of the servers powers down at a given time. I was wondering why I did not get any connection for like 30 mins... Then I got an error page and hunted that error down for like 90 mins. In the end, I forgot one port... Learned a lot though. #selfhosting

🔐 Still thinking about mTLS vs HTTP Message Signatures?

Breakdown + video:
✅ How they work
⚖️ Tradeoffs
📊 Comparison table
⚠️ Replay attacks, TLS termination, more

📺 Video: https://www.youtube.com/watch?v=aDMdLCzXn1U
#CyberSecurity #ZeroTrust #mTLS #SysAdmin

🚀 First working Redis with post-quantum mTLS using Falcon (NIST finalist) — running in a hardened Alpine container with OpenSSL 3.3.4 + oqs-provider.
⚙️ Falcon keys + certs generated inside the image, Redis launched via --tls-port, and PONGs confirmed via PQ mTLS.

📦 GitHub: https://github.com/zenthracore/zen.redis
🐳 Docker: https://hub.docker.com/r/zenthracore/zen.redis

💡 This might be the first public Redis instance running on PQ crypto.

#PQC #Falcon #Redis #OpenSSL #ZeroTrust #mTLS #DevSecOps #Docker #PostQuantum #Infosec

🔐 mTLS vs HTTP Message Signatures: which should you use?

We break down the tradeoffs for device enrollment & secure APIs.
✅ How they work
⚖️ Pros & cons
📊 Comparison table
🆕 Why RFC 9421 matters

👉 https://victoronsoftware.com/posts/mtls-vs-http-signature/
#CyberSecurity #mTLS #ZeroTrust #SysAdmin #EndpointSecurity

Building Trust: Using mTLS for Secure Baby Monitor Connections 📹 👶 by Aline Borges
https://slideslive.com/39043376/building-trust-using-mtls-for-secure-baby-monitor-connections
#mDevCamp #mDevCamp2025 #mTLS #iOS #iot

Exposing #OTelCollector in #Kubernetes with #GatewayAPI & #mTLS

https://opentelemetry.io/blog/2025/expose-otel-collector-gateway-api/

Replaced one of my #cloudflare tunnels with #pangolin, since it needed no additional features.

The second one uses #mtls, so there I need to check how to configure that on my setup.

Firefox *finally* supports mTLS / SSL client certificates on Android! 🥳

It only took a dozen years, but who is counting. (Me. I was counting.)

That was a blocker in some of my use cases still forcing Chrome, so ... 🎉

https://bugzilla.mozilla.org/show_bug.cgi?id=868370

#mTLS #SSL #Firefox #Mozilla #MozillaFirefox #OpenSource #Android #Chrome

#TLS client certificates or #mTLS is utter shit. Don't believe anyone who tells you otherwise.

Nginx can give you mTLS, but you need to disable QUIC/HTTP3.

Firefox for Android is broken with mTLS. It cannot add search engines with mTLS. It cannot remember certificates and fails occasionally, even if it has got a valid certificate. Oh and the options to enable it are hidden.

Chrome works best but it forgets that a site has a certificate and ask you every time if you want to accept it.