Live chat


13th December 2016

in SSL with Let’s Encrypt, quick and dirty!

Posted by Aaron West 13th December in SSL

Let’s Encrypt offers us a free way to get SSL certs with the aim to be less complex than our current solutions, hmm... Well that sounds pretty cool! I had known about Let’s Encrypt for a while now but never had the need to take the plunge until this weekend.

Continue reading...
17th November 2014

in Security

STunnel Cipher List and Qualys SSL Labs Testing

Posted by Andrei Grigoraş 17th November in Security

A+ Unicorn
Chasing that eternally moving target that is an A+ from Qualys’ SSL scanner? Well, you’ve found the correct Blog!

Continue reading...
16th October 2014

in SSL

The Poodle SSLv3 – UPDATED – Updated Again

Posted by Andrei Grigoraş 16th October in SSL

So here we go again...  Another vulnerability has been found in OpenSSL. However, this is very hard to exploit and requires the hacker to have control of your wireless hotspot or network. If that's the case, then you're in trouble anyway!

Continue reading...
18th June 2014

in HAProxy

Source IP Addresses, STunnel, HAProxy and Server Logs

Posted by Rob Cooper 18th June in HAProxy

When using proxies such as STunnel and HAProxy it's easy to loose track of the client source IP address. This occurs for example when HAProxy is used in it's default configuration to load balance a number of back-end web servers. By default, the source IP address of the packet reaching the web servers is the IP address of the load balancer and not the IP address of the client. One way around this is to enable X-Forward-For headers for HAProxy (the default for appliances) and configure the web servers to track the IP address in this header. For more details on enabling this for IIS and Apache web servers, please see IIS and X-Forwarded-For Headers and Apache and X-Forwarded-For Headers. For more complicated scenarios where SSL termination is also required on the load balancer and the original source IP address is still required, additional steps are needed.

Continue reading...
9th June 2014

in SSL

Heartbleed 2.0? Not exactly but more OpenSSL issues have been found

Posted by Rob Cooper 9th June in SSL

In the wake of the recent Heartbleed Bug another series of OpenSSL vulnerabilities have been found. Whilst the Heartbleed bug was relatively easy to exploit, the latest batch of bugs are not. However if successfully exploited, there is potential for eavesdropping and traffic manipulation (CVE-2014-0224) as well as running arbitrary code on the vulnerable client or server (CVE-2014-0195).

Continue reading...
10th April 2014

in SSL releases patch for the OpenSSL heartbleed vulnerability CVE-2014-0160

Posted by Rob Cooper 10th April in SSL

The bug is in OpenSSL's implementation of the TLS/DTLS (transport layer security protocols) heartbeat extension (RFC6520). When it is exploited it leads to the leak of memory contents from the server to the client and from the client to the server.

Continue reading...
8th November 2013

in Load Balancing

SSL Offload Testing with HAProxy and Stunnel

Posted by Mark Brookes 8th November in Load Balancing

There are a lot of SSL offload throughput statistics available for appliances across the internet but rarely do they detail the way they were tested (probably because a lot of the numbers are inflated for marketing purposes). We at would like to improve the standard across the industry by being transparent about how exactly we have tested our appliances for SSL performance:

Continue reading...