Server side solution to stop redirect from http to https in Chrome

If you have configured your main web site domain to use SSL for example https://your.domain and https://www.your.domain and you have other sub-domains that you access without SSL you could face an issue where Chrome browser insists to use HTTPS on your sub-domains as well. This can cause problems accessing your sub-domain if it is not using SSL.

Even if you manually type http://subdomain.your.domain it will automatically redirect you to https://subdomain.your.domain Continue reading “Server side solution to stop redirect from http to https in Chrome”

Apache: How to Disable the SSL v3 Protocol on Debian

To prevent POODLE (“Padding Oracle On Downgraded Legacy Encryption”) attach which is a man-in-the-middle exploit that takes advantage of SSL3.0 vulnerability it is necessary to disable SSLv3 in your web server configuration.

To check if you are vulnerable to this attack you can use the form on following website:

https://www.digicert.com/help/ Continue reading “Apache: How to Disable the SSL v3 Protocol on Debian”

Fix heartbleed / cve-2014-0160 on ARM Ubuntu 13.04 with packages from 12.04

Easy and dirty solution for your EOL (end of life) Ubuntu 13.04 Raring Ringtail for the Heartbleed / cve-2014-0160?

wget https://launchpad.net/ubuntu/+archive/primary/+files/openssl_1.0.1c-3ubuntu2.7_armhf.deb \
https://launchpad.net/ubuntu/+archive/primary/+files/libssl1.0.0_1.0.1c-3ubuntu2.7_armhf.deb \
https://launchpad.net/ubuntu/+archive/primary/+files/libssl-dev_1.0.1c-3ubuntu2.7_armhf.deb

Continue reading “Fix heartbleed / cve-2014-0160 on ARM Ubuntu 13.04 with packages from 12.04”