Andrew Ayer Profile picture
Fediverse: @agwa@agwa.name (https://t.co/dLmSfffpZ3) Founder @SSLMate, making SSL certificates easier, doing #webpki and #CertificateTransparency stuff. He/him
May 3, 2022 9 tweets 3 min read
If your website's SSL certificate was issued in 2020, it may have stopped working in Chrome today (with the error NET::ERR_CERTIFICATE_TRANSPARENCY_REQUIRED). Fix is to get a new certificate from your CA.

Use this tool to check if your site is affected: sslmate.com/labs/ct_policy… Background: Chrome requires all certificates to be published in at least one active (non-retired) #CertificateTransparency log. For various reasons, logs are occasionally shut down/retired. If every log that a certificate is logged to is retired, the cert stops working. 2/n
Jun 8, 2020 6 tweets 2 min read
GnuTLS was using an all-zero key for encrypting TLS session tickets. Whoops. gitlab.com/gnutls/gnutls/… For TLS 1.3 this merely enables MitM attacks against resumed sessions.

For TLS 1.2, this enables passive decryption of traffic to/from GnuTLS servers when the client supports session tickets (which is common).