TLS 1.3: Modern Encryption Without the Existential Dread
TLS 1.3 explained without the PhD: faster handshakes, better ciphers, and how to actually configure Nginx and Caddy to use it.
Tag: tls
All the articles with the tag "tls".
Certificate Pinning: The Nuclear Option for TLS Security (Use With Caution)
Certificate pinning and HPKP explained: what they are, why HPKP destroyed itself, and modern alternatives like CAA records and Certificate Transparency.
mTLS Explained: When Regular TLS Isn't Paranoid Enough
Mutual TLS (mTLS) explained for mortals: how both sides authenticate, setting up step-ca for internal PKI, generating client certs, and configuring nginx with mTLS.
DNS Over HTTPS and TLS: Encrypt Your DNS Before Your ISP Sells It
Understand DoH, DoT, and DoQ encrypted DNS protocols and set up self-hosted encrypted DNS with AdGuard Home or Pi-hole. Stop your ISP from logging every domain you visit.
Caddy Advanced: Automatic HTTPS, Plugins, and Config That Doesn't Make You Cry
Advanced Caddy server configuration: wildcard certs, Caddyfile matchers, Docker label integration, rate limiting, forward auth with Authelia, and the JSON API.
Reverse Proxy SSL: The Cert Chain Mistake Everyone Makes
Your reverse proxy only has the leaf cert, not the intermediate. Here's why that kills half your connections.
Why Your TLS Certificate Isn't Trusted
Incomplete cert chains, wrong order, self-signed certs. How to diagnose trust failures with openssl s_client.
Certificate Expiry: Monitor Before the 3 AM Call
Certs expire silently. Check expiry with openssl, automate renewal checks with cron, get alerts before disaster.
Certificate Pinning: A Secure Connection Guide
Certificate pinning locks your app to a specific TLS cert so MITM attackers can't swap in a rogue CA — how it works and when to use it.