TLS certificate validation in Golang: CRL & OCSP examples
All developers need to know about using OCSP and CRL for validating TLS certificates in Go apps. Things we’ve learnt while building our own OCSP/CRL validation tooling: design, implementation and security tips, example code and popular mistakes.
Audit logs security: cryptographically signed tamper-proof logs
Logs, audit logs, and security events are must-have components of a secure system, which help to monitor ongoing behaviour and provide forensic evidence in case of an incident. Let’s cut through complexity. In this article, we cover cryptographically signed audit logging, aka “secure logging”, when logs are generated in a certain way which prevents tampering messages, removing, adding or changing the order of log entries. We explain why signed logs are essential for security software, how we’ve built-in secure audit logging in Acra, and how to use it together with other defense in-depth layers in your systems.
Themis 0.9.6 release
THEMIS 0.9.6 RELEASE One release a week is good, two releases is better still. After releasing Hermes-core 0.5.1 PoC yesterday, following the good tradition of releasing on the 13th day of the month, we’re releasing Themis 0.9.6 today. The main feature of this release is adding support for OpenSSL 1.1. The rest of the update details are as follows: Docs: Significant update of the Contributing section in Wiki.
Themis 0.9.5 release
THEMIS 0.9.5 RELEASE Strategic planning, respect for traditions, and a consultation with our in-house astrologer led to an imminent release of Themis 0.9.5 on Wednesday 13, the 256th day of the year a.k.a. the International Developer’s Day. The update focuses on crystallizing conveniences, niceties and compatibility fixes that have been around for some time now. Here is the list of improvements: Infrastructure: You can now download pre-built Themis packages from our package server.
Plugging leaks in Go memory management
Intro As many of you know, Go is an amazing modern programming language with automated memory management. We love Go: we've used it to build Acra, our database encryption suite, we further use it to build other products. Not being extremely fancy, Go is practical and efficient and is a way to get things done in a reasonable timeframe. Sometimes, even in the age of modern, garbage-collected languages, with their own great profiling tools and well-thought memory management style, you'll still have to dust off old good valgrind to understand what's going on.
Themis 0.9.4 release
Why feel cold when happiness and laughter of your colleagues might make any evening warm and happy. Yesterday our team gathered to release Themis 0.9.4, and so did we. Take a look at the updates: BoringSSL support on Android and Linux Fixed some leaks and code styling problems (thanks to @bryongloden) Memory management updates for stability in languages, which rely on GC Fix Themis build errors under certain conditions Swift3 support + numerous enhancements from @valeriyvan
Introducing Themis 0.9.3
More than half of the year has passed since the last release and we have done a lot to make Themis better. Here is what we have updated: Infrastructure: Lots of new high-level language wrappers Enhanced documentation We have added lots of various demo projects Updated Themis Server Better make system verbosity (now you can see what succeeded and what didn't) Infrastructure to build Java on all platforms. Code: iOS wrapper now has umbrella header.
Introducing Themis 0.9.2
For the release 0.9.2 of Themis, we did a lot of minor and a few major changes: Infrastructure: Much better documentation. Updated documentation reveals Themis Server, helpful associate for Themis library: a server where you can see current project status and try out different encryption techniques in your app with server as second party. Official tutorial will follow up soon. All platforms and languages are fully covered in tests now