tls | Non-blocking , event-driven TLS built | TLS library

I'm trying to figure out how to create a timeout for the handshake process in a TLS connection in a QTcpServer.

I tried something like this in the overriden incomingConnection function:

I know there are some other questions (with answers) to this topic. But no of these was helpful for me.

I have a postfix server (postfix 3.4.14 on debian 10) with following configuration (only the interesting section):

After running composer update I got this problem:

You are running Composer with SSL/TLS protection disabled. [Composer\Downloader\TransportException]
curl error 60 while downloading https://repo.packagist.org/packages.json: SSL ce
rtificate problem: unable to get local issuer certificate
require [--dev] [--dry-run] [--prefer-source] [--prefer-dist] [--prefer-install PREFER-INSTALL] [--fixed] [--no-suggest] [--no-progress] [--no-update] [--no-install] [--no-scripts] [--update-no-dev] [-w|--update-with-dependencies] [-W|--update-with-all-dependencies] [--with-dependencies] [--with-all-dependencies] [--ignore-platform-req IGNORE-PLATFORM-REQ] [--ignore-platform-reqs] [--prefer-stable] [--prefer-lowest] [--sort-packages] [-o|--optimize-autoloader] [-a|--classmap-authoritative] [--apcu-autoloader] [--apcu-autoloader-prefix APCU-AUTOLOADER-PREFIX] [--] []...

So I've a bit of a problem relating to Mongo and SSL Certificates. NOT hosting the mongo instance (other answers aimed at self-hosters).

The error am getting is:

I have an OpenID Connect server (OpenIDdict) and an asp.net core webapp in containers behind a TLS termination proxy. In production, all communication between the webapp and the OIDC server can go through the 'outside', based on their public names. However, in development, I'm using self signed certificates that aren't trusted by the containers running the apps, only by my host pc. Because of that, in development, the webapp can redirect the browser to the OIDC server just fine, but when it, for instance, needs to call the token endpoint, it will fail, because the certificate isn't trusted.

A possible solution would be to have the server to server communication go through the internal container network, but I haven't been able to get that to work. Is there a way to make the asp.net core OpenID Connect middleware use a different url (and protocol) for server to server communication?

Another solution would be to install the self signed certificates in the containers, but because that's only needed in development, it seems bad practice to burden the images with that. Is that assessment correct?

I'm hoping I'm missing the most obvious solution. Any ideas?

I have a container with IBM MQ (Docker image ibmcom/mq/9.2.2.0-r1) exposing two ports (9443 - admin, 1414 - application).

All required setup in OpenShift is done (Pod, Service, Routes).

There are two routes, one for each port.

• https://route-admin.my.domain
• https://route-app.my.domain

pointing to the ports accordingly (external ports are default http=80, https=443).

Admin console is accessible through the first route, hence, MQ is up and running.

I tried to connect as a client (JMS 2.0, com.ibm.mq.allclient:9.2.2.0) using standard approach:

A legacy piece of software using the provider "sqloledb.1" via the OleDbConnection Class (System.Data.OleDb.dll) is still working on Windows Server 2019 with TLS1.2. Whereas on Server 2016 or 2012 R2 with TSL1.2 it is not?

Windows Server 2016 gets the following error, which is expected as it is using the sqloledb which doesn't support TLS1.2. This is well known as seen here.

I am trying to create a single TLS connection from a client to a server. Inside this tunnel, I would like to have two different types of streams: HTTPS traffic that I want the server to forward to a specific API server, and OpenVPN traffic(which is a combination of TLS and a TCP data stream). I am looking into WebSocket to do so, but can't find information on how to forward the stream to the correct destination (OpenVPN vs HTTPS API server) once it reaches my server. Is WebSocket a good solution for this? Is stunnel a better option? Are there existing solutions that offer this functionality?

I originally posted this question as an issue on the GitHub project for the AWS Load Balancer Controller here: https://github.com/kubernetes-sigs/aws-load-balancer-controller/issues/2069.

I'm seeing some odd behavior that I can't trace or explain when trying to get the loadBalacnerDnsName from an ALB created by the controller. I'm using v2.2.0 of the AWS Load Balancer Controller in a CDK project. The ingress that I deploy triggers the provisioning of an ALB, and that ALB can connect to my K8s workloads running in EKS.

Here's my problem: I'm trying to automate the creation of a Route53 A Record that points to the loadBalancerDnsName of the load balancer, but the loadBalancerDnsName that I get in my CDK script is not the same as the loadBalancerDnsName that shows up in the AWS console once my stack has finished deploying. The value in the console is correct and I can get a response from that URL. My CDK script outputs the value of the DnsName as a CfnOutput value, but that URL does not point to anything.

In CDK, I have tried to use KubernetesObjectValue to get the DNS name from the load balancer. This isn't working (see this related issue: https://github.com/aws/aws-cdk/issues/14933), so I'm trying to lookup the Load Balancer with CDK's .fromLookup and using a tag that I added through my ingress annotation: