End-To-End-Encryption is nothing new. With messengers like Whatsapp or Telegram it's again an issue. If E2E-Encryption means that nobody but the endpoints are able to encrypt the messages, then how is this feature implemented so seamlessly?
The connections to this blog are encrypted now. Youhuuuuu.....
Lets Encrypt was lately quite often in the media. Letsencrypt is a very easy to use tool which provides certificates for free. Those certificates are valid on most common browsers. I never understood why certificates are expensive that's why I tried out letsencrypt(and I like it!). In this article, I will replace all cacert-certificates on a kolab-server. Therefore I will install the letsencrypt-certificate on: apache2, cyrus-imapd and postfix.
If you want to setup a ssl-certificate with multiple subdomains(of the same domain), you'll have to generate a certificate with alternative names. We can achieve this using some parameters in our openssl.cnf...
There are several weaknesses in how Diffie-Hellman key exchange are deployed. This weaknesses have a huge impact, since many servers are affected. Here are some advices how to setup a prober key exchange on serveral servers.
On this page is a list of howto-disable-sslv3-support on different Servers.