Topics

1

General Discussion / Caddy Plugin - DNS providers not listed?

« on: August 20, 2024, 01:45:37 pm »

Hi all, I recently discovered that there is now an official plugin for Caddy, so I've been migrating my old setup from the migumail one.

However, I can't find any way to set up DNS provider API cert validation. The official docs specify "Services ‣ Caddy Web Server ‣ General Settings ‣ DNS Provider", but I don't have any 'DNS Provider' option under General Settings.

Thankfully Caddy works by picking up my old cert from my previous installation, but this will break in a couple of months. I can't use standard cert validation, as I don't expose caddy on WAN. What's going on?

2

23.7 Legacy Series / [SOLVED] Mitigations for Terrapin ssh attack?

« on: December 22, 2023, 01:02:22 pm »

Hi all,

A few days ago, the terrapin attack on SSH was disclosed. https://terrapin-attack.com

OpenSSH 9.6 includes a new automatic strict KEX mode to mitigate this attack, but both client and server need to support this. As OPNSense ships OpenSSH 9.3, are there any plans for either an OpenSSH update or a targeted patch?

See the PFSense discussion: https://forum.netgate.com/topic/184941/terrapin-ssh-attack/

FreeBSD advisory: https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc

It seems upstream has already patched.