0 views collected around this technical thread.
This article explains how to protect MySQL connections by using SSL/TLS, various password authentication plugins, digital signatures, and client/server certificate verification to prevent impersonation, password leakage, and data tampering.
This article provides an extensive overview of core technical interview subjects—including operating‑system signals, process synchronization and data transfer methods, TLS encryption steps, common caching pitfalls and remedies, Java collection implementations, heap‑building algorithms, and various CPU scheduling strategies—offering concise explanations and practical code examples for each concept.
This guide walks you through the prerequisites, Helm chart acquisition, private Harbor upload, TLS secret creation, detailed Helm values configuration, and final deployment and verification steps to set up a secure, production‑ready Kibana monitoring platform on a Kubernetes cluster.
ROFF is a Rust‑implemented, seven‑layer gateway that delivers high‑throughput load balancing with memory‑safe performance, TLS hardware offload, native QUIC/HTTP3 support, a hot‑reload/upgrade mechanism, and an extensible module system allowing over thirty built‑in filters and custom Rust macros.
This article explains symmetric and asymmetric encryption principles, digital signatures, HTTPS with certificate authorities, and demonstrates how to implement combined encryption, digital signing, and URL protection using Spring Cloud Gateway filters and Java code examples.
Learn how to containerize and deploy Elasticsearch using Helm on a Kubernetes cluster, covering chart download, certificate generation, secret creation, configuration files, and verification steps, enabling secure, scalable search capabilities in a cloud‑native environment.
This guide explains common certificate formats (PEM, DER, CRT, CER), shows how to generate a CA key, CSR, and signed certificate with OpenSSL, demonstrates format conversions, and provides commands for inspecting and verifying certificates, all essential for secure operations.
SSL/TLS certificates secure data between browsers and servers, but while one‑way authentication verifies only the server, mutual (two‑way) authentication also validates the client using personal authentication certificates, requiring additional keys and CA roots, making it ideal for high‑security enterprise environments.
After discovering that a simple GET request consumes 1.68 KB due to the TLS handshake, the article explains the handshake’s components, calculates the resulting bandwidth demand, and demonstrates how switching to HTTP or enabling Keep‑Alive can dramatically reduce traffic and server load in high‑concurrency scenarios.
This article provides a step‑by‑step analysis of a TLS 1.2 HTTPS handshake captured with Wireshark, explaining the ClientHello, ServerHello, certificate parsing, key‑exchange messages, master secret derivation, and the final encrypted application data exchange.
The article analyzes why a high‑concurrency data‑collection service quickly saturates a 100 Mbps uplink due to large TLS handshake payloads, demonstrates the bandwidth savings of switching to plain HTTP or using Keep‑Alive, and highlights practical considerations for secure versus performance‑optimized deployments.
This tutorial explains how to use cert‑manager with a configured ClusterIssuer to automatically request, view, and clean up TLS certificates for both direct Certificate resources and Ingress objects in Kubernetes, including step‑by‑step commands, code examples, and best‑practice tips.
This guide walks you through the fundamentals of cert-manager in Kubernetes, explaining the difference between Issuer and ClusterIssuer, and provides step‑by‑step commands to create self‑signed, CA, and ACME issuers, verify them, and reference official documentation for secure certificate automation.
Learn step‑by‑step how to install Jetstack’s open‑source cert-manager on a Kubernetes cluster using Helm, from prerequisites and chart download to configuring TLS settings and deploying the service, ensuring secure inter‑service communication in cloud‑native environments.
Learn how to configure Ingress‑Nginx in a running Kubernetes cluster for secure mTLS and HTTPS communication, covering prerequisites, certificate creation, deployment of HTTP and mTLS services, Ingress rules, SSL passthrough setup, and verification steps with practical kubectl and OpenSSL commands.
The article analyzes why a high‑concurrency GET service quickly saturates a 100 Mbps uplink due to TLS handshake overhead, demonstrates bandwidth savings by switching to HTTP or using Keep‑Alive, and highlights practical considerations for secure connections.
This article explains the fundamentals of the HTTP protocol, illustrates its vulnerability to man‑in‑the‑middle attacks, demonstrates why plain HTTP is insecure, and shows how HTTPS, TLS/SSL, asymmetric encryption, and certificate authorities together protect communications from interception and tampering.
The article explains how TLS handshakes significantly increase request size and upstream bandwidth consumption in high‑concurrency services, demonstrates the bandwidth calculations, and proposes using plain HTTP or Keep‑Alive connections to reduce overhead and server load.
This article explains the fundamentals of the HTTP protocol, demonstrates how man‑in‑the‑middle attacks exploit its plaintext nature, discusses symmetric and asymmetric encryption attempts to mitigate these risks, and describes how HTTPS (TLS) and the CA trust model provide robust protection against such attacks.
This article explains the purpose, architecture, configuration steps, TLS setup, validation, technical selection, controller operation, reload process, high‑availability design, customization options, and future roadmap of the Kubernetes Ingress NGINX solution for seven‑layer load balancing.