TLSv1 Archives

Tech Optimizer

October 2, 2024

How BCM One migrated data from an unencrypted Amazon RDS for PostgreSQL database instance to a new encrypted instance using AWS DMS | Amazon Web Services

BCM One is a global provider of NextGen Communications and Managed Services, with Flowroute as a brand specializing in SIP trunking and business messaging. Flowroute encrypted its Amazon RDS for PostgreSQL database instances using AWS DMS. Storage encryption is essential for protecting disk data and involves a key from AWS KMS. Existing RDS instances cannot be directly encrypted, so a new encrypted instance must be created using RDS snapshots and AWS DMS. The migration strategy includes creating an empty RDS instance, initiating a CDC-only AWS DMS task, creating a snapshot of the unencrypted instance, generating an encrypted snapshot, and restoring a new encrypted RDS instance. RDS Proxy is used to manage connections and minimize downtime during the transition. The process involves creating a DMS login role, configuring RDS parameters, creating DMS endpoints, and verifying replication success. After the migration, the proxy authentication must be updated to connect to the encrypted database. The migration process also highlights the importance of primary keys and unique constraints to prevent duplicate entries during replication.

Tech Optimizer

July 11, 2024

Understanding High Availability with HAProxy and Patroni: Manual Node Shutdown and Query Handling

In high-availability PostgreSQL environments, managing failovers efficiently is crucial to ensure minimal disruption to ongoing operations. The guide covers two main scenarios: general high-availability information about HAProxy and Patroni, and handling running queries during a failover. The VIP in high-availability configurations ensures that client requests are always directed to the active master node. HAProxy is used to manage and route incoming database requests, with a master and backup instance. PostgreSQL nodes include a primary (leader) node, standby (replica) node, and down node. During a failover, the VIP ensures seamless rerouting of requests to the new primary node. In a high-availability setup managed by Patroni, manual interventions like node shutdowns may be necessary, impacting running queries. Patroni handles the failover process, with the replica node taking over as the new leader.

AppWizard

June 5, 2024

Free Android VPN Security Flaws: 100 Apps Tested

- HTTP Injector and Phone Guardian were the most concerning VPNs in terms of encryption. - HTTP Injector sometimes used outdated and insecure TLSv1 before switching to TLSv1.3. - Phone Guardian only encrypts HTTP sites when connected to untrusted WiFi networks, leaving details of HTTPS websites exposed. - At least 35 VPNs used sub-optimal 128-bit encryption instead of stronger 256-bit encryption. - 11 VPNs used AES-128-CBC for PRF instead of the stronger HMAC-SHA2-256. - 16 VPNs always used TLSv1.2 as the handshake protocol, with 2 using it some of the time. - Four VPNs were found using SSLv2 as the handshake protocol, an obsolete and vulnerable protocol. - Two other VPN apps used SSLv2 in a different and unusual manner, sending and receiving insecure connections.