SSL/HTTPS – Grade A+ python SimpleHTTPServer

After adding SSL to my HTTPWebSocket server, I found that originally it was not so secure due to the fact the the linux distribution I used did not get essential security updates. I used Qualsys SSL Labs: https://www.ssllabs.com/ssltest/analyze.html to analyze the security level of my server. Well, it started out with ‘grade E’. Finally, I ended up with ‘grade A+’. These are the steps to follow: (more…)

SSL/HTTPS – Secure Web and WebSocket server in python

As a next step, I created a SSL/HTTPS – Secure Web and WebSocket server in python. It can be found in github as wotking example and as (updated) gist:
https://github.com/SevenW/httpwebsockethandler
https://gist.github.com/SevenW/47be2f9ab74cac26bf21

In this post, I described how to setup a python webserver that servers normal webpages, as well as websockets at the same port. In other words, at the same page. I real application using it is the Plugwise-2-py web application. This application can actually switch on and off lights, so there are some demands on its security and robustness.

Enabling SSL/HTTPS in a python webserver is actually very simple. (more…)

SSL/HTTP – Securing the ODROID-XU

Ubuntu server 14.04 LTS does not get security updates to the ARM repository. Despite LTS standing for Long Term Support. Something that I did not expect.

When running webservers with SSL HTTPS on the Odroid-XU, it is vulnerable to several security issues, such as the POODLE and CCS Injection Vulnerability (CVE-2014-0224). This is solved in more recent versions of OpenSSL, but those are not available from the ARM repositories. To solve this OpenSSL can be build from source. CVE2014-0224 is solved from OpenSSL 1.0.1h, and POODLE from 1.0.1j. Generally it is best to install the most recent version of OpenSSL. The following steps describe how to get the job done. This is assuming the build is performed as the root user. Otherwise sudo may need to be added before the make install and cp and ln commands:

#update openssl to fix various SSL vulnerabilities
wget https://www.openssl.org/source/openssl-1.0.1m.tar.gz
tar xzvf openssl-1.0.1m.tar.gz
cd openssl-1.0.1m
./config --prefix=/usr/ --openssldir=/etc/ssl shared
make #make -j5 fails!
make install

cp -a /lib/arm-linux-gnueabihf/libssl.so.1.0.0 /lib/arm-linux-gnueabihf/libssl.so.1.0.0.backup
cp -a /lib/arm-linux-gnueabihf/libcrypto.so.1.0.0 /lib/arm-linux-gnueabihf/libcrypto.so.1.0.0.backup
ln -sf /usr/lib/libssl.so.1.0.0 /lib/arm-linux-gnueabihf/libssl.so.1.0.0
ln -sf /usr/lib/libcrypto.so.1.0.0 /lib/arm-linux-gnueabihf/libcrypto.so.1.0.0

Then to check whether the build succeeded, extended version information can be retrieved. (more…)

SevenWatt!

SevenWatt.com is dedicated to lower power computing for various home purposes. In 2011 this website ran on a small arm linux computer that together with some usb pen drives consumed a maximum of seven Watt. The platform was a pogoplug V2.

 

Currently this website is running on a Synology DS212j NAS. Idle consumption is about 5.5W and peak power is about 6.5W, as the sotrage is a SSD disk. Besides the webserver a mail server, file server and various energy consumption/production devices are monitered and logged.

Still, this website could run equally well on a Raspberry Pi, which consumes 2.2W when using an original apple iPad power adapter.

Currently I am using wordpress for this website, which is actually way to heavy for this low power computing platform. Mostly due to mySQLperformance. When using a light-weight content managment system, SkyBlueCanvas, and lighttpd as webserver page load times stayed under one second. Soon I will dig into caching of wordpress pages.