MobileRead Forums - View Single Post

DNSB · 08-15-2023, 04:25 PM

There might be a way to get calibre to accept unsafe certificates but it would be better to have the certificate using a longer key. Basically, the certificate is using less than 128 bits which is the absolute minimum with OpenSSL security level 2. Ask your IT people to ensure that you are meeting current minimum security standards. Corporately, we use Palo Alto and 4096 bit RSA keys for our SSL decryption internal certificates. OTOH, we don't bother to try to use SSL decryption on Google who are using certificate pinning to make SSL decryption less than useful. There are several other techniques used as well. Our exception list ran to over 4 pages at one point. Sadly, our SSL decryption is pretty much the definition of a MITM attack.

08-15-2023, 04:25 PM	#2
DNSB Bibliophagist Posts: 46,864 Karma: 169716272 Join Date: Jul 2010 Location: Vancouver Device: Kobo Sage, Libra Colour, Lenovo M8 FHD, Paperwhite 4, Tolino epos	There might be a way to get calibre to accept unsafe certificates but it would be better to have the certificate using a longer key. Basically, the certificate is using less than 128 bits which is the absolute minimum with OpenSSL security level 2. Ask your IT people to ensure that you are meeting current minimum security standards. Corporately, we use Palo Alto and 4096 bit RSA keys for our SSL decryption internal certificates. OTOH, we don't bother to try to use SSL decryption on Google who are using certificate pinning to make SSL decryption less than useful. There are several other techniques used as well. Our exception list ran to over 4 pages at one point. Sadly, our SSL decryption is pretty much the definition of a MITM attack.