Tag Archives: perfect forward secrecy

2014 – Looking Back, Moving Forward

March 3, 2014 by Bruce Morton     1 Comment

Looking Back at 2013 Protocol Attacks The year started with a couple of SSL/TLS protocol attacks: Lucky Thirteen and RC4 attack. Lucky Thirteen allows the decryption of sensitive information, such as passwords and cookies, when using the CBC-mode cipher suite. Lucky Thirteen can be mitigated by implementing software patches or preferring the cipher suite RC4. [Read More...]

Always-On SSL

February 6, 2014 by Bruce Morton     2 Comments

Always-On SSL is an approach to securing your website to mitigate attacks against your users. When I think of Always-On SSL, I think of three concepts: SSL across your entire site, SSL deployed to the best practices, and SSL with leading technology. SSL across Your Entire Site The approach to Always-On SSL is to avoid [Read More...]

Filed Under: EV SSL, SSL, SSL Deployment Tagged With: EV SSL, HSTS, OCSP stapling

IETF 88 – Pervasive Surveillance

December 2, 2013 by Bruce Morton     No Comments

This post was originally published on the CA Security Council blog. Internet Surveillance The big news at IETF 88 in Vancouver was the technical plenary on Hardening the Internet which discussed the issue of pervasive surveillance. Pervasive surveillance is a mass surveillance of an entire or a substantial fraction of a population. The surveillance is usually [Read More...]

Filed Under: SSL, SSL Deployment Tagged With: HSTS, IETF, perfect forward secrecy

How is Your Browser Performing?

October 11, 2013 by Bruce Morton     No Comments

We always discuss SSL deployment best practices. These are the actions the Web server administrator takes. These are important to discuss, because the actions on the few million Web servers will increase the functionality and security of the billions of browser users. However, there are two ends to the SSL connection and there is little [Read More...]

Updated SSL/TLS Deployment Best Practices

September 23, 2013 by Bruce Morton     No Comments

First, I would like to than Ivan Ristic for his development of the SSL/TLS deployment Best Practices document. This is a simple overview of what a Web server administrator should consider in an SSL deployment. I am also looking forward to Ristic’s book, “Bulletproof SSL/TLS and PKI,” which hopefully will be released sometime soon. Version [Read More...]

Filed Under: SSL, SSL Deployment Tagged With: Breach, CASC, Ivan Ristić

Perfect Forward Secrecy

July 17, 2013 by Bruce Morton     7 Comments

The topic of perfect forward secrecy has come up due to the alleged actions of NSA and PRISM. It has been reported the NSA has been able to trap website communications and then are able to search and review those communications at a future time. Users that use SSL were assuming their communications were secure. [Read More...]

Filed Under: SSL, SSL Deployment Tagged With: CAB Forum, DHE, Diffie-Hellman