Tag Archives: SSL Labs

Always-On SSL

February 6, 2014 by Bruce Morton     2 Comments

Always-On SSL is an approach to securing your website to mitigate attacks against your users. When I think of Always-On SSL, I think of three concepts: SSL across your entire site, SSL deployed to the best practices, and SSL with leading technology. SSL across Your Entire Site The approach to Always-On SSL is to avoid [Read More...]

Filed Under: EV SSL, SSL, SSL Deployment Tagged With: EV SSL, HSTS, OCSP stapling

SSL – Privacy, Integrity, Authenticity

November 29, 2012 by Bruce Morton     No Comments

I was recently reminded by a couple of security researchers that SSL provides privacy, integrity and authenticity.

Testing Your SSL Server for CRIME

September 17, 2012 by Bruce Morton     No Comments

We still have to wait for later this week when Juliano Rizzo and Thai Duong will present their CRIME SSL/TLS attack at Ekoparty Security Conference. Regardless, we now know that the attack is based on the implementation of TLS compression or SPDY (pronounced “speedy”). CRIME uses the vulnerability that there is information leakage when data [Read More...]

SSL/TLS Deployment Best Practices

July 3, 2012 by Bruce Morton     No Comments

SSL Labs has created an SSL/TLS Deployment Best Practices guide. The guide contains valuable information on how to deploy SSL in your environment. The data from SSL Pulse shows us there are plenty of SSL implementations that could be executed more securely. These problems are not from the CA, the certificate, the browser or the [Read More...]

Internet SSL Survey 2011

June 1, 2011 by Bruce Morton     1 Comment

Qualys SSL Labs has released its Internet SSL Survey Results for 2011, which were presented at Hack In The Box Amsterdam. The study focused on problems that break SSL due to poor website implementation — insecure session cookies, mixed content, incorrect site configuration and distribution of trust to third-party sites. The 2011 survey cross-referenced the [Read More...]

Filed Under: SSL Deployment Tagged With: Mixed Content, SSL, SSL Labs

SSL Security Silly Season

July 8, 2010 by Bruce Morton     No Comments

You can tell that summer is here as the SSL security silly season is just warming up. This is the time of year when we start to get a preview of what will be presented at the annual Black Hat and DEF CON conferences.  The season was in full swing when at a recent Black [Read More...]

Filed Under: SSL Deployment, Technical Tagged With: SSL Labs, Technical