Tag Archives: Technical

Elliptic Curve Cryptograph (ECC) Demo

April 22, 2011 by Bruce Morton     No Comments

Elliptic curve cryptography (ECC) for use on the Internet is gaining more support and interoperability amongst application developers. Entrust is proud to announce that ECC-based digital certificates are now supported by the full suite of Entrust Authority solutions. The promise of ECC is greater security for a given key length. This allows implementations to use [Read More...]

Filed Under: SSL Deployment, Technical Tagged With: Technical

HTTPS Performance Tuning

February 14, 2011 by Bruce Morton     No Comments

Following up my last post, “SSL is not computationally expensive anymore,” I noticed Google is still using a 1024-bit RSA certificate for Gmail. I did some digging and confirmed that the performance hit of using a 2048-bit RSA key is about five times that of 1024-bit key. So this could create a 5-10 percent load [Read More...]

Filed Under: SSL Deployment, Technical Tagged With: Mixed Content, Performance, SSL

SSL is not computationally expensive anymore

February 7, 2011 by Bruce Morton     No Comments

A recurring theme in this blog is proper SSL deployment [1] [2] [3]. One of the push backs that we hear is that SSL brings a lot of overhead, so it only gets deployed when absolutely necessary. Well, that myth was busted about a year ago when Google switched of Gmail to HTTPS. An article [Read More...]

Filed Under: SSL Deployment, Technical Tagged With: Performance, SSL, Technical

SSL Deployment Mistakes

September 21, 2010 by Bruce Morton     1 Comment

In June, Ivan Ristic of Qualys SSL Labs made a presentation at the OWASP AppSec Research 2010 conference called Breaking SSL: Why leave to others what you can do yourself? Ivan contends that “SSL is a rare application security area where we can make things virtually 100% secure, with relatively small effort.”  However, he also [Read More...]

Chain Certificates

August 31, 2010 by Bruce Morton     No Comments

What are chain certificates? Chain certificates are referred to by many names — CA certificates, subordinate CA certificates or intermediate certificates.  Confused yet? Let’s break it down. It all starts with something called a root certificate. The root certificate is generated by a certification authority (CA) and is embedded into software applications. You will find [Read More...]

Filed Under: SSL Deployment, Technical Tagged With: Internet explorer, SSL, Technical

Black Hat and DEF CON Follow-up

August 20, 2010 by Bruce Morton     No Comments

Here is a follow-up to my earlier post SSL Security Silly Season.  Black Hat USA 2010 and DEF CON 18 conferences held at the end of July had three presentations that addressed SSL issues. Here is a quick summary and where you can get more information. Internet SSL Survey 2010 by Ivan Ristic In this [Read More...]

Filed Under: General, Technical Tagged With: HTTPS, SSL, Technical

SSL Security Silly Season

July 8, 2010 by Bruce Morton     No Comments

You can tell that summer is here as the SSL security silly season is just warming up. This is the time of year when we start to get a preview of what will be presented at the annual Black Hat and DEF CON conferences.  The season was in full swing when at a recent Black [Read More...]

Filed Under: SSL Deployment, Technical Tagged With: SSL Labs, Technical

Getting really technical: The first 220 milliseconds of SSL

December 11, 2009 by Steve Duncan     No Comments

Anybody want a really technical description of what happens when an SSL session starts?  With the help of some network tools and a special version of Firefox, Jeff Moser details exactly what happens to change the address bar color and put a lock in the corner.  It’s not as simple as you might think.  Check [Read More...]

Filed Under: Technical Tagged With: