Tag Archives: RC4

Moving to TLS 1.2

February 10, 2014 by Bruce Morton     No Comments

In 2014, there will be a trend for website owners to implement TLS 1.2 on their servers. TLS 1.2 was defined in RFC 5246 in August 2008 and is the most secure version of SSL/TLS protocol. Although TLS 1.2 has been available for a few years, it is not well deployed. SSL Pulse indicates that [Read More...]

Filed Under: SSL, SSL Deployment Tagged With: CBC, How's My SSL, Microsoft

Updated SSL/TLS Deployment Best Practices

September 23, 2013 by Bruce Morton     No Comments

First, I would like to than Ivan Ristic for his development of the SSL/TLS deployment Best Practices document. This is a simple overview of what a Web server administrator should consider in an SSL deployment. I am also looking forward to Ristic’s book, “Bulletproof SSL/TLS and PKI,” which hopefully will be released sometime soon. Version [Read More...]

Filed Under: SSL, SSL Deployment Tagged With: Breach, CASC, Ivan Ristić

RC4, CBC, what the …?

March 27, 2013 by Bruce Morton     No Comments

BEAST & Lucky Thirteen attacks said, “Prioritize RC4 cipher suite.” AlFBPPS attack said, “RC4 is old and crummy. CBC-mode would be better.”

RC4 Attack in SSL/TLS

March 19, 2013 by Bruce Morton     1 Comment

The team of Nadhem AlFardan, Dan Bernstein, Kenny Paterson, Bertram Poettering and Jacob Schuldt published an RC4 encryption attack in SSL/TLS.

Filed Under: Secure Browsing, SSL, SSL Deployment Tagged With: BEAST, CBC, encryption

Lucky Thirteen TLS Attack

February 5, 2013 by Bruce Morton     No Comments

Nadhem AlFardan and Kenny Paterson of the Information Security Group at Royal Holloway, University of London, announced a new TLS/DTLS attack called Lucky Thirteen.

BEAST and RC4

July 18, 2012 by Bruce Morton     No Comments

In order to mitigate a BEAST attack, the advice is to prioritize RC4 cipher suites on your Web server to avoid the use of vulnerable cypher block chaining (CBC) suites. But how well do the clients support RC4? Ivan Ristić of Qualys did some tests at SSL Labs and saw that only 45 of 48,481 unique [Read More...]

Taming the BEAST

October 18, 2011 by Bruce Morton     No Comments

The BEAST’s reign of terror may soon be over. The more this topic is discussed, the less vulnerable we appear to be. Adrian Dimcev states in his blog, “Although the attack itself is pretty neat and the demo looks scary, its practicality is very low; the average user would probably not need to worry about.” [Read More...]

Filed Under: SSL Deployment Tagged With: RC4, SSL, TLS