Tag Archives: TLS 1.2

SSL Review: March 2014

March 13, 2014 by Bruce Morton     No Comments

Here is a monthly SSL review of discussions about SSL (and possibly other digital certificates) from the last month. Entrust Identity ON discussed the following: Always-ON SSL Moving to TLS 1.2 Bogus SSL Certificates OCSP Stapling Apple SSL Bug CA Security Council discussed the following: Always-On SSL, Part II Ten Steps to Take If Your [Read More...]

Filed Under: Secure Browsing, SSL, SSL Deployment Tagged With: Apple, OCSP, SSL

2014 – Looking Back, Moving Forward

March 3, 2014 by Bruce Morton     1 Comment

Looking Back at 2013 Protocol Attacks The year started with a couple of SSL/TLS protocol attacks: Lucky Thirteen and RC4 attack. Lucky Thirteen allows the decryption of sensitive information, such as passwords and cookies, when using the CBC-mode cipher suite. Lucky Thirteen can be mitigated by implementing software patches or preferring the cipher suite RC4. [Read More...]

Moving to TLS 1.2

February 10, 2014 by Bruce Morton     No Comments

In 2014, there will be a trend for website owners to implement TLS 1.2 on their servers. TLS 1.2 was defined in RFC 5246 in August 2008 and is the most secure version of SSL/TLS protocol. Although TLS 1.2 has been available for a few years, it is not well deployed. SSL Pulse indicates that [Read More...]

Filed Under: SSL, SSL Deployment Tagged With: CBC, How's My SSL, Microsoft

Always-On SSL

February 6, 2014 by Bruce Morton     2 Comments

Always-On SSL is an approach to securing your website to mitigate attacks against your users. When I think of Always-On SSL, I think of three concepts: SSL across your entire site, SSL deployed to the best practices, and SSL with leading technology. SSL across Your Entire Site The approach to Always-On SSL is to avoid [Read More...]

Filed Under: EV SSL, SSL, SSL Deployment Tagged With: EV SSL, HSTS, OCSP stapling

RC4, CBC, what the …?

March 27, 2013 by Bruce Morton     No Comments

BEAST & Lucky Thirteen attacks said, “Prioritize RC4 cipher suite.” AlFBPPS attack said, “RC4 is old and crummy. CBC-mode would be better.”