Tagg: TLS

I manage some sites that use Transport Layer Security(TLS). That is, they serve pages using URLs that begin with “https.” I was interested, therefore, in the discovery of yet another implementation bug in SSL/TLS implementations. This is the DROWN (Decrypting RSA with Obsolete and Weakened eNcryption) vulnerability. At the end of this post are links […]

Earlier this week we considered ways to split the many choices of ciphers (or encryption algorithms): symmetric versus asymmetric, and block versus stream. The block symmetric ciphers do the heavy lifting, they are used for large data sets. But one block symmetric cipher can be operated in various modes, and the selection of mode depends […]

The promise of free TLS certificates came a step closer to reality earlier in September, when Let’s Encrypt issued its first certificate and applied to the root programs for Mozilla, Google, Microsoft, and Apple according to the Let’s Encrypt Blog. I have installed their root certificate in my browser already – it is easy and […]

Bob Cromwell blog post on LibreSSL mentioned the POODLE attack recently. POODLE has caused a lot of discussion of SSL (Secure Sockets Layer), TLS (Transport Layer Security) and corresponding browser and server support. Browsers support different encryption algorithms and security protocols to allow users to access sites that support those protocols. Likewise sites support different encryption […]

Cybersecurity laws and other regulations clearly exist for good reasons, and there are serious penalties involved if you fail to meet them. The new version of PCI DSS, the Payment Card Industry Data Security Standard, requires going beyond showing that data can be secure, you must show that it will be secure through established procedures […]