Tag: TLS

Your data may be encrypted when you use https, but what about your metadata? I wrote about metadata and eavesdropping earlier this year – it is, among other things, the URLs of the websites you visit. If attackers can access this information, they can learn some potentially confidential information about you, and you are unlikely […]

I manage some sites that use Transport Layer Security(TLS). That is, they serve pages using URLs that begin with “https.” I was interested, therefore, in the discovery of yet another implementation bug in SSL/TLS implementations. This is the DROWN (Decrypting RSA with Obsolete and Weakened eNcryption) vulnerability. At the end of this post are links […]

Earlier this week we considered ways to split the many choices of ciphers (or encryption algorithms): symmetric versus asymmetric, and block versus stream. The block symmetric ciphers do the heavy lifting, they are used for large data sets. But one block symmetric cipher can be operated in various modes, and the selection of mode depends […]

The promise of free TLS certificates came a step closer to reality earlier in September, when Let’s Encrypt issued its first certificate and applied to the root programs for Mozilla, Google, Microsoft, and Apple according to the Let’s Encrypt Blog. I have installed their root certificate in my browser already – it is easy and […]

Bob Cromwell blog post on LibreSSL mentioned the POODLE attack recently. POODLE has caused a lot of discussion of SSL (Secure Sockets Layer), TLS (Transport Layer Security) and corresponding browser and server support. Browsers support different encryption algorithms and security protocols to allow users to access sites that support those protocols. Likewise sites support different encryption […]