Tag: TLS

Everyone wants to browse the web safely. To that end, virtually all web servers use TLS (Transport Layer Security) to encrypt communication with clients. However, older versions of the protocol use insecure encryption techniques and may be weaker protocols, in general. The US NSA has issued guidelines for web administrators to update their servers. It […]

Your data may be encrypted when you use https, but what about your metadata? I wrote about metadata and eavesdropping earlier this year – it is, among other things, the URLs of the websites you visit. If attackers can access this information, they can learn some potentially confidential information about you, and you are unlikely […]

I manage some sites that use Transport Layer Security(TLS). That is, they serve pages using URLs that begin with “https.” I was interested, therefore, in the discovery of yet another implementation bug in SSL/TLS implementations. This is the DROWN (Decrypting RSA with Obsolete and Weakened eNcryption) vulnerability. At the end of this post are links […]

Earlier this week we considered ways to split the many choices of ciphers (or encryption algorithms): symmetric versus asymmetric, and block versus stream. The block symmetric ciphers do the heavy lifting, they are used for large data sets. But one block symmetric cipher can be operated in various modes, and the selection of mode depends […]

The promise of free TLS certificates came a step closer to reality earlier in September, when Let’s Encrypt issued its first certificate and applied to the root programs for Mozilla, Google, Microsoft, and Apple according to the Let’s Encrypt Blog. I have installed their root certificate in my browser already – it is easy and […]