SEARCH
Archive
Browsers Will Block Sites Using Old Versions of TLS
Starting in March 2020, all the major web browsers—Firefox, Chrome, Safari, and Edge—will display warnings when users visit websites that only support Transport Layer Security (TLS) versions 1.0 or 1.1. Users will be unable to visit those sites.
TLS Delegated Credentials to Protect Private Keys on Web Servers
Mozilla, Firefox, and Cloudflare team up to tackle a specific TLS security problem: what to do in CDN and large web deployments where the private key has to be installed on every web server. Delegated credentials are short-lived TLS private keys that are generated by the web server.
Attackers Are Hiding By Tampering With Encrypted Web Traffic
Attackers are increasing their use of "cipher stunting," a technique that randomizes their SSL/TLS signatures, to obscure the malicious web traffic and make it harder to detect.
Facebook Open Sources Fizz For TLS 1.3 Deployments
TLS 1.3 has been approved, and Facebook has open sourced Fizz, a TLS 1.3 library, to help developers and server operators deploy TLS 1.3 for their mobile apps, services, and appliances such as load balancers
New CA Focus on EV Certs Won’t Stop Phishing
The CA Security Council's London Protocol attempts to address the problem of phishing sites with legitimate SSL/TLS certificates, but the initiative perpetuates the myth that the pricier EV certificates are more secure than DV certificates.