Recent Blog Posts

Heartbleed is a name for a critical vulnerability in OpenSSL, a very widely deployed SSL/TLS stack. A coding error had been made in the OpenSSL 1.0.1 code, which was subsequently released in March 2012. The vulnerability is in the rarely used heartbeat mechanism, specified in RFC 6520. The error allows...  MORE »

I've just released the April update of Bulletproof SSL and TLS. This batch concludes the part of the book that deals with attacks, vulnerabilities and weaknesses, both in the protocols and the PKI infrastructure. There's about 90 new pages, in three chapters: Chapter 4, Attacks against PKI, deals with attacks...  MORE »

Mixed content issues arise when web sites deliver their pages over HTTPS, but allow some of the resources to be delivered in plaintext. The active network attacker can't do anything about the encrypted traffic, but messing with the plaintext can result with attacks ranging from phishing in the best case...  MORE »

The next generation of the Java runtime, version 8, is around the corner, with the first production release planned for this month (March 2014). The new runtime brings a slew of language improvements and it’s actually proving to be quite an exciting release. If you ask me, Java 8 also...  MORE »

A couple of weeks ago, I added a test for Apple's TLS authentication bug to SSL Labs. Some people have asked me how they can do that themselves, so that they can test for this problem in a private setting (e.g., their intranet). First, you need to prepare a special...  MORE »

I've just released the March update of Bulletproof SSL and TLS. This batch is focused on protocol attacks. In about 50 pages, I cover the major problems discovered in recent years. In chronological order, they are: Insecure renegotiation (2009) BEAST (2011) CRIME (2012) Lucky 13 (2013) RC4 Weaknesses (2013) TIME...  MORE »

On Friday, Apple released patches for iOS 6.x and 7.x, addressing a mysterious bug that affected TLS authentication. Although no further details were made available, a large-scale bug hunt ensued. This post on Hacker News pointed to the problem, and Adam Langley followed up with a complete analysis. I've just...  MORE »

If an OCSP responder is malfunctioning, it is often difficult to understand why exactly. As is usually the case with SSL, the best approach is to use OpenSSL for troubleshooting. Checking certificate revocation status from the command line is possible, but not quite straightforward. You need to perform the following...  MORE »

My next book, Bulletproof SSL and TLS, is now available for early access and preorder. I am thrilled to publish my latest work, even if it is not yet finished. Actually, because it is not yet finished. With early access to the manuscript, you get a chance to read the...  MORE »

Today, we're releasing a new version of SSL Rating Guide as well as a new version of SSL Test to go with it. Because the SSL/TLS and PKI ecosystem continues to move at a fast pace, we have to periodically evaluate our rating criteria to keep up. We have made...  MORE »

View all posts »