« The death of dual-licensing as a commercial open source strategy | Main | Security researchers ask Google to enable SSL encryption by default »

June 15, 2009

SSL Labs launches

Recently I've found myself spending more and more time not only thinking about SSL, but also working on several SSL-related projects. SSL is a remarkable technology that is not given nearly as much credit as it deserves. I think this is at least partially because SSL is so commonplace today that people take it for granted. Compared to other security technologies, it is also reasonably easy to configure. But therein lies the danger: SSL is so easy to use that most people have stopped thinking about SSL.

I think there's a large gap between how SSL is used today and how it should be used. Actually, I think we first need to make an effort to understand how SSL is actually used today in order to build on that knowledge. With that, in mind, I decided to start a new web site and use it as a launching point for my SSL-related projects. Fast-forward several months; today, I am happy to announce SSL Labs, which has just launched.

My initial work on HTTP client fingerprinting using SSL handshake analysis is already there (I will write more about it in subsequent posts), but I have several other projects, which I will publish in the following weeks.

Posted by Ivan Ristić at 19:52:42 in SSL

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00e54fd889f2883401157115eb2a970b

Listed below are links to weblogs that reference SSL Labs launches:

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

Hey Ivan,

Good luck with your new project! I like the client fingerprinting via SSL idea, I also like the module you provide. But would you mind adding ten lines of documentation, how one can actually log the said information?

Regards,

Christian

Posted by: Christian Folini | June 16, 2009 at 09:37 AM

This comment was not very clear. I meant, could you explain the fingerprint gathered, or how do I read it?

Sorry for the confusion.

Posted by: Christian Folini | June 16, 2009 at 10:09 AM

Hi Christian,

Yes, you are right: I forgot to describe the tokens that make up fingerprint values. I have corrected that now -- if you download the most recent version of the module from the repository you will find the explanation inside. I have also included a complete list of cipher suites to make it easer to decipher the fingerprint meaning (no pun intended ;).

Posted by: Ivan Ristić | June 16, 2009 at 05:57 PM

From my viewpoint, the biggest problem with SSL/TLS is that it is a peer-to-peer technology. It is fine for a client to connect to a server, but it needs an easy to use proxy capability to pass identity information across multiple layers, as with chains of Web Services.

Posted by: Wayne Price | June 16, 2009 at 08:08 PM

The comments to this entry are closed.

MY WORK

IronBee is the next generation web application firewall engine, and it's open source too.
ModSecurity Handbok cover
ModSecurity Handbook is the definitive guide to the world's most popular web application firewall.
Apache Security cover
Apache Security is the complete guide to securing your Apache web server.
SSL Labs offers a comprehensive SSL security assessment consisting of 250+ checks. To start, enter your domain name below:

ABOUT ME

Ivan Ristić is an open source advocate, entrepreneur, writer, programmer and web security specialist. He is the principal author of ModSecurity, the open source web application firewall, and the author of Apache Security, a concise yet comprehensive web security guide for the Apache web server.   [LinkedIn Profile]

My Photo

TWITTER

@ivanristic

    Categories

    Archives

    FEEDS