Tag: SSL
2022
- Bulletproof TLS and PKI, Second Edition is out
February 16, 2022
2021
- OpenSSL Cookbook 3rd Edition now available
February 01, 2021
2020
- Second edition of Bulletproof SSL and TLS now in preview
November 01, 2020
2017
- Announcing Bulletproof SSL and TLS, the 2017 revision
July 11, 2017
- Bulletproof SSL and TLS, three years later
July 04, 2017
- SSL Labs Grading Redesign (Preview 1)
June 30, 2017
- SSL Labs Distrusts WoSign and StartCom certificates
April 05, 2017
- CAA Mandated by CA/Browser Forum
March 13, 2017
- Ticketbleed detection added to SSL Labs
February 23, 2017
- What’s new in SSL Labs 1.26.5
January 13, 2017
2016
- Per-protocol cipher suite detection in SSL Labs
November 29, 2016
- SSL Labs now showing multiple certificate chains
November 22, 2016
- Announcing SSL Labs grading changes for 2017
November 16, 2016
- Is HTTP Public Key Pinning dead?
September 06, 2016
- SSL Labs: Improved suite detection
August 31, 2016
- TLS version intolerance in SSL Pulse
August 02, 2016
- New release of SSL/TLS Deployment Best Practices
June 27, 2016
- Available now: The Best TLS Training in the World
June 15, 2016
- SSL Labs in 2016 and beyond
May 16, 2016
- SSL Labs DROWN test implementation details
March 04, 2016
- DROWN grading update
March 04, 2016
- DROWN abuses SSL v2 to attack TLS
March 01, 2016
2015
- How Bulletproof SSL and TLS is a living book
August 31, 2015
- Introducing TLS Maturity Model
June 08, 2015
- SSL Labs: Increased penalty when TLS 1.2 is not supported
May 22, 2015
- SSL Labs 1.17: RC4, Obsolete Crypto, and Logjam
May 21, 2015
- What's new in SSL Labs 1.16
April 28, 2015
- SSL Labs RC4 deprecation plan
April 23, 2015
- OpenSSL Cookbook 2nd Edition released
March 03, 2015
- SSL Labs APIs now available in Beta
January 22, 2015
2014
- SSL Labs end of year 2014 updates
December 08, 2014
- POODLE bites TLS
December 08, 2014
- SSL 3 is dead, killed by the POODLE attack
October 15, 2014
- SHA1 deprecation: what you need to know
September 09, 2014
- Bulletproof SSL and TLS proofs on my desk
August 12, 2014
- Bulletproof SSL and TLS has been released!
August 05, 2014
- Bulletproof SSL and TLS June Update: Cryptography, Protocol, and PKI
June 24, 2014
- SSL Labs: New grades for trust (T) and mismatch (M) issues
June 17, 2014
- SSL Pulse: 49% vulnerable to CVE-2014-0224, 14% exploitable
June 13, 2014
- Bulletproof SSL and TLS May Update: Deployment and Performance
May 20, 2014
- SSL Labs test for the Heartbleed attack
April 08, 2014
- Bulletproof SSL and TLS April Update: Attacks and Weaknesses
April 08, 2014
- HTTPS mixed content: still the easiest way to break SSL
March 19, 2014
- Significant SSL/TLS improvements in Java 8
March 11, 2014
- How to build your own test for Apple's TLS authentication bug
March 10, 2014
- Bulletproof SSL and TLS March Update: Protocol Attacks
March 04, 2014
- SSL Labs: Testing for Apple's TLS authentication bug
February 24, 2014
- Checking OCSP revocation using OpenSSL
February 24, 2014
- Bulletproof SSL and TLS available for early access and preorder
February 04, 2014
- SSL Labs: Stricter security requirements for 2014
January 21, 2014
2013
- Apple enabled BEAST mitigations in OS X 10.9 Mavericks
October 31, 2013
- SSL Pulse now tracking Forward Secrecy and RC4
October 09, 2013
- OpenSSL Cookbook v1.1 released
October 08, 2013
- Introducing the SSL Client Test
October 02, 2013
- Updated SSL/TLS Deployment Best Practices deprecates RC4
September 17, 2013
- Is BEAST still a threat?
September 10, 2013
- Increasing DHE strength on Apache 2.4.x
August 15, 2013
- Defending against the BREACH attack
August 07, 2013
- Configuring Apache, Nginx, and OpenSSL for Forward Secrecy
August 05, 2013
- Compiling Apache with static OpenSSL libraries
August 03, 2013
- Deploying Forward Secrecy
June 25, 2013
- Announcing Bulletproof SSL and TLS
May 22, 2013
- RC4 in TLS is broken: Now what?
March 19, 2013
- SSL Labs update increases security requirements
February 07, 2013
2012
- Large-scale passive SSL monitoring at ICSI
November 12, 2012
- Improved passive SSL fingerprinting in sslhaf
October 18, 2012
- CRIME: Information leakage attack against SSL/TLS
September 14, 2012
- How good is client-side support for RC4?
July 17, 2012
- My Infosecurity London 2012 SSL Panel Notes
May 23, 2012
- Announcing SSL Pulse
April 30, 2012
- Qualys supports reform at CA/Browser Forum
March 30, 2012
- SSL and Browsers: The Pillars of Broken Security
March 07, 2012
- Announcing the SSL/TLS Deployment Best Practices guide
February 23, 2012
2011
- TLS Renegotiation and Denial of Service Attacks
October 31, 2011
- Mitigating the BEAST attack on TLS
October 17, 2011
- SSL Labs: Announcing launch of two Convergence notaries
September 29, 2011
- Key SSL/TLS mailing lists to follow
September 26, 2011
- SSL Survey: How many sites support TLS 1.1 and better?
September 23, 2011
- So, what really breaks SSL?
August 09, 2011
- A study of what really breaks SSL
May 25, 2011
- Fresh Internet SSL Survey results (April 2011) available
April 27, 2011
- Unfortunate current practices for HTTP over TLS
January 19, 2011
2010
- SSL Labs: Added test for ephemeral DH parameters
December 23, 2010
- Detection of certificate chain issues in SSL Labs
November 30, 2010
- Debian stable (Lenny) will support secure renegotiation
November 17, 2010
- Private assessment option added to the SSL server test
October 07, 2010
- Disabling SSL renegotiation is a crutch, not a fix
October 06, 2010
- Qualys SSL Labs releases raw data from the Internet SSL survey
October 05, 2010
- Internet SSL Survey 2010 is here!
July 29, 2010
- SSL Labs 1.0.63: Detection and reporting of certificate chain issues
July 13, 2010
- SSL Server Survey: what data are we collecting?
July 02, 2010
- SSL Server Survey: So what's with the 22M invalid certificates claim?
July 02, 2010
- Internet SSL Server Survey at Black Hat USA 2010
July 02, 2010
- SSL Labs assessment engine v1.0.59 improvements
June 17, 2010
- Qualys acquires SSL Labs
June 15, 2010
- Secure renegotiation test added to SSL Labs
May 25, 2010
- Breaking SSL: Why leave to others what you can do yourself
May 21, 2010
- Deep protocol and cipher suite testing in SSL Labs
May 14, 2010
- Speaking on SSL at OWASP AppSec Research in Sweden
April 27, 2010
- Firefox extension installation process vulnerable to MITM attack
February 09, 2010
- SSL Labs using Firefox 3.6 CA certs
January 25, 2010
- How to render SSL useless
January 14, 2010
2009
- Testing for SSL renegotiation
December 15, 2009
- Clientless SSL VPN products break the Web
November 30, 2009
- Initial test for SSL renegotiation added to SSL Labs
November 17, 2009
- Not just CSRF: SSL Authentication Gap used for credentials theft
November 14, 2009
- SSL and TLS Authentication Gap vulnerability discovered
November 05, 2009
- Entropy on a USB stick
October 01, 2009
- Analysis of Elliptic Curve support in current browsers
September 29, 2009
- SSL Labs: Improved Elliptic Curve and TLS 1.2 detection
September 22, 2009
- SSL Threat Model
September 09, 2009
- Two bugs in mod_sslhaf fixed
September 04, 2009
- SSL Labs: a batch of small improvements
September 03, 2009
- Is RC4 safe for use in SSL?
August 28, 2009
- Black Hat 2009 SSL Review: Breaking the Myths of Extended Validation SSL Certificates (Alexander Sotirov and Mike Zusman)
August 07, 2009
- Black Hat 2009 SSL Review: More Tricks For Defeating SSL In Practice (Moxie Marlinspike)
August 05, 2009
- Black Hat 2009 SSL Review: Black Ops of PKI (Dan Kaminsky)
August 04, 2009
- Improved SSLv2 detection in SSL Labs
August 03, 2009
- TLS Server Name Indication now in Apache
July 29, 2009
- Can you have too much SSL?
July 24, 2009
- Announcing the SSL Server Rating Guide and the Public SSL Server Database
July 22, 2009
- Firefox SSL extensions
July 16, 2009
- Examples of the information collected from SSL handshakes
July 09, 2009
- Analysis of Googlebot's frugal cipher suite list
July 02, 2009
- Improved handling of SSL warnings in Firefox 3.5
July 01, 2009
- HTTP client fingerprinting using SSL handshake analysis
June 17, 2009
- Security researchers ask Google to enable SSL encryption by default
June 16, 2009
- SSL Labs launches
June 15, 2009
- The worst idea ever: Let's break SSL for mobile users
January 31, 2009
2008
- Will the real John Viega please stand up?
December 31, 2008
- HOWTO: Create a rogue CA certificate for $2000
December 30, 2008
- Self-signed certificates in production point to a failure of SSL
July 17, 2008
- Firefox versus SSL is really about security versus usability
July 15, 2008
- Eliminating session hijacking... forever
June 04, 2008
- Firefox 3 improves handling of invalid SSL certificates
April 29, 2008
