Organization Validation (OV) and Individual Validation (IV) certificates – also known as High Assurance certificates – require validation of an organization’s or individual’s identity and address before issuance. For website owners, an SSL.com High Assurance certificate gives visitors to your site an extra level of confidence in your web » Continue Reading.
HTTPS (Hypertext Transfer Protocol Secure) is a secure version of the HTTP protocol that uses the SSL/TLS protocol for encryption and authentication. HTTPS is specified by RFC 2818 (May 2000) and uses port 443 by default instead of HTTP’s port 80. An HTTPS URL begins with https:// instead of http://. Modern web browsers also indicate » Continue Reading.
SSL (Secure Sockets Layer) and its successor, TLS (Transport Layer Security), are protocols for establishing authenticated and encrypted links between networked computers. Although the SSL protocol was deprecated with the release of TLS 1.0 in 1999, it is still common to refer to these » Continue Reading.
X.509 is a standard format for public key certificates, digital documents that securely associate cryptographic key pairs with identities such as websites, individuals, or organizations. First introduced in 1988 alongside the X.500 standards for electronic directory services, X.509 has been adapted for internet use » Continue Reading.
DNS over HTTPS (DoH) uses the HTTPS protocol for sending and retrieving encrypted DNS queries and responses. The DoH protocol has been published as a proposed standard by the IETF as RFC 8484. DNS queries and responses have historically been sent as plaintext, potentially compromising the privacy of » Continue Reading.
In a man in the middle (or MITM) attack, communication between two devices in a computer network is compromised by a third party – the “man in the middle.” In a passive MITM attack attackers “tap” the communication, capturing information in transit without changing it. If attackers attempt to to modify or tamper with » Continue Reading.
In computer science, an operation is idempotent if it can be performed multiple times without having a different result than the first time it was run. For example, a POST HTTPS request that updates a counter in the database is not idempotent because it alters » Continue Reading.
TLS 1.3 offers a feature called 0-RTT (zero round trip time) Resumption mode, in an effort to enhance performance. When a browser successfully completes a TLS handshake with a server for the first time, both the client and the server can store a pre-shared encryption key » Continue Reading.
TLS versions 1.0 and 1.1 are affected by a large number of protocol and implementation vulnerabilities that have been published by security researchers in the last two decades. Attacks like ROBOT affected the RSA key exchange algorithm, while LogJam and WeakDH showed that many TLS servers » Continue Reading.
In software security, downgrade attacks are network attacks that force victims to use older, more vulnerable versions of software in order to exploit known vulnerabilities against them. This has been especially dangerous in TLS clients supporting both modern and earlier versions of TLS, the latter » Continue Reading.