Standards, compliance and TLS

Last week’s overview explained why deprecating of older versions of TLS is a good move to strengthen secure data transfer in numerous applications. This week, we’re pleased to present a more in-depth look at how this is being mandated by some major standards organizations, such » Continue Reading.

Guide to TLS standards compliance

The Transport Layer Security (TLS) protocol [01] is the primary means of protecting network communications over the Internet. It (and its predecessor, Secure Sockets Layer or SSL) have been used for decades in many applications, but most notably in browsers when they visit HTTPS sites. » Continue Reading.

Deprecating early TLS for a safer Internet

SUMMARY: Major commercial and governmental standards organizations are now requiring use of newer, more secure versions of Transport Layer Security (TLS) to protect your information. We explain why this is a good move and what it means to you. Introduction Earlier this year, the Payment » Continue Reading.

Install SSL Certificate on NGINX

  Installing an SSL Certificate on the modern (> 0.7.14) nginx platform is quite easy. Locate the server block for your website. Add a listen directive for your secure port and add the ssl Add the ssl_certificate directive; the parameter is the full path to » Continue Reading.

Disable SSL 3.0 in Apache

Configuring Apache to Disable SSL v 3.0 The Apache HTTP Server is configured by placing directives in plain text configuration files. The main configuration file is usually called httpd.conf, and it is easy to update the Apache web server to disable SSLv3 (and thus protect your websites » Continue Reading.

What is a "Cryptographic Protocol?"

A protocol is simply a set of rules or instructions that determine how to act or interact in a given situation. A cryptographic protocol is designed to allow secure communication under a given set of circumstances. The cryptographic protocol most familiar to internet users is » Continue Reading.

SSL.com Announces SHA-2 SSL Support

Microsoft, Google and Mozilla have all announced various plans to stop supporting SHA-1 SSL certificates after January 1, 2017. As a result, SSL.com began issuing SSL certificates using only SHA-2 (aka SHA-256) as the default hashing algorithm starting September 24, 2014. There are no special flags » Continue Reading.