Posts by rickbruce

OCSP Must-Staple

Posted by on June 18, 2014 in Blog | 0 comments

With the announcement of the Heartbleed bug and the resulting need to revoke large numbers of SSL certificates, the topic of certificate revocation has, once again, come to the fore. There have been many issues with how revocation information is provided to the browsers. First let’s review how SSL certificate status may currently be obtained: How Definition Pros Cons Certificate Revocation List (CRL) A signed list of the serial numbers of all revoked certificates that were signed by the CA’s certificate. A single point of reference for the status of all certificates issued by the...

Read More

Perfect Forward Secrecy

Posted by on April 11, 2014 in Blog | 0 comments

Recent revelations from Edward Snowden about pervasive government surveillance have led to many questions about the safety of communications using the SSL/TLS protocol. Such communications are generally safe from eavesdroppers, as long as certain precautions are observed. For example, configuring your web server to avoid using SSL2 and SSL3, favoring newer versions of TLS like TLS 1.2, selecting strong ciphersuites, etc. But even if your server is configured properly, you still must secure the private key associated with your SSL certificate. In nearly all cases, the web site owner generates...

Read More