ssl Archives - Page 3 of 6

Posts Tagged ‘ssl’

SSL versus TLS – What’s the difference?

Saturday, May 12th, 2018

SSL versus TLS

TLS (Transport Layer Security) and SSL (Secure Sockets Layer) are protocols that provide data encryption and authentication between applications and servers when that data is sent across an insecure network. The terms SSL and TLS are often used interchangeably or in conjunction with each other (TLS/SSL), but one is, in fact, the predecessor of the other. SSL 3.0 served as the basis for TLS 1.0, which, as a result, is sometimes referred to as SSL 3.1. With this said, is there a practical difference between the two?

See also our Infographic which summarizes these differences.

Read the rest of this post »

Tags: beast, compliance, email security, poodle, secure email, secure socket layer, security, ssl, ssl vs tls, sslv3, tls, tls vs ssl, transport layer
Posted in LuxSci Library: Security and Privacy, Popular Posts
9 Comments »

ARC and SMTP MTA-STS: The State of Domain-based Email Authentication – Part 3

Tuesday, September 19th, 2017

We’ll close (for now) our three part series on the state of domain-based authentication for emails by completing the story on technologies being deployed or defined to improve the security of the email ecosystem. In Part 1, we wrote about using Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) to authenticate the sending mail server. Part 2 described how Domain-based Message Authentication, Reporting and Conformance (DMARC) is used to provide clear guidelines for the treatment of mail that fail SPF and/or DKIM authentication.

In this post, we’ll touch on two topics that are mature works in progress in the IETF, the technical standardization organization that has brought us so much of the protocols that govern the internet. The first technology is Authenticated Received Chain (ARC), defined to handle the shortcomings of SPF and DKIM when used with mail forwarders or mailing lists. The second technology is about correcting the lack of security between Message Transfer Agents (MTA), and a solution to enforce strict transport layer security for SMTP message transfer between MTAs.

It’s worth reiterating again that all these technologies are building blocks, and only when used and deployed collectively by the entire ecosystem can we hope to create the barriers needed to thwart fake emails and mail surveillance by malicious actors.

Read the rest of this post »

Tags: ARC, dkim, DMARC, MTA, spf, ssl, STS
Posted in LuxSci Library: The Technical Side of Email
No comments »

What’s the latest with HTTPS and SSL/TLS Certificates?

Wednesday, August 2nd, 2017

We’ve written quite a lot in past FYI Blog posts about SSL/TLS certificates, the critical building block to secure communication on the Internet. We described what such certificates were, their use in securing the communications channel between a client (browser) and a server, different types of certificates and the pros and cons of using each.

Given the changes in the Internet landscape over the past five years, we feel it is time to revisit these topics. The technical details described in the earlier posts remain unchanged. What has changed, though, are the traffic patterns for HTTPS-based communications, additional vulnerabilities arising as a consequence and ways to mitigate these. This post will provide a general overview of certain changes in the Internet landscape over the past few years, while subsequent blog posts will describe some of the topics identified here in greater detail. SSL TLS Certificates

Read the rest of this post »

Tags: certificate transparancy, google, http/2, https, Lets Encrypt, ssl, tls
Posted in LuxSci Library: Security and Privacy
No comments »

What is really protected by SSL and TLS?

Saturday, April 8th, 2017

This question came in via Ask Erik:

Hi Erik,

I stumbled upon your blog while trying to learn a little about SSL/TLS in the context of client/server e-mail sessions, i.e. not web mail which I understand to be an HTTP session. I am just an ordinary user with no special security needs but I find all this news about corporate and government surveillance to be troubling for both philosophical and practical reasons. In any case my questions is quite simple.

My e-mail client, apple mail, and my e-mail service provider both support SSL so my e-mail exchanges between my computer and the server are encrypted. I understand that I can’t control what happens with other e-mail servers. What I am trying to understand is what does it mean to be encrypted? When an e-mail leaves my computer how much of the message is encrypted? Are the e-mail headers encrypted including the sender and recipient e-mail addresses. I would assume so but nobody talks about the details. What metadata trail does a user leave when using SSL/TLS. Is it is as simple as the destination and sending IP address with everything else encrypted? Reading Data and Goliath right now by Bruce Schneider which talks about a lot of this stuff but again doesn’t give quite enough detail. At the end of the day I am trying to understand how much protection SSL really provides.

SSL (now TLS) protects data as it travels across the Internet. To understand in detail how SSL works, we recommend reading: How does Secure Socket Layer (SSL andTLS) work? However, looking at how the protocol works can leave answers to some of these fundamental questions a little unclear. Lets address them one by one.

SSL and TLS Security

Read the rest of this post »

Tags: email, server name indication, SNI, ssl, tls, TOR, vpn
Posted in LuxSci Library: Security and Privacy
No comments »

Infographic – SSL vs TLS: What is the Difference?

Friday, October 9th, 2015

SSL (Secure Sockets Layer) and TLS (Transport Layer Security) are foundations of security on the Internet. However, between colloquial usage and the relationship between these security protocols, there is a lot of confusion regarding how they are related, how they are different, and what to use in what situation.