Free Post HTTPS Debunking the fallacy that paid certificates are better than free certificates, and other related nonsense Those that know me or have followed me online will know I'm a massive advocate of encryption on the web. One of my goals is to help encrypt...
Free Post PFS Getting an A+ on the Qualys SSL Test - Windows Edition My previous article [https://scotthelme.co.uk/a-plus-rating-qualys-ssl-test/] has gained a lot of attention as a reference point on how to score the highest A+ rating on the Qualys SSL...
Free Post encryption Do browsers tell us enough about secure connections? We've all grown used to checking for 'https' in the address bar of our browser and making sure that we have the little padlock indicator to assure us that the connection is secure. The only problem I find with these...
Free Post CloudFlare CloudFlare's great new features and why I won't use them CloudFlare have recently announced two great new features in the form of Keyless SSL [https://blog.cloudflare.com/announcing-keyless-ssl-all-the-benefits-of-cloudflare-without-having-to-turn-over-your-private-ssl-keys/] and Universal SSL [https://blog.cloudflare.com/introducing-universal-ssl/]. Despite the fact that Keyless SSL addresses some of the concerns I outlined in my previous blog...
Free Post Qualys Squeezing a little more out of your Qualys score Not so long back I published a blog on Getting an A+ rating on the Qualys SSL Test [https://scotthelme.co.uk/a-plus-rating-qualys-ssl-test/], which I recently updated to keep in line with the latest requirements on RC4 ciphers and SHA1/SHA256 certificates. Since then,...
Free Post HSTS HSTS Preloading HSTS is the great little response header that tells a browser to always use SSL/TLS to communicate with your site. It doesn't matter if the user, or a link they are clicking, specifies HTTP, HSTS will remove the ability for a...
Free Post encryption SSL does not make a site secure! Following Google's recent announcement that they will start rewarding websites that use SSL/TLS with a boost in their search rankings, I've seen a lot of comments being thrown around about how it's great that secure websites will...
Free Post DHE Perfect Forward Secrecy - An Introduction Perfect Forward Secrecy is a feature of specific key agreement protocols that gives assurances your session keys will not be compromised even if the private key of the server is compromised. By generating a unique session key for every session a user initiates, even...
Free Post cipher suite Getting an A+ rating on the Qualys SSL Test The SSL Test provided by Qualys does an incredibly thorough evaluation of the SSL configuration on your server. It's a great way to get a feel for whether...
Free Post certificate OCSP Stapling; SSL with added speed and privacy Using SSL on your site comes with certain overheads and one of those overheads is checking the revocation status of your SSL certificate. Whilst this particular overhead resides on the client side, rather than the server side, it still affects the performance of your...
Follow