Free Post TLS The Best TLS Training in the World - Coming up North This year I've been working hard on delivering The Best TLS Training in the World both nationally and internationally. The course has been tremendously well received and consistently receives amazing...
Free Post TLS The encrypted web is coming! Now, more than ever, we are seeing a huge drive towards encryption on the web. In fact, encryption is now being adopted at a rate never before seen. Here are...
Free Post TLS HPKP: HTTP Public Key Pinning HTTP Public Key Pinning, or HPKP, is a security policy delivered via a HTTP response header much like HSTS [https://scotthelme.co.uk/hsts-the-missing-link-in-tls/] and CSP [https://scotthelme.co.uk/...
Free Post PFS Getting an A+ on the Qualys SSL Test - Windows Edition My previous article [https://scotthelme.co.uk/a-plus-rating-qualys-ssl-test/] has gained a lot of attention as a reference point on how to score the highest A+ rating on the Qualys SSL...
Free Post encryption Do browsers tell us enough about secure connections? We've all grown used to checking for 'https' in the address bar of our browser and making sure that we have the little padlock indicator to assure us that the connection is secure. The only problem I find with these is that they don't...
Free Post CloudFlare CloudFlare's great new features and why I won't use them CloudFlare have recently announced two great new features in the form of Keyless SSL [https://blog.cloudflare.com/announcing-keyless-ssl-all-the-benefits-of-cloudflare-without-having-to-turn-over-your-private-ssl-keys/] and Universal SSL [https://blog.cloudflare.com/introducing-universal-ssl/]. Despite the fact that Keyless SSL addresses some of the concerns I outlined in my previous blog...
Free Post Qualys Squeezing a little more out of your Qualys score Not so long back I published a blog on Getting an A+ rating on the Qualys SSL Test [https://scotthelme.co.uk/a-plus-rating-qualys-ssl-test/], which I recently updated to keep in line with the latest requirements on RC4 ciphers and SHA1/SHA256 certificates. Since then,...
Free Post HSTS HSTS Preloading HSTS is the great little response header that tells a browser to always use SSL/TLS to communicate with your site. It doesn't matter if the user, or a link they are clicking, specifies HTTP, HSTS will remove the ability for a compatible browser...
Free Post DHE Perfect Forward Secrecy - An Introduction Perfect Forward Secrecy is a feature of specific key agreement protocols that gives assurances your session keys will not be compromised even if the private key of the server is compromised. By generating a unique session key for every session a user initiates, even...
Free Post cipher suite Getting an A+ rating on the Qualys SSL Test The SSL Test provided by Qualys does an incredibly thorough evaluation of the SSL configuration on your server. It's a great way to get a feel for whether or not...