Transport Layer Security (TLS) 1.3 approved by IETF With the 28th Draft
The much required Transport Layer Security version TLS 1.3 approved finally by IETF after 28 drafts. TLS 1.3 is not a minor redesign, it is a major redesign of TLS 1.2.
Internet Engineering Task Force (IETF) is an open source...
Private keys Leaked – 23,000 SSL Certificates to be Revoked Within Next 24 Hours
More than 23,000 SSL certificates that purchased through the reseller Trustico will be revoked today. The entire saga starts on February 2nd, 2018 when Trustico reached out to Digicert for mass revocation.
"Trustico not has provided any details how the...
New Method to Establish Covert Channel Communication by Abusing X.509 Digital Certificates
Security researchers from Fidelis identified a new method to establish a covert channel communication by abusing widely implemented X.509 public key certificates. Certificates remain as a critical component of secure connection to a website.
When a browser establishes a secure...
testssl.sh – Tool to check cryptographic flaws and TLS/SSL Ciphers on any Ports
testssl.sh is a free command line tool which checks a server's administration on any port for the help of TLS/SSL ciphers, protocols and some TLS/SSL vulnerabilities.
Key features
1. Easy to install.
2. You can check with all port not only with...
Digital Certificate Security – Certificate Pinning
Generally, SSL certificate used to verify the security level of a website/URL. In the SSL handshake method, Client verifies the website/application certificate with the authorized public CA or where the respective certificate got issued.
If the certificate got verified by...
