Today saw another SSL Labs release, which brings several new features and includes one fix. In this blog post I will discuss what the new...| blog.ivanristic.com
It took a couple of years, but I am happy to report that my book Bulletproof TLS and PKI is now out and available in both digital and print. Although the title is slightly different this time, the new release is the second edition of my earlier work—Bulletproof SSL and TLS—which came out in 2014. The second edition has less SSL and more TLS, as it should be.| Blog: Ivan Ristić
Another year, another book to update. The third edition of OpenSSL Cookbook, my free book that covers command-line usage of OpenSSL, is now available for your pleasure. Although the structure of the book remains the same, it’s been significantly updated with the help of Matt Caswell, a member of the OpenSSL development team. The largest change, of course, is that the material is now fully up to date with TLS 1.3.| Blog: Ivan Ristić
I am happy to announce that the second edition of Bulletproof SSL and TLS is now available in preview. As I write this, it’s November 2020 and roughly six years since we released the first edition. I am happy to say that things have worked out approximately how I thought they would. The first edition came out in 2014, but immediately in 2015 we released another version to keep up with the developments, and then a full revision followed in 2017. In 2018, the long-awaited TLS 1.3 protocol cam...| Blog: Ivan Ristić
I am very happy to announce Bulletproof SSL and TLS, the 2017 revision. The manuscript is complete and it’s now undergoing copyediting. We expect that the revision will be fully done by the end of July. Get your updates now if you can’t wait, or in August if you can.| Blog: Ivan Ristić
The last time I wrote about my bookBulleproof SSL and TLS was two years ago, just after publishing the first full revision. Although two years is a long time to go without a blog post, throughout this period I continued to work on the book, keeping it nearly-always up to date. Today, three years after the first edition had been published, the second formal full revision is complete. At the same time, I am announcing that the first edition won't see any further updates—all future work will g...| Blog: Ivan Ristić
We’re excited to share with you the first preview of our next-generation grading. This is something that’s long overdue but, due to lack of available time, we managed to keep up patching the first-generation grading to keep up with the times. Now, finally, we’re taking the next necessary steps to modernise how we grade servers based on our assessments.| Blog: Ivan Ristić
In the second half of 2016, a series of events unfolded that culminated with something many didn’t think was possible (or at least thought very unlikely): a public CA was distrusted. The CA in question was WoSign, a Chinese CA who made some waves by offering free certificates back in the day, before Let’s Encrypt came onto the scene. To make the case even more remarkable, another CA—StartCom—was distrusted at the same time. These were CAs with substantial installed user bases, largely...| Blog: Ivan Ristić
Certification Authority Authorization (CAA), specified in RFC 6844 in 2013, is a proposal to improve the strength of the PKI ecosystem with a new control to restrict which CAs can issue certificates for a particular domain name. Although CAA had been in the proposed-standard state for more than 4 years, there was little obvious happening until very recently, with only a hundred or two hundred sites adopting it. But that’s going to change, because the CA/Browser Forum recently voted to manda...| Blog: Ivan Ristić
Ticketbleed is a recently disclosed vulnerability in some F5 load balancers. This problems allows attackers to retrieve up to 31 bytes of process memory, which could potentially include sensitive data (for example private keys). It is similar in nature to Heartbleed (a vulnerability in OpenSSL from 2014), but less severe because much less data can be extracted.| Blog: Ivan Ristić
I am happy to announce that the second edition of Bulletproof SSL and TLS is now available in preview. As I write this, it’s November...| blog.ivanristic.com
It took a couple of years, but I am happy to report that my book Bulletproof TLS and PKI is now out and available in...| blog.ivanristic.com