Diario Oficial

SSL/TLS Strong Encryption: FAQ

This chapter is a collection of frequently asked questions (FAQ) and corresponding answers following the popular USENET tradition. Most of these questions occurred on the Newsgroup ...
Bleeping Computer

Attackers Evade Detection By Randomizing TLS Handshake Ciphers

Cybercriminals are using a new method to evade detection to make sure that the traffic generated by their malicious campaigns is not being detected, a technique based on SSL/TLS signature ...
Infosecurity-magazine.com

Google Swaps Out Crypto Ciphers in OpenSSL

Given recent attacks against older, commonly-used encryption modes RC4 and CBC, the Google team began implementing new algorithms – ChaCha 20 for symmetric encryption and Poly1305 for authentication – ...
Ars Technica

Web served, part 2: Securing things with SSL/TLS

If you’ve followed the steps we laid out in our initial feature, you’ve got a safe Nginx server all set up and working. It’s serving your static pages without any issue. We don’t yet have a database, ...
Threat Post

New OpenSSL MITM Flaw Affects All Clients, Some Server Versions

There is a new, remotely exploitable vulnerability in OpenSSL that could enable an attacker to intercept and decrypt traffic between vulnerable clients and servers. There is a new, remotely ...
Ars Technica

SSL/TLS Accelerated by GPUs

SSL offload to GPU's died about a decade ago, when AES-NI became a meaningful thing. You can do line rate 10G AES on a single cores worth of AES-NI in x86 land, taking the latency hit of pushing that ...
CSOonline

Challenges Associated with SSL/TLS traffic decryption and security inspection

As I’ve mentioned in several recent blogs, enterprise organizations are encrypting more and more of their network traffic. A majority (87%) of organizations surveyed as part of a recent ESG research ...