Time to eliminate obsolete TLS protocol configurations – NSA

Monday, February 1, 2021

The National Security Agency (NSA) recommends replacing obsolete protocol configurations with ones that utilise strong encryption and authentication to protect sensitive information. Over time, new attacks against Transport Layer Security (TLS) and the algorithms it uses have been discovered. Network connections employing obsolete protocols are at an elevated risk of exploitation by adversaries. NSA recommends that only TLS 1.2 or TLS 1.3 be used; and that SSL 2.0, SSL 3.0, TLS 1.…more

HTTPS-only mode in Firefox 83

Sunday, December 13, 2020

In November, Mozilla introduced the HTTPS-only Mode, a brand-new security feature available in Firefox 83. Here’s what happens when you enable HTTPS-only Mode: Firefox attempts to establish fully secure connections to every website (even for the http:// addresses), and Firefox asks for your permission before connecting to a website that doesn’t support secure connections. More information available on the official blog of Mozilla.

Our New Homepage

Wednesday, October 21, 2020

At some point we have realised that our, then-current, homepage was far from optimal. It didn’t provide enough of clear, well-structured information about what is it that SSLreminder is doing. We decided to change that. Prototyping in progress Since we don’t have a full-blown team of front-end engineers and UI/UX designers, all the thinking, prototyping and implementation was done by our techies. (Spoiler: they did quite a good job over there, feel free to check it out here)…more

Digicert to Deprecate the OU Field

Sunday, September 27, 2020

Why is the OU field being removed? Oftentimes confusing, the OU field is intended to keep the information about Organizational Unit that the certificate is issued for. This field is mostly optional and there is no generally accepted validation rules for it. To reduce confusion around this field and improve validation times, Digicert is going to remove it from future ordering processes. How does this affect me? As a customer of Digicert you’ll notice the following changes:…more

Google Chrome Will Limit SSL/TLS Certificates to 1 Year of Validity

Monday, June 15, 2020

On the 10th of June a CA/Browser Forum representative informed through Twitter that as of September 1 2020 Google Chrome will start limiting SSL/TLS certificates validity period to 398 days, or a bit over 1 year. So what exactly does this change mean for a website owner or administrator? Since the maximum certificate validity will be cut in about half, the chance to miss extension date will simply become twice as big.…more

Why Do You Need SSL

Sunday, May 17, 2020

Welcome back to our blog. Today we are going to find out why do we actually need SSL and what is the benefit of having it enabled. There are 2 protocol groups that provide secure communication over the Internet - SSL and TLS. For the sake of simplicity we are going to call them “SSL” as a group, but we actually mean both, so read it as “SSL/TLS”. Sometimes SSL is also called HTTPS, which is a different thing, but again for our discussion does not matter much.…more

Current State of SSL/TLS Support

Thursday, May 7, 2020

Welcome back to the SSLreminder blog. Today we’re looking at the current state of the SSL ecosystem with regards to TLS (SSL) protocol support by modern websites. In order to get the data we have turned to SSL Pulse, a monitoring tool by SSL Labs. It is a continuous and global dashboard for monitoring the quality of SSL/TLS support over time across 150,000 SSL- and TLS-enabled, most popular websites in the world.…more

Maximum SSL Certificate Validity

Monday, May 4, 2020

In short, maximum SSL certificate validity period is 2.2 years (in 2020). See below for more details. By voting for Ballot 193, the CA/Browser Forum group have reduced the maximum lifetime for SSL certificates to 825 days or about 2.2 years. Here’s an excerpt from the ballot: Subscriber Certificates issued after March 1, 2018 MUST have a Validity Period no greater than 825 days. One of the reasons behind this decision is that longer certificate validity periods can delay compliance with new guidelines.…more