Free Post Security Headers Alexa Top 1 Million Analysis - February 2018 It's that time of year again! I'm really excited to publish the 6th installment of my Alexa Top 1 Million analysis so we can take a...
Free Post nginx Doing the ChaCha with Nginx ChaCha20-Poly1305 is the combination of a new cipher, ChaCha20, and a new MAC, Poly1305, to give us a new AEAD cipher suite. AEADs will be the only option that will...
Free Post TLS The Best TLS Training in the World - Coming up North This year I've been working hard on delivering The Best TLS Training in the World both nationally and internationally. The course has been tremendously well received and consistently...
Free Post TLS The encrypted web is coming! Now, more than ever, we are seeing a huge drive towards encryption on the web. In fact, encryption is now being adopted at a rate never before seen. Here are...
Free Post TLS HPKP: HTTP Public Key Pinning HTTP Public Key Pinning, or HPKP, is a security policy delivered via a HTTP response header much like HSTS [https://scotthelme.co.uk/hsts-the-missing-link-in-tls/] and CSP [https://scotthelme.co.uk/...
Free Post PFS Getting an A+ on the Qualys SSL Test - Windows Edition My previous article [https://scotthelme.co.uk/a-plus-rating-qualys-ssl-test/] has gained a lot of attention as a reference point on how to score the highest A+ rating on the Qualys SSL...
Free Post encryption Do browsers tell us enough about secure connections? We've all grown used to checking for 'https' in the address bar of our browser and making sure that we have the little padlock indicator to assure us that the connection is secure. The only problem I find with these...
Free Post CloudFlare CloudFlare's great new features and why I won't use them CloudFlare have recently announced two great new features in the form of Keyless SSL [https://blog.cloudflare.com/announcing-keyless-ssl-all-the-benefits-of-cloudflare-without-having-to-turn-over-your-private-ssl-keys/] and Universal SSL [https://blog.cloudflare.com/introducing-universal-ssl/]. Despite the fact that Keyless SSL addresses some of the concerns I outlined in my previous blog...
Free Post Qualys Squeezing a little more out of your Qualys score Not so long back I published a blog on Getting an A+ rating on the Qualys SSL Test [https://scotthelme.co.uk/a-plus-rating-qualys-ssl-test/], which I recently updated to keep in line with the latest requirements on RC4 ciphers and SHA1/SHA256 certificates. Since then,...
Free Post HSTS HSTS Preloading HSTS is the great little response header that tells a browser to always use SSL/TLS to communicate with your site. It doesn't matter if the user, or a link they are clicking, specifies HTTP, HSTS will remove the ability for a...
Follow