TLS

Encrypted traffic is changing the threat landscape. Today’s digital businesses rely on encryption of application traffic for information sharing. The fact that the Internet is becoming increasingly “dark” is not debated with all indicators showing a steady increase. Compounding this issue is the pot…

The damage a hacker can do after discovering a server’s private encryption key is about to shrink considerably. That’s thanks to important improvements in the coming Internet Engineering Task Force (IETF) Transport Layer Security (TLS) standard for Internet security. Notably, while prior versions ha…

I have already written about two secure protocols that are impacting our network security. The first was HTTP/2, the second one was TLS 1.3. Both posts can be found here: HTTP/2 TLS1.3 Today I want to talk about another very important protocol, it is called QUIC. QUIC stands for QUICK UDP INTERNET C…

This post is the second part of my series around the impact of encrypted protocols on network security. You can find the first article about HTTP/2 here: http://blogs.cisco.com/security/the-impact-on-network-security-through-encrypted-protocols-http2 Now let us focus on the new and upcoming specific…

This is the start of a planned series of posts around the impact that new protocols are making on the way many of us deal with network security today. The protocols we have been using on the internet, mainly TCP with HTTP 1.1, have shown that they cannot deal with today’s requirements for fast…

Quantum computers could break commonly used public key algorithms, which would affect cryptography used today. For that reason, there has been great attention on quantum safe crypto recently. We have blogged about it in numerous occasions [1], [2] , [3]. In that context, last week the 4th ETSI/IQC o…

When dealing with TLS connections, it is important to understand how a client (in most cases this is a web browser) will be acting. Let’s quickly check some of the steps that are happening when a TLS connection is made. A web server will send its certificate down to the requesting client during the…

Introduction TLS (Transport Layer Security) is a cryptographic protocol that provides privacy for applications. TLS is usually implemented on top of common protocols such as HTTP for web browsing or SMTP for email. HTTPS is the usage of TLS over HTTP, which is the most popular way of securing commun…

On May 19th, 2015 a team of researchers (Henninger et. al) published a paper with the title “Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice”. The paper can be divided in two sections: 1) discrete logs on a 512-bit Diffie-Hellman (DH) group, and 2) a new attack against th…