Slides of the Webinar "SSL, impact and optimisation"
INTRODUCTION
What is SSL?
The purpose of SSL
History of SSL / TLS
Overview of a TLS connection
PART 1
What is the role of an SSL certificate?
Levels of validation
Options for certificates: SAN and Wildcard
The certificate ordering process
Certificate chain
SSL algorithms: encryption & authentication
Examples
PART 2
TLS and IPV4 exhaustion
HAProxy and SNI
TLS impacts
SSL offloading
SEO
Security of the SSL protocol
Introduction to the design principles behind SSL. This was a relatively basic talk since the audience was a networking class with no previous security experience. Talk given to Cal Poly networking class on November 29, 2007.
The design criteria behind TLS/SSL, presented at Cal Poly on 2010/6/3. An updated version of a previous talk, this presentation includes descriptions of the Null-byte certificate attack and the recent session renegotiation attack (both from 2009).
Dans cette session, Cedric Fournet, chercheur principal Ă Microsoft Research Cambridge et au Centre de Recherche Commun INRIA-Microsoft Research nous prĂŠsentera un panorama des types de vulnĂŠrabilitĂŠs classiques de TLS ainsi que le projet "MiTLS" qui leur a permis, en avril 2014, de rĂŠvĂŠler une vulnĂŠrabilitĂŠ majeure mais n'ayant pas fait l'objet d'attaques jusqu'Ă sa dĂŠcouverte. MiTLS est une implĂŠmentation expĂŠrimentale vĂŠrifiĂŠe mathĂŠmatiquement de TLS : MiTLS est implĂŠmentĂŠ en F# et spĂŠcifiĂŠ en F7. MiTLS est une plateforme de recherche et de test permettant de revisiter les attaques connues et rĂŠgulièrement d'en trouver de nouvelles et donc de renforcer la robustesse du protocole en connexion avec l'IETF. TLS 1.2 (connu aussi comme SSL 3.0) est le protocole de cryptographie le plus rĂŠpandu pour sĂŠcuriser les communications et les ĂŠchanges sur Internet. Successeur de SSL, TLS est la garantie que vos transactions bancaires sur le web ou que votre messagerie seront bien protĂŠgĂŠes. TLS est omniprĂŠsent : HTTPS, 802.1x, VPNs, files, mail, VoIP⌠Et pourtant, est-ce que la confiance qu'on lui accorde est bien mĂŠritĂŠe ? Est-ce que TLS est sĂťr Ă 100% ? TLS a une histoire longue de 18 ans de dĂŠfauts et de correctifs, depuis la logique de sa spĂŠcification jusqu'aux multiples implĂŠmentations. Son omniprĂŠsence au cĹur du système de confiance du web rend nĂŠcessaire une dĂŠmarche organisĂŠe, rationnelle et prĂŠventive de dĂŠtection de ses vulnĂŠrabilitĂŠs. http://www.mitls.org/wsgi/home http://research.microsoft.com/en-us/projects/f7/
Introduction to the design principles behind SSL. This was a relatively basic talk since the audience was a networking class with no previous security experience. Talk given to Cal Poly networking class on November 29, 2007.
The design criteria behind TLS/SSL, presented at Cal Poly on 2010/6/3. An updated version of a previous talk, this presentation includes descriptions of the Null-byte certificate attack and the recent session renegotiation attack (both from 2009).
Dans cette session, Cedric Fournet, chercheur principal Ă Microsoft Research Cambridge et au Centre de Recherche Commun INRIA-Microsoft Research nous prĂŠsentera un panorama des types de vulnĂŠrabilitĂŠs classiques de TLS ainsi que le projet "MiTLS" qui leur a permis, en avril 2014, de rĂŠvĂŠler une vulnĂŠrabilitĂŠ majeure mais n'ayant pas fait l'objet d'attaques jusqu'Ă sa dĂŠcouverte. MiTLS est une implĂŠmentation expĂŠrimentale vĂŠrifiĂŠe mathĂŠmatiquement de TLS : MiTLS est implĂŠmentĂŠ en F# et spĂŠcifiĂŠ en F7. MiTLS est une plateforme de recherche et de test permettant de revisiter les attaques connues et rĂŠgulièrement d'en trouver de nouvelles et donc de renforcer la robustesse du protocole en connexion avec l'IETF. TLS 1.2 (connu aussi comme SSL 3.0) est le protocole de cryptographie le plus rĂŠpandu pour sĂŠcuriser les communications et les ĂŠchanges sur Internet. Successeur de SSL, TLS est la garantie que vos transactions bancaires sur le web ou que votre messagerie seront bien protĂŠgĂŠes. TLS est omniprĂŠsent : HTTPS, 802.1x, VPNs, files, mail, VoIP⌠Et pourtant, est-ce que la confiance qu'on lui accorde est bien mĂŠritĂŠe ? Est-ce que TLS est sĂťr Ă 100% ? TLS a une histoire longue de 18 ans de dĂŠfauts et de correctifs, depuis la logique de sa spĂŠcification jusqu'aux multiples implĂŠmentations. Son omniprĂŠsence au cĹur du système de confiance du web rend nĂŠcessaire une dĂŠmarche organisĂŠe, rationnelle et prĂŠventive de dĂŠtection de ses vulnĂŠrabilitĂŠs. http://www.mitls.org/wsgi/home http://research.microsoft.com/en-us/projects/f7/
The wolfSSL lightweight SSL/TLS library now includes TLS 1.3 support. This slide deck, from a seminar given in Tokyo, Japan, covers the differences in TLS 1.3 and what wolfSSL currently supports.
SSL is an acronym for Secure Sockets Layer. It is a protocol used for authenticating and encrypting web traffic. For web traffic to be authenticated means that your browser is able to verify the identity of the remote server.
in I.T field we need secure data communication and one of the most worldwide utility is OpenSSL . In our slide you will find basic introduction of OpenSSL and how to use it with black track for local communication data encryption.
SSL/TLS Introduction with Practical Examples Including Wireshark CapturesJaroslavChmurny
Â
As some of my colleagues are solving various SSL/TLS problems for one of our customers, I have prepared the above mentioned training for them. The training is divided to three parts:
- Brief Introduction to Public Key Infrastructure (PKI)
- Introduction to SSL/TLS Protocols
- Practical Examples and Hints
The last part primarily consists of hands-on exercises with Wireshark, covering variety of successful and failed SSL/TLS handshakes. The hands-on exercises are based on easily configurable dummy SSL client and server implemented in Java (available at https://github.com/Jardo72/SSL-Sandbox).
Introduction to Secure Socket Layer (SSL) and Tunnel Layer Security (TLS). Shows basic principle of SSL and also little bit of practical applicability.
Securing TCP connections using SSL
Originally developed by Netscape
Communications to allow secure access of a
browser to a Web server, Secure Sockets
Layer (SSL) has become the accepted
standard for Web security.1 The first version
of SSL was never released because of
problems regarding protection of credit
card transactions on the Web. In 1994,
Netscape created SSLv2, which made it
possible to keep credit card numbers
confidential and also authenticate the Web
server with the use of encryption and digital
certificates. In 1995, Netscape strengthened
the cryptographic algorithms and resolved
many of the security problems in SSLv2
with the release of SSLv3. SSLv3 now
supports more security algorithms
than SSLv2.
Certificate pinning in android applicationsArash Ramez
Â
How to do cryptography right in android
Part #4 / How to mitigate MITM attacks in SSL/TLS channels using server certification validation
watch it on youtube:
https://www.youtube.com/playlist?list=PLT2xIm2X7W7gZ0mtoAA8JrfFrvOKr1Qlp
The wolfSSL lightweight SSL/TLS library now includes TLS 1.3 support. This slide deck, from a seminar given in Tokyo, Japan, covers the differences in TLS 1.3 and what wolfSSL currently supports.
SSL is an acronym for Secure Sockets Layer. It is a protocol used for authenticating and encrypting web traffic. For web traffic to be authenticated means that your browser is able to verify the identity of the remote server.
in I.T field we need secure data communication and one of the most worldwide utility is OpenSSL . In our slide you will find basic introduction of OpenSSL and how to use it with black track for local communication data encryption.
SSL/TLS Introduction with Practical Examples Including Wireshark CapturesJaroslavChmurny
Â
As some of my colleagues are solving various SSL/TLS problems for one of our customers, I have prepared the above mentioned training for them. The training is divided to three parts:
- Brief Introduction to Public Key Infrastructure (PKI)
- Introduction to SSL/TLS Protocols
- Practical Examples and Hints
The last part primarily consists of hands-on exercises with Wireshark, covering variety of successful and failed SSL/TLS handshakes. The hands-on exercises are based on easily configurable dummy SSL client and server implemented in Java (available at https://github.com/Jardo72/SSL-Sandbox).
Introduction to Secure Socket Layer (SSL) and Tunnel Layer Security (TLS). Shows basic principle of SSL and also little bit of practical applicability.
Securing TCP connections using SSL
Originally developed by Netscape
Communications to allow secure access of a
browser to a Web server, Secure Sockets
Layer (SSL) has become the accepted
standard for Web security.1 The first version
of SSL was never released because of
problems regarding protection of credit
card transactions on the Web. In 1994,
Netscape created SSLv2, which made it
possible to keep credit card numbers
confidential and also authenticate the Web
server with the use of encryption and digital
certificates. In 1995, Netscape strengthened
the cryptographic algorithms and resolved
many of the security problems in SSLv2
with the release of SSLv3. SSLv3 now
supports more security algorithms
than SSLv2.
Certificate pinning in android applicationsArash Ramez
Â
How to do cryptography right in android
Part #4 / How to mitigate MITM attacks in SSL/TLS channels using server certification validation
watch it on youtube:
https://www.youtube.com/playlist?list=PLT2xIm2X7W7gZ0mtoAA8JrfFrvOKr1Qlp
All you need to know about transport layer securityMaarten Smeets
Â
Many people think that using HTTPS to offer your site or service to clients makes you secure from eavesdroppers and people trying to manipulate your network traffic. Think again! In this presentation I'll dive into transport layer security. I'll elaborate on what you can achieve with SSL such as authentication, encryption and integrity and how you can achieve it. I'll talk about the client-server handshake, identity and trust, one-way and two-way SSL, keys and keystores and cipher suite choice. By means of several examples, I'll show what it can mean if you make the wrong choices in on premises and cloud scenario's. This presentation is relevant for anyone involved in securing connections between client and server using TLS and people interested in learning more about the topic of TLS in general.
Stands for "Secure Sockets Layer." SSL is a secure protocol developed for sending information securely over the Internet. Many websites use SSL for secure areas of their sites, such as user account pages and online checkout. Usually, when you are asked to "log in" on a website, the resulting page is secured by SSL.
TLS/SSL - Study of Secured CommunicationsNitin Ramesh
Â
TLS/SSL - The mechanism enabling to have secured communications between 2 points over network is more important than ever. Here we deep dive into the basics and its relevance in today's world.
This presentation is a tutorial intro to DANE (DNS Authentication of Named Entities). It describes the root problem, a possible solution using DANE, and briefly shows how you can starting using DANE and TLSA records yourself.
Webservice security considerations and measuresMaarten Smeets
Â
Security is a hot topic, especially with new laws concerning how to deal with personally identifiable information (PII) and the journey to the cloud many organisations are making. When implemented correctly, security measures can protect your company from people trying to spy on you or manipulate your systems. Security can be implemented at different layers. In this presentation I'll zoom in on webservices and which choices there are to make on the application layer and transport layer. This spans area's like authentication, keys/keystores, OWSM policy choices, WebLogic SSL configuration and cipher suite choices. Security measures are even more relevant in cloud integration scenario's since services might not just be accessible from your internal network. After this presentation, architects and developers will have a good idea on how to quickly get started with taking security measures.
Alfresco DevCon 2019: Encryption at-rest and in-transitToni de la Fuente
Â
To guarantee data integrity and confidentiality in Alfresco, we need to implement authentication and encryption at-rest and in-transit. With micro services proliferation, orchestrating platforms, complex topologies of services and multiple programming languages, there is a demand of new ways to manage service-to-service communication, and in some cases, without the application needing to be aware. In addition to that, compliance requirements around encryption and authentication come to the picture requiring new ways to handle them. This talk will review encryption at-rest solutions for ADBP, and will be also discuss about solutions for encryption and authentication between services. This will be an introduction to service mesh and TLS/mTLS. We will see a demo of ACS running with Istio over EKS along with tools like WaveScope, Kiali, Jaeger, Grafana, Service Graph and Prometheus.
Diapositives du Webinar SSL :
INTRODUCTION
Quâest-ce que le SSL / TLS ?
LâintĂŠrĂŞt du SSL
Rapide historique
DĂŠroulement dâune connexion TLS
PARTIE 1
Quel est le rĂ´le dâun certificat SSL ?
Les niveaux de validation
Les options dâun certificat SSL : Wildcard et SAN
Le processus de commande
La chaĂŽne de certification
Algorithmes SSL : chiffrement & authentification
Ătude de cas : exemples typiques
PARTIE 2
Modes de dĂŠploiement
TLS et ĂŠpuisement des adresses IPv4
HAProxy et le SNI
Impacts du TLS
SSL offloading
SEO
SĂŠcuritĂŠ du protocole SSL
Table of contents
SHA-1 deprecation, moving to SHA-2
What is SHA-1 and why it is being deprecated?
What is SHA-2?
Deadlines
What does Microsoft say about SHA-1?
What does Google say about SHA-1?
Timeline Microsoft + Google
Should I renew or not?
SHA-2 Compatibility
OS, Browser and Server support
Detailed Operating System Support
E-mail Clients
Word Processors
Code Signing
SafeNet iKey / eToken Compatibility
Mainframe
Services
Outsource your domain name portfolio management and register new extensions with SSL247ÂŽ to benefit from our personalised service. Our policy: absolutely no hidden fees, zero hassle and genuine account management.
Externalisez la gestion de votre portefeuille de noms de domaine avec SSL247ÂŽ et bĂŠnĂŠficiez dâun service sur-mesure et sans mauvaise surprise. Notre politique : zĂŠro coĂťt cachĂŠ, zĂŠro tracas.
Nous couvrons tous les besoins de certification SSL : extranet, intranet, webmails, projets Microsoft Exchange, OCS, Citrix, VPN... et bien sĂťr tous les besoins pour le e-commerce.
MySSLÂŽ est une plateforme accessible en ligne 24h/24 et 7j/7, crĂŠĂŠe et administrĂŠe par nos soins, vous permettant de gĂŠrer en toute simplicitĂŠ vos produits Web Security chez SSL247ÂŽ
DevOps and Testing slides at DASA ConnectKari Kakkonen
Â
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Â
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Â
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Dev Dives: Train smarter, not harder â active learning and UiPath LLMs for do...UiPathCommunity
Â
đĽ Speed, accuracy, and scaling â discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Miningâ˘:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing â with little to no training required
Get an exclusive demo of the new family of UiPath LLMs â GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
đ¨âđŤ Andras Palfi, Senior Product Manager, UiPath
đŠâđŤ Lenka Dulovicova, Product Program Manager, UiPath
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
Â
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Welocme to ViralQR, your best QR code generator.ViralQR
Â
Welcome to ViralQR, your best QR code generator available on the market!
At ViralQR, we design static and dynamic QR codes. Our mission is to make business operations easier and customer engagement more powerful through the use of QR technology. Be it a small-scale business or a huge enterprise, our easy-to-use platform provides multiple choices that can be tailored according to your company's branding and marketing strategies.
Our Vision
We are here to make the process of creating QR codes easy and smooth, thus enhancing customer interaction and making business more fluid. We very strongly believe in the ability of QR codes to change the world for businesses in their interaction with customers and are set on making that technology accessible and usable far and wide.
Our Achievements
Ever since its inception, we have successfully served many clients by offering QR codes in their marketing, service delivery, and collection of feedback across various industries. Our platform has been recognized for its ease of use and amazing features, which helped a business to make QR codes.
Our Services
At ViralQR, here is a comprehensive suite of services that caters to your very needs:
Static QR Codes: Create free static QR codes. These QR codes are able to store significant information such as URLs, vCards, plain text, emails and SMS, Wi-Fi credentials, and Bitcoin addresses.
Dynamic QR codes: These also have all the advanced features but are subscription-based. They can directly link to PDF files, images, micro-landing pages, social accounts, review forms, business pages, and applications. In addition, they can be branded with CTAs, frames, patterns, colors, and logos to enhance your branding.
Pricing and Packages
Additionally, there is a 14-day free offer to ViralQR, which is an exceptional opportunity for new users to take a feel of this platform. One can easily subscribe from there and experience the full dynamic of using QR codes. The subscription plans are not only meant for business; they are priced very flexibly so that literally every business could afford to benefit from our service.
Why choose us?
ViralQR will provide services for marketing, advertising, catering, retail, and the like. The QR codes can be posted on fliers, packaging, merchandise, and banners, as well as to substitute for cash and cards in a restaurant or coffee shop. With QR codes integrated into your business, improve customer engagement and streamline operations.
Comprehensive Analytics
Subscribers of ViralQR receive detailed analytics and tracking tools in light of having a view of the core values of QR code performance. Our analytics dashboard shows aggregate views and unique views, as well as detailed information about each impression, including time, device, browser, and estimated location by city and country.
So, thank you for choosing ViralQR; we have an offer of nothing but the best in terms of QR code services to meet business diversity!
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Â
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navyâs DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATOâs (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Â
Are you looking to streamline your workflows and boost your projectsâ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, youâre in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part âEssentials of Automationâ series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Hereâs what youâll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
Weâll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Donât miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
Â
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more âmechanicalâ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Â
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Â
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
Â
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Â
Webinar SSL English
1. SSL/TLS: IMPACT AND SOLUTIONS FOR YOUR WEB APPLICATIONS
Introduction
What is
SSL / TLS
Part 1
About SSL Certficates
Part 2
SSL impact and
optimisation
With
13/11/2014
2. SSL / TLS: IMPACT AND SOLUTIONS FOR YOUR WEB APPLICATIONS
Baptiste AssmannâHAProxy
â˘What is SSL?
â˘The purpose of SSL
â˘History of SSL / TLS
â˘Overview of a TLS connection
â˘Glossary
â˘Timeframe
INTRODUCTION
What is SSL / TLS ?
3. SSL / TLS: IMPACT AND SOLUTIONS FOR YOUR WEB APPLICATIONS
What is SSL?
â˘SSL(Secured Socket Layers) first released in 1994
â˘IETF standardized SSL protocol into TLS(Transport Layer Security) in 1999
â˘People carry on using SSLwhen speaking about TLS
â˘Stands at the layer 5 of the OSI model
Itâs the âsâ in HTTPs, IMAPs, POPs, etcâŚ
OSI model
Layer 7 âapplication
HTTP, POP, IMAP
Layer 6 âpresentation
Layer 5 âsession
SSL/ TLS
Layer 4 âtransport
TCP
Layer3 ânetwork
IP
Layer2 âlink
Layer1 -physical
4. SSL / TLS: IMPACT AND SOLUTIONS FOR YOUR WEB APPLICATIONS
Confidentiality: nobody between the peers of a TLS connection can understand the content
Integrity: no data are altered when transmitted over a TLS connection
Authentication: each peer of a TLS connection can check the other one is the one he says to be
(In these slides, weâll focus only on the server side)
peer1
peer2
TLS connection
Purposes of the protocol
5. SSL / TLS: IMPACT AND SOLUTIONS FOR YOUR WEB APPLICATIONS
History of SSL / TLS
â˘SSL(Secured Socket Layers)
â˘First version: Netscape in 1994
â˘SSL 2.0: 1995
â˘SSL 3.0: 1996
â˘IETF standardization: TLS(Transport Layer Security)
â˘TLS 1.0: 1999 (based on SSL 3.0)
â˘TLS 1.1: 2006
â˘TLS 1.2: 2008
â˘TLS 1.3: 2015
6. SSL / TLS: IMPACT AND SOLUTIONS FOR YOUR WEB APPLICATIONS
Overview of a TLS connection
Before starting, we need to clarify a few definitions:
â˘Client hello: client side TLS connection initialization
â˘Server hello: server side TLS connection initialization response
â˘TLS handshake: phase where the client and the server negotiate the way the connection is established
â˘Client random: client side random string unique for each TLS session
â˘Server random: server side random string unique for each TLS session
â˘Pre-master secret: binary data provided by client and used to generate the session key
â˘Cipher suite: unique identifier of algorithms describing a TLS connection
â˘Session key: key for symmetric ciphering, result of the TLS handshake
â˘Session ID: TLS session ID associated to the Session Key and which can be used later by both the client and the server (resume)
Glossary
7. SSL / TLS: IMPACT AND SOLUTIONS FOR YOUR WEB APPLICATIONS
Overview of a TLS connection
TLS connection timeframe
â˘Step 1:
client hello: clients opens a TCP connection and send the following information: supported ciphers suite.
â˘Step 2:
server hello: server selects a cipher suite from the client list. The response also contains the server random
the server sends its certificate and public key to the client.
â˘Step 3:
client verifies serverâs certificate (self signed, expired, etcâŚ)
â˘Step 4:
client uses the serverâs public key to encrypt its random andpre-master secret.
â˘Step 5:
both the client and the server generate the session keyusingclient random, server randomandpre- master secret.
â˘Step 6:
afirst message is then exchange over the ciphered connection
Client
Server
(1) Client Hello
Supportedciphersuites
(2) Server Hello
CipherSuite, Server certificate, public key, Server Random
(3)
Verifyserver certificate
(4) Client Key Exchange
Client Random, pre-master secret (encryptedwithserverâspublic key)
(5)
Generatesession key
(5)
Generatesession key, session ID
(6) First message
8. SSL / TLS: IMPACT AND SOLUTIONS FOR YOUR WEB APPLICATIONS
Resuming a TLS connection
TLS connection timeframe
â˘Step 1:
client hello: clients opens a TCP connection and send the following information: supported ciphers suite and a SSL session ID to resume.
â˘Step 2:
server hello: server selects a cipher suite from the client list.
the server sends its certificate and public key to the client.
â˘Step 3:
client verifies serverâs certificate (self signed, expired, etcâŚ)
â˘Step 4:
a first message is then exchange over the ciphered connection
ď¨No session keys to compute.
Client
Server
(1) Client Hello
Supportedciphersuites, session key ID
(2) Server Hello
CipherSuite, Server certificate, public key
(3)
Verifyserver certificate
(4) First message
9. SSL / TLS: IMPACT AND SOLUTIONS FOR YOUR WEB APPLICATIONS
François Marien âSSL247ÂŽ
â˘What is the role of an SSL certificate?
â˘Levels of validation
â˘Options for certificates: SAN and Wildcard
â˘The certificate ordering process
â˘Certificate chain
â˘SSL algorithms: encryption & authentication
â˘Examples
PART 1
About SSL Certificates
10. SSL / TLS: IMPACT AND SOLUTIONS FOR YOUR WEB APPLICATIONS
What is the role of an SSL certificate?
SSL:
Secure Socket Layer
An SSL certificate is a data file which binds a public cryptographic key to a domain name. When installed on a server, it activates the SSL/TLS protocol.
TLS:
Transport Layer Security
Replaced in 1999 by
3 main roles
Encrypting data during online transactions
> Can anyone read the data I am exchanging?
Authenticating the server
> Am I talking to the server it claims to be?
Proving the integrity of a content
> Can anyone tamper with the data exchanged?
Proving the identity of the organisation controlling the domain!
(depending on the validation levelâŚ)
11. SSL / TLS: IMPACT AND SOLUTIONS FOR YOUR WEB APPLICATIONS
3 possible levels of validation
â˘Data encryption
â˘Validation of the domain name + organisation authentication
â˘Padlock + https appearing in the browser
â˘Details about the organisation are displayed in the certificate information
â˘Issued within 1-2 days
Vetting = longer issuance time
â˘Data encryption
â˘Strict authentication, respects industrial norms
â˘Green bar + padlock + https appearing in browsers
â˘Details about the organisation are displayed in the certificate information
â˘Issued within 5-6 days
Long and strict vetting = maximum confidence from visitors
â˘Data encryption
â˘Validation of the domain name
â˘Padlock + https appearing in the browser
â˘Certificate issued within less than 10 minutes
No vetting = fast issuance time
OV (Organisation Validation)
EV (Extended Validation)
DV (Domain Validation)
12. SSL / TLS: IMPACT AND SOLUTIONS FOR YOUR WEB APPLICATIONS
2options / add-ons
Secures an unlimited number of subdomains.
We often refer to a Wildcard certificate by using a ÂŤ*Âť (star). Example:*.ssl247.co.ukcan secure blog.ssl247.co.uk, mail.ssl247.co.uk, server.ssl247.co.ukâŚ
+
Easiertomanage;Cheaperthanbuyingacertificateforeachsinglesudomain;Veryflexible
-
IftheSSLcertificateiscompromised,thenalltheserversusingtheWildcardcertificatearecompromised;Notcompatiblewithallmobiledeviceoperatingsystems;NotcompatiblewithExtendedValidation
Often used for Unified Communications (UC) to secure Microsoft apps or Mobile Device Managers.
Example: ssl247.com, exchange.ssl247.com, ssl247.net,
new-ssl247.net
-
TheCAwillstilloperateavettingprocessforeachSAN; RequiresgoodmanagementifyouhaveseveralSANs; MoreexpensivethananormalorWildcardcertificate
+
UsuallycheapertobuySANsratherthanseveralcertificates;Ifyourwebsitesarehostedonasingleserver,aSANwonâtrequiredifferentIPaddressesforeachdomainname
13. SSL / TLS: IMPACT AND SOLUTIONS FOR YOUR WEB APPLICATIONS
The ordering process
The request
The vetting & issuance
The installation
1
2
3
CSR = CertifiateSigning Request
Applicantâs
information
Private key
Public key
When the CA issues your SSL certificate , they officially guarantee that the public key which was contained in your CSR belongs to www.yourdomain.com , and they also guarantee that www.yourdomain.com is controlled by your organisation(except for DV: no vetting).
14. SSL / TLS: IMPACT AND SOLUTIONS FOR YOUR WEB APPLICATIONS
Certificate chain / certification path
Root certificate = the CAâs own certificate!
A root can become linked to an intermediate by âsigningâ (authenticating) it.
Trust
infrastructure
Intermediate CA = the rootâs delegate.
The intermediate is in charge of âsigningâ (authenticating) SSL certificates.
SSL certificate.
The SSL certificate is issued by the CA, then signed by an intermediate,
which is signed by a root certificate.
15. SSL / TLS: IMPACT AND SOLUTIONS FOR YOUR WEB APPLICATIONS
SSL algorithms: encryption
RSA âAuthored by Ron Rivest, AdiShamir and Leonard Adleman
DSA âDigitalSignatureAlgorithm
ECC âEllipticCurveCryptography âNEW!
a) Assymetricencryption > 3 main âkey exchange algorithmsâ
2 types of encryption in SSL
a) Assymetric encryption: used at the beginning of an encrypted session , during the ÂŤkey exchangeÂť
(needs 2 keys, a public and a private)
b) Symmetric encryption: used when the session key has been exchanged
(needs one temporary, session key)
b) Symmetric encryption > 1 main standard: AES (Advanced Encryption standard)
Cipher suite = combination of authentication / key exchange / encryption algorithms
16. SSL / TLS: IMPACT AND SOLUTIONS FOR YOUR WEB APPLICATIONS
SSL algorithms: authentication
1mainalgorithm:SHA(SecureHashAlgorithm)
Usedinsecuredconnectionstoprovetheintegrityandauthenticityofamessagetothereceiver.
StandardhashalgorithminSSLcertificates.
SHA-1 Certificates concerned by Googleâs action:
â˘Expiring between 01/06/2016 and 31/12/2016
â˘Expiring from 01/01/2017
SHA-1phasingout,movingtoSHA-2
SHA-2 = 256-bit fingerprint
Vs.
2fd4e1c67a2d28fced849ee1bb76e7391b93eb12
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Google is accelerating the deprecation
SHA-1 = 160-bit fingerprint
The next 3 releases of Chrome will progressively display warning icons on websites secured with SHA-1 certificates
17. SSL / TLS: IMPACT AND SOLUTIONS FOR YOUR WEB APPLICATIONS
Case Studies: typical requests
â I need to secure my Microsoft Exchange serverâ
â˘mail.contoso.com
â˘mail.contoso-local.com
â˘autodiscover.contoso.com
â˘autodiscover.contoso-local.com
â˘legacy.contoso.com
â˘sip.contoso.com
â˘meet.contoso.com
â˘lyncdiscover.contoso.com
â˘lyncweb.contoso.com
â˘dialin.contoso.com
OV certificatewithSAN
OV certificatewithWildcard+SAN
â˘shop.contoso.com
â I have a Lync project with 2 servers : Edge + Proxyâ
Single domainEV certificate
Symantec
â I have an e-commerce websiteâ
18. SSL / TLS: IMPACT AND SOLUTIONS FOR YOUR WEB APPLICATIONS
Baptiste AssmannâHAProxy
â˘TLS and IPV4 exhaustion
â˘HAProxy and SNI
â˘TLS impacts:
â˘on performance
â˘on clients
â˘on Web applications
â˘SSL offloading
â˘SEO
â˘Security of the SSL protocol
PART 2
SSL impact and optimisation
19. SSL / TLS: IMPACT AND SOLUTIONS FOR YOUR WEB APPLICATIONS
Deployment modes
HAProxy
server
â˘SSL pass through or forward
â˘SSL offloading
â˘SSL cut through or bridging
client
SSL
SSL
HAProxy
server
client
SSL
clear
HAProxy
server
client
SSL
SSL
Encrypteddata
Cleardata
Cleardata
â˘HAProxy can be used in 3 different modes in front of services requiring SSL
ď¨There is no âgoodâ neither âbadâ way. There is a mode which meet your requirements.
â˘Requirements are dictated by the application, the servers, the hardware capacity, etc..
20. SSL / TLS: IMPACT AND SOLUTIONS FOR YOUR WEB APPLICATIONS
server
client
SSL
SSL
HAProxy
Encrypteddata
HAProxy and SSL pass through or SSL forward
frontend ft_www
mode tcp
bind 10.0.0.1:443
default_backendbk_www
backend bk_www
mode tcp
server s1 10.0.0.11:443
Deployment modes
21. SSL / TLS: IMPACT AND SOLUTIONS FOR YOUR WEB APPLICATIONS
HAProxy
server
client
SSL
clear
Cleardata
HAProxy and SSL offloading
frontend ft_www
mode http
bind 10.0.0.1:443 sslcrtmycrt.pem
default_backendbk_www
backend bk_www
mode http
server s1 10.0.0.11:80
Deployment modes
22. SSL / TLS: IMPACT AND SOLUTIONS FOR YOUR WEB APPLICATIONS
HAProxy
server
client
SSL
SSL
Cleardata
HAProxy and SSL cut through or bridging
frontend ft_www
mode http
bind 10.0.0.1:443 sslcrtmycrt.pem
default_backendbk_www
backend bk_www
mode http
server s1 10.0.0.11:443 ssl
Deployment modes
23. SSL / TLS: IMPACT AND SOLUTIONS FOR YOUR WEB APPLICATIONS
TLS and IPv4 exhaustion
TLS extension: SNI
â˘The certificate presented by the server must match the hostname, otherwise the client sends a warning
â˘Lessons learned until now:
â˘When the server has to send the certificate, it doesnât know which service the client is trying to browse
â˘The service host name is an HTTP information, not available at TLS layer
ď¨Since it is impossible for the server to create a relation between one of its certificates and the service reached by the client, a best practice was to affect one IP address per certificate.
ď¨Wildcard certificates, SAN, multi domain helps, but this is not scalable.
24. SSL / TLS: IMPACT AND SOLUTIONS FOR YOUR WEB APPLICATIONS
TLS and IPv4 exhaustion
TLS extension: SNI
â˘In April 2006, the RFC 4366 is published and introduces TLS Extensions.
â˘One of this extension is named Server Name Indication, shortened as SNI.
â˘Basically, during the client hello, the client sends a string containing the name of the service the above layer (IE HTTP) is trying to reach.
â˘Based on this string, the server can now select the appropriate certificate
â˘Both client and server must support SNI
Client
Server
(1) Client Hello
Supportedciphersuites,
Server Name Indication
(2) Server Hello
CipherSuite, Server certificate, public key, Server Random
(3)
Verifyserver certificate
Server chooses the certificate based on SNI sent by the client
25. SSL / TLS: IMPACT AND SOLUTIONS FOR YOUR WEB APPLICATIONS
TLS and IPv4 exhaustion
HAProxy and SNI
Working as a TLS endpoint
â˘Tell HAProxy to load all the certificates available in a directory: (validated at 50000 certificates in production)
â˘Path to a default certificate, used when clients donât send SNI:
â˘To Log SNI information, use the ssl_fc_snisample fetch in a log-formatdirective:
Working in TLS passthroughmode
â˘Route TLS connections to different server farms
frontend ft_www
bind 10.0.0.1:443 sslcrt/etc/haproxy/certs/
frontend ft_www
bind 10.0.0.1:443 sslcrt/etc/haproxy/certs/default.pemcrt/etc/haproxy/certs/
log-format ...%[ssl_fc_sni]...
frontend ft_ssl
bind 10.0.0.1:443
tcp-request inspect-delay 5s
tcp-request content accept if { req_ssl_hello_type1 }
use_backendbk_webmailif { req.ssl_sniâiowa.domain.com mail.domain.com }
use_backendbk_sharepointif { req.ssl_sniâisharepoint.domain.com }
26. SSL / TLS: IMPACT AND SOLUTIONS FOR YOUR WEB APPLICATIONS
TLS impact on performance
CPU
â˘CPU usage:
â˘Key computation is very expensive, furthermore with 2048 RSA keys. Scales very well with number of processes
â˘TLS resume is cheaper. Scales well up to 3 processes
â˘Ciphering a request on an established connection is cheap with modern CPU and AES- NI instruction
â˘HAProxy/OpenSSLperformance on a single core of a i7 CPU @3.4GHz:
â˘key computation: around 600/s (2048 bits)
â˘TLS resume per second (TLS 1.2): around 12000/s
â˘TLS bandwidth: 4.3Gb/s
â˘Now, you know why it is important to be able to resume a TLS connection!!!! (x20 gain of performance!)
ď¨The choice of the cipher suiteis very important!!!
Read: https://wiki.mozilla.org/Security/Server_Side_TLS
27. SSL / TLS: IMPACT AND SOLUTIONS FOR YOUR WEB APPLICATIONS
TLS impact on performance
CPU
â˘Use HAProxyâsglobal section to manage SSL parameters (HAProxy 1.5.8 and above)
â˘Log client User-Agent and negotiated cipher suite
â˘Example of log output: ...{TLSv1/ECDHE-RSA-AES128-SHA}...
â˘Adapt your cipher suite to your client pattern and not to make SSLlabshappy!!!
â˘In case of trouble, HAProxy will log TLS handshake error, without any other information. This part is handled by OpenSSL library
â˘Tune HAProxySSL session key cache:
global
ssl-default-bind-ciphers <copy paste the intermediary SSL cipher suite>
tune.ssl.default-dh-param2048
ssl-default-bind-options no-sslv3
capture request header User-Agent len128
log-format ...{sslv/sslc}...
global
tune.ssl.cachesize50000 # default to 20000
tune.ssl.lifetime600 # default to 300 seconds
28. SSL / TLS: IMPACT AND SOLUTIONS FOR YOUR WEB APPLICATIONS
TLS impact on performance
Memory
â˘Memory usage (no tuning, system and HAProxy defaults):
â˘Raw TCP connection passing through HAProxy requires 50K of memory
â˘With OpenSSL, add 64K of memory per TLS connection.
â˘Memory requirements for a peak of 1000 TLS connections:
Deploymentmode
Computation
Total memory required
TLS pass through
1000 * 50K
50 MBytes
TLS offloading
1000 * (50K + 64K)
114 MBytes
TLS cutthrough
1000 * (50K + 64K + 64K)
178 MBytes
29. SSL / TLS: IMPACT AND SOLUTIONS FOR YOUR WEB APPLICATIONS
TLS impact on clients
Forward proxies
â˘Some companies may forbid HTTPs on their forward proxies
â˘Web sites should be available over both HTTP and HTTPs (public data only)
â˘Web applications should be available over HTTPs only
â˘Some forward proxies does SSL inspection, making SSL useless:
https://www.google.fr/search?&q=SSL+inspection+appliance
Low capacity devices
â˘Low CPU resource means huge impact on performance
â˘Battery consumption increased
â˘Add latency and delay printing
â˘Usually, they support only outdated SSL protocols and canât be updated
â˘ď¨The choice of the cipher suite is very important!!!
30. SSL / TLS: IMPACT AND SOLUTIONS FOR YOUR WEB APPLICATIONS
TLS impact on clients
Disabling TLSv1.0 or not ???
â˘Compatibility matrix errors without TLSv1.0: (non exhaustive list)
31. SSL / TLS: IMPACT AND SOLUTIONS FOR YOUR WEB APPLICATIONS
TLS impact on clients
Disabling TLSv1.0 or not ???
â˘Compatibility matrix with TLSv1.0: (non exhaustive list)
32. SSL / TLS: IMPACT AND SOLUTIONS FOR YOUR WEB APPLICATIONS
TLS impact on Web applications
â˘In order to support the switch to TLS, a web application must be âagileâ.
â˘Links must be adapted to scheme (http or https). Prefer using relative links.
â˘HTTP responses should match the right scheme (http or https) and port (80 or 443)
ď¨Sometimes we must switch to SSL bridging mode
â˘What should be ciphered:
â˘Pages with sensitive / personal information
â˘All content of a page must be ciphered
â˘Application cookies should never be sent over a plain connection
â˘Mixing 2 host headers on a single page to download static content and over HTTP and dynamic content over HTTPs may lead to warnings in the browser
33. SSL / TLS: IMPACT AND SOLUTIONS FOR YOUR WEB APPLICATIONS
TLS impact on Web applications
â˘HAProxy can enforce the Secure flag on application cookies:
ď¨The âSecureâ flag tells the browser to never send this cookie over a clear connection
â˘Force a logout if the cookie has been sent over a clear connection:
Protect application cookie
Backendmyapp
aclhttpsssl_fc
aclsecured_cookieres.hdr(Set-Cookie),lower-m subsecure
rspirep^(set-cookie:.*) 1;Secure if https !secured_cookie
aclhttpsssl_fc
aclapp_cookiereq.cook(JSESSIONID) -m found
aclpath_logoutpathâi /logout.jsp
http-requestredirect/logout.jspif !https app_cookie!path_logout
34. SSL / TLS: IMPACT AND SOLUTIONS FOR YOUR WEB APPLICATIONS
Impact of SSL offloading
â˘The main difficulty of SSL offloading is that clients browse over HTTPs and application server is reached over HTTP:
â˘Check list:
â˘HAProxy must inform the server which protocol is being used by the client
â˘Server must adapt responses (Location, Set-Cookie, etcâŚ)
â˘Links from the body of the page must be adapted too
HAProxy
server
client
SSL
clear
Cleardata
35. SSL / TLS: IMPACT AND SOLUTIONS FOR YOUR WEB APPLICATIONS
Impact of SSL offloading
â˘tell HAProxy to log some useful information:
â˘Tell the application server which protocol was used on the client side:
ď¨Application server should adapt content based on this header
â˘Track errors and adapt serverâs responses to client side connection type:
â˘Donât forget the Secure flag (see a few slide above)
capture responseheader Locationlen32
capture responseheader Set-Cookie len32
http-requestset-header X-Forwarded-Proto https if{ ssl_fc}
http-requestset-header X-Forwarded-Proto httpif !{ ssl_fc}
rspirep^Location:http://(.*):80(.*) Location:https://1:4432 if { ssl_fc}
rspirep^Location:http://(.*) Location:https://1 if { ssl_fc}
36. SSL / TLS: IMPACT AND SOLUTIONS FOR YOUR WEB APPLICATIONS
Search Engine Optimisation
â˘Lately, Google has announced that protocol scheme (HTTP / HTTPs) from web sites will be used in their ranking algorithm: HTTPs will get more points
ď¨Important to move to SSL if your business relies on google ranking
â˘If your business doesnât rely on google ranking, then no worries!!!
37. SSL / TLS: IMPACT AND SOLUTIONS FOR YOUR WEB APPLICATIONS
Security of the SSL protocol
SSL / TLS weaknesses
â˘Lately, some vulnerabilities on SSL has been reported
â˘OpenSSL Library: ensure youâre running the latest OpenSSL library available for your operating system
â˘Heartblead
â˘CCS (CVE 2014-0224)
â˘SSL protocol:
â˘Beast attack: use an up to date SSL librairy
â˘SSLv3 Poodle: disable SSLv3:
â˘Downgrade attack prevention (TLS_FALLBACK_SCSV)
â˘TLS compression
global
ssl-default-bind-options no-sslv3
38. SSL / TLS: IMPACT AND SOLUTIONS FOR YOUR WEB APPLICATIONS
Conclusion
Moving to SSL
â˘Moving to SSL is not straight forward:
â˘if the application is SSL-ready, then no problem
â˘If the application is not SSL-ready, then it may work (worst case, use SSL bridging mode)
â˘In rare cases, an update of the application may be needed
â˘Donât forget to run an audit before
â˘Bear in mind that the type of client can also have an impact on your SSL stack (backward compatibility, limited features and ciphers, etc..)
â˘HAProxyâsflexibility, reporting and performance is your best friend during this move!
Choosing the right SSL certificate
â˘An SSL certificate provides more than encryption
â˘You need to find the right balance between the levels of validation, the levels of encryption and the add-ons (Wildcard / SAN) you need
â˘SSL247ÂŽcan help you choose the right certificate(s) for all your needs
39. info@SSL247.co.uk
+44(0)207 060 3775
www.SSL247.co.uk
contact@haproxy.com
+1-857-366-5050 www.haproxy.com
USEFUL LINKS
-https://www.ssl247.com/ssl-tools/certificate-decoder> decode anSSL certificate
-https://www.ssllabs.com/ssltest/> test your SSL server
-https://istlsfastyet.com/> info about moving to TLS
-https://www.ssl247.com/?wizard#> choose the right certificate
-https://www.ssl247.com/ssl-certificates/brands/GeoTrust/geotrust-trial> use a 30-day free SSL certificate to run tests on your servers