Articles about TLS

Hot on the heels of a reminder about the end of support for Windows 11 21H2, Microsoft has reminded everyone that Windows will soon have TLS 1.0 and TLS 1.1 disabled.

Transport Layer Security (TLS) has been around for a number of years, with TLS 1.0 not only dating back to 1999, but having been superseded by far more secure versions. TLS 1.2 and TLS 1.2 are now very much the norm, so Microsoft is following others in the industry by dropping 1.0 and 1.1.

Continue reading →

Starting next month, Microsoft is making some significant changes relating to Transport Layer Security (TLS) in Windows 11.

This security protocol has been one of the more controversial system requirements for the operating system, and the company has revealed plans to disable older versions -- specifically TLS 1.0 and TLS 1.1 -- by default from September. Microsoft has already determined that this will cause problems for a fairly lengthy list of apps, including some of its own.

Continue reading →

A new report shows that 81 percent of organizations have experienced at least two or more disruptive outages caused by expired certificates in the past two years, up from 77 percent last year.

The report from machine identity platform Keyfactor, based on research by the Ponemon Institute, finds the cut in SSL/TLS certificate lifespans to one year in September 2020 has made it much more difficult to keep the pace with certificate issuance and management.

Continue reading →

A new report from Venafi, based on in-depth security analysis of the world's top million websites over the last 18 months, shows the internet is becoming more secure.

Use of encryption is increasing and the adoption of newer TLS protocols is rising. However, many companies continue to use legacy RSA encryption algorithms to generate keys, despite stronger protocols being available.

Continue reading →

Big retail businesses can have hundreds of TLS/SSL certificates identifying specific internet-connected devices, but many lack an organization-wide framework for managing them.

In the run up to the busiest shopping period of the year, new research from BitSight finds that 75 percent of the retail sector is at heightened risk of ransomware due to poor TLS/SSL configuration management.

Continue reading →

As of September 1st, all publicly trusted TLS certificates must have a lifespan of 398 days or less -- roughly half the previous life.

According to security experts from Venafi, a provider of machine identity management, this latest change is an indication that machine identity lifetimes will continue to shrink.

Continue reading →

A new study by machine identity protection specialists Venafi of the opinions of 550 chief information officers (CIOs) from the US, UK, France, Germany and Australia finds that 75 percent name TLS certificates as their top concern.

TLS certificates act as machine identities, safeguarding the flow of sensitive data to trusted machines and, thanks to the acceleration of digital transformation, the number of machine identities is rising.

Continue reading →

A new era of internet security is upon us. As browsers, security tools, and service providers move to support the new encryption standard, are you prepared to follow suit? In August of this year, the Internet Engineering Task Force (IETF) released the Transport Layer Security (TLS) Protocol Version 1.3. The new version, designed for the "modern internet," offers major improvements from previous encryption protocols in the areas of security, performance, and privacy. Most notably, the previous optional use of perfect forward secrecy (PFS) in 1.2 is now a requirement for all sessions in TLS 1.3.

PFS requires the use of ephemeral key cryptography, which generates a new encryption key for each client/server interaction. Previous and future sessions maintain secrecy, because the same key is never used twice. This means that even if a hacker manages to compromise one session, it will be difficult for him/her to decrypt all of the sensitive traffic on your network. That is, if your network can support TLS 1.2 and 1.3 ephemeral ciphers. Below are 6 tips for monitoring and processing encrypted data on your network as PFS becomes the norm.

Continue reading →