SSL/TLS

Phasing out SSL / TLS protocols and ciphers with user-friendly error messages

This entry was posted in Security and tagged apache SSL/TLS on 19.02.2020 by Christian Folini

The phasing out of legacy encryption protocols like TLS 1.0 or the family of CBC encryption ciphers is a recurring necessity. This has been going on for many years. And it will only be a few years until TLS 1.2 should be retired in favor of its successor TLS 1.3. When disabling one of the […]

An A7 First Aid Kit

This entry was posted in Security and tagged apache Core Rule Set CRS3 ModRewrite modsecurity OWASP Top10 security SSL/TLS on 30.05.2017 by Christian Folini

Let’s consider Dave Wichers and the OWASP Top 10 project resists all the pressure and the 2017 edition of OWASP Top 10 will include the new A7 “Insufficient Attack Protection”. Lately the discussion has turned more constructive so maybe that prospect is not all that unrealistic. But honestly, I can not tell if A7 will […]

Network Management. Security. OpenSource.

Network Management. Security. OpenSource.

Phasing out SSL / TLS protocols and ciphers with user-friendly error messages

An A7 First Aid Kit