Search the Community
Showing results for tags 'https'.
Found 5 results
-
POODLE means Padding Oracle on Downgraded Legacy Encryption. It allows an attacker to eavesdrop on encrypted HTTPS communications using the SSL 3.0 protocol. To protect a server against POODLE attacks you can disable SSL 3.0, or TLS 1.1 and TLS 1.2. The POODLE vulnerability was discovered by Google in 2014, reference CVE-2014-3566. Additional information is available from https://www.makeuseof.com/what-is-the-poodle-attack/
-
The Government Digital Service (GDS) manages the web sites for the UK Government. New guidelines require that all sites (including APIs) should only use HTTPS by 1st October 2016, and start the process of implementing HSTS.
-
The latest nginx version 1.11.0 now also supports hybrid RSA/ECDSA certificates now. ECDSA certificates are the fast and secure successor of RSA certificates, but only recent clients (aka browsers) currently support them.
-
Blogspot now offers HTTPS for every blog hosted under the blogspot domain. However, unlike Wordpress.com, blogs hosted under their own custom domains are not included. Google is working to remove mixed HTTP/HTTPS content error messages from blog templates, and also gives users the choice of staying with HTTP if they prefer. There is the option to force redirect to HTTPS as well.
-
Wordpress.com has announced free HTTPS for all custom domains hosted on WordPress.com. WordPress.com has supported encryption for sites using WordPress.com subdomains since 2014. Encryption for the million-plus custom domains hosted on WordPress.com is now also available. All plaintext HTTP requests will be automatically redirected. The certificates are provided by the Let’s Encrypt project.
