Total 21 Posts

Certificate Authority Authorization

CAA is a new mechanism that will allow site owners to specify which Certificate Authorities are authorised to issue certificates for their domain name. It's a simple DNS record so setup is a breeze and SSL Labs is now checking for it, so it's time to do it! Why we…

Continue Reading

Doing the ChaCha with Nginx

ChaCha20-Poly1305 is the combination of a new cipher, ChaCha20, and a new MAC, Poly1305, to give us a new AEAD cipher suite. AEADs will be the only option that will be available going forwards in TLSv1.3 so alongside AES-GCM, ChaCha20-Poly1305 will be our only other choice. There are also…

Continue Reading

Why closing port 80 is bad for security

We've made some pretty big steps in our transition to a secure web but one thing that I often get asked about is closing port 80 as part of that transition. Here are my thoughts on why we shouldn't do that. Our current efforts As an industry we've made some…

Continue Reading