Secure by default - the case of TLS
نویسنده
چکیده
Default configuration of various software applications often neglects security objectives. We tested the default configuration of TLS in dozen web and application servers. The results show that “secure by default” principle should be adopted more broadly by developers and package maintainers. In addition, system administrators cannot rely blindly on default security options.
منابع مشابه
Safe Configuration of TLS Connections Beyond Default Settings
Transport Layer Security (TLS) and its precursor Secure Sockets Layer (SSL) are the most widely deployed protocol to establish secure communication over insecure Internet Protocol (IP) networks. Providing a secure session layer on top of TCP, TLS is frequently the first defense layer encountered by adversaries who try to cause loss of confidentiality by sniffing live traffic or loss of integrit...
متن کاملDelphi application in solicitation of qualitative risk factors for estimation of a perceived probability of default: Case of Karafarin Bank
Unreliability of financial statements in Iran has urged this country’s financial services industry management to manipulate practices by which they could gain reliable risk scores for borrowers. This research extracts the most influential qualitative factors that would impact the default of a business relationship borrower. Solicitation of the factors is done through Delphi methodology. The mea...
متن کاملOn the Usability of Deploying HTTPS
Protecting communication content at scale is a difficult task, and TLS is the protocol most commonly used to do so. However, it has been shown that deploying it in a truly secure fashion is challenging for a large fraction of online service operators. While Let’s Encrypt was specifically built and launched to promote the adoption of HTTPS, this paper aims to understand the reasons for why it ha...
متن کاملOn the Security of O-PSI a Delegated Private Set Intersection on Outsourced Datasets (Extended Version)
In recent years, determining the common information privately and efficiently between two mutually mistrusting parties have become an important issue in social networks. Many Private set intersection (PSI) protocols have been introduced to address this issue. By applying these protocols, two parties can compute the intersection between their sets without disclosing any information about compone...
متن کاملUniversally Composable Security Analysis of TLS
We present a security analysis of the complete TLS protocol in the Universal Composable security framework. This analysis evaluates the composition of key exchange functionalities realized by the TLS handshake with the message transmission of the TLS record layer to emulate secure communication sessions and is based on the adaption of the secure channel model from Canetti and Krawczyk to the se...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- CoRR
دوره abs/1708.07569 شماره
صفحات -
تاریخ انتشار 2017