Tracking our SSL configuration

less than 1 minute read

Over time we've updated the SSL configuration we use for serving HTTPS as the security landscape has changed. In the past we've documented those changes in blog posts; to make things simpler to track, and so that people can stay up to date on the configuration we've chosen, I've created a Github repository called sslconfig. I've recreated the history of our SSL configuration from an internal repository and going forward we'll synchronize this repo with the configuration we are using.

Our SSL configuration has changed because attacks on SSL/TLS have appeared: Lucky 13, BEAST, and biases in RC4.

Not long ago we modified OpenSSL to deprioritize RC4 and introduced ECDSA and we continue to examine the right set of ciphers to use so that our customers are as secure as possible (such as using Perfect Forward Secrecy).

Stay tuned for further announcements, and keep an eye on sslconfig for the latest configuraton.

Categories:

Updated:

Spotlight on Women in Cybersecurity

less than 1 minute read

Sucuri is committed to helping women develop their careers in technology. On International Women’s Day, Sucuri team members share their insights into workin...

Hacked Website Trend Report – 2018

less than 1 minute read

We are proud to be releasing our latest Hacked Website Trend Report for 2018. This report is based on data collected and analyzed by the GoDaddy Security / ...