TLS

Because crypto is too pleasant without x509.

TLS nonce-nse

Starting a series of blog posts on TLS 1.3, I published my notes on the landscape of cipher nonces in TLS across versions, to help me clean up the implementation. Comes with hand-drawn diagrams! TLS nonce-nse | CloudFlare Blog (archive)…

An overview of TLS 1.3

I presented TLS 1.3 to the CloudFlare London office. Why it's faster, how it works, why it's safer, what's clever about it. The talk is recorded and comes with colored diagrams. There's a transcript on the CloudFlare blog. Update: you might want to watch my 33c3 talk on the…

"LuckyMinus20": Yet Another Padding Oracle in OpenSSL CBC Cipher Suites

Early this week, a new OpenSSL error code padding oracle dropped. Padding oracles are one of the most fun crypto vulnerabilities, so I gave this one the full treatment: a ten lines PoC and CLI test, obviously based on a patched Go crypto/tls https://github.com/FiloSottile/CVE-2016-2107 an…

SSLv2 redux: patching Go crypto/tls to work with IE6

tl;dr: Go crypto/tls servers can't understand a sad SSLv2-flavored compatibility trick IE6 and JDK 5/6 do, I updated a patch, don't use it. While doing large scale TLS measurement with a Go crypto/tls server for CloudFlare, I started seeing this error score pretty high in my…

How Plex is doing HTTPS for all its users

This week Plex, a self-hosted media server, announced that they now offer TLS to secure all connections, including those to the user's servers. This is actually pretty interesting. Background A quick overview of the Plex architecture to understand why this is different from the average HTTPS deployment. The server is…