Secure Sockets Layer, protocol for encrypting data between the Web Browser and the Web Server. Aka https.
Apr'2021: done at (2021-04-25) Move To DigitalOcean
Jun'2019: tried and failed to get working on my linode: Making GoogleAssistant CoachBot
Dec'2016: Within one year, Let's Encrypt has become one of the largest Certificate Authoritys on the Internet.
Nov'2014: why it's overdue: If you run a news site, or any site at all, we’d like to issue a friendly challenge to you. Make a commitment to have your site fully on https by the end of 2015 and pledge your support with the hashtag #https2015.
Dec'2012 recommendations from some friends - note this is relevant to many-server environment
- RapidSSL is good certificate vendor
- get wildcard certs so you can use them across hosts and servers in the same domain
- run SSL in the Load Balancer-s, not on AppServer-s - see Load Balancing
Ian Grigg challenge to the Threat Model behind SSL. Commentary by Tim Oren and Charles Miller
- Terminate in (Load Balancing) hardware? See comments for interesting issues....
Historically, SSL has been considered expensive, and handled in separate computers with specialized accelerating hardware.
Val Shkolnikov http://home.pacbell.net/nvsoft/2.2/ssl_wrapper.html
HeartBleed is a security bug disclosed in April 2014 in the OpenSSL cryptography library, which is a widely used implementation of the Transport Layer Security (TLS) protocol. Heartbleed may be exploited regardless of whether the party using a vulnerable OpenSSL instance for TLS is a server or a client.
Edited: | Tweet this! | Search Twitter for discussion