We just released a new API version for the TLS Pool, with many improvements. There are still things missing, but these have mostly been designed and are in the process of being turned into code.
>> Continue reading <<
This is a report of things that are currently taking place in our work on the TLS Pool. Even if changes are currently made in a development branch, their impact is going to be major once it is checked into the mainstream branch.
>> Continue reading <<
Delivery report of the first instances of the KRB5-KDH and TLS-KDH specifications
>> Continue reading <<
Since support for XP is ending soon, and because IE on XP was the only realistic platform that fails to send SNI alongside its web requests, we can assume that SNI is everywhere. Or at least, that is a safe assumption from April 8th, 2014 -- when IE on XP is officially acknowledged by its source as an insecure browser. (Others have said the same thing for much longer already.) So it is not unlogical to stop supporting browsers without SNI.
>> Continue reading <<
TLS servers often struggle with a limited amount of ports. Even when using IPv6 there may be reasons why this problems shows up; backward compatibility with IPv4 and a desire for central entrance of web traffic to your site are a few. SNItch makes it possible to switch to various backend servers based on the Server Name Indication contained in (at least) web traffic.
This article is part of a series of articles about TLS.
>> Continue reading <<