Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Clear all filters

Articles

Sort results

Lightboard Lessons: Explaining the Diffie-Hellman Key Exchange

The Diffie-Hellman key exchange is used extensively in Internet communications today.  With the approval of the new TLS 1.3 protocol and the need for Perfect Forward Secrecy... Read more
0 Reviews

Lightboard Lessons: The TLS 1.3 Handshake

The handshake process between client and server has changed dramatically with the new TLS 1.3 protocol. The new process is much more efficient and allows encrypted application data to flow much faster than in previous versions... Read more
1 Review

Lightboard Lessons: Explaining TLS 1.3

The newest version of the TLS protocol was recently approved by the Internet Engineering Task Force -- TLS 1.3. There are several key changes in this protocol... Read more
Average Rating: 4.9
6 Reviews

Bleichenbacher vs. Forward Secrecy: How much of your TLS is still RSA?

You're thinking about disabling the RSA key exchange on your virtual server in favor of only perfect forward secrecy. But are some of your users still using RSA? Here's how to find out. Read more
Average Rating: 4.6
9 Reviews

What is Transport Layer Security?

Transport Layer Security (TLS) is a protocol that provides privacy and data integrity between two communicating applications. TLS defines the exact methods, actions, etc each communicating device must use to achieve secure communications. Read more
Average Rating: 4.8
7 Reviews

TLS Fingerprinting - a method for identifying a TLS client without decrypting

TLS fingerprinting is a methodology based on the attributes in an SSL handshake ClientHello message. This presents an interesting approach to identifying user agents without first decrypting the traffic and looking for an HTTP User-Agent header. Read more
Average Rating: 4.9
9 Reviews

Lightboard Lessons: TLS Server Name Indication

Server Name Indication (SNI) is an extension to the TLS protocol that allows the client to include the requested hostname in the first message of the SSL handshake (Client Hello). Prior to the introduction of SNI, the client could not easily establish secure connections to multiple servers hosted on a single IP address. Read more
Average Rating: 4.9
3 Reviews

Your SSL Secrets Uncovered

Get Started with SSL Orchestrator SSL and its brethren TLS is becoming more prevalent to secure IP communications on the internet. It’s not just financial, health care or other sensitive sites, even search engines routinely use the encryption... Read more
2 Reviews

SSL Profiles Part 11: TLS Optimization

It’s been a while since we featured the SSL Profile, but some cool new features have emerged and everyone on DevCentral needs to know about them!  In this article, we will look at several options that are now available for optimizing TLS... Read more
1 Review

Lightboard Lessons: Is TLS Fast?

Many web applications are using encryption (TLS) for security, but security typically slows things down.  Is it possible to implement a good TLS solution but still keep the speed you want?  In this video, I dig into the tension... Read more
2 Reviews

Lightboard Lessons: SSL Outbound Visibility

You’ve been having trouble sleeping because of the SSL visibility problem with all the fancy security tools that don’t do decryption. Put down that ambien, because this Lightboard Lesson solves it. In episode, David Holmes diagrams the Right Way... Read more
Average Rating: 4.9
5 Reviews

WhiteBoard Wednesday: Breaking Down the TLS Handshake

In this edition of WhiteBoard Wednesday, we look at the Transport Layer Security (TLS) Handshake.  TLS has become an extremely popular protocol used today, and it's important to know some of the details of how a client and server interact... Read more
2 Reviews

I trust Certificate Authorities, but I have no idea why

I’ve seen statistics that claim between 40% and 60% of all sites on the Internet use encryption to protect their web application traffic.  Regardless of the true number (which changes on a daily basis), it’s fair to say that encryption is a... Read more
Average Rating: 4.9
3 Reviews

Mitigating sslsqueeze and other no-crypto, brute force SSL handshake attacks

I’ve spent a bunch of cycles lately trying to analyze how resistant we are to a new class of SSL handshake attacks. You see, I have a thing for these weird, asymmetric crypto attacks. To this day, the SSL Renegotiation DDoS piece is still the most... Read more
1 Review

Heartbleed: Network Scanning, iRule Countermeasures

Get the latest updates on how F5 mitigates HeartbleedGet the latest updates on how F5 mitigates Heartbleed I just spent the last two days writing “business-friendly” copy about Heartbleed. I think the result was pretty good and hey, it even got... Read more
0 Reviews

Verify, but Never Trust?

Much is being written lately about so-called "Zero Trust Model" security, which prompts me to ask, "Since when did we security folk trust anyone?"  On the NIST site, you'll find a thorough report NIST commissioned from... Read more
0 Reviews

Y U No Support SPDY Yet?

#fasterapp #ado #interop Mega-sites like Twitter and popular browsers are all moving to support SPDY – but there’s one small glitch in the game plan… SPDY is gaining momentum as “big” sites begin to enable support for the would-be HTTP 2.0... Read more
0 Reviews

TLS 1.2 for ssldump data decrypt revisited

A few months ago I posted a patch to SourceForge to add TLS1.2 data decrypt support to the ssldump tool. As the change was picked up, it became clear that the patch wasn’t decrypting properly for some ciphers. I spent some time looking at it but... Read more
0 Reviews

Infrastructure Architecture: Removing Blinders from Security Infrastructure

Infrastructure architecture is often the answer to many of IT’s most challenging issues. It is a fact of IT that different businesses have different technical requirements in terms of security, processing, performance, and even storage. In many... Read more
0 Reviews

TLS Man-in-the-Middle Attack Disclosed Yesterday Solved Today with Network-Side Scripting

Yesterday the blogosphere, twittosphere, and other-spheres were abuzz when a new TLS renegotiation man-in-the-middle attack was disclosed. Interestingly enough, while we were all still reading about it and figuring out all the nuances, one of our... Read more
0 Reviews

20 Lines or Less #31 – Traffic shaping, header re-writing and TLS renegotiation

What could you do with your code in 20 Lines or Less? That's the question I ask (almost) every week for the devcentral community, and every week I go looking to find cool new examples that show just how flexible and powerful iRules can be... Read more
0 Reviews