Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology

Articles

Sort results

Lightboard Lessons: Explaining the Diffie-Hellman Key Exchange

The Diffie-Hellman key exchange is used extensively in Internet communications today.  With the approval of the new TLS 1.3 protocol and the need for Perfect Forward Secrecy... Read more
0 Reviews

Lightboard Lessons: The TLS 1.3 Handshake

The handshake process between client and server has changed dramatically with the new TLS 1.3 protocol. The new process is much more efficient and allows encrypted application data to flow much faster than in previous versions... Read more
1 Review

SNI Routing with BIG-IP

In the previous article, The Three HTTP Routing Patterns, Lori MacVittie covers 3 methods of routing. Today we will look at Server Name Indication (SNI) routing as an additional method of routing HTTPS or any protocol that uses TLS protocol that... Read more
Average Rating: 4.9
4 Reviews

Lightboard Lessons: Explaining TLS 1.3

The newest version of the TLS protocol was recently approved by the Internet Engineering Task Force -- TLS 1.3. There are several key changes in this protocol... Read more
Average Rating: 4.9
6 Reviews

Bleichenbacher vs. Forward Secrecy: How much of your TLS is still RSA?

You're thinking about disabling the RSA key exchange on your virtual server in favor of only perfect forward secrecy. But are some of your users still using RSA? Here's how to find out. Read more
Average Rating: 4.6
9 Reviews

What is Transport Layer Security?

Transport Layer Security (TLS) is a protocol that provides privacy and data integrity between two communicating applications. TLS defines the exact methods, actions, etc each communicating device must use to achieve secure communications. Read more
Average Rating: 4.8
7 Reviews

TLS Fingerprinting - a method for identifying a TLS client without decrypting

TLS fingerprinting is a methodology based on the attributes in an SSL handshake ClientHello message. This presents an interesting approach to identifying user agents without first decrypting the traffic and looking for an HTTP User-Agent header. Read more
Average Rating: 4.9
9 Reviews

Lightboard Lessons: TLS Server Name Indication

Server Name Indication (SNI) is an extension to the TLS protocol that allows the client to include the requested hostname in the first message of the SSL handshake (Client Hello). Prior to the introduction of SNI, the client could not easily establish secure connections to multiple servers hosted on a single IP address. Read more
Average Rating: 4.9
3 Reviews

Your SSL Secrets Uncovered

Get Started with SSL Orchestrator SSL and its brethren TLS is becoming more prevalent to secure IP communications on the internet. It’s not just financial, health care or other sensitive sites, even search engines routinely use the encryption... Read more
2 Reviews

SSL Profiles Part 11: TLS Optimization

It’s been a while since we featured the SSL Profile, but some cool new features have emerged and everyone on DevCentral needs to know about them!  In this article, we will look at several options that are now available for optimizing TLS... Read more
1 Review

Lightboard Lessons: Is TLS Fast?

Many web applications are using encryption (TLS) for security, but security typically slows things down.  Is it possible to implement a good TLS solution but still keep the speed you want?  In this video, I dig into the tension... Read more
2 Reviews

Lightboard Lessons: SSL Outbound Visibility

You’ve been having trouble sleeping because of the SSL visibility problem with all the fancy security tools that don’t do decryption. Put down that ambien, because this Lightboard Lesson solves it. In episode, David Holmes diagrams the Right Way... Read more
Average Rating: 4.9
5 Reviews

WhiteBoard Wednesday: Breaking Down the TLS Handshake

In this edition of WhiteBoard Wednesday, we look at the Transport Layer Security (TLS) Handshake.  TLS has become an extremely popular protocol used today, and it's important to know some of the details of how a client and server interact... Read more
2 Reviews

I trust Certificate Authorities, but I have no idea why

I’ve seen statistics that claim between 40% and 60% of all sites on the Internet use encryption to protect their web application traffic.  Regardless of the true number (which changes on a daily basis), it’s fair to say that encryption is a... Read more
Average Rating: 4.9
3 Reviews

Implementing ECC+PFS on LineRate (Part 1/3): Choosing ECC Curves and Preparing SSL Certificates

Getting Started with LineRate In order to appreciate the advantages of SSL/TLS Offload available via LineRate as discussed in this article, let's take a closer look at how to configure SSL/TLS Offloading on a LineRate system. This example... Read more
1 Review

Implementing ECC+PFS on LineRate (Part 3/3): Confirming the Operation of SSL Offloading

Testing the Client-side SSL Confirming ECC PFS cryptography By browsing to https://ssloffload.lineratesystems.com, it is observed that the ECC secp384r1 curve is being used to secure the session. Figure 2 details the specific network... Read more
2 Reviews

Why ECC and PFS Matter: SSL offloading with LineRate

Why offload SSL/TLS from Application Servers? As more and more sensitive data traverses the Internet, it is important to secure this information. Per RFC 5246, securing network communications via SSL/TLS "allows client/server applications to... Read more
Average Rating: 4.9
4 Reviews

Mitigating sslsqueeze and other no-crypto, brute force SSL handshake attacks

I’ve spent a bunch of cycles lately trying to analyze how resistant we are to a new class of SSL handshake attacks. You see, I have a thing for these weird, asymmetric crypto attacks. To this day, the SSL Renegotiation DDoS piece is still the most... Read more
1 Review

Heartbleed: Network Scanning, iRule Countermeasures

Get the latest updates on how F5 mitigates HeartbleedGet the latest updates on how F5 mitigates Heartbleed I just spent the last two days writing “business-friendly” copy about Heartbleed. I think the result was pretty good and hey, it even got... Read more
0 Reviews

Verify, but Never Trust?

Much is being written lately about so-called "Zero Trust Model" security, which prompts me to ask, "Since when did we security folk trust anyone?"  On the NIST site, you'll find a thorough report NIST commissioned from... Read more
0 Reviews

Y U No Support SPDY Yet?

#fasterapp #ado #interop Mega-sites like Twitter and popular browsers are all moving to support SPDY – but there’s one small glitch in the game plan… SPDY is gaining momentum as “big” sites begin to enable support for the would-be HTTP 2.0... Read more
0 Reviews

TLS 1.2 for ssldump data decrypt revisited

A few months ago I posted a patch to SourceForge to add TLS1.2 data decrypt support to the ssldump tool. As the change was picked up, it became clear that the patch wasn’t decrypting properly for some ciphers. I spent some time looking at it but... Read more
0 Reviews

Infrastructure Architecture: Removing Blinders from Security Infrastructure

Infrastructure architecture is often the answer to many of IT’s most challenging issues. It is a fact of IT that different businesses have different technical requirements in terms of security, processing, performance, and even storage. In many... Read more
0 Reviews

DevCentral Top5 11/06/2009

While ramping up for "The Next Big Thing" continues amongst the DC staff, there is much to talk about in regards to content that's happening in the here and now, not just in the eagerly awaited future (with jet-packs and stuff…).... Read more
0 Reviews

TLS Man-in-the-Middle Attack Disclosed Yesterday Solved Today with Network-Side Scripting

Yesterday the blogosphere, twittosphere, and other-spheres were abuzz when a new TLS renegotiation man-in-the-middle attack was disclosed. Interestingly enough, while we were all still reading about it and figuring out all the nuances, one of our... Read more
0 Reviews