Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology

Articles

Sort results

Lightboard Lessons: The TLS 1.3 Handshake

The handshake process between client and server has changed dramatically with the new TLS 1.3 protocol. The new process is much more efficient and allows encrypted application data to flow much faster than in previous versions... Read more
1 Review

Lightboard Lessons: Explaining TLS 1.3

The newest version of the TLS protocol was recently approved by the Internet Engineering Task Force -- TLS 1.3. There are several key changes in this protocol... Read more
Average Rating: 4.9
7 Reviews

Bleichenbacher vs. Forward Secrecy: How much of your TLS is still RSA?

You're thinking about disabling the RSA key exchange on your virtual server in favor of only perfect forward secrecy. But are some of your users still using RSA? Here's how to find out. Read more
Average Rating: 4.6
9 Reviews

TLS Fingerprinting - a method for identifying a TLS client without decrypting

TLS fingerprinting is a methodology based on the attributes in an SSL handshake ClientHello message. This presents an interesting approach to identifying user agents without first decrypting the traffic and looking for an HTTP User-Agent header. Read more
Average Rating: 4.9
9 Reviews

Lightboard Lessons: TLS Server Name Indication

Server Name Indication (SNI) is an extension to the TLS protocol that allows the client to include the requested hostname in the first message of the SSL handshake (Client Hello). Prior to the introduction of SNI, the client could not easily establish secure connections to multiple servers hosted on a single IP address. Read more
Average Rating: 4.9
3 Reviews

Your SSL Secrets Uncovered

Get Started with SSL Orchestrator SSL and its brethren TLS is becoming more prevalent to secure IP communications on the internet. It’s not just financial, health care or other sensitive sites, even search engines routinely use the encryption... Read more
2 Reviews

SSL Profiles Part 11: TLS Optimization

It’s been a while since we featured the SSL Profile, but some cool new features have emerged and everyone on DevCentral needs to know about them!  In this article, we will look at several options that are now available for optimizing TLS... Read more
1 Review

Lightboard Lessons: SSL Outbound Visibility

You’ve been having trouble sleeping because of the SSL visibility problem with all the fancy security tools that don’t do decryption. Put down that ambien, because this Lightboard Lesson solves it. In episode, David Holmes diagrams the Right Way... Read more
Average Rating: 4.9
5 Reviews

I trust Certificate Authorities, but I have no idea why

I’ve seen statistics that claim between 40% and 60% of all sites on the Internet use encryption to protect their web application traffic.  Regardless of the true number (which changes on a daily basis), it’s fair to say that encryption is a... Read more
Average Rating: 4.9
3 Reviews

Implementing ECC+PFS on LineRate (Part 1/3): Choosing ECC Curves and Preparing SSL Certificates

Getting Started with LineRate In order to appreciate the advantages of SSL/TLS Offload available via LineRate as discussed in this article, let's take a closer look at how to configure SSL/TLS Offloading on a LineRate system. This example... Read more
1 Review

Why ECC and PFS Matter: SSL offloading with LineRate

Why offload SSL/TLS from Application Servers? As more and more sensitive data traverses the Internet, it is important to secure this information. Per RFC 5246, securing network communications via SSL/TLS "allows client/server applications to... Read more
Average Rating: 4.9
4 Reviews

Mitigating sslsqueeze and other no-crypto, brute force SSL handshake attacks

I’ve spent a bunch of cycles lately trying to analyze how resistant we are to a new class of SSL handshake attacks. You see, I have a thing for these weird, asymmetric crypto attacks. To this day, the SSL Renegotiation DDoS piece is still the most... Read more
1 Review

Heartbleed: Network Scanning, iRule Countermeasures

Get the latest updates on how F5 mitigates HeartbleedGet the latest updates on how F5 mitigates Heartbleed I just spent the last two days writing “business-friendly” copy about Heartbleed. I think the result was pretty good and hey, it even got... Read more
0 Reviews

Verify, but Never Trust?

Much is being written lately about so-called "Zero Trust Model" security, which prompts me to ask, "Since when did we security folk trust anyone?"  On the NIST site, you'll find a thorough report NIST commissioned from... Read more
0 Reviews

Y U No Support SPDY Yet?

#fasterapp #ado #interop Mega-sites like Twitter and popular browsers are all moving to support SPDY – but there’s one small glitch in the game plan… SPDY is gaining momentum as “big” sites begin to enable support for the would-be HTTP 2.0... Read more
0 Reviews

Infrastructure Architecture: Removing Blinders from Security Infrastructure

Infrastructure architecture is often the answer to many of IT’s most challenging issues. It is a fact of IT that different businesses have different technical requirements in terms of security, processing, performance, and even storage. In many... Read more
0 Reviews

TLS Man-in-the-Middle Attack Disclosed Yesterday Solved Today with Network-Side Scripting

Yesterday the blogosphere, twittosphere, and other-spheres were abuzz when a new TLS renegotiation man-in-the-middle attack was disclosed. Interestingly enough, while we were all still reading about it and figuring out all the nuances, one of our... Read more
0 Reviews