Threat Level: green Handler on Duty: Tom Webb

SANS ISC: ISC/DShield Website TLS Updates - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
ISC/DShield Website TLS Updates

On Thursday, we will change our TLS certificate to one issued by Letsencrypt. In the past, we used normal "commercial" certificates. Until a few months ago, we used HTTP Public Key Pinning. It appears that key pinning is no longer going to be supported by browsers, so we decided to remove this feature, which enabled us to use Letsencrypt. We removed the key pinning header a while ago, and browsers should no longer "pin" for our sites. But in case you are experiencing problems connecting to this site later this week, please let us know. You may still be able to connect to www.dshield.org if you can not connect to isc.sans.edu. 

We will also make another attempt to turn off TLS 1.0 support. While strictly speaking not a big risk to our site, we try to follow best practices. In the past, we had issues with some podcast players. But the service hosting our podcast MP3s has already turned off TLS 1.0, so this should not be an issue anymore. Again: Please report errors.

---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS Technology Institute
Twitter|

I will be teaching next: Intrusion Detection In-Depth - SANS San Antonio 2019

Johannes

3531 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!