rdschneider

SSL has long been the primary method for encrypting the communications between your browser and the websites you visit. However, for years there have been reports about potential ways for unauthorized parties to exploit SSL weaknesses and thus gain access to your ostensibly secure interactions.

The latest news is that the Diffie-Hellman key exchange algorithm (using 1024-bit primes) has been compromised. This has serious implications for the privacy of your sensitive communications, including banking, shopping, and email, to name just a few.

Fortunately, there’s a very helpful online tool that will evaluate your risk. You can find it at https://www.howsmyssl.com/

You should run this tool for each browser that you use, and take action based on what it tells you. More about that later in this post.

Here’s what I learned when I ran it on my system:

Opera (I haven’t updated this for a while, so it’s no surprise that it’s vulnerable):

Safari (Based on these results, Safari is now a no-go until I get it corrected)

Firefox (I applied the fix from the article that I’ll describe below. The results are good)

Finally, here’s Chrome. Once again, I configured this browser using the information from the article below.

So what should you do if you get a ‘Bad’ message from the How’s My SSL tool? The Electronic Frontier Foundation (EFF) has published an excellent, easy-to-understand article with step-by-step instructions about how to tighten your browser security.

You’ll find it here.

Tagged: encryption, security, ssl

Comments are closed.