27 November 2013

Dropping Support for RC4 Cipher, and Enforcing Encrypted Connections

Recently we decided to only allow access to the Encryptomatic.com website over a secure https connection.  There did not seem to be any good reason not to do this.  The server overhead is minimal, and the certificates are not particularly expensive or difficult to obtain. The risks to privacy, demonstrating a commitment to protecting your privacy, and supporting the idea of a private internet browsing experience outweighed any small inconvenience or cost that we may incur. 

We have arranged our cipher suite ordering so that our server will attempt to connect to your web browser using the strongest ciphers available and with Perfect Forward Secrecy. You can see how our website performed at SSL Labs, and also test the security of your own browser.

We've also decided to drop support for the problematic RC4 cipher suite. A jury recently upheld a company's claim to a patent for using the RC4 cipher with TLS.  Removing support for RC4 should only cause issues for people who are using very old web browsers, and it's long past time they upgraded.  

A-rating for strong encryption at SSL Labs.
Encryptomatic.Com A Rating At SSL Labs

We apologize that this blog is temporarily unencrypted. We have for some time hosted the blog at Blogger. Sadly, Blogger has chosen not to provide https access to the sites it hosts. We're working to address this in the short term.

We appreciate you visiting our company online, and we want you to know that we take your privacy and security very seriously.


No comments:

Post a Comment