Transport Layer Security
Cryptographic protocols for securing data in transit
Follow Transport Layer Security on Notably News to receive short updates to your email — rarely!
We include updates on HTTPS, Man-in-the-middle attack, Server Name Indication, Certificate authority, Public key infrastructure, Heartbleed, Forward secrecy, Online Certificate Status Protocol, DNS over TLS, Padding oracle attack, Let's Encrypt, Cipher suite, OCSP stapling, FTPS, Root certificate, Certificate revocation list ... and more.
| February 2025 |
Certificate Transparency
Mozilla Firefox desktop version 135 began requiring Certificate Transparency for all certificates issued by a certificate authority in Mozilla's Root CA Program.
|
| May 2024 | Website protocol support snapshot reveals significant variations in TLS protocol version usage, with most versions showing security concerns ranging from insecure to deprecated status. |
| 2023 |
Server Name Indication
HCL Notes added SNI support in version 14.0.
|
| September 2023 |
Server Name Indication
Cloudflare started supporting ECH for hosted domains. Chromium version 117 enabled ECH by default, requiring DNS HTTPS resource record keys.
|
| September 2023 |
Server Name Indication
Firefox enabled ECH by default since version 119, recommending its use with DNS over HTTPS.
|
| August 2023 |
Online Certificate Status Protocol
CA/Browser Forum removed the requirement for certificate authorities to provide OCSP (Online Certificate Status Protocol) service.
|
| July 2023 |
Server Name Indication
At IETF117 meeting, members reported Chrome and Firefox were conducting a 1% sample trial of ECH, with expectations to submit the final draft to IESG evaluation by January 2024.
|
| January 2023 |
HTTPS Everywhere
HTTPS Everywhere browser extension was discontinued due to widespread HTTPS adoption and native browser HTTPS-only modes.
|
| January 29 2023 |
DNS over TLS
Unwind DNS software added support for DNS over TLS (DoT), further expanding the protocol's adoption among DNS server applications.
|
| January 22 2023 |
DNS over TLS
Unbound DNS server software began supporting DNS over TLS (DoT), marking a significant milestone in encrypted DNS protocol implementation.
|
| 2022 | Introduction of DTLS version 1.3, created as a delta to TLS 1.3, designed to provide equivalent security guarantees with the exception of order protection and non-replayability. |
| 2022 |
HTTPS Everywhere
Firefox for Android and Firefox Focus introduced an HTTPS-only mode, inspired by the HTTPS Everywhere initiative.
|
| April 2022 |
Datagram Transport Layer Security
DTLS specification document released for use with User Datagram Protocol (UDP).
|
| April 2022 | Let's Encrypt was awarded the Levchin Prize for improvements to the certificate ecosystem. |
| February 2022 |
Certificate Transparency
Google published an update to their Certificate Transparency policy, removing the requirement for certificates to include a Signed Certificate Timestamp (SCT) from their own CT log service, aligning with Apple's previous requirements.
|
| 2021 |
HTTPS Everywhere
Google Chrome launched its HTTPS-only mode, following the influence of HTTPS Everywhere.
|
| 2021 |
Qualified website authentication certificate
European Union proposes updates to eIDAS (electronic Identification, Authentication and Trust Services) regulation, requiring web browsers to incorporate government-specified 'Trusted Service Providers' and accept Qualified Website Authentication Certificates (QWACs).
|
| December 2021 |
Certificate Transparency
'Certificate Transparency Version 2.0' was published, including major changes to log certificate structure, support for Ed25519 signature algorithm, and certificate inclusion proofs. However, the version was not adopted by the industry and considered 'Dead on arrival'.
|
| June 1 2021 | ACMEv1 API was completely shut down, marking the full end of the pre-standard ACME protocol |
| March 2021 | TLS 1.0 and 1.1 were formally deprecated, marking the end of these earlier protocol versions. |
| March 29 2021 |
Export of cryptography from the United States
The Implementation of Wassenaar Arrangement 2019 Plenary Decisions was published in the Federal Register, including changes to license exception ENC Section 740.17 of the Export Administration Regulations (EAR).
|
| January 2021 | Let's Encrypt began implementing 24-hour brownouts for ACMEv1 protocol |
| 2020 |
Server Name Indication
HCL Domino added SNI support in version 11.0.1.
|
| 2020 |
Certificate authority
According to Netcraft, DigiCert was identified as the world's largest high-assurance certificate authority, commanding 60% of the Extended Validation Certificate market and 96% of organization-validated certificates globally.
|
| 2020 | Web sites widely deprecated support for TLS versions 1.0 and 1.1, effectively disabling access for older browsers like Firefox versions before 24 and Chromium-based browsers before version 29. |
| 2020 |
HTTPS Everywhere
Firefox integrated a built-in HTTPS-only mode, demonstrating the direct impact of the HTTPS Everywhere project.
|
| 2020 |
DNS over TLS
Apple's iOS 14 introduced OS-level support for DNS over TLS and DNS over HTTPS, though with limited manual configuration options.
|
| December 2020 |
Kazakhstan man-in-the-middle attack
The Kazakh government attempted to re-introduce the government-issued root certificate for a third time. Browser vendors responded by announcing they would block the certificate in their browsers.
|
| December 2020 |
Kazakhstan man-in-the-middle attack
Kazakhstan government attempted to re-introduce the government-issued root certificate for a third time. Browser vendors responded by announcing they would block the certificate by invalidating it in their browsers.
|
| October 2020 |
Server Name Indication
Russian ISP Rostelecom and mobile operator Tele2 started blocking ESNI traffic.
|
| September 2020 |
Server Name Indication
Russian censorship ministry Roscomnadzor planned to ban encryption protocols including TLS 1.3 and ESNI.
|
| September 3 2020 | Let's Encrypt issued six new certificates, including a new ECDSA root named 'ISRG Root X2', four intermediates, and one cross-sign. The new root was cross-signed with ISRG Root X1. |
| September 1 2020 |
Certificate authority
Maximum certificate lifetime reduced to 398 days.
|
| August 2020 |
Server Name Indication
The Great Firewall of China started blocking ESNI traffic, while still allowing ECH traffic.
|
| June 2020 | Let's Encrypt ceased accepting new domain validations for ACMEv1 protocol |
| May 2020 |
Server Name Indication
ECH short name changed from ECHO to ECH.
|
| March 2020 |
Server Name Indication
ESNI was reworked into the Encrypted Client Hello (ECH) extension after analysis showed encrypting only SNI was insufficient.
|
| March 2020 |
Extended Validation Certificate
CA/B Forum implemented a new limitation on domain validation and organization data reuse, restricting maximum validity to 397 days (not to exceed 398 days).
|
| March 2020 | Let's Encrypt was awarded the Free Software Foundation's annual Award for Projects of Social Benefit. |
| March 3 2020 | Let's Encrypt announced potential revocation of over 3 million certificates due to a software flaw. |
| February 2020 |
Certificate Transparency
Let's Encrypt's Oak CT log was included in approved log lists and became usable by all publicly trusted certificate authorities.
|
| February 27 2020 | Let's Encrypt announced having issued a billion certificates. |
| January 2020 |
DNS Certification Authority Authorization
Let's Encrypt disclosed a software issue that improperly queried and validated CAA records, potentially affecting over 3 million certificates. They worked with customers to replace 1.7 million certificates and chose not to revoke the remaining certificates due to potential client downtime.
|
| 2019 |
Extended Validation Certificate
Chrome 77 removed the EV certificate indication from omnibox, shifting EV certificate status viewing to a detailed lock icon view.
|
| 2019 |
HTTPS Everywhere
HTTPZ was developed for Firefox and WebExt supporting browsers, continuing the trend of opportunistic encryption started by HTTPS Everywhere.
|
| November 2019 |
DNS Certification Authority Authorization
Simplified CAA standard was approved as a Proposed Standard by the LAMPS Working Group.
|
| November 8 2019 | Let's Encrypt stopped accepting new account registrations for ACMEv1 protocol |
| August 21 2019 |
Kazakhstan man-in-the-middle attack
Mozilla and Google simultaneously announced they would not accept the Kazakh government-issued certificate in their Firefox and Chrome browsers, even if manually installed by users. Apple also committed to similar actions for Safari.
|
| July 2019 |
Kazakhstan man-in-the-middle attack
Kazakh Internet Service Providers (ISPs) began messaging users about mandatory installation of the Qaznet Trust Certificate issued by the state certificate authority.
|
|
We are only showing the most recent entries for this topic. |
|
This contents of the box above is based on material from the Wikipedia articles Datagram Transport Layer Security, DNS Certification Authority Authorization, Online Certificate Status Protocol, Qualified website authentication certificate, Certificate Transparency, Certificate authority, Kazakhstan man-in-the-middle attack, Let's Encrypt, Export of cryptography from the United States, Transport Layer Security, Server Name Indication, Forward secrecy, Extended Validation Certificate, HTTPS Everywhere & DNS over TLS, which are released under the Creative Commons Attribution-ShareAlike 4.0 International License.