NSA: New guidance to eliminate obsolete TLS protocols
The National Security Agency (NSA) has issued new guidance to eliminate obsolete Transport Layer Security (TLS) protocol configurations (such as TLS 1.0, TLS 1.1, SSLv2, SSLv3 and weak ciphers).
TLS 1.3
GnuTLS patches TLS vulnerability that could cause MITM attack
The GNU Transport Layer Security Library (GnuTLS) patched a vulnerability hidden in code for nearly two years. The issue applies to a flaw in how TLS 1.3 session resumption works without a master key. As a result, an attacker could exploit and launch man-in-the-middle (MITM) attacks.
OpenSSL patches High risk vulnerability (CVE-2020-1967)
OpenSSL patched a high severity vulnerability CVE-2020-1967 in certain OpenSSL versions. As a result, a bad actor could exploit and launch a Denial of Service attack against impacted systems.
Google public DNS service now supports DNS-over-TLS
Google announced a major security enhancement to its public Domain Name Service (DNS), the most widely used public DNS recursive resolver service used on the internet.
TLS 1.3 protocol is officially standard
The Transport Layer Security (TLS) 1.3 has officially become a standard last week. The new TLS standard now offers improved privacy, security and performance to the internet security protocol.