Concerned about cyber threats? Discover the latest in digital security with Windows 11.

Mutual Transport Layer Security (mTLS) in Azure Application Gateway and Application Servers / Web App is a mandatory modern security layer. It allows the server and the client to mutually identify each other’s identity and credibility to enhance cybersecurity. But what it is exactly, what does it do and how does it help your IT security?

Windows Server 2022 will see various novelties. Among others, it will push its QUIC, TLS 1.3, HTTP/3, and SMB 3.1.1 protocols as new standards. QUIC, specifically, is presented as an alternative to TCP and is often dubbed “TCP/2.” But are these protocols worth being standardized? And what are the challenges?

In the previous part, the article focused on the design of HA SMTP relay solutions. It also outlined the steps you should take to correctly prepare for setting up. In this part, you will get the detailed step-by-step guide on how to actually set up the solution without any trouble. The process is cumbersome but manageable.

In Part I of this article, we discussed how to handle multiple SSL sites sharing the same IP address and port bound to multiple SSL certificates in regards to SNI decryption and re-encryption with Kemp LoadMaster. We discussed briefly how to achieve this creatively. With Kemp LoadMaster, you will need to leverage sub-virtual services (SubVSs) in combination with content rules to handle this scenario. We also use SSL decryption and re-encryption in order to support the clients and servers with different TLS versions. Re-encryption is handled at the virtual service (VS) level, not at the SubVS level. Meaning you can only enter one SNI name for re-encryption with a shared VIP. So, in the case of two or more SSL sites sharing the same IP address, you would have only one that works.

As you all know by now, it really is time to say goodbye to TLS 1.0/1.1. You might be ready to only offer and support TLS 1.2. Perhaps you can even add TLS 1.3 as well. Being able and willing to block TLS 1.0/1.1 is a good thing completely. Well done.

A new low-cost attack that decrypts sensitive communications in neglectable time has been discovered recently. The attack works against TLS-protected communications using RSA cryptosystem which expose the key through SSLv2, which was retired two decades ago due to vulnerabilities, but still may be supported by some service due to legacy compatibility reasons or misconfigured TLS implementations.