Articles in “TLS”

Encrypted Client Hello: the future of ESNI in Firefox

Background Two years ago, we announced experimental support for the privacy-protecting Encrypted Server Name Indication (ESNI) extension in Firefox Nightly. The Server Name Indication (SNI) TLS extension enables server and … Read more

Design of the CRLite Infrastructure

Firefox is the only major browser that still evaluates every website it connects to whether the certificate used has been reported as revoked. Firefox users are notified of all connections … Read more

CRLite: Speeding Up Secure Browsing

CRLite pushes bulk certificate revocation information to Firefox users, reducing the need to actively query such information one by one. Additionally this new technology eliminates the privacy leak that individual … Read more

The End-to-End Design of CRLite

CRLite is a technology to efficiently compress revocation information for the whole Web PKI into a format easily delivered to Web users. It addresses the performance and privacy pitfalls of … Read more

Validating Delegated Credentials for TLS in Firefox

At Mozilla we are well aware of how fragile the Web Public Key Infrastructure (PKI) can be. From fraudulent Certification Authorities (CAs) to implementation errors that leak private keys, users, … Read more

Removing Old Versions of TLS

In March of 2020, Firefox will disable support for TLS 1.0 and TLS 1.1. On the Internet, 20 years is an eternity.  TLS 1.0 will be 20 years old in … Read more

MWoS 2015: Let’s Encrypt Automation Tooling

The Mozilla Winter of Security of 2015 has ended, and the participating teams of students are completing their projects. The Certificate Automation tooling for Let’s Encrypt project wrapped up this … Read more