![]() All certs and private keys are now encrypted and stored in a single file.We now better handle TLS 1.2 connections.Every clean installation you get fresh private key SSL private key is no more pinned to your computer hardware.Until now our reaction was not enough prompt. Poodle attack, Freak attack, and most recent – Logjam. Īs you may have heard, SSL vulnerabilities are discovered literally every month. We've just released an important update, version. I see the merits of a cloud based domain blacklist system such as trend micro and what I do on my router (on my router I have a list of known bad domains updated 4 times a day loaded into dnsmasq, all my dhcp clients use the router as their dns server, and this list even gets used if using a vpn, in addition lighthttpd is used to intercept these requests so there is no timeouts causing problems). Although 2 days ago I enabled http scanning in ESET for tests (not https). I also have been not using even basic http malware scanning as I think http scanning has limited benefits at the absolute most, if you scanning on execution and write, then this should protect you, the difference is you catch it later, that's it really. No human verification of certs as the security software takes over that role. No control over ciphers used (and as article stats ESET doesn't use 1.2) ![]() ![]() HSTS support isn't present (in my case with ESET it stops firefox been able to load the page as firefox has higher restriction on HSTS host's.) Click to expand.I don't use adguard (yet) but I can tell you I don't scan https traffic in ESET for similar reasons that very good article stated. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |