Upgrade to Pro — share decks privately, control downloads, hide ads and more …

HTTPS by default - no more clear

HTTPS by default - no more clear

Phdays 2017

oxdef

May 23, 2017
Tweet

More Decks by oxdef

Other Decks in Programming

Transcript

  1. Яндекс

    View full-size slide

  2. Я
    HTTPS by default - no more
    clear text in the web!
    Taras Ivashchenko,
    Product security team, Y
    andex
    ндекс

    View full-size slide

  3. Global HTTPS usage

    View full-size slide

  4. Why so slow?!

    View full-size slide

  5. Forward Secrecy

    View full-size slide

  6. HTTPS only for the auth page is
    not enough!

    View full-size slide

  7. Really big project
    Not only web protocols
    Internal knowledge base and tools
    Trainings
    Deep tech things: TLS sessions, double certificate scheme
    All services moved to “HTTPS by default” mode
    Improved world around us ;-)
    At Y
    andex

    View full-size slide

  8. Taras Ivashchenko
    Product security team
    Contacts
    [email protected]

    View full-size slide