Upgrade to Pro — share decks privately, control downloads, hide ads and more …

HTTPS by default - no more clear

HTTPS by default - no more clear

Phdays 2017

oxdef

May 23, 2017
Tweet

More Decks by oxdef

Other Decks in Programming

Transcript

  1. Яндекс

    View Slide

  2. Я
    HTTPS by default - no more
    clear text in the web!
    Taras Ivashchenko,
    Product security team, Y
    andex
    ндекс

    View Slide

  3. View Slide

  4. Global HTTPS usage

    View Slide

  5. Why so slow?!

    View Slide

  6. View Slide

  7. Forward Secrecy

    View Slide

  8. HTTPS only for the auth page is
    not enough!

    View Slide

  9. Really big project
    Not only web protocols
    Internal knowledge base and tools
    Trainings
    Deep tech things: TLS sessions, double certificate scheme
    All services moved to “HTTPS by default” mode
    Improved world around us ;-)
    At Y
    andex

    View Slide

  10. View Slide

  11. Q&A

    View Slide

  12. Taras Ivashchenko
    Product security team
    Contacts
    [email protected]

    View Slide