HTTP/2 – Page 4 – WindowsTechs.com

Static Key Ciphers and key persistence

Posted on September 11, 2017 by JohnEye

A vulnerability report states the following:

The server is configured to support ciphers known as static key ciphers. These ciphers don’t support “Forward Secrecy”. In the new specification for HTTP/2, these ciphers have been blacklist… Continue reading Static Key Ciphers and key persistence→

Must one have SSL certificates for each domain, to use HTTPS? [duplicate]

Posted on August 5, 2017 by Benia

This question already has an answer here:

Can HTTPS server configured without a server certificate?

5 answers

Can we have h… Continue reading Must one have SSL certificates for each domain, to use HTTPS? [duplicate]→

What are possible security problems of enabling HTTP2?

Posted on July 12, 2017 by 40F4

I want to enable HTTP2 for several web servers but I’m worried about the possible security implications. I think about something like:

HTTP2 implementations are maybe more error prone than mature HTTP1 implementations so fo… Continue reading What are possible security problems of enabling HTTP2?→

Passive HTTP2 Client Fingerprinting – White Paper

Posted on June 5, 2017 by Ory Segal

HTTP2 is the second major version of the HTTP protocol. It changes the way HTTP is transferred "on the wire" by introducing a full binary protocol, made up of TCP connections, streams and frames, rather than simply being a plain-text… Continue reading Passive HTTP2 Client Fingerprinting – White Paper→

Are URLs viewed during HTTPS/2 transactions to one or more websites from a single IP distinguishable? [duplicate]

Posted on May 30, 2017 by stwissel

This question already has an answer here:

Are URLs viewed during HTTPS transactions to one or more websites from a single IP distinguishable?

2 answers

… Continue reading Are URLs viewed during HTTPS/2 transactions to one or more websites from a single IP distinguishable? [duplicate]→

Why can’t we use POST method for all requests?

Posted on March 21, 2017 by jey

It is known that sensitive information should not be transmitted in GET requests as GET requests will be cached and POST should be used.

Why can’t we use POST method for all request and ignoring GET request?
What all diffi… Continue reading Why can’t we use POST method for all requests?→

What are the security benefits or risks of HTTP/2?

Posted on March 16, 2017 by Kevin Morssink

Since HTTP/2 is starting to get adopted by more and more sites everyday. Are there any security benefits or known risks regarding HTTP/2?

Continue reading What are the security benefits or risks of HTTP/2?→

HTTP websites vs HTTPS websites [closed]

Posted on November 16, 2016 by Sandra Ross

Why do we say that an http website is not secure compared to an https website?

Continue reading HTTP websites vs HTTPS websites [closed]→

Four high-profile vulnerabilities in HTTP/2 revealed

Posted on August 3, 2016 by Help Net Security

Imperva released a new report at Black Hat USA 2016, which documents four high-profile vulnerabilities researchers at the Imperva Defense Center found in HTTP/2, the new version of the HTTP protocol that serves as one of the main building blocks of the Worldwide Web. HTTP/2 introduces new mechanisms that effectively increase the attack surface of business critical web infrastructure which then becomes vulnerable to new types of attacks. Imperva researchers took an in-depth look at … More → Continue reading Four high-profile vulnerabilities in HTTP/2 revealed→

Are there strong technical reasons for browsers mandating TLS for http2?

Posted on March 13, 2016 by Phil Lello

I realise there are similar questions around this topic, however I think this is sufficiently different/focused not to be a duplicate. I hope it doesn’t sound like a soapbox piece.

HTTP/2 effectively mandates TLS, since ther… Continue reading Are there strong technical reasons for browsers mandating TLS for http2?→