For the past three years, the author has maintained Mozilla's Server Side TLS guidelines and written security tools to audit and improve HTTPS configurations. This talk is an overview of common mistakes made by services operators when configuring HTTPS, and how to prevent them and make network security stronger. We will also discuss various caveats of the Certificate Authorities ecosystems, mention CA failures like Diginotar and WoSign/StartSSL, and demo tools that can be used to monitor HTTPS configurations.
Julien Vehent is the author of Mozilla's Server Side TLS guidelines, a contributor to the CA management program and the lead developer of Mozilla's TLS Observatory and a number of security tools. Julien manages the Firefox Services Security team, responsible for defining, implementing and operating the security of web services that millions of Firefox users interact with daily. Julien's background is in web applications security, services architecture, cryptography and risk management. Julien is the author of Securing DevOps (Manning Ed.).