aitor.caleroesri-es-esridist

SSL is Dead. Use TLS (Transport Layer Security) instead!

Blog Post created by aitor.caleroesri-es-esridist Employee on Mar 16, 2015

I've recently read a very important blog post from esri, "Sharing Web GIS Services? Always enable TLS". The key point is that you should ALLWAYS enable HTTPS using TLS or, if you are just using HTTP to publish web services, activate both, HTTP and HTTPS. This way, not only are you making your services more secure, but you are also, making possible to combine with other services, outside your organization, in a secure way.

 

By the way, the article states that SSL V3 is dead because of the "Poodle Vulnerability". And POODLE stands for "Padding Oracle On Downgraded Legacy Encryption". If you want to learn more about these two protocols (SSL and TLS) here is a short 7 minutes video:

 

 

When talking with customers about security, and how important it is for them to secure their geographical assets, you have to know what are you talking about.

Outcomes