Additional Controls for HTTPS Security

In this lesson, we’ll learn additional controls for HTTPS Security including the right protocol, version, and cipher.

Additional controls to ensure that HTTPS is fully secured

Choosing the right protocol and the right version

SSL is not considered secure and it is instead recommended that we use only TLS 1.2 or 1.3. The CVE website hosts the list of all publicly exposed vulnerabilities for protocols. It allows us to search for the given component, research if are any open vulnerabilities, and see if a fix is present for that vulnerability.

Choosing the right ciphers

A cipher suite is a set of algorithms that help secure a network connection. Think of cipher as a means of encrypting the data. Let’s take the most simplistic example of encoding “HELLO.”

To help understand ciphers, let’s talk about the Caesar cipher. This cipher is named after Julius Caesar of ancient Rome. It is a type of substitution cipher where each letter of the original (plaintext) message is substituted with another letter. Typically, it is 3 letters shifted to the right.

Get hands-on with 1400+ tech skills courses.