# jnsp


Information Security, Software Development and *NIX
  1. Reboot

    This blog has not received much attention in the few years of its existence. Today I decieded to give it a reboot and start over, only keeping the articles that I felt were most interessting. I changed the layout a bit and switched to pelican, a static site generator, to manage this site. The focus of this blog lies on information security, specifically on everything that is related to TLS and the PKI ecosystem. However, there may be traces of software development and unix on this blog.

  2. TLS 1.3

    TLS 1.3 is around the corner, the new protocol is faster and more secure than its predecessors. The protocol only supports authenticated encryption, using either AES-GCM, AES-CCM or CHACHA20-POLY1305. Due to some optimizations during the handshake phase, a TLS 1.3 connection can be established within a single round trip (instead of two). Forward secrecy is now mandatory, which apparently caused problems for banks, who claimed breaking into their own TLS connections is necessary for debugging and security monitoring. Currently, there are not many sites on the web that allow you to test your user agent for TLS 1.3 support. I decided to create a small website that indicates whether you are connected using TLS 1.2 or TLS 1.3 and which cipher suite was negotiated.