followers 138 popularity
22
following 9
Groups
joshabbott is not in any groups

Interests

I have been an Internet Marketer for over 7 years.

I own the traffic exchange FiveHits.com, which has over 15,000 members. I also created IntelliBanners, the original banner ad rotator and co-op service.

I am the programmer and co-owner of the new LFMTE Traffic Exchange Script. The LFMTE is designed to be easy-to-use for both owners and their members.
Josh Abbott | joshabbott

The Future Of SSL and HTTPS

Apr 5th 2017 at 9:05 PM

A lot of focus has been on improving the security and privacy of the Internet in recent years.  With Let’s Encrypt recently launching into Public Beta, more web sites are expected to adopt SSL and HTTPS technology.

While this is a good thing, there are still concerns about the security of SSL and HTTPS.  Over the past 5 years, I have been developing the next-generation implementation of SSL and HTTPS, and I am now releasing it under an open-source license.

This software is called Dual SSL, and it’s a library for PHP. Rather than replacing the existing protocol, it adds an additional layer on top of it that plugs some potential security holes in the existing implementations.  Best of all, Dual SSL is already compatible with modern browsers and servers, and can deliver standards-compliant HTML5 web content.

A brief overview of the technology…

HTTPS is a commonly used protocol for providing encryption on the web.  When you do online shopping or banking, and see that little lock icon in your browser, then that site is using HTTPS and SSL.

When I first conceived the idea of Dual SSL back in 2011, HTTPS was considered virtually unbreakable.  A lot has changed since then.  Real-world vulnerabilities such as “Heartbleed” and “Poodle” have made headlines in recent years, and millions of people have been affected by various sorts of data breeches.

There are some weaknesses in HTTPS that makes it potentially vulnerable to eavesdropping or bypassed altogether if there are weaknesses in the software that is hosting that web site.

Dual SSL strengthens the traditional HTTPS protocol in two main ways:

First, online content delivered over Dual SSL is not sent over a single encrypted connection.  In addition to the main web server, there is also a key server that provides a dynamically generated key to decrypt the web content.

For example, a web page may be sent to your browser from a computer in the United States while the key needed to decrypt that data could be sent from a server in Germany.  The key is unique for each session, and destroyed in the process of decrypting the content.

This significantly increases the difficulty of intercepting the encrypted data, storing it, and then later decrypting it using brute force or discovering a vulnerability in the encryption cipher.

Another major benefit added by Dual SSL is a concept that I’ve named Application Layer Containment. In a normal HTTPS connection, web content travels through several layers of software before it is encrypted.  Application Layer Containment encrypts the content soon after it’s generated.

This means if a web site is using a vulnerable version of Open SSL or Apache, hackers shouldn’t be able to intercept data sent over a Dual SSL connection that would otherwise be vulnerable over traditional HTTPS.

With increasing usage of shared and cloud hosting, many content providers do not have full control over the servers hosting their content.  Web sites may not know if the software is up to date, or if their hosting provider might be intercepting their content before it is encrypted.

Application Layer Containment within Dual SSL returns this control back to the content providers.  A layer of encryption is applied to the content key before it even leaves the PHP script, so intercepting it from Apache or Open SSL would only result in encrypted data.

When combined with PHP source code protection software, such as the ionCube Encoder, the content should be protected even from someone who has root access to the operating system or physical access to the server.

Current status of Dual SSL…

At the current time, all of the development, coding, and testing of Dual SSL has been done entirely by me.  While the software is fully functional, I’m sure there are lots of improvements that can be made to the security, reliability, and performance of the software.

To give more developers a chance to test and contribute to the software, I have released both the main Dual SSL library for PHP as well as the software needed to setup a Dual SSL key server under the open-source GNU General Public License.

There is also a proprietary build of Dual SSL with all the settings and key servers preconfigured for the TMS content management system.

All of this can be downloaded for free from my site: https://dualssl.com

---

Written By: Josh Abbott

http://joshabbott.com

3 comments
Please to comment
Feb 27th 2020 at 7:18 AM by mahisoni
Most Beautiful Call Girls in Gurgaon Welcome to Gurgaon, spend your valuable time with Gurgaon Escorts Service and Housewife Call Girls in Gurgaon, Urvashi Call Girls Service in Gurgaon offer you the great experience with Call Girls Gurgaon of pleasure with no worries, are you looking for Escorts in Gurgaon or Gurgaon Call Girls. You are at the right place for Independent Russian Call Girls Gurgaon, we are the best Russian Escorts supplier or high profile Call Girls Gurgaon, we will provide you more entertainment, pleasure & fun looking high profile Call Girls Gurgaon. Our Call Girls are here only for you to forget all pain in daily hard scheduled life. Are you interested in girlfriend or partner we will surely arrange a call girl in Gurgaon with amazing offers for you according to your availability and choice. We shall always reserve the best offer for our customer call 24/7 https://girlsingurgaon.in/
Call girls in Dehradun
Call girls in gurgaon
High profile Call girls in gurgaon
Call girls in Gurgaon
Call girls in sikanderpur/
Call girls in Delhi
Call girls in gurgaon
Call girls in dwarka
Call girls in Rishikesh
call girls in agra
Call girls in haridwar
Call girls in Noida
call girls in Mumbai
https://girlsinindirapuram.com/
https://www.oyobook.com/
http://thelawassociate.com/">http://thelawassociate.com/
https://gurgaon.oyobook.com/
   
Oct 25th 2018 at 11:03 PM by Dudish
Thank You for sharing.
   
Oct 12th 2018 at 4:44 AM by javiersalces
Great article Josh, thanks for sharing!
   

sign in

Username
Password
Remember Me


New to IM faceplate? join free!

Lost Password? click here