Cody Richardson

  Certification Authority Browser Forum (CA/Browser Forum) is "a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers)." This group has determined that SSL/TLS certificates will soon be required to expire every 47 days (or less). Compared to the industry standards of even a few years ago, this is a significant change in requirements.  Those organizations that have already deployed automated methods of certificate renewal may find this to be a minor inconvenience -- just adjust the frequency with which their automated tasks run and go about their day. For those that are used to manually renewing certificates once a year, this is a massively impacting change. This is true for small shops with a simple online presence, to moderately sized organizations with IT teams that simply did not have a need for automated certificate renewal in the past. It is for these reasons I want to e...

  TLS It's been 4.5 years since I last wrote about the state of TLS and secure cipher suites . A lot has changed in that time including some updates around TLS and cipher suites, so I wanted to provide an update while it has been on my mind. First and foremost -- TLS 1.3 is gaining ground. Qualys' SSL Labs shows that even as of June 2025, 75% of sites surveyed supported TLS 1.3 . This is great news, and I look forward to continued adoption of TLS 1.3 and it eventually becoming the norm. I will link again to two fantastic Cloudflare blog posts that explain the details and benefits of TLS 1.3, but I am looking forward to the following changes in particular: It's faster . I don't just care about security, I also care about performance and stability. TLS 1.3 reduces the number of required round-trip communications from two to one thereby reducing the total amount of time needed for a connection. Just thinking about the elimination of all that wasted network traffic is excit...