TLS / SSL You've Got to Turn it On!

All of the IWL staff has worked long and hard on perfecting a TLS Test Suite. Our clients — DevSecOps engineers — need to find bugs and security vulnerabilities in apps and devices before deployment. Once they’ve identified these problems, the problems are corrected and retested prior to deployment.

So it is always disappointing to read articles like this one where the Indian government had several websites that were still using http and not https (https incorporates TLS for security). Of course, the websites were hacked.

Gosh… the IETF works hard to figure out and define security protocols (see the info on the latest 1.3), then the apps and device makers incorporate it in their products. Then IWL creates test suites to make certain it is implemented correctly. The last step is for the network operations staff to turn it on.

Come on government of India! Get with the program!