SIGNIFLOW

Discover our signature platform: sign and request signature for your PDFs in a fex clicks!

JOIN OUR AFFILIATE NETWORK

Join our affiliate network
and become a local SSL expert
Learn more about our program

PRODUCTS TO DISCOVER

SSL certificates Invoice signature eIDAS certificates Signature software

Menu
picture of tbs certificates
picture of tbs certificates
Certificates
ALL CERTIFICATES
SSL Extended Validation SSL Standard RGS certificates eIDAS certificates SSL ECC SSL wildcard SSL Multiple sites / SAN Quick and Dirty SSL
Specific certificates VMC certificates
E-signature Strong authentication S/MIME certificates
Test certificates PKI Solutions Trust Seals
SigniFlow: the platform to sign and request signature for your documents
Signature software
Our products range
TBS X509 DigiCert Thawte Sectigo GlobalSign GeoTrust Certigna ChamberSign SigniFlow Harica
Partners
Client login Customer accounts Open an account
Support
FAQ SHA256: Browsers' compatibility ECC: Browsers' compatibility
Focus
Invoices dematerialization
We now provide solutions compliant with RGS** and eIDAS qualified standards for invoices signature and time stamping. Further information


What are the risks linked to obsolete protocols?

As everything linked to the IT world, aging protocols cause numerous problems regarding security matters. They are therefore updated regularly and the replaced to counter hackers looking for data to steel.

TLS 1.2 is now mandatory since March 2020

From March 2020, the Web servers will have to serve their content using at least the TLS1.2 protocol. You will find more information on this link: TLS1.2 mandatory since March 2020

SSLv2 and SSLv3

SSLv2 has been created by Netscape in 1995 and SSLv3 by the same company in 1996. From the start, SSLv2 showed weaknesses and has quickly been replaced by SSLv3. TLS is now, and since several years, the standard.

Those protocols, too often used, are vulnerable to Man In The Middle (MITM) attacks allowing a third part to intercept, modify and decypher transferred data.

We advise our customers to disable these kind of protocols (see links below). Once done, check your sites with CopiBot.

Alert on Chrome



Since the version 39 of Chromium, a yello triangle appears on the padlock when the browsers spots the use of an outdated protocol such as SSLv3 or SSLv2.
Troubleshooting: see the links below to disable obsolete protocols on your servers



Since the version 41 of Chromium, a yellow triangle appears on the padlock when the certificate delivered by the server is still signed with SHA1 hash algorithm and expires after January 1st, 2017.
More about SHA1: Depreciation scheduled for 2017
Troubleshooting: Reissue the certificate in SHA256 or renew it.


2016-03-02 - DROWN Attack

A new attack recently published exploits SSLv2 support on servers. It concerns all protocoles based on SSL/TLS. Servers using Openssl versions inferior to 1.0.1f and 1.02g are especially vulnerable. We strongly recommend disabling SSLv2.

TLS 1.0 and TLS 1.1

TLS 1.0 and TLS 1.1 protocols have been replaced byr TLS 1.2 in 2008 that should be used since then.

Those 2 protocols must now disappear for security reasons and several browsers have already announced their deprecation as of March 2020.

Their weeknesses (among others) :

  • they require implementation of older cipher suites
  • lack of support for current recommended cipher suites
  • integrity of the handshake depends on SHA-1 hash
  • authentication of the peers depends on SHA-1 signatures

It makes them vulnerable to Man In The Middle (MITM) attacks allowing a third part to intercept, modify and decypher transferred data.

Useful links