ISC/DShield Website TLS Updates

On Thursday, we will change our TLS certificate to one issued by Letsencrypt. In the past, we used normal "commercial" certificates. Until a few months ago, we used HTTP Public Key Pinning. It appears that key pinning is no longer going to be supported by browsers, so we decided to remove this feature, which enabled us to use Letsencrypt. We removed the key pinning header a while ago, and browsers should no longer "pin" for our sites. But in case you are experiencing problems connecting to this site later this week, please let us know. You may still be able to connect to if you can not connect to 

We will also make another attempt to turn off TLS 1.0 support. While strictly speaking not a big risk to our site, we try to follow best practices. In the past, we had issues with some podcast players. But the service hosting our podcast MP3s has already turned off TLS 1.0, so this should not be an issue anymore. Again: Please report errors.

Johannes B. Ullrich, Ph.D. , Dean of Research, SANS Technology Institute

I will be teaching next: Application Security: Securing Web Apps, APIs, and Microservices - SANS San Francisco Winter 2022


4601 Posts
ISC Handler
Apr 4th 2018

Sign Up for Free or Log In to start participating in the conversation!