Back to blog

Follow and Subscribe

Security

Page 14

  • March 19 OpenSSL Security Advisory

    Daniel McCarney

    Fastly has evaluated each of these vulnerabilities and found that only one moderate-severity bug affects our configuration. We are currently testing the patch and coordinating a global release of the updated software across Fastly’s network. We anticipate no customer impact or configuration changes.

    Security

  • TLS at the edge and server-side security

    Daniel McCarney

    We’re huge fans of Transport Layer Security (TLS) at Fastly. Here’s a behind-the-scenes look at how we do encryption at the edge, which can also serve as overall best practices for handling server-side TLS.

    Security

  • Getting an A in security: SHA-2 migration and disabling RC4

    Sean Leach

    As many of you know, TLS best practices have changed a lot in the past two years. Recently, Fastly has changed how we configure TLS to make it even more secure. This includes migrating our TLS certificates from SHA-1 to SHA-2 and disabling RC4 for all our services.

    Security

  • Securing the news: TLS for media sites

    Sean Leach

    TLS is especially applicable to news sites. News organizations bear a public responsibility to accurately report the news, and need to take the steps necessary to ensure credibility. The security of online news content is one of the first steps in verifying its veracity while protecting readers.

    Security

  • Caching the Uncacheable: CSRF Security

    James A Rosen

    In this post, I investigate several strategies for maintaining security while improving cacheability. I use Ruby on Rails for the examples, but the techniques apply to nearly any web application framework.

    Security

  • Disabling SSLv3 Due to POODLE Vulnerability

    Sean Leach

    Based on our understanding of the POODLE vulnerability (mainly the fact that there is currently no workaround), and the fact that we have very little traffic running over SSLv3 (around .5% globally), we are disabling SSLv3 for all Fastly SSL customers, effective immediately. This will mainly affect users of Windows XP Pre-service pack 3 combined with IE version 6. If you are in this group, please upgrade to a more recent browser.

    Security

  • More Advanced Security Features for Your Fastly Account

    Simon Wistow

    Security is one of our top priorities at Fastly. We recognize that having your account compromised could have a profoundly negative impact on your business, leaving you and your customers vulnerable and at risk. So, with enthusiastic feedback from our customers, we've been testing out ways to improve account security features. Today, we're pleased to release two-factor authentication and IP account access restrictions.

    Security

  • Fastly Update on 'Heartbleed'

    Christopher Brown

    Here’s the latest update on the ongoing resolution to critical OpenSSL vulnerability CVE-2014-0160, aka 'Heartbleed,' which was announced on April 7th and affects nearly every Internet service provider and website using SSL to secure customer traffic.

    Security
Fastly
© Fastly 2025