Blog Back to all stories

Follow and Subscribe

Security

May 20

FREAK does not affect Fastly services

Fastly is not vulnerable to Logjam — we only offer the more secure Elliptic Curve variant of the Diffie-Hellman key exchange (ECDHE), and the RSA key exchange mechanism for clients that don…

April 10

Addressing the challenges of TLS, revocation, and OCSP

Rotation, expiration, and revocation of secrets are all important concerns that require careful and difficult up-front design. Transport Layer Security (TLS), the protocol underlying secure…

March 19

March 19 OpenSSL Security Advisory

Fastly has evaluated each of these vulnerabilities and found that only one moderate-severity bug affects our configuration. We are currently testing the patch and coordinating a global…

February 3

Getting an A in security: SHA-2 migration and disabling RC4

As many of you know, TLS best practices have changed a lot in the past two years. Recently, Fastly has changed how we configure TLS to make it even more secure. This includes migrating our…

January 22

Securing the news: TLS for media sites

TLS is especially applicable to news sites. News organizations bear a public responsibility to accurately report the news, and need to take the steps necessary to ensure credibility. The…

December 4

Caching the Uncacheable: CSRF Security

In this post, I investigate several strategies for maintaining security while improving cacheability. I use Ruby on Rails for the examples, but the techniques apply to nearly any web…

April 9

Fastly Update on 'Heartbleed'

Here’s the latest update on the ongoing resolution to critical OpenSSL vulnerability CVE-2014-0160, aka 'Heartbleed,' which was announced on April 7th and affects nearly every Internet…