CONFERENCE Cyber AI & Automation Summit - Watch Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Identity & Access

Google Upgrading SSL Certificates to 2048-bit

Google plans to upgrade its SSL certificate ecosystem to tighten security.

On Aug. 1, Google will begin switching to the new 2048-bit certificates to make the encryption used to connect to its services that much stronger.

Google plans to upgrade its SSL certificate ecosystem to tighten security.

On Aug. 1, Google will begin switching to the new 2048-bit certificates to make the encryption used to connect to its services that much stronger.

“Protecting the security and privacy of our users is one of our most important tasks at Google, which is why we utilize encryption on almost all connections made to Google,” blogged Stephen McHenry, director of information security engineering at Google. “This encryption needs to be updated at times to make it even stronger, so this year our SSL services will undergo a series of certificate upgrades—specifically, all of our SSL certificates will be upgraded to 2048-bit keys by the end of 2013.”

RelatedAre Certificate Revocation Processes Putting the Internet at Risk?

Google SSL “We will begin switching to the new 2048-bit certificates on August 1st, to ensure adequate time for a careful rollout before the end of the year,” he added. “We’re also going to change the root certificate that signs all of our SSL certificates because it has a 1024-bit key.

Though most client software won’t have any problems as a result of these changes, some configurations will require additional steps to avoid complications. To ensure a smooth transition, client software that makes SSL connections to Google must perform normal validation of the certificate chain, include a properly extensive set of root certificates contained and support Subject Alternative Names (SANs).

“Also, clients should support the Server Name Indication (SNI) extension because clients may need to make an extra API call to set the hostname on an SSL connection,” McHenry blogged. “Any client unsure about SNI support can be tested against https://googlemail.com—this URL should only validate if you are sending SNI.”

McHenry also listed a number of examples of improper validation practices that could lead to the inability of client software to connect to Google using SSL after the upgrade, such as matching any other certificate exactly or hard-coding the expected root certificate.

“Any software that contains these improper validation practices should be changed,” he wrote.

Advertisement. Scroll to continue reading.

More detailed information can be found here.

Related: Are Certificate Revocation Processes Putting the Internet at Risk?

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

Shanta Kohli has been named CMO at Sysdig.

Cloud security firm Sysdig has appointed Sergej Epp as CISO.

F5 has appointed John Maddison as Chief Product Marketing and Technology Alliances Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.