UPDATE 11 October 2021: We are now using Let’s Encrypt as the Certificate Authority that verifies the SSL certificates used to secure the ProtonMail and ProtonVPN web sites. For more information on this, and for instructions on how to check the validity of our certificate, please see ProtonMail’s TLS/SSL Certificate.
Last week, we underwent the process of fortifying our SSL certificates. As part of our effort to provide the highest level of security and privacy to our users, we have upgraded every single certificate that we use.
The new SSL certificates have several marked improvements over the previous ones.
- All certificates now use the highest strength 4096-bit RSA
- protonmail.ch now uses an Extended Validation certificate
- All certificates are now hashed using the stronger SHA256 algorithm
These changes can already be seen when you visit ProtonMail by the presence of a green bar in the URL.
Our new certificates are issued by SwissSign which is a wholly owned by Swiss Post, a public institution owned by the Swiss Confederation and not under US or EU control.
In addition to the new certificates, we have also implemented much stronger SSL encryption. The SSL encryption algorithms we support now provide Perfect Forward Secrecy and our servers are now configured to always use the strongest possible encryption for client connections. As a result, ProtonMail is graded A+ on our SSL report.
To learn how to manually verify your connection to ProtonMail to avoid a MITM attack, you can view our knowledge base article on this topic here.
We are committed to your security and privacy online and in the future you can look forward to further improvements.
Best Regards,
The ProtonMail Team
Comments are closed.
11 comments on “ProtonMail Upgrades SSL Certificates”
Fantastic, keep up the great work, guys!
Will 2FA and OTP (Yubikey) be added later on for additional account security?
2FA is something we are definitely going to implement in the future. We might look into Yubikey. Thanks for the suggestion and the support!
Good work! Keep it up.
4096 bit of rsa means a lot of storage. Elliptic curves will be a better option with better security.
Awesome. Thank you.
Always good, HTTPS makes it harder for dragnet surveillance. That being said, Snowden revealed that the NSA have backdoors to all RSA encryption, which is no fun.
I was so encouraged to see you publicize the specific steps you are taking to try improve the security of email. While this kind of transparency does exist in other companies it is usually short lived. For the record, I am willing to give you my trust and offer you the opportunity to protect one aspect of my privacy. I will, of course, be watching with great interest to see what you do with it as you grow
You have some great visionaries to look to as role models. Steve Jobs would be one example. Visionary, a bit nuts, perfectionist, a bit short on diplomacy, idiosyncratic and unshakable integrity and principles. He proved that to all of us when, true to his belief in q uality, he got fired from his own company. Now that takes guts.
And then there are Larry Page and Sergey Brin. Hard to believe there was a time when they were, for so many of us, the very embodiment of their mantra, “do no evil”. I highly doubt tthat in 1998 they had any idea the kind of money and power they would someday wield. Imagine how cool it would be if they, like you, used it to help us all take back our privacy. Well, even if they did decide to take Google in that direction, few of us would believe them.
So that leaves ProtonMail. Thanks and congratulations!
Jonathan
You guys are doing a truly incredible job! When is the iOS app coming out? It’s the only thing preventing me from truly adopting this as my primary email and telling all my friends about it. Much appreciated!
Thank you for the support! We’re developing iOS and Android apps for ProtonMail and we are planning to release them in the coming months.
Hi Andy,
I watched your talk on Ted Talk about ProtonMail and in that there was a slide that had a couple of security application logos as alternative approaches for different applications such as Tor, Cryptocat, CatSecure, etc. There were a few of those logos that I could not recognize and was interested to know what they are. I would appreciate it if you could list those applications that were in that slide in your talk. Thanks a lot and look forward to hearing from you.
Best,
Farshad
Good Job ! :)