Certificate Transparency is a great idea. All certificate-related activities on a certificate authority will be logged into a public database(it's a merkle-table), so that anyone can monitor or review the certificates. Commodo published a very handy web-tool to query the logs.
End-To-End-Encryption is nothing new. With messengers like Whatsapp or Telegram it's again an issue. If E2E-Encryption means that nobody but the endpoints are able to encrypt the messages, then how is this feature implemented so seamlessly?
The connections to this blog are encrypted now. Youhuuuuu.....
If you want to setup a ssl-certificate with multiple subdomains(of the same domain), you'll have to generate a certificate with alternative names. We can achieve this using some parameters in our openssl.cnf...
There are several weaknesses in how Diffie-Hellman key exchange are deployed. This weaknesses have a huge impact, since many servers are affected. Here are some advices how to setup a prober key exchange on serveral servers.
On this page is a list of howto-disable-sslv3-support on different Servers.
Here is a very nice article about hardening encryption for ssh-connections