ProtonBlog

UPDATE 11 October 2021: We are now using Let’s Encrypt(new window) as the Certificate Authority that verifies the SSL certificates used to secure the Proton Mail and Proton VPN web sites. For more information on this, and for instructions on how to check the validity of our certificate, please see Proton Mail’s TLS/SSL Certificate(new window).

Last week, we underwent the process of fortifying our SSL certificates. As part of our effort to provide the highest level of security and privacy to our users, we have upgraded every single certificate that we use.

The new SSL certificates have several marked improvements over the previous ones.

  • All certificates now use the highest strength 4096-bit RSA
  • proton.me now uses an Extended Validation certificate
  • All certificates are now hashed using the stronger SHA256 algorithm


These changes can already be seen when you visit Proton Mail by the presence of a green bar in the URL.

SSLCertBar(new window)

Our new certificates are issued by SwissSign(new window) which is a wholly owned by Swiss Post, a public institution owned by the Swiss Confederation and not under US or EU control.

In addition to the new certificates, we have also implemented much stronger SSL encryption. The SSL encryption algorithms we support now provide Perfect Forward Secrecy(new window) and our servers are now configured to always use the strongest possible encryption for client connections. As a result, Proton Mail is graded A+ on our SSL report.

sslgrade(new window)

To learn how to manually verify your connection to Proton Mail to avoid a MITM attack(new window), you can view our knowledge base article on this topic here(new window).

We are committed to your security and privacy online and in the future you can look forward to further improvements.

Protect your privacy with Proton
Create a free account

Related articles

From the very beginning, Proton has always been a different type of organization. This was probably evident from the way in which we got started via a public crowdfunding campaign that saw 10,000 people donate over $500,000 to launch development. As
Your online data is valuable. While it might feel like you’re browsing the web for free, you’re actually paying marketing companies with your personal information. Often, even when you pay for services, these companies still collect and profit from y
Password spraying attacks pose a major risk to individuals and organizations as a method to breach network security by trying commonly used passwords across numerous accounts. This article explores password spraying attacks, explaining their methods
A secure password is your first defense against unauthorized access to your personal information. While there are tools that generate strong passwords, remembering these complex combinations can become a challenge. Even if you use mnemonic devices,
Choosing the best email hosting provider for your small business is crucial for maintaining security, control, and compliance with data protection laws.  For one, many popular providers, such as Gmail and Outlook, don’t apply end-to-end encryption b
Today, we’re excited to announce new enhancements to Proton Drive’s sharing functionality, giving you greater control over who you share with and how you share your files and folders. This feature builds on how sharing currently works in Drive by le