Encryption & Connection Security
All connections to Ghost Exchange are encrypted end-to-end.
TLS 1.3
We use TLS 1.3, the latest version of the Transport Layer Security protocol:
- —Faster handshake — Fewer round trips to establish a secure connection
- —Stronger ciphers — Only modern, proven cipher suites
- —No legacy support — Vulnerable older protocols are disabled
Forward Secrecy
Every connection uses ephemeral key exchange (ECDHE). This means:
- —Each session has a unique encryption key
- —Even if our private key were somehow compromised, past sessions cannot be decrypted
- —Each connection is independently secure
What's Encrypted
- —All data between your browser and our servers
- —Exchange details (addresses, amounts, rates)
- —API requests and responses
- —Webhook payloads (to your server)
What We Don't Do
- —We don't use self-signed certificates
- —We don't support TLS 1.0 or 1.1
- —We don't use weak cipher suites (RC4, DES, etc.)
- —We don't store encryption keys longer than the session lifetime
Verification
You can verify our TLS configuration using tools like:
- —SSL Labs (ssllabs.com)
- —Mozilla Observatory
- —securityheaders.com